citi-secured02d.com 2021-12-26 00:07:39 citi-secured03d.com 2021-12-26 00:07:39 citi-secured05d.com 2021-12-26 00:07:39 citi-secured06d.com 2021-12-25 23:51:32 citi-secured01d.com 2021-12-25 23:51:32 citi-secured04d.com 2021-12-25 23:36:32 citi-secured02d.com has address 35.231.104.239 citi-secured03d.com has address 35.231.104.239 citi-secured05d.com has address 35.231.104.239 citi-secured06d.com has address 35.231.104.239 citi-secured01d.com has address 35.231.104.239 citi-secured04d.com has address 35.231.104.239
Malware botnet controller @45.140.167.13
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. CryptBot botnet controller located at 45.140.167.13 on port 80 (using HTTP POST): hXXp://morqag06.top/index.php liochi08.top. 600 IN A 45.140.167.13 liogyl18.top. 600 IN A 45.140.167.13 liozml09.top. 600 IN A… Читать далее Malware botnet controller @45.140.167.13
Malware botnet controller @45.140.167.2
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 45.140.167.2 on port 443: $ telnet 45.140.167.2 443 Trying 45.140.167.2… Connected to 45.140.167.2. Escape character is… Читать далее Malware botnet controller @45.140.167.2
phishing server
69.55.59.210|citi-secure09.com|2021-12-25 01:10:50 69.55.59.210|secure-authciti.com|2021-12-25 18:00:55 69.55.59.210|secure-authwells.com|2021-12-25 19:55:50 69.55.59.210|securebankofamerica93.com|2021-12-25 03:26:28
Spam Emitter (aomedtextmailjn.com) (OMICS)
This IP address is sending spam for OMICS (aka Remedy Putlications, aka Austin Publishing, and others) advertising its «open-access» journals. The spam is sent to scraped, purchased, or appended lists. DigitalOcean: OMICS appears to be running riot in your VPS ranges. Please find out the account name(s), connecting IPs, and other identifying information used by… Читать далее Spam Emitter (aomedtextmailjn.com) (OMICS)
Spam Dropbox/Replies Domain (clinicsinoncology.com) (OMICS)
Cloudflare hosts the domain clinicsinoncology.com, which belongs to OMICS and is used to receive replies to spam. The domain appears in email addresses in the message bodies of OMICS spam. OMICS (aka Remedy Putlications, aka Austin Publishing, and others) is an open access publisher of academic, medical and scientific journals. It recruits contributions to its… Читать далее Spam Dropbox/Replies Domain (clinicsinoncology.com) (OMICS)
Spam Emitter (ciomailjn.com) (OMICS)
This IP address is sending spam for OMICS (aka Remedy Putlications, aka Austin Publishing, and others) advertising its «open-access» journals. The spam is sent to scraped, purchased, or appended lists. OMICS claims that these journals are peer-reviewed, but they are of dubious reputation. DigitalOcean: OMICS appears to be running riot in your VPS ranges. Please… Читать далее Spam Emitter (ciomailjn.com) (OMICS)
RedLineStealer botnet controller @95.143.178.139
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 95.143.178.139 on port 9006 TCP: $ telnet 95.143.178.139 9006 Trying 95.143.178.139… Connected to 95.143.178.139. Escape character… Читать далее RedLineStealer botnet controller @95.143.178.139
BitRAT botnet controller @20.124.111.166
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 20.124.111.166 on port 2223 TCP: $ telnet 20.124.111.166 2223 Trying 20.124.111.166… Connected to 20.124.111.166. Escape character… Читать далее BitRAT botnet controller @20.124.111.166
Abused crypto currency mining pool
The host at this IP address is running a crypto currency mining pool that is currently being abused by cybercriminals for mining crypto currencies on malware infected computers. The following information should be sufficient for the identification and suspension of the abusive users: {«id»:1,»jsonrpc»:»2.0″,»method»:»login»,»params»:{«login»:»87rRyMkZM4pNgAZPi5NX3DdxksaoNgd7bZUBVe3A9uemAhxc8EQJ6dAPZg2mYTwoezgJWNfTpFFmnVYWXqcNDMhLF7ihFgM.wn29601″,»pass»:»x»,»agent»:»XMRig/6.13.1 (Windows NT 10.0; Win64; x64) libuv/1.41.0 msvc/2019″,»algo»:[«cn/1″,»cn/2″,»cn/r»,»cn/fast»,»cn/half»,»cn/xao»,»cn/rto»,»cn/rwz»,»cn/zls»,»cn/double»,»cn-lite/1″,»cn-heavy/0″,»cn-heavy/tube»,»cn-heavy/xhv»,»cn-pico»,»cn-pico/tlo»,»cn/ccx»,»cn/upx2″,»rx/0″,»rx/wow»,»rx/arq»,»rx/sfx»,»rx/keva»,»argon2/chukwa»,»argon2/chukwav2″,»argon2/ninja»,»astrobwt»]}}