The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. OskiStealer botnet controller located at 172.67.171.239 on port 80 (using HTTP POST): hXXp://oilproduce.xyz/6.jpg $ dig +short oilproduce.xyz 172.67.171.239 Referencing malware binaries (MD5 hash): 6a51b8b71173219c11f735c7ad16f741 — AV detection:… Читать далее OskiStealer botnet controller @172.67.171.239
Spamvertised website
Received: from eaquegmhjm.cloudfront.net (20.68.129.110) From: Collagen, Collagen, <noreply@info.dnb.no> Subject: 𝟔 𝐠𝐨𝐝𝐞 𝐠𝐫𝐮𝐧𝐧𝐞𝐫 𝐭𝐢𝐥 å 𝐭𝐚 𝐂𝐨𝐥𝐥𝐚𝐠𝐞𝐧 𝐏𝐥𝐮𝐬 Date: Mon, 06 Dec 2021 10:5x:xx +0000 http://nadisdh.com/rd/[] 188.120.247.225 https://www.explicitcrackbeams.com/[]/?sub1=10&sub2=[]&sub3=[] 209.236.123.241 http://www6.andromedanebula.com/?[] 35.186.238.101
spam emitters
Received: from s12.megojom.ru (46.148.224.235 [46.148.224.235]) Date: Mon, 6 Dec 2021 10:2x:xx +0000 From: Aleksandr <info@s12.megojom.ru> Subject: Предложение 46.148.224.234 grehemon.ru 46.148.224.235 megojom.ru 46.148.224.236 tefalongo.ru 46.148.224.237 eseneno.ru 46.148.224.238 derwerer.r
spam emitter @54.186.136.108
Received: from mail.webeyp.net (124.70.2.218) by MW2NAM04FT038.mail.protection.outlook.com (10.13.31.135) with Microsoft SMTP Server id 15.20.4755.13 via Frontend Transport; Mon, 6 Dec 2021 05:4x:xx +0000 Received: from EC2AMAZ-6HIISNT.us-west-2.compute.internal (ec2-54-186-136-108.us-west-2.compute.amazonaws.com [54.186.136.108]) by mail.webeyp.net (Postfix) with ESMTPSA id []; Mon, 6 Dec 2021 11:2x:xx +0800 (CST) Subject: Re: Can You Be Trusted? From: «Miss. Zahra Husameddine» <akademia@golf.lublin.pl> Date: Mon, 06… Читать далее spam emitter @54.186.136.108
Spamvertised website
2021-12-06 https://llce.top/index.php/campaigns/[] 45.45.216.214 https://track.helloproducts4you.com/3[] 18.196.84.70 https://winnerscontest.com/nep88/22/ 162.0.217.49 2021-12-03 https://llce.top/index.php/campaigns/[] 45.45.216.214 https://track.helloproducts4you.com/3[] 18.196.84.70 https://thecontestwinners.com/nep81/22/ 162.0.217.80 Received: from llce.top (45.45.216.214) Date: Thu, 02 Dec 2021 09:0x:xx +0000 Subject: Skann datamaskinen med Norton Secured From: Norton AntiVirus <mail@luckyjackpot4you.com> https://llce.top/index.php/campaigns/[] 45.45.216.214 https://track.helloproducts4you.com/3[] 18.196.84.70 https://contestwinpros.com/nep80/22/ 162.0.217.38
Malware botnet controller @82.146.57.170
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 82.146.57.170 on port 80 (using HTTP GET): hXXp://82.146.57.170/gate.php $ nslookup 82.146.57.170 peterverihin4.fvds.ru Referencing malware binaries (MD5 hash): 35718909f91d0229ab56cb060cb2284f — AV detection: 6… Читать далее Malware botnet controller @82.146.57.170
Malware botnet controller @212.109.199.95
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 212.109.199.95 on port 80 (using HTTP POST): hXXp://212.109.199.95/collector.php $ nslookup 212.109.199.95 peterverihin.fvds.ru Referencing malware binaries (MD5 hash): 35718909f91d0229ab56cb060cb2284f — AV detection: 6… Читать далее Malware botnet controller @212.109.199.95
Malware distribution @95.213.165.235
The host at this IP address is currently being used to distribute malware. Malware distribution located here: hXXp://petknorra.com/index.php petknorra.com. 600 IN A 95.213.165.235 Referencing malware binaries (MD5 hash): 4e221de7e53d00818f4bd091ee3f85a6 — AV detection: 25 / 67 (37.31)
amazon phish
membershipreview01.com thru membershipreview10.com [23.236.62.147]
Malware botnet controller @199.192.28.234
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 199.192.28.234 on port 80 (using HTTP GET): hXXp://199.192.28.234/Topythongenerator.php Referencing malware binaries (MD5 hash): 137d5286d38aaa5cb169e90191a1afb7 — AV detection: 36 / 69 (52.17) 1ed0df983721ede9cfb0faef8b515316… Читать далее Malware botnet controller @199.192.28.234