2021-10-29 crystals.com.de. 60 IN A 139.99.22.218 2021-10-28 crystals.com.de. 60 IN A 159.65.196.250 2021-10-26 crystals.com.de. 60 IN A 165.232.118.6 2021-10-25 crystals.com.de. 60 IN A 46.101.3.14 Received: from gotogml.com (gotogml.com. [185.122.223.223]) From: 🔔Gemeentelijk Energie <[]@gotogml.com> Date: Fri, 08 Oct 2021 09:1x:xx +0000 Subject: Nieuw in uw gemeente: bespaar via het Gemeentelijke Energie Collectief http://crystals.com.de/rd/[] 185.146.157.69 https://laudypauty.com/[] 209.159.146.166… Читать далее Spamvertised website
RaccoonStealer botnet controller @172.67.177.56
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. RaccoonStealer botnet controller located at 172.67.177.56 on port 80 (using HTTP GET): hXXp://telegalive.top/agrybirdsgamerept $ dig +short telegalive.top 172.67.177.56 Referencing malware binaries (MD5 hash): 149c4e5cb5c7a0bb609e0d31bd017ea0 — AV detection:… Читать далее RaccoonStealer botnet controller @172.67.177.56
Loki botnet controller @172.67.209.118
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 172.67.209.118 on port 80 (using HTTP POST): hXXp://gridnetworks.xyz/five/fre.php $ dig +short gridnetworks.xyz 172.67.209.118 Referencing malware binaries (MD5 hash): 1d03eee90db5e3881e7111490bd0d76d — AV detection:… Читать далее Loki botnet controller @172.67.209.118
Loki botnet controller @104.21.92.21
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 104.21.92.21 on port 80 (using HTTP POST): hXXp://bobbyelectronics.xyz/five/fre.php $ dig +short bobbyelectronics.xyz 104.21.92.21 Referencing malware binaries (MD5 hash): 03c4801d0dc21f4d6f0ba7df857844f9 — AV detection:… Читать далее Loki botnet controller @104.21.92.21
Loki botnet controller @104.21.62.32
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 104.21.62.32 on port 80 (using HTTP POST): hXXp://74f26d34ffff049368a6cff8812f86ee.gq/BN111/fre.php $ dig +short 74f26d34ffff049368a6cff8812f86ee.gq 104.21.62.32 Referencing malware binaries (MD5 hash): 5d671adb11b9ba100b3be4ca7c45880f — AV detection:… Читать далее Loki botnet controller @104.21.62.32
RedLineStealer botnet controller @18.190.26.16
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 18.190.26.16 on port 61391 TCP: $ telnet 18.190.26.16 61391 Trying 18.190.26.16… Connected to 18.190.26.16. Escape character… Читать далее RedLineStealer botnet controller @18.190.26.16
phishing server
34.151.71.134|1commbanksec.com.au|2021-10-26 12:16:28 34.151.71.134|1commsec.com.au|2021-10-24 20:46:07 34.151.71.134|1netbank.com.au|2021-10-18 21:51:19 34.151.71.134|1netbanksec.com.au|2021-10-28 03:45:56 34.151.71.134|commbanksec.com.au|2021-10-28 01:46:24 34.151.71.134|commbanksupport.com.au|2021-10-25 02:20:45 34.151.71.134|custcareballbasher.com|2021-10-21 11:56:21 34.151.71.134|mycommbank-mobile.app|2021-10-28 23:01:07 34.151.71.134|mycommbank-mobile.com.au|2021-10-16 01:35:46 34.151.71.134|mycommbank-support.com.au|2021-10-28 06:46:16 34.151.71.134|mycommbanking.com.au|2021-10-15 05:31:01 34.151.71.134|mycommbankmobile.com.au|2021-10-13 13:41:58 34.151.71.134|mynetbank-login.com.au|2021-10-16 05:40:55 34.151.71.134|mynetbank.com.au|2021-10-14 03:25:50 34.151.71.134|mynetbanking.com.au|2021-10-24 22:45:41 34.151.71.134|secure-access.com.au|2021-10-15 01:06:25 34.151.71.134|secure-banking.com.au|2021-10-18 10:11:35 34.151.71.134|secure-netbanking.com.au|2021-10-14 21:36:03 34.151.71.134|www1commsecure.com.au|2021-10-14 19:46:42
phishing server
MAAS/PAAS phishing node. hXXps://anvariygenesh.com/r/U139yl8 $ host anvariygenesh.com anvariygenesh.com has address 51.79.167.32 51.79.167.32|ckrbirpcienhelpgenesh.com|2021-10-01 04:15:48 51.79.167.32|cmvtpspfmb.com|2021-10-17 10:37:41 51.79.167.32|commentionainsificansion.com|2021-10-03 22:10:46 51.79.167.32|computionhonlamsf.com|2021-10-10 16:40:48 51.79.167.32|csreinesuegthelpgenesh.com|2021-10-08 15:56:07 51.79.167.32|dayncsickthelpgenesh.com|2021-10-08 22:29:27 51.79.167.32|diagmatedainsificansion.com|2021-10-10 15:07:09 51.79.167.32|dinationereenshonlamsf.com|2021-10-22 19:11:35 51.79.167.32|doctionshonlamsf.com|2021-10-01 04:26:00 51.79.167.32|durmaeoarlmfnihelpgenesh.com|2021-10-14 15:17:17 51.79.167.32|dzuwjrxdhj.com|2021-10-18 12:36:30 51.79.167.32|ehortclietlsnlhelpgenesh.com|2021-10-19 14:32:22 51.79.167.32|enlcigraerhelpgenesh.com|2021-10-22 06:26:29 51.79.167.32|epharturrenthonlamsf.com|2021-10-10 19:00:59 51.79.167.32|eqgvjzside.com|2021-10-24 23:55:47 51.79.167.32|etkerffmhk.com|2021-10-18 12:37:06 51.79.167.32|eynaonplioncmtahelpgenesh.com|2021-10-10 19:06:16 51.79.167.32|hospelecehonlamsf.com|2021-10-05 16:31:16 51.79.167.32|kbaeleigdrhelpgenesh.com|2021-10-02 21:05:47 51.79.167.32|ktotwnkpch.com|2021-10-17 11:01:02 51.79.167.32|linguiettalieshonlamsf.com|2021-10-22 19:13:32 51.79.167.32|loezrbdapamlhelpgenesh.com|2021-10-01 23:10:55… Читать далее phishing server
Vjw0rm botnet controller @23.102.1.5
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 23.102.1.5 on port 6130 TCP: $ telnet 23.102.1.5 6130 Trying 23.102.1.5… Connected to 23.102.1.5. Escape character… Читать далее Vjw0rm botnet controller @23.102.1.5
spam emitters
212.41.22.226 uwentos.ru 212.41.22.227 irawenom.ru 212.41.22.228 oblakodzen.ru 212.41.22.229 yeremont.ru