The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 172.67.136.199 on port 80 (using HTTP POST): hXXp://olustgtapi.live/v3/api $ dig +short olustgtapi.live 172.67.136.199 Referencing malware binaries (MD5 hash): a068eb815522d0d3ecc5d868e406ebcb — AV detection:… Читать далее Malware botnet controller @172.67.136.199
Malware botnet controller @172.67.203.26
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 172.67.203.26 on port 443 TCP: $ telnet 172.67.203.26 443 Trying 172.67.203.26… Connected to 172.67.203.26. Escape character… Читать далее Malware botnet controller @172.67.203.26
Malware botnet controller @172.67.191.179
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 172.67.191.179 on port 443 TCP: http://elv-config.xyz/gate/init.php $ telnet 172.67.191.179 443 Trying 172.67.191.179… Connected to 172.67.191.179. Escape… Читать далее Malware botnet controller @172.67.191.179
AsyncRAT botnet controller @3.138.180.119
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 3.138.180.119 on port 18729 TCP: $ telnet 3.138.180.119 18729 Trying 3.138.180.119… Connected to 3.138.180.119. Escape character… Читать далее AsyncRAT botnet controller @3.138.180.119
Spam source
141.95.142.0 ip0.ip-141-95-142.eu «s3.valuesliving.co.uk» 2021-12-04T21:40:00Z (+/-10 min) 141.95.142.27 ip27.ip-141-95-142.eu «s30.valuesliving.co.uk» 2021-12-04T22:30:00Z (+/-10 min) 141.95.142.48 ip48.ip-141-95-142.eu «s51.valuesliving.co.uk» 2021-12-04T21:10:00Z (+/-10 min) 141.95.142.76 ip76.ip-141-95-142.eu «s79.valuesliving.co.uk» 2021-12-04T21:40:00Z (+/-10 min) 141.95.142.102 ip102.ip-141-95-142.eu «s105.valuesliving.co.uk» 2021-12-04T22:00:00Z (+/-10 min) 141.95.142.179 ip179.ip-141-95-142.eu «s182.valuesliving.co.uk» 2021-12-04T22:40:00Z (+/-10 min) 141.95.142.198 ip198.ip-141-95-142.eu «s201.valuesliving.co.uk» 2021-12-04T21:50:00Z (+/-10 min) 141.95.142.223 ip223.ip-141-95-142.eu «s226.valuesliving.co.uk» 2021-12-04T21:20:00Z (+/-10 min) 141.95.142.235 ip235.ip-141-95-142.eu «s238.valuesliving.co.uk» 2021-12-04T21:50:00Z (+/-10 min) 141.95.142.245… Читать далее Spam source
spam source
52.19.172.15 storagegenie2.dyndns.info «storagegenie2.dyndns.info» 2021-12-04T22:40:00Z (+/-10 min) 52.19.172.15/32 (52.19.172.15 .. 52.19.172.15) == Sample ========================== Received: from vidavo.eu (ec2-3-35-173-90.ap-northeast-2.compute.amazonaws.com [3.35.173.90]) by storagegenie2.dyndns.info (Postfix) with ESMTPA id .*121.* for <.*>; .* Reply-To: jciaramella@saccoflllas.com From: .* <donotreply@vidavo.eu> To: .* Subject: COVID19 .* Lottery Annoucement Date: .* Message-ID: <202112042.*2.*@vidavo.eu> MIME-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML> <html><head><title></title> <meta http-equiv=3D»X-UA-Compatible»… Читать далее spam source
phishing server
verifyacademy.com has address 64.225.50.108 Getting started — Online Enrollment — chase.com
irs phishing server
20.211.18.173|cov-impact.tax-revservice.com|2021-12-01 10:03:39 20.211.18.173|irs-gov.cov-social-getpayment.online|2021-12-01 16:36:04 20.211.18.173|irs-gov.economic-impact-fund-assistance.com|2021-12-04 21:55:42 20.211.18.173|irs-gov.us-economic-impact-tax-relief.com|2021-12-01 14:35:26 20.211.18.173|irs.gov-economic-impact-assistance.com|2021-11-29 15:08:05 20.211.18.173|irs.page-validation-aid-donations.com|2021-12-03 13:45:21 20.211.18.173|irs.us-eligible-aid-donations.com|2021-12-03 13:45:24 20.211.18.173|me.funds-assistance.com|2021-12-04 21:54:15 20.211.18.173|tax-revservice.com|2021-12-04 01:40:54 20.211.18.173|third-impact.cov-taxes.batalyoncompany.com|2021-12-01 12:11:46 20.211.18.173|third-informations.tax-reservices.com|2021-12-04 21:43:07 20.211.18.173|www.cov-social-getpayment.online|2021-12-01 16:40:03 20.211.18.173|www.me.funds-assistance.com|2021-12-02 14:16:42
Phish source
[!] This SBL record is to show an example of ongoing network abuse. It currently is not being published in the SBL list, but is instead being presented on the webpage so that the network owner has evidence to investigate and correct the problem. w 209.85.208.66 mail-ed1-f66.google.com «mail-ed1-f66.google.com» 2021-12-04T18:20:00Z (+/-10 min) w 209.85.208.67 mail-ed1-f67.google.com «mail-ed1-f67.google.com»… Читать далее Phish source
Phish source
[!] This SBL record is to show an example of ongoing network abuse. It currently is not being published in the SBL list, but is instead being presented on the webpage so that the network owner has evidence to investigate and correct the problem. w 209.85.208.66 mail-ed1-f66.google.com «mail-ed1-f66.google.com» 2021-12-04T18:20:00Z (+/-10 min) w 209.85.208.67 mail-ed1-f67.google.com «mail-ed1-f67.google.com»… Читать далее Phish source