The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 20.203.136.95 on port 50933 TCP: $ telnet 20.203.136.95 50933 Trying 20.203.136.95… Connected to 20.203.136.95. Escape character… Читать далее Vjw0rm botnet controller @20.203.136.95
Рубрика: microsoft.com
BitRAT botnet controller @20.80.30.45
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 20.80.30.45 on port 2222 TCP: $ telnet 20.80.30.45 2222 Trying 20.80.30.45… Connected to 20.80.30.45. Escape character… Читать далее BitRAT botnet controller @20.80.30.45
phishing server
hXXps://irs-gov.gov-us1.com hXXps://covid19-irs-gov.us-gpos.com $ host irs-gov.gov-us1.com irs-gov.gov-us1.com has address 20.106.157.143 New domains added regularly. gov-us1.com netflix-main-en.com us9ov.com netflix-main.com us-8233.com irs-claim-us.com saafen-us.com safeurl-amazon-us.com 20.106.157.143 covid19-irs-gov.us-gpos.com 2021-07-26 20:14:32 20.106.157.143 covid19-irs.gov-232us.com 2021-07-26 20:13:16 20.106.157.143 irs-gov-us.to-claim.com 2021-07-26 19:59:20 20.106.157.143 _.irs-gov.us-3422.com 2021-07-26 18:55:23 20.106.157.143 covid19-irs-gov.us-gops.com 2021-07-26 18:22:49 20.106.157.143 goooglesafelink.com 2021-07-26 15:43:45 20.106.157.143 redirect.goooglesafelink.com 2021-07-26 15:41:01 20.106.157.143 irs-gov.us19-gops.com 2021-07-26 15:26:56 20.106.157.143 isg0v.com… Читать далее phishing server
Phishing payload against BNP Paribas Fortis (Belgium)
$ host fortis.tullpostnord.com fortis.tullpostnord.com has address 51.103.72.154 This IP contains a live phishing payload against the customers of BNP Paribas Fortis (BE)
phishing server
hXXp://irs.transactional-gov-irs-753678.com/ $ host irs.transactional-gov-irs-753678.com irs.transactional-gov-irs-753678.com is an alias for transactional-gov-irs-753678.com. transactional-gov-irs-753678.com has address 13.72.74.98
BitRAT botnet controller @20.80.51.178
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 20.80.51.178 on port 2222 TCP: $ telnet 20.80.51.178 2222 Trying 20.80.51.178… Connected to 20.80.51.178. Escape character… Читать далее BitRAT botnet controller @20.80.51.178
phishing server
fb-privacy-1000004248715562451427-tw.tk has address 23.98.144.97 fb-privacy-1000004248715562451425-tw.tk has address 23.98.144.97 fb-privacy-1000004248715562451424-tw.tk has address 23.98.144.97 fb-privacy-1000004248715562451417-tw.tk has address 23.98.144.97 fb-privacy-1000004248715562451423-tw.tk has address 23.98.144.97 fb-privacy-1000004248715562451422-tw.tk has address 23.98.144.97
AveMariaRAT botnet controller @23.101.140.170
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 23.101.140.170 on port 302 TCP: $ telnet 23.101.140.170 302 Trying 23.101.140.170… Connected to 23.101.140.170. Escape character… Читать далее AveMariaRAT botnet controller @23.101.140.170
Using hacked servers/accounts to send fraud/phish spam
https://tinyurl.com/bzn6as36 >>> https://info-blog-support.blogspot.com/ >>> https://infohelpsu.temp.swtest.ru/jone/alaa/off/z0n51/cc.php Received: from mail.prixa.net (HELO mail.prixa.net) (114.119.190.51) by xxx; Fri, 23 Jul 2021 22:22:29 +0000 Received: from grini (unknown [20.36.34.2]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: no-reply@prixa.net) by mail.prixa.net (Postfix) with ESMTPSA id xxx; Fri, 23 Jul 2021 22:22:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256;… Читать далее Using hacked servers/accounts to send fraud/phish spam
AsyncRAT botnet controller @20.52.33.123
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 20.52.33.123 on port 2222 TCP: $ telnet 20.52.33.123 2222 Trying 20.52.33.123… Connected to 20.52.33.123. Escape character… Читать далее AsyncRAT botnet controller @20.52.33.123