According to our telemetry and our own intelligence, the host at this IP address has been setup by cyber criminals for the exclusive purpose of hosting phishing sites, malware distribution sites and/or botnet controllers. We therefore advise our users to block any traffic from/to this IP address. The host at this IP address is obviously… Читать далее Malware / Botnet / Phishing hosting server @95.213.216.163 [second listing]
spam emitter @143.198.181.245
Received: from mail.callslove.me ([143.198.181.245]) From: «Account Manager» <contact@callslove.me> Subject: [], uw saldo is onlangs bijgewerkt Date: Tue, 19 Apr 2022 10:1x:xx -0700 Previous SBL listings associated with this operations tied to Digital Ocean: SBL547613 165.227.47.22 2022-04-15 SBL547587 159.223.234.252 2022-04-15 SBL547509 159.203.35.163 2022-04-14 SBL547508 128.199.112.150 2022-04-14 SBL547390 143.198.177.2 2022-04-12 SBL547337 64.225.11.205 2022-04-12 SBL547269 165.22.20.199 2022-04-11 SBL547231… Читать далее spam emitter @143.198.181.245
Malware botnet controller @95.213.216.251
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 95.213.216.251 port 443: $ telnet 95.213.216.251 443 Trying 95.213.216.251… Connected to 95.213.216.251. Escape character is ‘^]’… Читать далее Malware botnet controller @95.213.216.251
RustyStealer botnet controller @95.217.123.28
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. RustyStealer botnet controller located at 95.217.123.28 on port 80 (using HTTP POST): hXXp://mythic.fckinpwned.cn/data $ dig +short mythic.fckinpwned.cn 95.217.123.28 $ nslookup 95.217.123.28 static.28.123.217.95.clients.your-server.de Referencing malware binaries (MD5 hash):… Читать далее RustyStealer botnet controller @95.217.123.28
phishing server
167.71.1.48|onlineu09-login1citi.com|2022-04-18 20:53:16
phishing server
20.216.24.101|secure06-wells.com|2022-04-18 19:46:43
Amazon Phish landing sites.
2022.04.18 At least 80, probably more. All phish because bulletproof hosting. 35.189.150.228 amanonsjp.cf 35.189.150.228 amanonsjp.ga 35.189.150.228 amanonsjp.gq 35.189.150.228 amanonsjp.ml 35.189.150.228 amanosdaonjp.cf 35.189.150.228 amanosdaonjp.ga 35.189.150.228 amanosdaonjp.gq 35.189.150.228 amanosdaonjp.ml 35.189.150.228 amaodnsajp.cf 35.189.150.228 amaodnsajp.ga 35.189.150.228 amaodnsajp.gq 35.189.150.228 amazasdajp.cf 35.189.150.228 amazasdajp.ga 35.189.150.228 amazasdajp.gq 35.189.150.228 amazasdajp.ml 35.189.150.228 amazcscejp.cf 35.189.150.228 amazcscejp.ga 35.189.150.228 amazcscejp.gq 35.189.150.228 amazcscejp.ml 35.189.150.228 amazicerojp.cf 35.189.150.228 amazicerojp.ga 35.189.150.228 amazicerojp.gq… Читать далее Amazon Phish landing sites.
Malware botnet controller @198.244.224.70
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller at 198.244.224.70 on port 443. $ telnet 198.244.224.70 443 Trying 198.244.224.70… Connected to 198.244.224.70. Escape character is ‘^]’ Malicious domains observed at this IP… Читать далее Malware botnet controller @198.244.224.70
Malware botnet controller @31.184.249.173
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 31.184.249.173 port 443: $ telnet 31.184.249.173 443 Trying 31.184.249.173… Connected to 31.184.249.173. Escape character is ‘^]’… Читать далее Malware botnet controller @31.184.249.173
Malware botnet controller @62.109.16.47
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 62.109.16.47 on port 80 (using HTTP GET): hXXp://62.109.16.47/API/2/configure.php $ nslookup 62.109.16.47 d.4442ur.fvds.ru Referencing malware binaries (MD5 hash): 02c1514da075534896a4223a620446b7 — AV detection: 24… Читать далее Malware botnet controller @62.109.16.47