The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 194.87.185.11 on port 443: $ telnet 194.87.185.11 443 Trying 194.87.185.11… Connected to 194.87.185.11. Escape character is… Читать далее Malware botnet controller @194.87.185.11
tracking.supercool.email (Canonical: tracking.mailzapp.io)
Bulk emailer mailzapp.io is operating a tracking host for bulk emails that they send on several IP addresses at OVH. Their customer supercool.email is sending spam to a list scraped from Whois records and other sources, possibly purchased from a third party. Spamhaus has seen occasional spamtrap hits from mailzapp.io, but so far this is… Читать далее tracking.supercool.email (Canonical: tracking.mailzapp.io)
phishing server
167.172.229.183|dappproblemconnect.report|2021-12-31 01:45:56
charity.thrivecart.com
This URI appears in spam sent through mailzapp.io. The domain supercool.email is sending spam to a list scraped from Whois records and other sources, possibly purchased from a third party. This URI receives responses to that spam. This URI is hosted on four different IP addresses at Amazon AWS. Amazon: please engage with your customer… Читать далее charity.thrivecart.com
Phish source @54.173.5.223
Received: from 711250.cloudwaysapps.com (ec2-54-173-5-223.compute-1.amazonaws.com [54.173.5.223])
Malware botnet controller @65.21.234.58
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 65.21.234.58 on port 8080 (using HTTP GET): hXXp://65.21.234.58/pm $ nslookup 65.21.234.58 65-21-234-58.serverhub.ru Referencing malware binaries (MD5 hash): 3d2de2a6844ccb71b796ea8d45d425fc — AV detection: 34… Читать далее Malware botnet controller @65.21.234.58
Spamvertised website
2021-12-31 gotogml.com. 60 IN A 95.213.216.206 2021-12-29 gotogml.com. 60 IN A 185.43.4.203 2021-12-29 gotogml.com. 57 IN A 185.246.64.136 Received: from quaehdbsf.newdom.com (20.123.64.64) From: [] 🧡🧡 <> Subject: FWD: Aktiv og større penis. Vær klar til å ha det gøy når du bare vil…. ✔️✔️🍆 Date: Tue, 28 Dec 2021 12:0x:xx +0000 http://gotogml.com/rd/[] gotogml.com. 60 IN… Читать далее Spamvertised website
Credit card fraud gang hosting (DNS): zuganov-lox.ru (hacked-paypal-accounts-dump.ru / fe-shop.su / vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.)
ns1.zuganov-lox.ru. 14400 IN A 185.60.134.205 ns2.zuganov-lox.ru. 14400 IN A 213.189.220.165 ____________________ Was: ns1.zuganov-lox.ru. 14400 IN A 185.43.6.204 ns2.zuganov-lox.ru. 14400 IN A 213.189.220.165 ____________________ Was: ns1.zuganov-lox.ru. 14400 IN A 185.243.56.182 ns2.zuganov-lox.ru. 14400 IN A 213.189.220.165 ____________________ Was: ns1.zuganov-lox.ru. 14400 IN A 185.158.153.46 ns2.zuganov-lox.ru. 14400 IN A 213.189.220.165 ____________________ Was: ns1.zuganov-lox.ru. 14400 IN A 91.243.57.184 ns2.zuganov-lox.ru. 14400… Читать далее Credit card fraud gang hosting (DNS): zuganov-lox.ru (hacked-paypal-accounts-dump.ru / fe-shop.su / vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.)
spam emitters
Received: from s4.sergonet.ru (sergonet.ru [5.188.128.202]) Date: Thu, 30 Dec 2021 20:2x:xx +0000 From: Aleksandr <info@s4.sergonet.ru> Subject: Предложение 5.188.128.202 sergonet.ru 5.188.128.203 trebonow.ru 5.188.128.204 derwerer.ru 5.188.128.205 welbryh.ru 5.188.128.206 yeremont.ru
Malware distribution @46.105.81.76
The host at this IP address is currently being used to distribute malware. Malware distribution located here: hXXp://46.105.81.76/44561.4718606481.dat2 $ nslookup 46.105.81.76 ip76.ip-46-105-81.eu