104.131.72.116|citigroupteam.com|2021-12-14 13:01:29 104.131.72.116|citiigroupe.com|2021-12-14 13:01:14 104.131.72.116|citiiiotpzencast.us|2021-12-14 17:01:10 104.131.72.116|citiverification.us|2021-12-13 20:56:07 104.131.72.116|custdashboardcit.com|2021-12-14 14:45:59 104.131.72.116|groupcitey.com|2021-12-13 09:20:59 104.131.72.116|groupofcit.com|2021-12-13 13:01:05 104.131.72.116|teaserdash.com|2021-12-10 13:01:47
RemcosRAT botnet controller @20.114.21.181
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 20.114.21.181 on port 2288 TCP: $ telnet 20.114.21.181 2288 Trying 20.114.21.181… Connected to 20.114.21.181. Escape character… Читать далее RemcosRAT botnet controller @20.114.21.181
CobaltStrike botnet controller @104.41.145.218
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 104.41.145.218 on port 443 TCP: $ telnet 104.41.145.218 443 Trying 104.41.145.218… Connected to 104.41.145.218. Escape character… Читать далее CobaltStrike botnet controller @104.41.145.218
Loki botnet controller @188.166.172.139
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 188.166.172.139 on port 80 (using HTTP POST): hXXp://mail.jithiadaproperties.com/swtnvmbr/logs/fre.php $ dig +short mail.jithiadaproperties.com 188.166.172.139 $ nslookup 188.166.172.139 mail.jithiadaproperties.com Referencing malware binaries (MD5 hash):… Читать далее Loki botnet controller @188.166.172.139
OskiStealer botnet controller @104.21.96.64
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. OskiStealer botnet controller located at 104.21.96.64 on port 80 (using HTTP POST): hXXp://golfhomexpresx.ir/7.jpg $ dig +short golfhomexpresx.ir 104.21.96.64 Referencing malware binaries (MD5 hash): 8fba526b759a51885a2f1a0f26ae040f — AV detection:… Читать далее OskiStealer botnet controller @104.21.96.64
Loki botnet controller @104.21.17.236
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 104.21.17.236 on port 80 (using HTTP POST): hXXp://rhinestone.cc/obino/Panel/five/fre.php $ dig +short rhinestone.cc 104.21.17.236 Referencing malware binaries (MD5 hash): e49fe965fac546dd81864efdb9863399 — AV detection:… Читать далее Loki botnet controller @104.21.17.236
Loki botnet controller @172.67.210.26
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 172.67.210.26 on port 80 (using HTTP POST): hXXp://nedskytrex.xyz/neds/Panel/five/fre.php $ dig +short nedskytrex.xyz 172.67.210.26 Referencing malware binaries (MD5 hash): 4977956f1b99ec1365aefcc4bf506951 — AV detection:… Читать далее Loki botnet controller @172.67.210.26
Phishing sites
80.249.148.176 lloyds-online-i87349019.com 2021-12-14 01:26:02 80.249.148.176 lloyds-online-jk8899445.com 2021-12-14 01:26:02 80.249.148.176 lloyds-online-uk991002.com 2021-12-14 01:46:09 ____________________ Was: 47.251.44.200 accesdmobilecanada64441.com 2021-12-13 01:10:36 47.251.44.200 accesdmobilecanada73454.com 2021-12-13 02:20:42 47.251.44.200 accesdmobilecanada83731.com 2021-12-12 14:40:44 47.251.44.200 accxomptebncdesac.com 2021-12-12 21:30:34 47.251.44.200 accxomptedesactiv01.com 2021-12-12 21:30:43 47.251.44.200 accxomptedesactiv01.online 2021-12-12 01:32:09 47.251.44.200 bncservices1support57327.com 2021-12-12 19:40:57 47.251.44.200 lloyds-online-jk8899445.com 2021-12-13 05:50:51 47.251.44.200 lloyds-online-uk991002.com 2021-12-13 02:36:16 47.251.44.200 mobilecanadasecured73631.com 2021-12-12 02:16:12 47.251.44.200… Читать далее Phishing sites
Malware botnet controller @52.142.161.88
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 52.142.161.88 on port 1285 TCP: $ telnet 52.142.161.88 1285 Trying 52.142.161.88… Connected to 52.142.161.88. Escape character… Читать далее Malware botnet controller @52.142.161.88
phishing sites
116.202.204.90|irs-hx.com|2021-12-09 02:25:44 116.202.204.90|irs.gov-claim3rd.net|2021-12-07 11:46:25 116.202.204.90|irs.gov-css.net|2021-12-02 19:31:27 116.202.204.90|irs.gov-form.net|2021-12-11 15:53:53 116.202.204.90|irs.gov-help.net|2021-12-09 12:33:23 116.202.204.90|irs.gov-main.net|2021-12-06 15:07:33 116.202.204.90|irs.gov-page.net|2021-12-14 00:34:19 116.202.204.90|irs.gov-secure.info|2021-12-13 13:21:48 116.202.204.90|www.irs.gov-refund.net|2021-12-13 17:02:28 116.202.204.90|wellet-login.top|2021-12-06 19:55:54 116.202.204.90|whm.login-wallet.top|2021-12-09 01:52:02