The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Smoke Loader botnet controller located at 195.24.68.11 on port 80 (using HTTP POST): http://witra.ru/upload/ witra.ru. 3600 IN A 91.189.114.12 $ dig +short -x 91.189.114.12 wcarp.hosting.nic.ru.
phishing server
137.184.84.40|online03a-citi-secure-login-site.com|2021-12-04 19:05:51 137.184.84.40|online03c-citi-secure-login-site.com|2021-12-04 19:35:53 137.184.84.40|online04a-citi-secure-login-site.com|2021-12-04 19:58:32 137.184.84.40|online04c-citi-secure-login-site.com|2021-12-04 20:11:11
phishing server
146.148.94.142|boa-user.com|2021-12-04 18:55:42 146.148.94.142|citi-offer.com|2021-12-04 17:55:51 146.148.94.142|citi-secures.com|2021-12-04 17:36:09
Malware botnet controller @207.244.237.176
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 207.244.237.176 on port 80 (using HTTP GET): hXXp://ccf9ba3695b15b4f0787e6290e0f63allcomejroo839jxi13.xyz/API/Clipper/hr627gzk.php $ dig +short ccf9ba3695b15b4f0787e6290e0f63allcomejroo839jxi13.xyz 207.244.237.176 $ nslookup 207.244.237.176 us.bomj.top Referencing malware binaries (MD5 hash):… Читать далее Malware botnet controller @207.244.237.176
spam source
Spamming whois contacts for newly registered domains. Received: from a64-26.smtp-out.amazonses.com (a64-26.smtp-out.amazonses.com [54.240.64.26]) by [deleted] (Postfix) with ESMTPS id [deleted] for <[deleted]>; Fri, 3 Dec 2021 22:xx:xx -0600 (CST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=[deleted]; d=retaxify.com; t=[deleted]; h=From:Reply-To:To:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID:Date; bh=[deleted] DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=[deleted]; d=amazonses.com; t=[deleted]; h=From:Reply-To:To:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID:Date:Feedback-ID; bh=[deleted] From: Retaxify <info@retaxify.com> Reply-To: info@retaxify.com To: [deleted]… Читать далее spam source
Malware distribution @162.55.37.54
The host at this IP address is currently being used to distribute malware. Malware distribution located here: hXXp://162.55.37.54/setup.exe $ nslookup 162.55.37.54 static.54.37.55.162.clients.your-server.de Referencing malware binaries (MD5 hash): 0a884a79dd8f7743b719a08b1440935c — AV detection: 22 / 59 (37.29) 28adebb880a9b35e24c7faf174ae11e8 — AV detection: 21 / 66 (31.82) 35cc2057342197542eedfe1eec4469bb — AV detection: 21 / 66 (31.82) 6546925f07c1e9aa63a24e76485d4048 — AV detection:… Читать далее Malware distribution @162.55.37.54
RedLineStealer botnet controller @144.76.183.53
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 144.76.183.53 on port 5634 TCP: $ telnet 144.76.183.53 5634 Trying 144.76.183.53… Connected to 144.76.183.53. Escape character… Читать далее RedLineStealer botnet controller @144.76.183.53
Malware botnet controller @194.58.97.14
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 194.58.97.14 on port 443 TCP: $ telnet 194.58.97.14 443 Trying 194.58.97.14… Connected to 194.58.97.14. Escape character… Читать далее Malware botnet controller @194.58.97.14
Malware botnet controller @104.21.69.102
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 104.21.69.102 on port 443 TCP: $ telnet 104.21.69.102 443 Trying 104.21.69.102… Connected to 104.21.69.102. Escape character… Читать далее Malware botnet controller @104.21.69.102
Phish source
188.254.0.2 «hs-wismar.de» 2021-12-03T16:50:00Z (+/-10 min) 188.254.0.2/32 (188.254.0.2 .. 188.254.0.2) == Sample ========================== Reply-To: sjillmcallen2@gmail.com From: Shirley Jill McAllen < gerd.baron@hs-wismar.de > To: .* Subject: Good Day Date: .* Message-ID: <2021120319.*..*D.*7.*@hs-wismar.de> MIME-Version: 1.0 Content-Type: text/plain; charset=»utf-8″ Content-Transfer-Encoding: quoted-printable Hello Dear, I know you will be surprised reading from me today but consider=20 this a divine intervention.… Читать далее Phish source