20.82.143.246 is currently in use as a nameserver for spamvertized domains. This enables the resolving of spammed domains to the actual websites. This SBL record can only be removed if 20.82.143.246 stops answering DNS queries for spamvertized domain names. 2 Nameservers seen on 20.82.143.246: NS1.PE-PODEMOSTODOS.COM — 0dayrox2.org — 365online-webhelp.com — 99cryptocurrecies.com — active-brokerage.com — ada-airdrop-binance.com… Читать далее Malicious DNS server. pe-podemostodos.com
Malicious DNS server. ciro-dentalperu.com
20.82.136.119 is currently in use as a nameserver for spamvertized domains. This enables the resolving of spammed domains to the actual websites. This SBL record can only be removed if 20.82.136.119 stops answering DNS queries for spamvertized domain names. 2 Nameservers seen on 20.82.136.119: NS1.CIRO-DENTALPERU.COM — 02-bundle-billing.com — 1cdn-amazon.com — 365-boimobile.com — 365-mobileverification.com — 365cancel-online.com… Читать далее Malicious DNS server. ciro-dentalperu.com
Malicious DNS server. peruadelante.com
20.56.43.246 is currently in use as a nameserver for spamvertized domains. This enables the resolving of spammed domains to the actual websites. This SBL record can only be removed if 20.56.43.246 stops answering DNS queries for spamvertized domain names. 3 Nameservers seen on 20.56.43.246: — 02-accountupdates.com — 365-onlineupdate.com — 365-onlineupdates.com — 365-onlineverify.com — 365boi-review.com —… Читать далее Malicious DNS server. peruadelante.com
RemoteManipulator botnet controller @95.213.205.82
===== Moved from SBL SBL535812. ==== The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 95.213.205.82 on port 5655 TCP: $ telnet 95.213.205.82 5655 Trying… Читать далее RemoteManipulator botnet controller @95.213.205.82
Phishing origination against Danske (Nordic banking group)
194.195.242.11 194.195.242.26 194.195.242.29 194.195.242.40 194.195.242.103 194.195.242.157 194.195.242.161 194.195.242.172 194.195.242.242 sending the same kind of phishing spam over the past 24 hours.
Phishing origination against Danske (Nordic banking group)
178.79.142.99 178.79.142.110 178.79.142.147 178.79.142.159 178.79.142.174 178.79.142.204 178.79.142.211 178.79.142.230 sending the same kind of phishing spam over the past 24 hours.
RedLineStealer botnet controller @95.217.123.66
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 95.217.123.66 on port 23117 TCP: $ telnet 95.217.123.66 23117 Trying 95.217.123.66… Connected to 95.217.123.66. Escape character… Читать далее RedLineStealer botnet controller @95.217.123.66
ArkeiStealer botnet controller @95.216.4.252
ArkeiStealer botnet controller hosted here: https://mastodon.online/@valhalla $ dig +short mastodon.online 95.216.4.252
ArkeiStealer botnet controller @95.217.25.51
ArkeiStealer botnet controller hosted here: https://koyu.space/@valhalla $ dig +short koyu.space 95.217.25.51
AsyncRAT botnet controller @20.199.120.149
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 20.199.120.149 on port 1604 TCP: $ telnet 20.199.120.149 1604 Trying 20.199.120.149… Connected to 20.199.120.149. Escape character… Читать далее AsyncRAT botnet controller @20.199.120.149