hXXp://przggha6oiv1.a6kecjbdibju8g14kiv.xyz/ $ host przggha6oiv1.a6kecjbdibju8g14kiv.xyz przggha6oiv1.a6kecjbdibju8g14kiv.xyz has address 40.78.143.97
Рубрика: microsoft.com
Phishing payload against LCL (banking and insurance group in France)
$ host kimfitz.de kimfitz.de has address 20.188.34.58 This domain houses the payload in the SBL534163 phishing spam against LCL. Do not be fooled by the redirection to Google.
Phishing payload against Zone.eu
$ host healliser.com healliser.com has address 51.137.149.68 This IP hosts an active phishing payload against customers of the Estonian internet service provider Zone.eu.
FastFlux hosting provider: bulletproof.su — who use hacked servers to host malware, phish, etc.
https://bulletproof-hosting.com >>> https://bulletproof.su/? >>> https://t.me/ffservice? 40.121.200.45 abusehost.pro 2021-09-20 12:47:09 40.121.200.45 approved-xxx.su 2021-09-14 13:56:04 40.121.200.45 bulletproof-hosting.com 2021-09-21 09:16:15 40.121.200.45 bulletproof.im 2021-09-12 12:20:54 40.121.200.45 bulletproof.su 2021-10-07 03:06:21 40.121.200.45 ccshoponline.ru 2021-10-07 22:53:49 40.121.200.45 ccvv2dumps.com 2021-09-22 08:01:53 40.121.200.45 fast-flux.ru 2021-09-27 19:41:51 40.121.200.45 fastflux.su 2021-10-01 02:20:56 40.121.200.45 goldplastic.net 2021-09-30 16:06:38 40.121.200.45 goodshop24.biz 2021-09-22 00:52:19 40.121.200.45 mail.cvvshops.su 2021-09-13 17:59:33 40.121.200.45 mail.fastflux.su… Читать далее FastFlux hosting provider: bulletproof.su — who use hacked servers to host malware, phish, etc.
phishing server
lnstagramshelpbadge.com has address 20.104.50.216
AsyncRAT botnet controller @20.36.20.111
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 20.36.20.111 on port 1604 TCP: $ telnet 20.36.20.111 1604 Trying 20.36.20.111… Connected to 20.36.20.111. Escape character… Читать далее AsyncRAT botnet controller @20.36.20.111
phishing server
mypaypal-accountreview.com has address 52.143.160.216 mypaypal-account.com has address 52.143.160.216 also actively spamming.
Abused / misconfigured newsletter service (listbombing)
The host at this IP address is being (ab)used to «listbomb» email addresses: From: bhgymnastics@hotmail.com Subject: Re: BH Gymnastics «Trials Form Update» Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk email campaigns. Problem resolution… Читать далее Abused / misconfigured newsletter service (listbombing)
Malware distribution @13.107.42.13
The host at this IP address (13.107.42.13) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: https://onedrive.live.com/download?cid=68C9F09DED4D3B72&resid=68C9F09DED4D3B72%21173&authkey=AL6oUfOJI4ZrhEY https://onedrive.live.com/download?cid=ACA36329F96145E7&resid=ACA36329F96145E7%21108&authkey=AIg30Xmo50HUN6s http://onedrive.live.com/download?cid=2BCCCFD49591E542&resid=2BCCCFD49591E542!104&authkey=ACSUapER1G2BuSA https://onedrive.live.com/download?cid=D7A53F4E448C59AF&resid=D7A53F4E448C59AF%21930&authkey=AE8AYkwfBEmxEgw https://onedrive.live.com/download?cid=8AD327FEA0288842&resid=8AD327FEA0288842%21476&authkey=ACo-GUvKHDyJL-o https://onedrive.live.com/download?cid=2F38368D4BD88C0E&resid=2F38368D4BD88C0E%21118&authkey=AL9u2JyCVKLhDfk https://onedrive.live.com/download?cid=B9F97974937AF42D&resid=B9F97974937AF42D%21183&authkey=APZbR8B3Xgtai1Y https://onedrive.live.com/download?cid=86C04FE349EAFD3D&resid=86C04FE349EAFD3D%21264&authkey=AMlvCynqZz-Xh08 https://onedrive.live.com/download?cid=21DC3741EA2CB3F2&resid=21DC3741EA2CB3F2%21204&authkey=AHJPj8UjWVeqnms https://onedrive.live.com/download?cid=64DE6B3FCA356C05&resid=64DE6B3FCA356C05%211284&authkey=APDonrm4qUrpCqk https://onedrive.live.com/download?cid=5B4883EE81CE085C&resid=5B4883EE81CE085C%211387&authkey=AGeQ4Y5yPPEW7jE https://onedrive.live.com/download?cid=EBDE3D8CE54ED339&resid=EBDE3D8CE54ED339%21153&authkey=AKPvZ3cKptj9Pq4 https://onedrive.live.com/download?cid=ED0141F46D6D00C9&resid=ED0141F46D6D00C9%2110669&authkey=AKFup5TTuavYYgI https://onedrive.live.com/download?cid=F3BA03FF9BD7183E&resid=F3BA03FF9BD7183E%21137&authkey=ADKzncNbdhev0XI https://onedrive.live.com/download?cid=633055B9F28C3083&resid=633055B9F28C3083%21126&authkey=ACmgfs0UyLumtdQ AS number: AS8068 AS name: MICROSOFT-CORP-MSN-AS-BLOCK — Microsoft Corporation
Malware botnet controller @23.100.23.67
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 23.100.23.67 on port 80 (using HTTP GET): hXXp://hostas4.cf/click.php $ dig +short hostas4.cf 23.100.23.67 Other malicious domain names hosted on this IP address:… Читать далее Malware botnet controller @23.100.23.67