Received: from piriotaaribomdien21.onmicrosoft.com (45.79.121.196) Date: Thu, 11 Nov 2021 23:4x:xx +0100 From: ᴠɪᴠɪɴᴛ ᴜsᴀ <[]@[].nauticaposto.com> Subject: 𝙁𝙧𝙚𝙚 𝙄𝙣𝙨𝙩𝙖𝙡𝙡𝙖𝙩𝙞𝙤𝙣* 𝙬𝙞𝙩𝙝 𝙋𝙪𝙧𝙘𝙝𝙖𝙨𝙚. 𝙑𝙞𝙫𝙞𝙣𝙩 𝙃𝙤𝙢𝙚 𝙎𝙚𝙘𝙪𝙧𝙞𝙩𝙮. http://goyaxs-mywpqyiizwdj.memoriesfoor.site/[] 143.198.38.141 https://mmmdnuts.com/?E=[]&s1=374&s2=14466_2&s3=[] 193.43.70.126 https://wexydexy.com/?E=[]&s1=374&s2=14466_2&s3=[]&ckmguid=[] 193.43.70.126 http://mrktrecord13.com/?E=[]&s1=704205&s2=[]&s3=374 34.237.29.129 https://speedtrkzone.com/?E=[]&s1=704205&s2=[]&s3=374&ckmguid=[] 34.200.117.186 https://vivintoffers.com/lp10b/?pid=[]&r=[] 54.166.191.140
Malware botnet controller @95.181.152.184
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 95.181.152.184 on port 2021 TCP: $ telnet 95.181.152.184 2021 Trying 95.181.152.184… Connected to 95.181.152.184. Escape character… Читать далее Malware botnet controller @95.181.152.184
spam emitter @45.79.121.196
Received: from piriotaaribomdien21.onmicrosoft.com (45.79.121.196) Date: Thu, 11 Nov 2021 23:4x:xx +0100 From: ᴠɪᴠɪɴᴛ ᴜsᴀ <[]@[].nauticaposto.com> Subject: 𝙁𝙧𝙚𝙚 𝙄𝙣𝙨𝙩𝙖𝙡𝙡𝙖𝙩𝙞𝙤𝙣* 𝙬𝙞𝙩𝙝 𝙋𝙪𝙧𝙘𝙝𝙖𝙨𝙚. 𝙑𝙞𝙫𝙞𝙣𝙩 𝙃𝙤𝙢𝙚 𝙎𝙚𝙘𝙪𝙧𝙞𝙩𝙮. http://goyaxs-mywpqyiizwdj.memoriesfoor.site/[] 143.198.38.141 https://mmmdnuts.com/?E=[]&s1=374&s2=14466_2&s3=[] 193.43.70.126 https://wexydexy.com/?E=[]&s1=374&s2=14466_2&s3=[]&ckmguid=[] 193.43.70.126 http://mrktrecord13.com/?E=[]&s1=704205&s2=[]&s3=374 34.237.29.129 https://speedtrkzone.com/?E=[]&s1=704205&s2=[]&s3=374&ckmguid=[] 34.200.117.186 https://vivintoffers.com/lp10b/?pid=[]&r=[] 54.166.191.140
Malware distribution @195.133.74.88
The host at this IP address is currently being used to distribute malware. Malware distribution located here: hXXp://nutriescapa.com/index.php nutriescapa.com. 600 IN A 195.133.74.88 Referencing malware binaries (MD5 hash): 3da25ccfa9c258e3ae26854391531c7b — AV detection: 35 / 67 (52.24) d6cee6f41e75d48e65ad08cade696c18 — AV detection: 42 / 69 (60.87) d99b64f408d7868a7484c2325d1c453a — AV detection: 38 / 66 (57.58) f152f48b6c86dfe99418ef0c76fd42ec — AV… Читать далее Malware distribution @195.133.74.88
Spamvertised website
mylivedeals.com. 1200 IN A 198.54.119.115 mylivedeals.com. 172799 IN NS dns1.namecheaphosting.com. mylivedeals.com. 172799 IN NS dns2.namecheaphosting.com. dns1.namecheaphosting.com. 172799 IN A 156.154.132.200 dns2.namecheaphosting.com. 172799 IN A 156.154.133.200 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (40.92.41.91) From: «Kim Foss» <nguyengcore1869@hotmail.com> Subject: Takk for at du la igjen en kommentar på innlegget mitt Date: Thu, 11 Nov 2021 19:41:40 +0100 Return-Path: nguyengcore1869@hotmail.com McAfee… Читать далее Spamvertised website
GCleaner botnet controller @46.8.21.207
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. GCleaner botnet controller located at 46.8.21.207 on port 80 (using HTTP GET): hXXp://g-localdevice.biz/check.php Malware botnet controller at 46.8.21.207 on port 443. $ telnet 46.8.21.207 443 Trying 46.8.21.207…… Читать далее GCleaner botnet controller @46.8.21.207
Malware botnet controller @5.8.76.208
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 5.8.76.208 on port 443 TCP: $ telnet 5.8.76.208 443 Trying 5.8.76.208… Connected to 5.8.76.208. Escape character… Читать далее Malware botnet controller @5.8.76.208
Suspected Snowshoe Spam IP Range
