domain used in spam operation 45ujh45.xyz|192.64.119.156
phishing server
fastflux phishing server. Domains and IP change regularly. hXXps://aprildawn7genesh.com/assets/ aprildawn7genesh.com has address 158.69.1.218
irs phishing server
hXXp://przggha6oiv1.a6kecjbdibju8g14kiv.xyz/ $ host przggha6oiv1.a6kecjbdibju8g14kiv.xyz przggha6oiv1.a6kecjbdibju8g14kiv.xyz has address 40.78.143.97
RaccoonStealer botnet controller @104.21.61.215
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. RaccoonStealer botnet controller located at 104.21.61.215 on port 80 (using HTTP GET): hXXp://tgmirror.top/stevuitreen $ dig +short tgmirror.top 104.21.61.215 Referencing malware binaries (MD5 hash): 209ed3853c9ac9a5a76fc48808869188 — AV detection:… Читать далее RaccoonStealer botnet controller @104.21.61.215
Spamvertised website
Received: from mail-ot1-f67.google.com (mail-ot1-f67.google.com [209.85.210.67]) From: «Marla J. Martino» <tranngan225@gmail.com> Reply-To: tranngan225@gmail.com Date: Fri, 1 Oct 2021 07:25:54 -0700 Subject: [SALE OFF] []’s Family Tee Shirt Collection https://tanametee.com/searchname?q=[] 68.65.120.217 https://teefaname004.com/search?q=[] 198.54.120.85 https://dhktshop.com/_/search?q=[] 35.244.233.73
Spamvertised website
Received: from mail-ot1-f67.google.com (mail-ot1-f67.google.com [209.85.210.67]) From: «Marla J. Martino» <tranngan225@gmail.com> Reply-To: tranngan225@gmail.com Date: Fri, 1 Oct 2021 07:25:54 -0700 Subject: [SALE OFF] []’s Family Tee Shirt Collection https://tanametee.com/searchname?q=[] 68.65.120.217 https://teefaname004.com/search?q=[] 198.54.120.85 https://dhktshop.com/_/search?q=[] 35.244.233.73
Spamvertised website
Received: from mail-ot1-f67.google.com (mail-ot1-f67.google.com [209.85.210.67]) From: «Marla J. Martino» <tranngan225@gmail.com> Reply-To: tranngan225@gmail.com Date: Fri, 1 Oct 2021 07:25:54 -0700 Subject: [SALE OFF] []’s Family Tee Shirt Collection https://tanametee.com/searchname?q=[] 68.65.120.217 https://teefaname004.com/search?q=[] 198.54.120.85 https://dhktshop.com/_/search?q=[] 35.244.233.73
Phishing payload
$ host info-passport.me info-passport.me has address 199.188.201.34 This site hosts a phishing payload against the NHS. It is only accessible from UK IPs.
phishing server
1netflix.club has address 159.65.89.216
Spam payload
$ host slutty-house.com slutty-house.com has address 3.227.213.110 slutty-house.com has address 34.204.46.170 slutty-house.com has address 44.199.59.39 slutty-house.com has address 54.210.212.228 slutty-house.com has IPv6 address 2600:1f18:454c:f520:3738:32f2:eafe:2299 slutty-house.com has IPv6 address 2600:1f18:454c:f530:6d78:920d:e8ec:c7fa slutty-house.com has IPv6 address 2600:1f18:454c:f540:fd5c:7486:f7e6:3f90 slutty-house.com has IPv6 address 2600:1f18:454c:f510:7c20:c89e:2de:7552