The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. RaccoonStealer botnet controller located at 104.21.26.237 on port 80 (using HTTP GET): hXXp://telegatt.top/agrybirdsgamerept $ dig +short telegatt.top 104.21.26.237 Referencing malware binaries (MD5 hash): a89e87f448f4a29cd41eebc3c1b2807a — AV detection:… Читать далее RaccoonStealer botnet controller @104.21.26.237
Loki botnet controller @35.238.66.156
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 35.238.66.156 on port 80 (using HTTP POST): hXXp://akiwinds.duckdns.org/chats/fre.php $ dig +short akiwinds.duckdns.org 35.238.66.156 $ nslookup 35.238.66.156 156.66.238.35.bc.googleusercontent.com Other malicious domain names hosted… Читать далее Loki botnet controller @35.238.66.156
Loki botnet controller @35.238.66.156
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 35.238.66.156 on port 80 (using HTTP POST): hXXp://frinqy.gq/apps/fre.php $ dig +short frinqy.gq 35.238.66.156 $ nslookup 35.238.66.156 156.66.238.35.bc.googleusercontent.com Other malicious domain names hosted… Читать далее Loki botnet controller @35.238.66.156
Spamvertised website
Received: from gotogml.com (gotogml.com. [185.122.223.223]) From: 🔔Gemeentelijk Energie <[]@gotogml.com> Date: Fri, 08 Oct 2021 09:1x:xx +0000 Subject: Nieuw in uw gemeente: bespaar via het Gemeentelijke Energie Collectief http://crystals.com.de/rd/[] 64.227.77.166 https://laudypauty.com/[] 209.159.146.166 https://sendt.go2cloud.org/aff_c?offer_id=2893&aff_id=1482&aff_sub=472864&aff_sub2=[]&aff_sub3=31 18.202.12.61
DCRat botnet controller @40.90.210.21
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 40.90.210.21 on port 3054 TCP: $ telnet 40.90.210.21 3054 Trying 40.90.210.21… Connected to 40.90.210.21. Escape character… Читать далее DCRat botnet controller @40.90.210.21
spam emitter @163.172.177.188
Received: from dashboardgame.org.uk (dashboardgame.org.uk. [163.172.177.188]) From: [] <[]@[].dashboardgame.org.uk> Date: Wed, 13 Oct 2021 07:2x:xx +0200 Subject: 𝗬𝗢𝗨 𝗛𝗔𝗩𝗘 𝗕𝗘𝗘𝗡 𝗣𝗔𝗜𝗗 💲,Check your account 4.000$, [PAYOUT_VERIFICATION] ✅
phishing server
01auth-wfsource.co has address 3.142.151.26 auth-chasesource.org has address 3.142.151.26
PredictLabs / Sphere Digital
Spam Subject: Welcome To Your Life Insurance Spam Sender: Flower Shop Design — 3000 Custer Road Suite 270 Numb 541 Plano, TX 75075 US ——————————————————————————— Payload: 104.22.9.151 = quotes.ecoverage.com = quotes.ecoverage.com.cdn.cloudflare.net ——————————————————————————— DDomain Name: ecoverage.com Registry Domain ID: 4212043_DOMAIN_COM-VRSN Registrar WHOIS Server: WHOIS.ENOM.COM Registrar URL: WWW.ENOM.COM Updated Date: 2019-08-31T03:58:18.00Z Creation Date: 1999-01-19T05:00:00.00Z Registrar Registration Expiration… Читать далее PredictLabs / Sphere Digital
phishing server
ųsps-redelivery.com has address 150.136.233.137 chąse.com has address 150.136.233.137 cɧase.com has address 150.136.233.137 cʜase.com has address 150.136.233.137 ɴetflix.com has address 150.136.233.137 ŋfcu.com has address 150.136.233.137 ɴfcu.com has address 150.136.233.137
phishing server
mobile-wf-failed.com has address 66.29.143.79 login-denied-center.com has address 66.29.143.79 login-denied-info.com has address 66.29.143.79 login-failed-mob.com has address 66.29.143.79