domain used in phishing attack. phras-info.xyz|104.21.16.168
Phish spam site @192.99.34.40
Received: from fujimaru.org ([157.65.164.67]) by [] with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.95) (envelope-from <admin@fujimaru.org>) id [] for []; Tue, 11 Jan 2022 23:0x:xx +0000 Received: from unknown (HELO www.outlook.com) (admin@fujimaru.org@45.76.48.56) by dc63.etius.jp (157.65.164.67) with ESMTPA; 12 Jan 2022 08:0x:xx +0900 Reply-To: hello.equipe@hotmail.com From: «CanadaPost*» <admin@fujimaru.org> Subject: Delivery Notification for Item / Avis de livraison… Читать далее Phish spam site @192.99.34.40
Malware botnet controller @172.67.131.70
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 172.67.131.70 on port 80 (using HTTP GET): hXXp://loftui.xyz/cookie/useStatistics/count $ dig +short loftui.xyz 172.67.131.70 Referencing malware binaries (MD5 hash): b3ea5c5e439b8ab445dd8d2f0c41c631 — AV detection:… Читать далее Malware botnet controller @172.67.131.70
Phish spam site @52.216.30.46
Received: from fujimaru.org ([157.65.164.67]) by [] with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.95) (envelope-from <admin@fujimaru.org>) id [] for []; Tue, 11 Jan 2022 23:0x:xx +0000 Received: from unknown (HELO www.outlook.com) (admin@fujimaru.org@45.76.48.56) by dc63.etius.jp (157.65.164.67) with ESMTPA; 12 Jan 2022 08:0x:xx +0900 Reply-To: hello.equipe@hotmail.com From: «CanadaPost*» <admin@fujimaru.org> Subject: Delivery Notification for Item / Avis de livraison… Читать далее Phish spam site @52.216.30.46
Abused / misconfigured newsletter service (listbombing)
The host at this IP address is being (ab)used to «listbomb» email addresses: From: Ελένη από την Typografos.Gr <TypografosGr.newsletter@gmail.com> Subject: ☕️Μόνο για λίγες μέρες σε περιμένουν…Τι είνα Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and… Читать далее Abused / misconfigured newsletter service (listbombing)
OskiStealer botnet controller @104.21.62.142
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. OskiStealer botnet controller located at 104.21.62.142 on port 80 (using HTTP POST): hXXp://modexdeals.ir/7.jpg $ dig +short modexdeals.ir 104.21.62.142 Referencing malware binaries (MD5 hash): 0a7b9a3a120d129f53edd0c6fa2564b2 — AV detection:… Читать далее OskiStealer botnet controller @104.21.62.142
bitcoin scammer landing sites.
94.26.249.141 is currently in use as a nameserver for spamvertized domains. This enables the resolving of spammed domains to the actual websites. This SBL record can only be removed if 94.26.249.141 stops answering DNS queries for spamvertized domain names. 1 Nameservers seen on 94.26.249.141: S1.AVER.HOST — ada-fund.io — ada-gift.io — ada21give.info — adaceo21.net — adaceo21.org… Читать далее bitcoin scammer landing sites.
Malware botnet controller @52.67.194.250
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 52.67.194.250 on port 80 (using HTTP GET): hXXp://ec2-52-67-194-250.sa-east-1.compute.amazonaws.com/INFECT_JANEIRO01/xcvbnhjuiyrtrtrt.php $ dig +short ec2-52-67-194-250.sa-east-1.compute.amazonaws.com 52.67.194.250 $ nslookup 52.67.194.250 ec2-52-67-194-250.sa-east-1.compute.amazonaws.com Referencing malware binaries (MD5 hash):… Читать далее Malware botnet controller @52.67.194.250
RedLineStealer botnet controller @65.108.76.11
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 65.108.76.11 on port 37014 TCP: $ telnet 65.108.76.11 37014 Trying 65.108.76.11… Connected to 65.108.76.11. Escape character… Читать далее RedLineStealer botnet controller @65.108.76.11
RedLineStealer botnet controller @65.108.20.184
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 65.108.20.184 on port 13650 TCP: $ telnet 65.108.20.184 13650 Trying 65.108.20.184… Connected to 65.108.20.184. Escape character… Читать далее RedLineStealer botnet controller @65.108.20.184