The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 40.88.44.226 on port 2223 TCP: $ telnet 40.88.44.226 2223 Trying 40.88.44.226… Connected to 40.88.44.226. Escape character… Читать далее BitRAT botnet controller @40.88.44.226
Abused / misconfigured newsletter service (listbombing)
The host at this IP address is being (ab)used to «listbomb» email addresses: From: Carol Edwards <caroledwards@adthrive.com> Subject: XXX Will Earn More at AdThrive — We Guarantee It Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages… Читать далее Abused / misconfigured newsletter service (listbombing)
RaccoonStealer botnet controller @172.67.157.163
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. RaccoonStealer botnet controller located at 172.67.157.163 on port 80 (using HTTP GET): hXXp://ttmirror.top/agrybirdsgamerept $ dig +short ttmirror.top 172.67.157.163 Referencing malware binaries (MD5 hash): 0211971320aa3e95c0a3cbe2b8b78bd4 — AV detection:… Читать далее RaccoonStealer botnet controller @172.67.157.163
RaccoonStealer botnet controller @104.21.68.139
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. RaccoonStealer botnet controller located at 104.21.68.139 on port 80 (using HTTP GET): hXXp://teletele.top/jdiamond13 $ dig +short teletele.top 104.21.68.139 Referencing malware binaries (MD5 hash): 3812d9bb5e5095c90111774e35ea661e — AV detection:… Читать далее RaccoonStealer botnet controller @104.21.68.139
EU Business Register / World Company Register
Received: from melissatarauthor.com (unknown [45.8.127.37]) by x (Postfix) with SMTP id x for <x>; Wed, 27 Oct 2021 ##:##:## +0100 (BST) Date: Wed, 27 Oct 2021 ##:##:## +0200 To: x From: EU Business Register <register@ebr-database.com> Reply-to: EU Business Register <register@business-listing.net> Subject: EU Business Register 2021/2022
spam emitters
Received: from s6.megojom.ru (megojom.ru [82.202.242.50]) Date: Wed, 27 Oct 2021 06:3x:xx +0000 From: Aleksandr <info@s6.megojom.ru> Subject: Предложение 82.202.242.10 uwentos.ru 82.202.242.11 irawenom.ru 82.202.242.12 yeremont.ru 82.202.242.13 oblakodzen.ru 82.202.242.50 megojom.ru 82.202.242.51 tefalongo.ru 82.202.242.52 grehemon.ru 82.202.242.53 raferenco.ru 82.202.242.54 telefonsho.ru
Advance fee fraud origination @ 78.46.116.140
Return-Path: <gopkalo.e@shf.com.ua> Received: from mail.your-server.de (mail.shf.com.ua [78.46.116.140]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by x (Postfix) with ESMTPS id x for <x>; Wed, 27 Oct 2021 ##:##:## +0300 (EEST) Authentication-Results: x; dkim=permerror reason=»verification error: key DNS reply corrupt» header.d=shf.com.ua header.i=@shf.com.ua header.b=db8gDY0u; dkim-adsp=fail DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=shf.com.ua; s=mail1; h=Content-Transfer-Encoding:MIME-Version:Content-Type:Reply-to:… Читать далее Advance fee fraud origination @ 78.46.116.140
phishing server
secure01a-chase-secure-portal-recovery-home.com has address 129.158.40.156 secure01b-chase-secure-portal-recovery-home.com has address 129.158.40.156
phishing sites
mail-updatroyalcheck.shop has address 66.29.146.44
GCleaner botnet controller @95.182.122.84
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. GCleaner botnet controller located at 95.182.122.84 on port 80 (using HTTP GET): hXXp://gcl-gb.biz/check.php $ telnet 95.182.122.84 443 Trying 95.182.122.84… Connected to 95.182.122.84. Escape character is ‘^]’ gcl-gb.biz.… Читать далее GCleaner botnet controller @95.182.122.84