onlinesecureredirector001b.org has address 35.199.98.82 16shortsecurelinkredirect0.org has address 35.199.98.82 hXXp://onlinesecureredirector001b.org/rsa/asd/
phishing server
citizens-auth.com has address 165.232.156.64 citzens-sec.com has address 165.232.156.64
spam support (domains)
Domain used in spam operation esdrgvdsfg.xyz… 162.255.119.175
spam support (domains) escalation
domain used in spam operation —- tizifi.com|34.102.201.232| tiziprint.com|34.102.201.232| —-
Malware / Botnet / Phishing hosting server @91.224.22.55
According to our telemetry and our own intelligence, the host at this IP address has been setup by cyber criminals for the exclusive purpose of hosting phishing sites, malware distribution sites and/or botnet controllers. We therefore advise our users to block any traffic from/to this IP address. Malware botnet controller located at 91.224.22.55 on port… Читать далее Malware / Botnet / Phishing hosting server @91.224.22.55
OskiStealer botnet controller @104.21.36.85
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. OskiStealer botnet controller located at 104.21.36.85 on port 80 (using HTTP POST): hXXp://gervenez.xyz/6.jpg $ dig +short gervenez.xyz 104.21.36.85 Other malicious domain names hosted on this IP address:… Читать далее OskiStealer botnet controller @104.21.36.85
Spam emitter
This is sending porn spam while pretending to be a NASA.GOV IP Received: from [89.108.77.122] ([89.108.77.122:57218] by XXX (envelope-from <>) (ecelerity 3.6.25.56547 r(Core:3.6.25.0)) with ESMTP id 33/3F-61936-DD369716; Wed, 27 Oct 2021 user50$ host 89.108.77.122 122.77.108.89.in-addr.arpa domain name pointer ndgrsmtp01.ndc.nasa.gov. whois 89.108.77.122 % IANA WHOIS server % for more information on IANA, visit http://www.iana.org % This… Читать далее Spam emitter
njrat botnet controller @35.193.121.248
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 35.193.121.248 on port 5005 TCP: $ telnet 35.193.121.248 5005 Trying 35.193.121.248… Connected to 35.193.121.248. Escape character… Читать далее njrat botnet controller @35.193.121.248
Phishing payload against the Finnish government authentication site
$ host suomi-site.cloud suomi-site.cloud has address 172.67.217.151 suomi-site.cloud has address 104.21.59.66 suomi-site.cloud has IPv6 address 2606:4700:3032::6815:3b42 suomi-site.cloud has IPv6 address 2606:4700:3033::ac43:d997
Phishing payload against the Finnish government authentication site
$ host suomi-site.cloud suomi-site.cloud has address 172.67.217.151 suomi-site.cloud has address 104.21.59.66 suomi-site.cloud has IPv6 address 2606:4700:3032::6815:3b42 suomi-site.cloud has IPv6 address 2606:4700:3033::ac43:d997