The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 5.8.76.181 on port 80 (using HTTP POST): hXXp://secure01-redirect.net/ga13/fre.php secure01-redirect.net. 600 IN A 5.8.76.181 Referencing malware binaries (MD5 hash): 1edc5ae8174533de1c038341b84685c5 — AV detection:… Читать далее Loki botnet controller @5.8.76.181
Malware / Botnet / Phishing hosting server @95.182.123.224
According to our telemetry and our own intelligence, the host at this IP address has been setup by cyber criminals for the exclusive purpose of hosting phishing sites, malware distribution sites and/or botnet controllers. We therefore advise our users to block any traffic from/to this IP address. Malware botnet controller located at 95.182.123.224 on port… Читать далее Malware / Botnet / Phishing hosting server @95.182.123.224
RaccoonStealer botnet controller @104.21.8.181
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. RaccoonStealer botnet controller located at 104.21.8.181 on port 80 (using HTTP GET): hXXp://ttmirror.top/jdiamond13 $ dig +short ttmirror.top 104.21.8.181 Referencing malware binaries (MD5 hash): 0084fcf83e2875ea3da9af69855c5ed2 — AV detection:… Читать далее RaccoonStealer botnet controller @104.21.8.181
DCRat botnet controller @188.120.229.5
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. DCRat botnet controller located at 188.120.229.5 on port 80 (using HTTP GET): hXXp://188.120.229.5/boot/u927/ApiDefaultdownloads.php $ nslookup 188.120.229.5 vitalynovikov19.fvds.ru Referencing malware binaries (MD5 hash): 7c6b9d0070775f719e6ec9ffea045175 — AV detection: 20… Читать далее DCRat botnet controller @188.120.229.5
Phishing payload against Danske (Nordic banking group)
$ host danske-asiakas.cloud danske-asiakas.cloud has address 172.67.153.228 danske-asiakas.cloud has address 104.21.4.51 danske-asiakas.cloud has IPv6 address 2606:4700:3037::ac43:99e4 danske-asiakas.cloud has IPv6 address 2606:4700:3032::6815:433
Phishing payload against Danske (Nordic banking group)
$ host danske-asiakas.cloud danske-asiakas.cloud has address 172.67.153.228 danske-asiakas.cloud has address 104.21.4.51 danske-asiakas.cloud has IPv6 address 2606:4700:3037::ac43:99e4 danske-asiakas.cloud has IPv6 address 2606:4700:3032::6815:433
Phishing payload against Danske (Nordic banking group)
$ host danske-pankki.info danske-pankki.info has address 104.21.29.46 danske-pankki.info has address 172.67.171.101 danske-pankki.info has IPv6 address 2606:4700:3037::6815:1d2e danske-pankki.info has IPv6 address 2606:4700:3036::ac43:ab65
Phishing payload against Danske (Nordic banking group)
$ host danske-pankki.info danske-pankki.info has address 104.21.29.46 danske-pankki.info has address 172.67.171.101 danske-pankki.info has IPv6 address 2606:4700:3037::6815:1d2e danske-pankki.info has IPv6 address 2606:4700:3036::ac43:ab65
Phishing payload against Danske (Nordic banking group)
$ host danske-asiakas.info danske-asiakas.info has address 104.21.31.171 danske-asiakas.info has address 172.67.178.231 danske-asiakas.info has IPv6 address 2606:4700:3030::6815:1fab danske-asiakas.info has IPv6 address 2606:4700:3032::ac43:b2e7
Phishing payload against Danske (Nordic banking group)
$ host danske-asiakas.info danske-asiakas.info has address 104.21.31.171 danske-asiakas.info has address 172.67.178.231 danske-asiakas.info has IPv6 address 2606:4700:3030::6815:1fab danske-asiakas.info has IPv6 address 2606:4700:3032::ac43:b2e7