http://safalkisan.co.in/id/?blahblahblah was advertised in Polish SMS spam. On a desktop browser it returns an empty page, on mobile the results are different. This is a hallmark of a specific phishing kit that offers downloads of the FakeCop malware pretending it is a DHL package delivery site. $ host safalkisan.co.in safalkisan.co.in has address 207.244.236.34 See also… Читать далее Malware distribution

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 209.126.85.216 on port 9632 TCP: $ telnet 209.126.85.216 9632 Trying 209.126.85.216… Connected to 209.126.85.216. Escape character… Читать далее QuasarRAT botnet controller @209.126.85.216

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 5.189.188.138 on port 4898 TCP: $ telnet 5.189.188.138 4898 Trying 5.189.188.138… Connected to 5.189.188.138. Escape character… Читать далее BitRAT botnet controller @5.189.188.138

https://www-amozon.atcard.shop/ $ host www-amozon.atcard.shop www-amozon.atcard.shop has address 144.91.127.253 atcard.shop spacecard.shop azcnos-xosmen.shop acmosn-amecn.shop ascmin-zscnim.club

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 194.163.152.240 on port 4898 TCP: $ telnet 194.163.152.240 4898 Trying 194.163.152.240… Connected to 194.163.152.240. Escape character… Читать далее BitRAT botnet controller @194.163.152.240

All of the following have been identified as package delivery fraud payloads. affordablepoms.com has address 62.171.190.104 agricolatarapaca.com has address 62.171.190.104 autobadhuis.com has address 62.171.190.104 bavarianilluminati.org has address 62.171.190.104 best-kittenragdoll.com has address 62.171.190.104 bestcutelabshome.com has address 62.171.190.104 bilichatech.info has address 62.171.190.104 bird-store.com has address 62.171.190.104 birds-store.com has address 62.171.190.104 caqualymedicalab.com has address 62.171.190.104 cavalierkingcharlesdog.com has address… Читать далее Package delivery fraud spam payloads

Received: from 66dv.undr.site (66dv.undr.site. [163.172.121.52]) Date: Tue, 21 Sep 2021 23:5x:xx +0200 Subject: ——Client ID:[] , Confirm your Kohl’s $90 Expire Soon 41—— From: Kohl’s <info@[]> https://bit.ly/3nPYCTi#cl/[] 67.199.248.11 http://turmax.de/cl/54549_md/[] 188.119.150.72 https://margtons.com/[] 23.229.68.7 https://insurefundspick.com/r/[] 75.119.134.149 https://sentencefo.com/us-kohls-ft/?s1=6JQT&s2=[]&s4=[]&s5=3&Fname=&Lname=&Email= 104.21.19.154

fb-pageinfo-100031787023864587517151146.tk has address 178.18.253.214 fb-pageinfo-100031787023864587517151142.tk has address 178.18.253.214 fb-pageinfo-100031787023864587517151148.tk has address 178.18.253.214 fb-pageinfo-100031787023864587517151145.tk has address 178.18.253.214 fb-pageinfo-100031787023864587517151140.tk has address 178.18.253.214 fb-pageinfo-100031787023864587517151144.tk has address 178.18.253.214 fb-pageinfo-100031787023864587517151143.tk has address 178.18.253.214 fb-pageinfo-100031787023864587517151147.tk has address 178.18.253.214 fb-pageinfo-100031787023864587517151149.tk has address 178.18.253.214 fb-pageinfo-100031787023864587517151141.tk has address 178.18.253.214 reporrt-infoice1110.tk has address 178.18.253.214 reporrt-infoice1115.tk has address 178.18.253.214 reporrt-infoice1116.tk has address 178.18.253.214 reporrt-infoice1113.tk has address… Читать далее phishing server