fe-shop18.ru. 3599 IN NS ns2.pe-sipodemos.com. fe-shop18.ru. 3599 IN NS ns1.pe-sipodemos.com. ns1.pe-sipodemos.com. 299 IN A 40.67.244.144 ns2.pe-sipodemos.com. 299 IN A 20.72.208.97 40.67.244.144 ns1.pe-aps.com 2021-04-10 07:01:38 40.67.244.144 ns1.pe-sipodemos.com 2021-04-09 22:05:03 20.72.208.97 ns2.pe-aps.com 2021-04-10 07:01:38 20.72.208.97 ns2.pe-sipodemos.com 2021-04-10 06:55:14 Phishing and carder DNS domains: @ns_.pe-aps.com asialloyds.com com-portal.net lieusim.com sdfsdfsdfsqweqweqweqwe.com sudohackers.com @ns_.pe-sipodemos.com 1823sc0t6a-28stup934.com 1s1c01t1a1-7acc771.com 1sc0ti1a171-7a1cc7.com 2021scot1a187.com 4sc0ta729462349-2374.com 4sc7ta7-ac09ia.com 58345-7sc0ta9up1nf0.com… Читать далее Dirty range: Hosting phishing and carder DNS servers
Spammer hosting @52.186.31.137
Spammer hosting located here: https://clt1324614.bmetrack.com/c/l?u=X -> http://arenabab.space/app/wrap/X —> https://www.lightutil.com/6NP2CC7/QTXT8SN/?creative_id=X —> https://www.storiespedia.com/nachrichten-sys/?sub1=X —-> https://www.vbpol29.com/QFXQ25Q/5WGFT4/?sub1=X ——> https://ss852cctrkflw.com/transaction/click/X ——> https://btclangsapp.com/index.php?id=X $ dig +short www.lightutil.com 52.186.31.137 Spam sample ================================== Received: from vulkanpartner.com (static.169.65.47.78.clients.your-server.de [78.47.65.169]) by X (Postfix) with ESMTP id X for <X>; Sat, 10 Apr 2021 X To: X Received: by 2002:a05:6520:458c:b029:ef:27d6:f980 with SMTP id X; Sat, 10… Читать далее Spammer hosting @52.186.31.137
Vjw0rm botnet controller @52.231.143.69
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 52.231.143.69 on port 8703 TCP: $ telnet 52.231.143.69 8703 Trying 52.231.143.69… Connected to 52.231.143.69. Escape character… Читать далее Vjw0rm botnet controller @52.231.143.69
spam support (domains)
domain used in spam operation — getunlistnow.com —
Vjw0rm botnet controller @52.231.103.159
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 52.231.103.159 on port 5901 TCP: $ telnet 52.231.103.159 5901 Trying 52.231.103.159… Connected to 52.231.103.159. Escape character… Читать далее Vjw0rm botnet controller @52.231.103.159
Vjw0rm botnet controller @20.199.188.102
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 20.199.188.102 on port 60032 TCP: $ telnet 20.199.188.102 60032 Trying 20.199.188.102… Connected to 20.199.188.102. Escape character… Читать далее Vjw0rm botnet controller @20.199.188.102
Vjw0rm botnet controller @40.121.108.109
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 40.121.108.109 on port 1996 TCP: $ telnet 40.121.108.109 1996 Trying 40.121.108.109… Connected to 40.121.108.109. Escape character… Читать далее Vjw0rm botnet controller @40.121.108.109
IRS Phishing / Fraud sites
This should be an easy test of the «legit or not?» 13.91.123.213 get-payment.irs.gov.covidirs.com 13.91.123.213 irs-gov.nfcubnk.com 13.91.123.213 covid19.irs.gov.paymentirs.net 13.91.123.213 covid19.irs.gov.irsfund.com 13.91.123.213 covid19.irs.gov.3rdpayment.com 13.91.123.213 covid19.irs.gov.thirdpayment.com hXXps://covid19.irs.gov.thirdpayment.com/?imanhalal
Vjw0rm botnet controller @20.93.1.24
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 20.93.1.24 on port 60923 TCP: $ telnet 20.93.1.24 60923 Trying 20.93.1.24… Connected to 20.93.1.24. Escape character… Читать далее Vjw0rm botnet controller @20.93.1.24
Vjw0rm botnet controller @20.69.234.242
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 20.69.234.242 on port 2911 TCP: $ telnet 20.69.234.242 2911 Trying 20.69.234.242… Connected to 20.69.234.242. Escape character… Читать далее Vjw0rm botnet controller @20.69.234.242