Based on research, analysis of network data, our ‘snowshoe’ spam detection systems, intelligence sources and our experience, Spamhaus believes that this IP address range is being used or is about to be used for the purpose of high volume ‘snowshoe’ spam emission. As a precaution therefore we are listing this IP range in an SBL… Читать далее Suspected Snowshoe Spam IP Range
phishing server
20.110.153.110|trustwalletphrase.site|2021-11-10 02:11:02 20.110.153.110|10701500793306-indn.tk|2021-11-10 14:46:25 20.110.153.110|10701500793306-tw.tk|2021-11-06 23:06:12 20.110.153.110|10701500793307-indn.tk|2021-11-07 13:50:48 20.110.153.110|10701500793307-tw.tk|2021-11-06 23:06:02 20.110.153.110|10701500793308-indn.tk|2021-11-07 13:51:00 20.110.153.110|10701500793308-tw.tk|2021-11-06 22:45:47 20.110.153.110|10701500793309-indn.tk|2021-11-07 13:55:52 20.110.153.110|10701500793309-tw.tk|2021-11-06 23:06:10 20.110.153.110|10701500793310-indn.tk|2021-11-07 13:51:00 20.110.153.110|10701500793310-tw.tk|2021-11-06 22:50:49 20.110.153.110|10701500793401-tw.tk|2021-11-08 02:15:53 20.110.153.110|10701500793402-tw.tk|2021-11-08 02:46:10 20.110.153.110|10701500793403-tw.tk|2021-11-08 02:11:06 20.110.153.110|10701500793404-tw.tk|2021-11-08 02:11:14 20.110.153.110|10701500793405-tw.tk|2021-11-08 03:41:02 20.110.153.110|10701500793406-tw.tk|2021-11-08 02:46:11 20.110.153.110|10701500793407-tw.tk|2021-11-08 02:10:52 20.110.153.110|10701500793408-tw.tk|2021-11-08 02:11:24 20.110.153.110|10701500793409-tw.tk|2021-11-08 02:45:59 20.110.153.110|10701500793410-tw.tk|2021-11-08 02:10:49 20.110.153.110|10701500793413-tw.tk|2021-11-10 01:00:53 20.110.153.110|10701500793415-tw.tk|2021-11-10 01:00:58 20.110.153.110|10701500793417-tw.tk|2021-11-09 00:31:05 20.110.153.110|10701500793420-tw.tk|2021-11-09 00:56:18 20.110.153.110|10701500793421-tw.tk|2021-11-11 04:26:11 20.110.153.110|10701500793422-tw.tk|2021-11-11 04:26:12 20.110.153.110|10701500793423-tw.tk|2021-11-11… Читать далее phishing server
phishing server
35.234.96.61|365-boi-mobile.com|2021-11-11 02:15:59 35.234.96.61|365boisecurity.com|2021-11-07 13:41:08 35.234.96.61|61.96.234.35.bc.googleusercontent.com|2021-03-12 18:44:14 35.234.96.61|access-centercustomer.com|2021-11-02 13:36:21 35.234.96.61|anz-supportspace-au.com|2021-11-03 18:51:25 35.234.96.61|anz.au-payments.net|2021-11-11 10:17:56 35.234.96.61|anz.aupayments.net|2021-11-10 00:10:42 35.234.96.61|ask-listing34545245.com|2021-11-11 02:26:28 35.234.96.61|au-payments.net|2021-11-10 20:46:32 35.234.96.61|aupayments.net|2021-11-09 19:56:26 35.234.96.61|boi-365-mobile.com|2021-11-10 21:46:10 35.234.96.61|boi-avoid-block.com|2021-11-03 17:07:10 35.234.96.61|boi-reaccess-ac.com|2021-11-10 15:31:33 35.234.96.61|boi-reaccess.com|2021-11-07 14:00:48 35.234.96.61|boi365-reaccess.com|2021-11-10 11:46:43 35.234.96.61|boimobile-365.com|2021-11-05 21:30:58 35.234.96.61|ch-postfinance.com|2021-11-10 12:06:30 35.234.96.61|cpanel.365boisecurity.com|2021-11-06 13:22:51 35.234.96.61|cpcontacts.track-myitemshipment.com|2021-11-06 13:45:53 35.234.96.61|healthpassnhs.com|2021-11-08 01:56:03 35.234.96.61|live365-mobileauth.com|2021-11-02 11:36:10 35.234.96.61|login-postfinance.com|2021-11-10 19:46:16 35.234.96.61|ns61.root-serv.com|2021-11-11 04:26:12 35.234.96.61|ns62.root-serv.com|2021-11-11 04:26:12 35.234.96.61|offices-redelivery.com|2021-11-05 01:30:42 35.234.96.61|online-security-team.com|2021-11-11 17:16:35 35.234.96.61|post.offices-redelivery.com|2021-11-05 13:05:33 35.234.96.61|postfinance-ch.com|2021-11-11… Читать далее phishing server