The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 172.67.178.62 on port 80 (using HTTP POST): hXXp://arinzeproducts.xyz/five/fre.php $ dig +short arinzeproducts.xyz 172.67.178.62
phishing server
Fast Flux MAAS / PAAS node 178.128.118.254|artem174russsh.com|2021-10-25 00:21:05 178.128.118.254|artem19982009sh.com|2021-10-10 20:00:42 178.128.118.254|artem1yesh.com|2021-10-25 00:20:43 178.128.118.254|artem2912sh.com|2021-10-25 00:20:49 178.128.118.254|artem347sh.com|2021-10-30 03:50:58 178.128.118.254|artemrosh.com|2021-10-15 20:21:15 178.128.118.254|artemteshash.com|2021-10-10 19:45:38 178.128.118.254|artjackssh.com|2021-10-20 05:11:27 178.128.118.254|artlordsh.com|2021-10-15 20:21:01 178.128.118.254|brarterhonlamsf.com|2021-10-22 19:10:40 178.128.118.254|chinteainsificansion.com|2021-10-24 07:25:54 178.128.118.254|collupainsificansion.com|2021-10-10 20:11:06 178.128.118.254|cytsmdwlfh.com|2021-10-25 00:21:08 178.128.118.254|decrevendowneyainsificansion.com|2021-10-10 20:10:52 178.128.118.254|dgmgguxibu.com|2021-10-17 12:25:58 178.128.118.254|fronidaccescalainsificansion.com|2021-10-19 13:47:38 178.128.118.254|gcwfdsqbkv.com|2021-10-24 18:10:56 178.128.118.254|hivvnomhonlamsf.com|2021-10-22 19:12:51 178.128.118.254|kabipjytwr.com|2021-10-25 00:36:00 178.128.118.254|kopponshonlamsf.com|2021-10-13 06:24:08 178.128.118.254|lamicondshonlamsf.com|2021-10-13 00:32:00 178.128.118.254|locaustrolhonlamsf.com|2021-10-13 13:47:17 178.128.118.254|mojlaxnmrc.com|2021-10-24 23:20:50 178.128.118.254|msmsnoiociydknoehelpgenesh.com|2021-10-17 14:35:52 178.128.118.254|mulapsainsificansion.com|2021-10-23… Читать далее phishing server
phishing server
hXXp://us-bank.co.in/login/Chase/ $ host us-bank.co.in us-bank.co.in has address 137.184.151.191 137.184.151.191|chases-info.co|2021-10-29 00:20:44 137.184.151.191|chases-info.com|2021-10-29 00:21:17 137.184.151.191|controlinfosec.com|2021-10-28 23:40:47 137.184.151.191|primevideonow16.ga|2021-10-10 11:05:52 137.184.151.191|themoneyinfo.com|2021-10-29 02:10:42 137.184.151.191|usbank-info.info|2021-10-29 19:20:53
RaccoonStealer botnet controller @172.67.160.46
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. RaccoonStealer botnet controller located at 172.67.160.46 on port 80 (using HTTP GET): hXXp://toptelete.top/agrybirdsgamerept $ dig +short toptelete.top 172.67.160.46 Referencing malware binaries (MD5 hash): 05f6a0e8f711fabbbb97a544f92fc25c — AV detection:… Читать далее RaccoonStealer botnet controller @172.67.160.46
irs phishing server
hXXps://google-redirect-safeurl-linksafe.com/r/irs1 18.216.173.195|google-redirect-safeurl-linksafe.com|2021-10-29 19:41:08 18.216.173.195|iirs-redirect-safe.com|2021-10-29 21:20:49
irs phishing server
34.127.5.144|irs-action.com|2021-10-29 11:21:29 34.127.5.144|irs-datacovid.com|2021-10-28 23:35:54 34.127.5.144|irs-gohome.com|2021-10-28 19:55:58 34.127.5.144|irs-inputidentity.com|2021-10-28 19:31:04 34.127.5.144|irs-paymentconfirm.com|2021-10-27 23:16:15 34.127.5.144|irs-yourpayment.com|2021-10-29 02:41:26 34.127.5.144|irsgovsecurepayment.com|2021-10-29 23:15:50 34.127.5.144|irstax-govermennt.com|2021-10-26 04:34:51 34.127.5.144|notifyirsgovid.com|2021-10-27 16:16:33 34.127.5.144|paymentreceiptirs.serveftp.com|2021-10-26 21:26:03 34.127.5.144|paypalsecure24.serveftp.com|2021-10-20 00:10:57 34.127.5.144|rdx-ajauib.com|2021-10-19 18:49:41 34.127.5.144|receptdropclaim.com|2021-10-28 02:46:02 34.127.5.144|redirect-irs.com|2021-10-29 15:51:12 34.127.5.144|secure05d-taxsinformation.com|2021-10-28 10:41:52 34.127.5.144|taxs044.com|2021-10-17 18:15:41
Tiresome T-shirt spammer. (landing site.)
Always spamming from google via a chain of redirectors, the T-shirt spammer All these and likely more too: 34.149.234.171 christmastees.xyz 34.149.234.171 nextfashiontees.com 34.149.234.171 posterstree.com 34.149.234.171 temobase.biz 34.149.234.171 temobasez.shop 34.149.234.171 bestprint50.com 34.149.234.171 6bui.com 34.149.234.171 chipgears.com 34.149.234.171 xpreesprintusa.shop 34.149.234.171 rdmmo.com 34.149.234.171 melody68.com 34.149.234.171 orionzone.xyz 34.149.234.171 miangifts.com 34.149.234.171 partextees.com 34.149.234.171 waverm.com 34.149.234.171 brandonshop.xyz 34.149.234.171 art88.shop 34.149.234.171 reginaturners.com 34.149.234.171… Читать далее Tiresome T-shirt spammer. (landing site.)
Malware botnet controller @45.8.127.95
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 45.8.127.95 on port 443 TCP: $ telnet 45.8.127.95 443 Trying 45.8.127.95… Connected to 45.8.127.95. Escape character… Читать далее Malware botnet controller @45.8.127.95
RaccoonStealer botnet controller @104.21.9.146
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. RaccoonStealer botnet controller located at 104.21.9.146 on port 80 (using HTTP GET): hXXp://toptelete.top/agrybirdsgamerept $ dig +short toptelete.top 104.21.9.146 Referencing malware binaries (MD5 hash): 8dae44fe1bacb0601cdf02ae6898173a — AV detection:… Читать далее RaccoonStealer botnet controller @104.21.9.146
spam emitters
Received: from s5.megojom.ru (megojom.ru [5.188.76.26]) Date: Fri, 29 Oct 2021 06:4x:xx +0000 From: Aleksandr <info@s5.megojom.ru> Subject: Предложение 5.188.76.26 megojom.ru 5.188.76.27 tefalongo.ru 5.188.76.28 raferenco.ru 5.188.76.29 frenkom.ru 5.188.76.30 grehemon.ru