domain used in spam operation 45g5689kl8.xyz… 63.250.43.16, 63.250.43.15
Рубрика: namecheap.com
spam support (domains)
domain used in spam operation icoxi.com/product/handle-150-degree-swivel-nail-clipper-with-led-light
spam support (domains)
domain used in spam operation 67ikjt6yjky.xyz… 63.250.43.133, 63.250.43.132
phishing server
bi-tly.com != bit.ly or bitly.com 66.29.153.102|24supp.com|2022-01-01 02:00:54 66.29.153.102|2secucitr5a.com|2022-01-02 11:28:40 66.29.153.102|5securcit7.com|2021-12-31 08:45:24 66.29.153.102|997support.com|2022-01-01 08:11:18 66.29.153.102|accesslogin.live|2022-01-03 01:37:51 66.29.153.102|accountupdateboa.com|2022-01-03 01:36:38 66.29.153.102|accountupdateusbank.com|2022-01-01 22:35:46 66.29.153.102|awscitl6z.com|2022-01-02 03:00:59 66.29.153.102|bankofamericasecure.ml|2021-12-31 13:26:03 66.29.153.102|bi-tly.com|2021-12-24 02:06:36 66.29.153.102|boasavingorchecking.com|2022-01-03 03:36:26 66.29.153.102|caligov-prepaidprocessing.com|2021-12-28 23:00:47 66.29.153.102|chase-privacy.com|2021-12-23 10:18:51 66.29.153.102|citib.online|2022-01-03 01:11:21 66.29.153.102|citizensupdate.xyz|2022-01-02 19:20:54 66.29.153.102|confirm0b.com|2021-12-22 11:22:51 66.29.153.102|contactinformation-citi.com|2021-12-26 21:35:49 66.29.153.102|httpsadminpersonal5serveirc.com|2022-01-03 01:58:10 66.29.153.102|infomationupdatewellsfargo.com|2021-12-29 11:29:44 66.29.153.102|informationupdated.com|2021-12-30 22:36:18 66.29.153.102|jpmchasesecure.ml|2021-12-30 19:37:00 66.29.153.102|localbittcoin.com|2021-12-26 10:16:11 66.29.153.102|localsupport247.com|2021-12-27 10:45:21 66.29.153.102|mytmohelp.com|2022-01-03 02:24:28 66.29.153.102|mytmosupport.com|2022-01-02 01:47:38… Читать далее phishing server
Malware botnet controller @68.65.120.238
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 68.65.120.238 on port 80 (using HTTP GET): hXXp://axieinfirity.xyz/vidacha_settings.php $ dig +short axieinfirity.xyz 68.65.120.238 $ nslookup 68.65.120.238 server106-5.web-hosting.com Referencing malware binaries (MD5 hash):… Читать далее Malware botnet controller @68.65.120.238
phish source
Also phish domain on Namecheap: mailerdrop.xyz ============================================================================= Return-Path: <expojtrk@business90.web-hosting.com> Received: from business90-1.web-hosting.com (business90-1.web-hosting.com [162.213.251.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by x (Postfix) with ESMTPS id x for <x>; Sun, 26 Dec 2021 xx:xx:xx +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=exponets.xyz; s=default; h=Date:Sender:Message-Id:From:Content-type: MIME-Version:Subject:To:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=x=; b=x==;… Читать далее phish source
Spamvertised website
2021-12-06 https://llce.top/index.php/campaigns/[] 45.45.216.214 https://track.helloproducts4you.com/3[] 18.196.84.70 https://winnerscontest.com/nep88/22/ 162.0.217.49 2021-12-03 https://llce.top/index.php/campaigns/[] 45.45.216.214 https://track.helloproducts4you.com/3[] 18.196.84.70 https://thecontestwinners.com/nep81/22/ 162.0.217.80 Received: from llce.top (45.45.216.214) Date: Thu, 02 Dec 2021 09:0x:xx +0000 Subject: Skann datamaskinen med Norton Secured From: Norton AntiVirus <mail@luckyjackpot4you.com> https://llce.top/index.php/campaigns/[] 45.45.216.214 https://track.helloproducts4you.com/3[] 18.196.84.70 https://contestwinpros.com/nep80/22/ 162.0.217.38
Malware botnet controller @199.192.28.234
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 199.192.28.234 on port 80 (using HTTP GET): hXXp://199.192.28.234/Topythongenerator.php Referencing malware binaries (MD5 hash): 137d5286d38aaa5cb169e90191a1afb7 — AV detection: 36 / 69 (52.17) 1ed0df983721ede9cfb0faef8b515316… Читать далее Malware botnet controller @199.192.28.234
Spamvertised website
2021-12-03 https://llce.top/index.php/campaigns/[] 45.45.216.214 https://track.helloproducts4you.com/3[] 18.196.84.70 https://thecontestwinners.com/nep81/22/ 162.0.217.80 Received: from llce.top (45.45.216.214) Date: Thu, 02 Dec 2021 09:0x:xx +0000 Subject: Skann datamaskinen med Norton Secured From: Norton AntiVirus <mail@luckyjackpot4you.com> https://llce.top/index.php/campaigns/[] 45.45.216.214 https://track.helloproducts4you.com/3[] 18.196.84.70 https://contestwinpros.com/nep80/22/ 162.0.217.38
Spamvertised website
Received: from llce.top (45.45.216.214) Date: Thu, 02 Dec 2021 09:0x:xx +0000 Subject: Skann datamaskinen med Norton Secured From: Norton AntiVirus <mail@luckyjackpot4you.com> https://llce.top/index.php/campaigns/[] 45.45.216.214 https://track.helloproducts4you.com/3[] 18.196.84.70 https://contestwinpros.com/nep80/22/ 162.0.217.38