The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. ArkeiStealer botnet controller located at 82.148.18.132 on port 80 (using HTTP POST): hXXp://file-file-host4.com/tratata.php $ dig +short file-file-host4.com 82.148.18.132 $ nslookup 82.148.18.132 refrigeramentos01.superservidores.cloud Referencing malware binaries (MD5 hash):… Читать далее ArkeiStealer botnet controller @82.148.18.132
RedLineStealer botnet controller @147.135.248.206
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 147.135.248.206 on port 22603 TCP: $ telnet 147.135.248.206 22603 Trying 147.135.248.206… Connected to 147.135.248.206. Escape character… Читать далее RedLineStealer botnet controller @147.135.248.206
xibersoft.com (SyedsMarketing customer)
This IP address hosts the A record, MX record, and website of the domain xibersoft.com. The owners of this domain hired ROKSO spammer SyedsMarketing to advertise for them. Received: from mail-oi1-f191.google.com (mail-oi1-f191.google.com [209.85.167.191]) Sender: emarketeersgroup03@googlegroups.com Date: Fri, 24 Dec 2021 15:##:## +0500 From: Xiber Soft <promotions.emarketeers02@gmail.com> Subject: Fast & Reliable Web Hosting Services <snip> Get… Читать далее xibersoft.com (SyedsMarketing customer)
Malware botnet controller @194.87.185.85
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 194.87.185.85 on port 443: $ telnet 194.87.185.85 443 Trying 194.87.185.85… Connected to 194.87.185.85. Escape character is… Читать далее Malware botnet controller @194.87.185.85
phish source
Also phish domain on Namecheap: mailerdrop.xyz ============================================================================= Return-Path: <expojtrk@business90.web-hosting.com> Received: from business90-1.web-hosting.com (business90-1.web-hosting.com [162.213.251.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by x (Postfix) with ESMTPS id x for <x>; Sun, 26 Dec 2021 xx:xx:xx +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=exponets.xyz; s=default; h=Date:Sender:Message-Id:From:Content-type: MIME-Version:Subject:To:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=x=; b=x==;… Читать далее phish source
phishing server
20.124.230.180|review-allybank.com|2021-12-26 22:40:55
2019marwahrahad10@googlegroups.com bulletproof spam service via Google Groups
Return-Path: <2019marwahrahad10+[]@googlegroups.com> Received: from mail-oo1-f60.google.com (mail-oo1-f60.google.com [209.85.161.60]) by [] (8.14.7/8.14.7) with ESMTP id [] (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=OK) for []; Sun, 26 Dec 2021 07:[]:[] -0500 Authentication-Results: [] Received: by mail-oo1-f60.google.com with SMTP id [] for []; Sun, 26 Dec 2021 04:[]:[] -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=[]; cv=pass; d=google.com; s=arc-[]; b=[] ARC-Message-Signature: i=2; a=rsa-sha256;… Читать далее 2019marwahrahad10@googlegroups.com bulletproof spam service via Google Groups
phishing server
137.184.107.143|contactinformation-citi.net|2021-12-26 21:50:56 137.184.107.143|wellsfargo1support.com|2021-12-26 21:51:05
RedLineStealer botnet controller @62.182.156.182
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 62.182.156.182 on port 21588 TCP: $ telnet 62.182.156.182 21588 Trying 62.182.156.182… Connected to 62.182.156.182. Escape character… Читать далее RedLineStealer botnet controller @62.182.156.182
phishing sites
20.150.146.54|assistanceaide.com|2021-12-26 04:10:55 20.150.146.54|laposte-auth.fr|2021-12-25 19:50:52 20.150.146.54|laposteauth.fr|2021-12-23 23:21:26 20.150.146.54|paypalauth.fr|2021-12-25 15:06:35 20.150.146.54|securipassinfo.com|2021-12-25 22:00:48 20.150.146.54|usps-alerte.com|2021-12-26 03:55:38