The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller at 141.8.199.203 on port 443: $ telnet 141.8.199.203 443 Trying 141.8.199.203… Connected to 141.8.199.203. Escape character is ‘^]’ Malicious domains observed at this IP… Читать далее Malware botnet controller @141.8.199.203
Malware / Botnet / Phishing hosting server @95.213.216.226
According to our telemetry and our own intelligence, the host at this IP address has been setup by cyber criminals for the exclusive purpose of hosting phishing sites, malware distribution sites and/or botnet controllers. We therefore advise our users to block any traffic from/to this IP address. Malware botnet controller located at 95.213.216.226 443 TCP:… Читать далее Malware / Botnet / Phishing hosting server @95.213.216.226
phishing server
54.39.209.236|go.gov-get-your-coronavirus-reinstatement-of-funds.online|2022-03-28 19:33:18 54.39.209.236|us-irs.gov-get-your-coronavirus-reinstatement-of-funds.com|2022-03-29 14:28:59
spam emitter @82.200.84.143
Received: from z-mta-02.omskportal.ru (z-mta-02.omskportal.ru. [82.200.84.143]) by mx.google.com with ESMTPS id [] (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 28 Mar 2022 16:5x:xx -0700 (PDT) Received: from z-mbox-01.omskportal.ru (z-mbox-01-01.omskportal.ru [172.16.1.187]) by z-mta-02.omskportal.ru (Postfix) with ESMTP id []; Tue, 29 Mar 2022 05:4x:xx +0600 (+06) Date: Tue, 29 Mar 2022 05:4x:xx +0600 (OMST) From: «Indeed@» <ssmp_mail@minzdrav.omskportal.ru> Reply-To: «Indeed@» <mkathyp609@gmail.com> Subject:… Читать далее spam emitter @82.200.84.143
spam emitter @3.91.133.120
Received: from hotstuff-3.cs.uct.ac.za (hotstuff-3.cs.uct.ac.za. [137.158.160.143]) by mx.google.com with ESMTPS id [] (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 28 Mar 2022 16:0x:xx -0700 (PDT) Received: from ec2-3-91-133-120.compute-1.amazonaws.com ([3.91.133.120] helo=EC2AMAZ-T6IA6KJ.ec2.internal) by hotstuff-3.cs.uct.ac.za with esmtpsa (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.86_2) (envelope-from <bsam@cs.uct.ac.za>) id []; Tue, 29 Mar 2022 01:0x:xx +0200 Subject: WORK WITH US! From: «ROBERT EDWARDVHAKALA» <bsam@cs.uct.ac.za> Date: Mon, 28 Mar… Читать далее spam emitter @3.91.133.120
Phishing sites
54.39.209.230 lien-personnel.com 2022-03-29 04:47:17 54.39.209.230 pagepersoverif.com 2022-03-28 23:31:19 54.39.209.230 redictpagepll.com 2022-03-28 12:28:49 54.39.209.230 us-irs-go.gov-coronavirus-social-assistance-funds.online 2022-03-27 19:32:20 54.39.209.230 us-irs.gov-eligible-to-receive-all-third-round-eip.com 2022-03-28 10:47:30 54.39.209.230 webb-us-irs.gov-coronavirus-social-assistance-funds.com 2022-03-28 13:01:39 ___________________________________ Was: 54.39.226.41 _.mail.us-lang-irs.gov-claim-third-round-eips.com 2022-03-21 23:22:58 54.39.226.41 _.sa-www4-irs.gov-get-my-economic-impact-payments.com 2022-03-21 15:31:19 54.39.226.41 _.us-lang-irs.gov-claim-third-round-eips.com 2022-03-21 23:22:58 54.39.226.41 _.www.sa-www4-irs.gov-get-my-economic-impact-payments.com 2022-03-22 03:21:21 54.39.226.41 eioqmqevjsmxfob.www.sa-www4-irs.gov-get-my-economic-impact-payments.com 2022-03-21 19:00:12 54.39.226.41 en-lang-www4-irs.gov-get-economic-impact-payments.com 2022-03-17 19:19:27 54.39.226.41 form-log.swwaqulan.com 2022-03-21 18:48:00 54.39.226.41… Читать далее Phishing sites
killnet[.]cc — DDOS for hire
$ host killnet.cc killnet.cc has address 51.89.47.75 killnet.cc has address 51.89.47.64 —- Formerly known as killnet[.]io, killweb[.]io. Pricing displayed on killnet[.]cc/tariffs « Our rates BOTNET 30 GBPS L4/7 15pcs checkbot $50 per month BOTNET 50 GBPS L4/7 25pcs checkbot 150$ per month BOTNET 150 GBPS L4/7 20pcs checkbot 300$ per month BOTNET 400 GBPS L4/7… Читать далее killnet[.]cc — DDOS for hire
Socelars botnet controller @164.68.101.131
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Socelars botnet controller located at 164.68.101.131 on port 80 (using HTTP POST): hXXp://www.cinemaindosex.com/Home/Index/cgfdc $ dig +short www.cinemaindosex.com 164.68.101.131 $ nslookup 164.68.101.131 vmi808518.contaboserver.net Referencing malware binaries (MD5 hash):… Читать далее Socelars botnet controller @164.68.101.131
AZORult botnet controller @104.21.89.109
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. AZORult botnet controller located at 104.21.89.109 on port 80 (using HTTP POST): hXXp://bl1we4t.xyz/index.php $ dig +short bl1we4t.xyz 104.21.89.109
ArkeiStealer, Smoke botnet controller and malware distribution @95.213.216.231
According to our telemetry and our own intelligence, the host at this IP address has been setup by cyber criminals for the exclusive purpose of hosting phishing sites, malware distribution sites and/or botnet controllers. We therefore advise our users to block any traffic from/to this IP address. The host at this IP address is running… Читать далее ArkeiStealer, Smoke botnet controller and malware distribution @95.213.216.231