This IP address is sending spam for a prolific list seller that uses the names BOOM OF SALES, BOOM DE VENDA, SUPER LIST, and «Corbett Software», among others. Both the volumes of spam and the lists for sale are unacceptable to Spamhaus. Received: from mail.mindsanctuary.net (mail.mindsanctuary.net [165.232.156.229]) Received: from mail.mindsanctuary.net (unknown [104.238.248.109]) Date: Wed, 30… Читать далее Spam Emitter (SUPER LIST) (Corbett Software)
Malware botnet controller @95.213.216.252
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 95.213.216.252 port 443: $ telnet 95.213.216.252 443 Trying 95.213.216.252… Connected to 95.213.216.252. Escape character is ‘^]’… Читать далее Malware botnet controller @95.213.216.252
Smoke Loader botnet controller @31.184.249.176
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Smoke Loader botnet controller located at 31.184.249.176 on port 80 (using HTTP POST): hXXp://afrocalite.ga/ afrocalite.ga. 600 IN A 31.184.249.176 Referencing malware binaries (MD5 hash): 3d75271eb12cedd6440f8ed22724840c — AV… Читать далее Smoke Loader botnet controller @31.184.249.176
Malware / Botnet / Phishing hosting server @95.213.216.233
According to our telemetry and our own intelligence, the host at this IP address has been setup by cyber criminals for the exclusive purpose of hosting phishing sites, malware distribution sites and/or botnet controllers. We therefore advise our users to block any traffic from/to this IP address. The host at this IP address is obviously… Читать далее Malware / Botnet / Phishing hosting server @95.213.216.233
Phish spam source @35.78.86.1
Received: from sv13048.xserver.jp ([162.43.116.49]) by [] with esmtps (TLS1.2) tls TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (Exim 4.95) (envelope-from <donotreply.nepasrepondre-notifications-canadapost-postescanada.customer.4166861.details.info.admin@kyogura.biz>) id [] for []; Fri, 01 Apr 2022 17:1x:xx +0000 Received: from virusgw12002.xserver.jp (virusgw12002.xserver.jp [103.3.3.11]) by sv13048.xserver.jp (Postfix) with ESMTP id [] for []; Sat, 2 Apr 2022 02:1x:xx +0900 (JST) Received: from sv13048.xserver.jp (162.43.116.49) by virusgw12002.xserver.jp (F-Secure/fsigk_smtp/521/virusgw12002.xserver.jp); Sat, 02… Читать далее Phish spam source @35.78.86.1
Phish spam site @54.231.193.184
Received: from sv13048.xserver.jp ([162.43.116.49]) by [] with esmtps (TLS1.2) tls TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (Exim 4.95) (envelope-from <donotreply.nepasrepondre-notifications-canadapost-postescanada.customer.4166861.details.info.admin@kyogura.biz>) id [] for []; Fri, 01 Apr 2022 17:1x:xx +0000 Received: from virusgw12002.xserver.jp (virusgw12002.xserver.jp [103.3.3.11]) by sv13048.xserver.jp (Postfix) with ESMTP id [] for []; Sat, 2 Apr 2022 02:1x:xx +0900 (JST) Received: from sv13048.xserver.jp (162.43.116.49) by virusgw12002.xserver.jp (F-Secure/fsigk_smtp/521/virusgw12002.xserver.jp); Sat, 02… Читать далее Phish spam site @54.231.193.184
Malware botnet controller @141.8.198.142
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller at 141.8.198.142 on port 443: $ telnet 141.8.198.142 443 Trying 141.8.198.142… Connected to 141.8.198.142. Escape character is ‘^]’ Malicious domains observed at this IP… Читать далее Malware botnet controller @141.8.198.142
Malware botnet controller @141.8.199.42
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 141.8.199.42 port 443: $ telnet 141.8.199.42 443 Trying 141.8.199.42… Connected to 141.8.199.42. Escape character is ‘^]’… Читать далее Malware botnet controller @141.8.199.42
Malware botnet controller @82.202.194.20
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller at 82.202.194.20 on port 443. $ telnet 82.202.194.20 443 Trying 82.202.194.20… Connected to 82.202.194.20. Escape character is ‘^]’ Malicious domains observed at this IP… Читать далее Malware botnet controller @82.202.194.20
Cybercrime sites
luxchecker.pm. 600 IN A 95.213.216.203 luxchecker.pw. 600 IN A 95.213.216.203 _______________________________ Was: luxchecker.pm. 600 IN A 91.203.192.42 luxchecker.pw. 600 IN A 91.203.192.42 _______________________________ Was: luxchecker.pm. 600 IN A 185.38.84.47 luxchecker.pw. 600 IN A 185.38.84.47 _______________________________ Was: luxchecker.pm. 600 IN A 141.8.199.17 luxchecker.pw. 600 IN A 141.8.199.17 _______________________________ Was: luxchecker.pm. 600 IN A 176.118.164.46 luxchecker.pw. 600… Читать далее Cybercrime sites