Phish source. Problem started around Mon, 22 Nov 2021 13:20 UTC. 44.247.166.188.in-addr.arpa. 852 IN PTR bizcloud-power.asahiseiko.co.jp. Does not resolve forward because they do not own that domain, it is a forgery. ============================================================================= Return-Path: <mail@altech.co.jp> Received: from bizcloud-power.asahiseiko.co.jp (HELO mta0.asahiseiko.co.jp) (188.166.247.44) by x (x) with ESMTP; Mon, 22 Nov 2021 xx:xx:xx +0000 From: «x» <mail@altech.co.jp> To:… Читать далее phish source
TrickBot botnet controller @172.105.15.152
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 172.105.15.152 on port 443 TCP: $ telnet 172.105.15.152 443 Trying 172.105.15.152… Connected to 172.105.15.152. Escape character… Читать далее TrickBot botnet controller @172.105.15.152
Malware botnet controller @54.233.90.128
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 54.233.90.128 on port 443 TCP: $ telnet 54.233.90.128 443 Trying 54.233.90.128… Connected to 54.233.90.128. Escape character… Читать далее Malware botnet controller @54.233.90.128
phishing server
Bank phish citlzens-secur.com has address 167.99.121.108
Loki botnet controller @95.213.216.149
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 95.213.216.149 on port 80 (using HTTP POST): hXXp://secure01-redirect.net/fx/fre.php $ dig +short secure01-redirect.net 95.213.216.149 $ nslookup 95.213.216.149 cr10.xyz
phishing server
20.121.3.126|apply-get-payment.com|2021-11-23 13:46:42 20.121.3.126|apply.portalinternalrs.com|2021-11-22 15:17:21 20.121.3.126|direct.complete-page.com|2021-11-22 12:29:15 20.121.3.126|irs-gov.apply-get-payment.com|2021-11-23 14:21:54 20.121.3.126|lrs-gov.impact-payment.contoboso.com|2021-11-23 01:54:16 20.121.3.126|lrs-third.community-xcn.com|2021-11-23 14:34:53 20.121.3.126|portalinternalrs.com|2021-11-22 16:06:36 20.121.3.126|webapps-lrs.gov.communitiy-impact.com|2021-11-23 14:03:08
RedLineStealer botnet controller @51.68.142.233
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 51.68.142.233 on port 31156 TCP: $ telnet 51.68.142.233 31156 Trying 51.68.142.233… Connected to 51.68.142.233. Escape character… Читать далее RedLineStealer botnet controller @51.68.142.233
Malicious DNS server. domainzone51.com
40.87.28.242 is currently in use as a nameserver for spamvertized domains. This enables the resolving of spammed domains to the actual websites. This SBL record can only be removed if 40.87.28.242 stops answering DNS queries for spamvertized domain names. 1 Nameservers seen on 40.87.28.242: NS1.DOMAINZONE51.COM — 02billingverification.com — 1998-reward.fun — 1998-reward.site — 1998-reward.space — 1998reward.site… Читать далее Malicious DNS server. domainzone51.com
Spamvertised website
Received: from g[].onmicrosoft.com (192.46.214.37) Date: Tue, 23 Nov 2021 14:2x:xx +0100 From: «Satellite Deals TV Savings» <[]@[].nauticaposto.com> Subject: Get $840 off your TV Bill — Don’t miss your VIP offer! http://[].noomhuaart.xyz/cl/16317_md/[] 69.10.58.175 https://canteenflatz.com/?E=[]&s1=374&s2=16317_2&s3=[] 95.214.248.4 https://cpctrkrrr.com/?E=[]&s1=374&s2=16317_2&s3=[]&ckmguid=[] 35.238.83.2 http://www.sprkcvr.com/[]/?sub1=704205&sub2=[]&sub3=374 35.186.247.135 https://www.simplycellphonesforyou.com/[] 13.82.93.245
spam emitter @192.46.214.37
Received: from g[].onmicrosoft.com (192.46.214.37) Date: Tue, 23 Nov 2021 14:2x:xx +0100 From: «Satellite Deals TV Savings» <[]@[].nauticaposto.com> Subject: Get $840 off your TV Bill — Don’t miss your VIP offer! http://[].noomhuaart.xyz/cl/16317_md/[] 69.10.58.175 https://canteenflatz.com/?E=[]&s1=374&s2=16317_2&s3=[] 95.214.248.4 https://cpctrkrrr.com/?E=[]&s1=374&s2=16317_2&s3=[]&ckmguid=[] 35.238.83.2 http://www.sprkcvr.com/[]/?sub1=704205&sub2=[]&sub3=374 35.186.247.135 https://www.simplycellphonesforyou.com/[] 13.82.93.245