162.0.228.191|accesfailedcard.com|2021-12-02 05:51:03 162.0.228.191|accountwfsuspended.cards|2021-12-02 01:31:17 162.0.228.191|failloginmobile.com|2021-12-02 04:50:48 162.0.228.191|infoalertshelp.com|2021-12-02 04:55:52 162.0.228.191|noticeaccountalerts.cards|2021-12-02 01:16:28 162.0.228.191|updatemessagesinfo.com|2021-12-02 03:51:09 162.0.228.191|wfmemberprotect.com|2021-12-02 05:00:51
Рубрика: namecheap.com
phishing server
66.29.140.235|centerinfowf.cards|2021-11-26 02:50:48 66.29.140.235|clientsprotectonline.cards|2021-11-26 02:46:14 66.29.140.235|infoclearingsecure.cards|2021-11-26 02:46:33 66.29.140.235|onlineindentityactivity.cards|2021-11-26 03:36:19
spam support (domains)
domain used in spam operation gotowebfast.xyz… 63.250.43.134, 63.250.43.135
spam support (domains)
domain used in spam operation gotowebfast.xyz… 63.250.43.134, 63.250.43.135
Loki botnet controller @66.29.151.252
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 66.29.151.252 on port 80 (using HTTP POST): hXXp://66.29.151.252/~nextimageblog/picture.php Referencing malware binaries (MD5 hash): 7b467054ca8f7e9692cd00419d0a1d40 — AV detection: 15 / 63 (23.81)
Malware botnet controller @162.255.117.78
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 162.255.117.78 on port 80 (using HTTP POST): hXXp://requestimedout.com/xenocrates/zoroaster $ dig +short requestimedout.com 162.255.117.78 $ nslookup 162.255.117.78 nc-ph-0580-18.trackpressure.website Referencing malware binaries (MD5 hash):… Читать далее Malware botnet controller @162.255.117.78
Phishing server
199.192.17.50|authonlineaccess.space|2021-11-17 01:50:56 199.192.17.50|connectonlineaccess.click|2021-11-17 01:36:29 199.192.17.50|connectonlinewf.click|2021-11-17 02:25:47 199.192.17.50|infoaccessonline.space|2021-11-17 03:35:57 199.192.17.50|messagewellsalert.space|2021-11-17 03:36:23 199.192.17.50|securecenteraccess.click|2021-11-17 02:25:59 199.192.17.50|securityonlinewf.space|2021-11-17 02:36:08 199.192.17.50|vr00sms.com|2021-11-16 13:07:08 199.192.17.50|wfsecurecenter.click|2021-11-17 04:36:06 199.192.17.50|wfsecurecenter.space|2021-11-17 02:36:19 199.192.17.50|wfsecurityinfo.space|2021-11-17 01:35:59
spam support (domains)
domain used in spam operation v8s4xu9wpgmb6awnaptv.us… 162.255.119.220
spam support (domains)
domain used in spam operation beva67pr.com… 192.64.119.124
Phishing payload against DPD
$ host dpd.uki3o.info dpd.uki3o.info has address 66.29.141.228 SMS content: «DPD: Sorry we’ve missed you, Our driver was unable to deliver your parcel. You can reschedule further delivery options by following here: dpd.uki3o.info» # whois.namecheap.com Domain name: uki3o.info Registry Domain ID: D503300001206249964-LRMS Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 0001-01-01T00:00:00.00Z Creation Date: 2021-11-01T16:31:08.00Z Registrar… Читать далее Phishing payload against DPD