$ host www.lhv-autentimine.com www.lhv-autentimine.com is an alias for lhv-autentimine.com. lhv-autentimine.com has address 199.188.201.139
Phishing payload against LHV (Estonian banking group)
$ host konto-lhv.com konto-lhv.com has address 199.188.201.148 This IP hosts a live bank phishing payload. The domain was registered exclusively for this purpose.
Spamvertised website
Received: from gotogml.com (gotogml.com. [185.122.223.223]) From: 🔔Gemeentelijk Energie <[]@gotogml.com> Date: Fri, 08 Oct 2021 09:1x:xx +0000 Subject: Nieuw in uw gemeente: bespaar via het Gemeentelijke Energie Collectief http://crystals.com.de/rd/[] 185.146.157.69 https://laudypauty.com/[] 209.159.146.166 https://sendt.go2cloud.org/aff_c?offer_id=2893&aff_id=1482&aff_sub=472864&aff_sub2=[]&aff_sub3=31 18.202.12.61
Abused crypto currency mining pool
The host at this IP address is running a crypto currency mining pool that is currently being abused by cybercriminals for mining crypto currencies on malware infected computers. The following information should be sufficient for the identification and suspension of the abusive users: {«id»:1,»jsonrpc»:»2.0″,»method»:»login»,»params»:{«login»:»49ZMf9zqpebBFbM1oeZChGHGhcuvZReqAiy1n9fq4FcbJeYv3FbGYwfUqsTM7p3CYCN7grTf3PYeYJh5y6YGpK879aJ5Xw8.INTELRIG11″,»pass»:»x»,»agent»:»XMRig/6.15.2 (Windows NT 10.0; Win64; x64) libuv/1.42.0 gcc/10.1.0″,»algo»:[«rx/0″,»cn/2″,»cn/r»,»cn/fast»,»cn/half»,»cn/xao»,»cn/rto»,»cn/rwz»,»cn/zls»,»cn/double»,»cn/ccx»,»cn-lite/1″,»cn-heavy/0″,»cn-heavy/tube»,»cn-heavy/xhv»,»cn-pico»,»cn-pico/tlo»,»cn/upx2″,»cn/1″,»rx/wow»,»rx/arq»,»rx/graft»,»rx/sfx»,»rx/keva»,»argon2/chukwa»,»argon2/chukwav2″,»argon2/ninja»,»astrobwt»]}}
AZORult botnet controller @172.67.186.23
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. AZORult botnet controller located at 172.67.186.23 on port 80 (using HTTP POST): hXXp://21slg.xyz/PL341/index.php $ dig +short 21slg.xyz 172.67.186.23
Loki botnet controller @172.67.143.28
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 172.67.143.28 on port 80 (using HTTP POST): hXXp://jyiikm.xyz/dby/w2/fre.php $ dig +short jyiikm.xyz 172.67.143.28 Referencing malware binaries (MD5 hash): d576c9dc10e4705d5ee7a2d75349f45e — AV detection:… Читать далее Loki botnet controller @172.67.143.28
AsyncRAT botnet controller @3.121.139.82
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 3.121.139.82 on port 19858 TCP: $ telnet 3.121.139.82 19858 Trying 3.121.139.82… Connected to 3.121.139.82. Escape character… Читать далее AsyncRAT botnet controller @3.121.139.82
Abused / misconfigured newsletter service (listbombing)
The host at this IP address is being (ab)used to «listbomb» email addresses: From: Reuse Hardwares <info2@reuse-hardwares.store> Subject: 25 x Hp Prbook 650 G2 15.6″ CORE I5 6300U —-> 185€ Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with… Читать далее Abused / misconfigured newsletter service (listbombing)
irs phishing server
href-secure-gate-payment.com has address 20.94.199.105 scure-economic-impact-payments.com has address 20.94.199.105
Malware botnet controller @65.21.114.237
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 65.21.114.237 on port 443 TCP: $ telnet 65.21.114.237 443 Trying 65.21.114.237… Connected to 65.21.114.237. Escape character… Читать далее Malware botnet controller @65.21.114.237