The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 188.114.97.15 on port 80 (using HTTP POST): hXXp://vmopahtqdf84hfvsqepalcbcch63gdyvah.ml/BN2/fre.php $ dig +short vmopahtqdf84hfvsqepalcbcch63gdyvah.ml 188.114.97.15 Referencing malware binaries (MD5 hash): 0031dfd9187e1ead59c63d61d78eea93 — AV detection:… Читать далее Loki botnet controller @188.114.97.15
phishing server
20.113.64.50|abouthelpservice.com|2022-04-03 15:11:22 20.113.64.50|aboutlive-violation.cf|2022-04-02 10:06:16 20.113.64.50|aboutlivebadge.gq|2022-04-02 16:31:31 20.113.64.50|aboutmediacenter.ml|2022-04-04 15:47:18 20.113.64.50|accountnotification.xyz|2022-04-03 20:56:40 20.113.64.50|admin-helperz.ml|2022-04-04 14:13:12 20.113.64.50|appealobjectioncenter.cf|2022-04-02 08:37:40 20.113.64.50|appealobjectioncenter.ml|2022-04-04 09:38:31 20.113.64.50|asistance-account.ml|2022-04-04 13:37:44 20.113.64.50|blueshouldlinescycsytm.ml|2022-04-04 07:16:47 20.113.64.50|blueticksystems-from.ml|2022-04-04 07:30:48 20.113.64.50|bussinescompany.cf|2022-04-04 16:07:37 20.113.64.50|bussineshelpmeta-confirmation.ml|2022-04-04 11:37:56 20.113.64.50|bussinesmetahelp-confirmation.ga|2022-04-04 13:07:37 20.113.64.50|bussinesmetahelp-confirmation.ml|2022-04-04 15:08:06 20.113.64.50|copyright-live-form.ml|2022-04-04 09:08:22 20.113.64.50|couldingercentre.com|2022-04-04 16:28:56 20.113.64.50|couldingercentre.xyz|2022-04-04 17:47:33 20.113.64.50|couldingercentreapel.tk|2022-04-04 11:32:03 20.113.64.50|couldingercentres.ml|2022-04-04 00:01:02 20.113.64.50|donateforukraina.click|2022-04-03 12:52:09 20.113.64.50|ig-bluebadge-verification.com|2022-04-03 17:11:54 20.113.64.50|lgmetashelpform.com|2022-04-03 16:11:27 20.113.64.50|live-asistance-portal.ml|2022-04-04 14:08:35 20.113.64.50|livecontactmedia.com|2022-04-03 14:46:22 20.113.64.50|livehelp-team.ml|2022-04-04 15:08:32 20.113.64.50|martayiiadesistem.com|2022-04-03 11:42:46 20.113.64.50|mediacenters-platform.cf|2022-04-04… Читать далее phishing server
phishing server
20.232.19.112|auth04-wells.com|2022-04-01 18:21:36 20.232.19.112|auth1-wells.com|2022-03-30 00:36:30 20.232.19.112|auth22-wells.com|2022-03-28 03:06:22 20.232.19.112|auth3-wells.com|2022-03-30 22:51:29 20.232.19.112|online7-citi.com|2022-03-29 23:16:06 20.232.19.112|secure1-wells.com|2022-03-28 18:33:57 20.232.19.112|secure5-wells.com|2022-04-04 22:13:46 20.232.19.112|secure8-citi.com|2022-03-28 23:16:38
Malware botnet controller @141.8.199.10
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 141.8.199.10 port 443: $ telnet 141.8.199.10 443 Trying 141.8.199.10… Connected to 141.8.199.10. Escape character is ‘^]’… Читать далее Malware botnet controller @141.8.199.10
phishing server
securecomm-services.com.au has address 34.129.230.162 Login | NetBank Login to NetBank _____________________ _____________________ Created with Sketch.Show password Login Forgot Client ID or Forgot password? © Commonwealth Securities LimitedABN 60 067 254 399 AFSL 238814 Important informationImportant information Created with Sketch.(Opens in new window)Financial services guide Created with Sketch.(Opens in new window)Privacy policy Created with Sketch.(Opens in… Читать далее phishing server
Malware botnet controller @141.8.199.178
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 141.8.199.178 port 443: $ telnet 141.8.199.178 443 Trying 141.8.199.178… Connected to 141.8.199.178. Escape character is ‘^]’… Читать далее Malware botnet controller @141.8.199.178
Malware / Botnet / Phishing hosting server @185.185.70.24
According to our telemetry and our own intelligence, the host at this IP address has been setup by cyber criminals for the exclusive purpose of hosting phishing sites, malware distribution sites and/or botnet controllers. We therefore advise our users to block any traffic from/to this IP address. Malware botnet controller located at 185.185.70.24 443 TCP:… Читать далее Malware / Botnet / Phishing hosting server @185.185.70.24
Spam A/MX (OMICS)
4/04/2022: The server austinpublishinggroup.com has moved from its previous location to a new IP address also at Digital Ocean. $ host austinpublishinggroup.com austinpublishinggroup.com has address 164.92.214.133 austinpublishinggroup.com mail is handled by 10 mail.austinpublishinggroup.com. The owners of this domain, Austin Publishing (aka OMICS) are aggressive professional spammers who will not stop abusing your resources nor respect… Читать далее Spam A/MX (OMICS)
Cybercrime sites
luxchecker.pm. 600 IN A 95.213.216.165 luxchecker.pw. 600 IN A 95.213.216.165 _______________________________ Was: luxchecker.pm. 600 IN A 95.213.216.203 luxchecker.pw. 600 IN A 95.213.216.203 _______________________________ Was: luxchecker.pm. 600 IN A 91.203.192.42 luxchecker.pw. 600 IN A 91.203.192.42 _______________________________ Was: luxchecker.pm. 600 IN A 185.38.84.47 luxchecker.pw. 600 IN A 185.38.84.47 _______________________________ Was: luxchecker.pm. 600 IN A 141.8.199.17 luxchecker.pw. 600… Читать далее Cybercrime sites
AsyncRAT botnet controller @3.141.210.37
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 3.141.210.37 on port 12300 TCP: $ telnet 3.141.210.37 12300 Trying 3.141.210.37… Connected to 3.141.210.37. Escape character… Читать далее AsyncRAT botnet controller @3.141.210.37