microsoft.com — Страница 9

Malicious DNS server. eyopolis.biz

20.83.234.89 is currently in use as a nameserver for spamvertized domains. This enables the resolving of spammed domains to the actual websites. This SBL record can only be removed if 20.83.234.89 stops answering DNS queries for spamvertized domain names. 2 Nameservers seen on 20.83.234.89: NS1.EYOPOLIS.BIZ — 19ero.com — 5star-equipment.com — adauthservices.com — adcldservices.com — adminauthserve.com… Читать далее Malicious DNS server. eyopolis.biz

Spam MX services (intremedy.com) (OMICS)

This IP address hosts the A record of the domain intremedy.com, which belongs to Remedy Publishing, aka oMICS. OMICS is a publisher of «open-access» journals that solicits contributions and (by implication) subscriptions through spam sent to scraped, purchased and appended lists. OMICS provides no other means to contact them in the spam email below except… Читать далее Spam MX services (intremedy.com) (OMICS)

Spam MX services (intremedy.com) (OMICS)

Malware botnet controller @20.124.183.185

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 20.124.183.185 on port 26457 TCP: $ telnet 20.124.183.185 26457 Trying 20.124.183.185… Connected to 20.124.183.185. Escape character… Читать далее Malware botnet controller @20.124.183.185

RedLineStealer botnet controller @137.117.100.173

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 137.117.100.173 on port 36513 TCP: $ telnet 137.117.100.173 36513 Trying 137.117.100.173… Connected to 137.117.100.173. Escape character… Читать далее RedLineStealer botnet controller @137.117.100.173

phishing server

20.127.126.140|auth-14wells.com|2022-01-23 08:01:21 20.127.126.140|secure-24citi.com|2022-01-22 03:50:51 20.127.126.140|secure-38wells.com|2022-01-23 06:50:47

phishing server

52.186.141.196|ally02b.com|2022-01-20 01:11:12 52.186.141.196|allysec01b.com|2022-01-20 02:06:21 52.186.141.196|allysecured.com|2022-01-20 03:07:01 52.186.141.196|citi01online.com|2022-01-19 23:13:20 52.186.141.196|citi101sec.com|2022-01-20 02:21:36 52.186.141.196|citionlineb1.com|2022-01-18 00:46:37 52.186.141.196|citionlinesec01.com|2022-01-16 21:36:41 52.186.141.196|citirestore0.com|2022-01-17 20:11:28 52.186.141.196|citirestore01.com|2022-01-17 21:06:29 52.186.141.196|pnc01b.com|2022-01-18 07:01:39 52.186.141.196|pnc12.com|2022-01-18 22:31:28 52.186.141.196|pnconline01b.com|2022-01-18 22:31:29 52.186.141.196|usbank02b.com|2022-01-17 22:16:28 52.186.141.196|usbank03b.com|2022-01-21 21:36:23 52.186.141.196|usbank12.com|2022-01-18 03:46:02 52.186.141.196|usbanksecure01b.com|2022-01-21 21:36:25 52.186.141.196|wells-fargo7.com|2022-01-23 17:30:56 52.186.141.196|wells-secure05.com|2022-01-22 16:12:02 52.186.141.196|wellsecure12.com|2022-01-23 16:35:54 52.186.141.196|wellsfargo-9.com|2022-01-23 17:30:52

phishing server

52.149.161.172|citirestoredb.com|2022-01-18 01:31:17 52.149.161.172|pncb2.com|2022-01-22 03:01:16 52.149.161.172|pncbanksec01b.com|2022-01-22 02:11:12 52.149.161.172|usbank9.com|2022-01-25 05:26:03 52.149.161.172|usbank92b.com|2022-01-22 11:40:48 52.149.161.172|usbankse0b.com|2022-01-21 23:51:21 52.149.161.172|usbanksec01b.com|2022-01-21 22:31:26 52.149.161.172|wellsfargo01b.com|2022-01-22 03:51:12 52.149.161.172|wellsfargo9d.com|2022-01-22 04:20:53

phishing server

20.110.23.194|centersecurity2go.hopto.org|2022-01-23 10:03:54 20.110.23.194|mychaseonlinesecure.com|2022-01-24 02:46:43 20.110.23.194|wellsfargo2go.com|2022-01-22 17:16:35