The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Socelars botnet controller located at 178.18.250.204 on port 80 (using HTTP POST): hXXp://www.assassinsx.com/ $ dig +short www.assassinsx.com 178.18.250.204 $ nslookup 178.18.250.204 vmi707598.contaboserver.net Referencing malware binaries (MD5 hash):… Читать далее Socelars botnet controller @178.18.250.204
phish
xd94q.hp.peraichi.com [13.249.74.34]
Malware botnet controllers @194.87.185.60
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 194.87.185.60 on port 443: $ telnet 194.87.185.60 443 Trying 194.87.185.60… Connected to 194.87.185.60. Escape character is… Читать далее Malware botnet controllers @194.87.185.60
domain scam source
srv.domainmu.net. 86400 IN A 5.45.123.208 domainmu.net. 172799 IN NS ns1.domainmu.net. domainmu.net. 172799 IN NS ns2.domainmu.net. ns1.domainmu.net. 172799 IN A 5.45.123.208 ns2.domainmu.net. 172799 IN A 5.45.123.208 ===================================================================================== Return-Path: <info@domainmu.net> Received: from host.domainmu.net (HELO srv.domainmu.net) (5.45.123.208) by x (x) with (AES128-SHA encrypted) ESMTPS; Tue, 11 Jan 2022 xx:xx:xx +0000 Received: from [127.0.0.1] DKIM-Filter: OpenDKIM Filter v2.11.0 srv.domainmu.net… Читать далее domain scam source
Abused / misconfigured newsletter service (listbombing)
The host at this IP address is being (ab)used to «listbomb» email addresses: From: Quirk Chevrolet MA <leads@chevy.quirkautodealers.net> Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk email campaigns. Problem resolution ============================ In order to… Читать далее Abused / misconfigured newsletter service (listbombing)
spam support (domains)
domain used in spam operation www.icoxi.shop… 198.54.116.205
spam support (domains)
domain used in spam operation 45g5689kl8.xyz… 63.250.43.16, 63.250.43.15
Cybercriminal carding gang at cvv-net.su, cvv-ru.su etc.
Stolen credit card data websites: 128.199.150.3 cvv-ru.su 2022-01-11 03:09:19 128.199.150.3 cvvme-shop.su 2022-01-11 03:09:11 _____________________ Was: 92.222.241.68 cvv-market.su 2022-01-08 23:40:56 92.222.241.68 cvv-online.su 2022-01-09 10:42:07 92.222.241.68 cvv-ru.su 2022-01-09 21:50:04 92.222.241.68 cvvme-shop.su 2022-01-09 21:49:55 _____________________ Was: 216.73.159.105 cvv-com.su 2022-01-06 17:12:02 216.73.159.105 cvv-market.su 2022-01-06 17:11:42 216.73.159.105 cvv-online.su 2022-01-06 17:11:26 216.73.159.105 cvv-pro.su 2022-01-07 06:12:34 216.73.159.105 cvv-ru.su 2022-01-06 16:56:39 216.73.159.105 cvvme-shop.su… Читать далее Cybercriminal carding gang at cvv-net.su, cvv-ru.su etc.
Malware botnet controllers @194.87.185.12
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 194.87.185.12 on port 443: $ telnet 194.87.185.12 443 Trying 194.87.185.12… Connected to 194.87.185.12. Escape character is… Читать далее Malware botnet controllers @194.87.185.12
Spam Emitter (Dolphin’s Group)
Dolphin’s Group, a Kenya-based provider of business training, is spamming from this IP address. This company has many previous SBL listings. Received: from vps-e374eaac.vps.ovh.ca (vps-e374eaac.vps.ovh.ca [139.99.90.202]) Date: Mon, 10 Jan 2022 14:##:## +0300 From: «Bernice Kanini» <bernice.kanini@excellent-trainings.co.ke> Subject: JAN 2022 MOMBASA and NAIROBI Excellent Trainings for You….. <snip> Greetings, Happy New Year! Select below; your… Читать далее Spam Emitter (Dolphin’s Group)