Received: from 683078.cloudwaysapps.com (unknown [159.223.14.157]) by X (Postfix) with ESMTP id X for <X>; Fri, 5 Nov 2021 X Received: by 683078.cloudwaysapps.com (Postfix, from userid 1004) id X; Fri, 5 Nov 2021 X To: X Subject: FWD: Ihr Paket.! Date: Fri, 5 Nov 2021 X From: DPD <notifications@dpd.ch> Message-ID: <X@woocommerce-683078-2250175.cloudwaysapps.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=»X»… Читать далее Phish source @159.223.14.157
RedLineStealer botnet controller @141.94.188.139
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 141.94.188.139 on port 43059 TCP: $ telnet 141.94.188.139 43059 Trying 141.94.188.139… Connected to 141.94.188.139. Escape character… Читать далее RedLineStealer botnet controller @141.94.188.139
Malware botnet controller @66.70.173.61
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 66.70.173.61 on port 80 (using HTTP GET): hXXp://66.70.173.61/cont3/inspecionando.php $ nslookup 66.70.173.61 ip61.ip-66-70-173.net
Loki botnet controller @172.67.158.42
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 172.67.158.42 on port 80 (using HTTP POST): hXXp://peakledz.xyz//five/fre.php $ dig +short peakledz.xyz 172.67.158.42
OskiStealer botnet controller @172.67.181.62
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. OskiStealer botnet controller located at 172.67.181.62 on port 80 (using HTTP POST): hXXp://secureconnection.xyz/7.jpg $ dig +short secureconnection.xyz 172.67.181.62 Referencing malware binaries (MD5 hash): ad7d92bbc2ff5804551b86b319de9e0d — AV detection:… Читать далее OskiStealer botnet controller @172.67.181.62
Canadian Pharmacy
pricerealcheap.com. 86400 IN NS ns1.reg.ru. pricerealcheap.com. 86400 IN NS ns2.reg.ru. pricerealcheap.com. 86400 IN A 104.223.213.139 pricerealcheap.com. 86400 IN SOA ns1.reg.ru. hostmaster.ns1.reg.ru. 1635855939 14400 3600 604800 10800 priceshop24x7.su. 86400 IN SOA ns1.reg.ru. hostmaster.ns1.reg.ru. 1636040579 14400 3600 604800 10800 priceshop24x7.su. 86400 IN A 104.223.213.139 priceshop24x7.su. 86400 IN NS ns1.reg.ru. priceshop24x7.su. 86400 IN NS ns2.reg.ru.
Phishing payload against LHV (Estonian banking group)
$ host eelhv.com eelhv.com has address 192.64.118.16 This IP hosts a live phishing payload against LHV.
Malware botnet controllers @5.8.76.207
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 5.8.76.207 on port 443: $ telnet 5.8.76.207 443 Trying 5.8.76.207… Connected to 5.8.76.207. Escape character is… Читать далее Malware botnet controllers @5.8.76.207
RemoteManipulator botnet controller @109.234.156.178
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 109.234.156.178 on port 5655 TCP: $ telnet 109.234.156.178 5655 Trying 109.234.156.178… Connected to 109.234.156.178. Escape character… Читать далее RemoteManipulator botnet controller @109.234.156.178
RemoteManipulator botnet controller @185.175.44.167
===== Rolled forward as ongoing from SBL SBL500795, created 2020-11-04. ==== The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 185.175.44.167 on port 5655 TCP:… Читать далее RemoteManipulator botnet controller @185.175.44.167