According to our telemetry and our own intelligence, the host at this IP address has been setup by cyber criminals for the exclusive purpose of hosting phishing sites, malware distribution sites and/or botnet controllers. We therefore advise our users to block any traffic from/to this IP address. Malware botnet controller located at 92.63.97.229 on port… Читать далее Malware / Botnet / Phishing hosting server @92.63.97.229
phishing server
citizens-alertsusersms.com has address 137.184.123.222 secured-l0ginusersslauthreviewsverify.com has address 137.184.123.222 secured-l0ginauthusersslverifiedreviewed.com has address 137.184.123.222
Metamorfo botnet controller @104.21.34.196
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Metamorfo botnet controller located at 104.21.34.196 on port 80 (using HTTP GET): hXXp://infodatt.com/cookieDatabase/ $ dig +short infodatt.com 104.21.34.196 Other malicious domain names hosted on this IP address:… Читать далее Metamorfo botnet controller @104.21.34.196
phishing server
52.234.159.105|indication-admin-1000002559374586906.tk|2021-10-14 15:41:51 52.234.159.105|indication-admin-1000002559374586909.tk|2021-10-14 15:42:04 52.234.159.105|indication-admin-1000002559374586910.tk|2021-10-14 09:46:28 52.234.159.105|indication-statement-10000000542318654355431.tk|2021-10-13 11:31:32 52.234.159.105|indication-statement-10000000542318654355432.tk|2021-10-13 11:07:09 52.234.159.105|indication-statement-10000000542318654355433.tk|2021-10-13 11:06:51 52.234.159.105|indication-statement-10000000542318654355434.tk|2021-10-13 11:31:20 52.234.159.105|indication-statement-10000000542318654355435.tk|2021-10-13 11:07:04 52.234.159.105|indication-statement-10000000542318654355436.tk|2021-10-13 11:07:00 52.234.159.105|indication-statement-10000000542318654355437.tk|2021-10-13 11:07:01 52.234.159.105|indication-statement-10000000542318654355438.tk|2021-10-13 11:12:13 52.234.159.105|indication-statement-10000000542318654355439.tk|2021-10-13 11:11:25 52.234.159.105|indication-statement-10000000542318654355440.tk|2021-10-13 11:13:53 52.234.159.105|indication-statement-1000000065945667894520.tk|2021-10-12 09:37:27 52.234.159.105|indication-statement-1000000065945667894521.tk|2021-10-14 13:32:30 52.234.159.105|indication-statement-1000000065945667894522.tk|2021-10-14 13:31:37 52.234.159.105|indication-statement-1000000065945667894523.tk|2021-10-14 13:42:16 52.234.159.105|indication-statement-1000000065945667894524.tk|2021-10-14 13:32:06 52.234.159.105|indication-statement-1000000065945667894525.tk|2021-10-12 09:37:09 52.234.159.105|indication-statement-1000000065945667894526.tk|2021-10-12 09:37:25 52.234.159.105|indication-statement-1000000065945667894527.tk|2021-10-12 09:36:36 52.234.159.105|indication-statement-1000000065945667894528.tk|2021-10-12 10:16:45 52.234.159.105|indication-statement-1000000065945667894529.tk|2021-10-12 09:51:44 52.234.159.105|regulation-reconfrim-100000000754316824516846796880.tk|2021-10-13 07:22:10 52.234.159.105|regulation-reconfrim-100000000754316824516846796881.tk|2021-10-13 07:52:07 52.234.159.105|regulation-reconfrim-100000000754316824516846796882.tk|2021-10-13 07:31:48 52.234.159.105|regulation-reconfrim-100000000754316824516846796883.tk|2021-10-13 07:51:23 52.234.159.105|regulation-reconfrim-100000000754316824516846796884.tk|2021-10-13… Читать далее phishing server
Malware distribution @176.31.87.210
The host at this IP address is currently being used to distribute malware. Malware distribution located here: hXXp://176.31.87.210/44483.6988947917.dat Referencing malware binaries (MD5 hash): d188d4ea5956c58923f341a849f39a14 — AV detection: 6 / 59 (10.17)
Без названия
Received: from server.latiendadelagua.com.mx (server.latiendadelagua.com.mx [5.196.100.174]) by x (Postfix) with ESMTPS id x for <x>; Thu, 14 Oct 2021 ##:##:## +0000 (UTC) This IP is sending email whose intention is to distribute malware. The emails are forged in the names of people known to the intended recipients and are trying to get them to click on… Читать далее Без названия
Swedish B2B spam service provider
The Swedish entities @verko.se / @maskinkontakt.se are mailing out of 23.251.240.5[0-9]. The addresses they are targeting and their message contents suggest that they may be using purchased B2B email address lists for this purpose.
WSHRAT botnet controller @54.38.124.52
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 54.38.124.52 on port 5555 TCP: $ telnet 54.38.124.52 5555 Trying 54.38.124.52… Connected to 54.38.124.52. Escape character… Читать далее WSHRAT botnet controller @54.38.124.52
WSHRAT botnet controller @147.182.241.104
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 147.182.241.104 on port 7121 TCP: $ telnet 147.182.241.104 7121 Trying 147.182.241.104… Connected to 147.182.241.104. Escape character… Читать далее WSHRAT botnet controller @147.182.241.104
spam emitter @188.120.248.180
Received: from mail.static.54.119.201.195.clients.your-server.de ([188.120.248.180]) Date: Wed, 13 Oct 2021 23:2x:xx +0000 Subject: BETAALCODE — [] 📩PAYOUT_VERIFICATION 💰€150.000💰WACHT OP U…__#TLti From: 💵Slot Hunter💵 <contact@dailyprosperousnow.com>