According to our telemetry and our own intelligence, the host at this IP address has been setup by cyber criminals for the exclusive purpose of hosting phishing sites, malware distribution sites and/or botnet controllers. We therefore advise our users to block any traffic from/to this IP address. The host at this IP address is obviously… Читать далее Malware / Botnet / Phishing hosting server @194.87.253.191
Loki botnet controller @193.124.118.77
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 193.124.118.77 on port 80 (using HTTP POST): hXXp://sempersim.su/ge12/fre.php sempersim.su. 600 IN A 193.124.118.77 Referencing malware binaries (MD5 hash): 282597edf1d6759a52472a855ed9e14f — AV detection:… Читать далее Loki botnet controller @193.124.118.77
Malware botnet controller @176.119.147.115
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 176.119.147.155 port 443: $ telnet 176.119.147.115 443 Trying 176.119.147.115… Connected to 176.119.147.115. Escape character is ‘^]’… Читать далее Malware botnet controller @176.119.147.115
Malware botnet controller @95.213.216.225
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 95.213.216.225 port 443: $ telnet 95.213.216.225 443 Trying 95.213.216.225… Connected to 95.213.216.225. Escape character is ‘^]’… Читать далее Malware botnet controller @95.213.216.225
irs phishing server
20.97.219.250|irs-federalgetpayment.001www.com|2022-03-19 15:01:16 20.97.219.250|irs-federalusagovtaxs.001www.com|2022-03-18 06:30:33 20.97.219.250|irs-getpaymenttaxs.001www.com|2022-03-18 16:01:49 20.97.219.250|irsfederal-usa.001www.com|2022-03-17 12:51:57 20.97.219.250|irsfederalget-payment.001www.com|2022-03-24 13:00:51 20.97.219.250|irsfederalgov.com|2022-03-19 11:59:54 20.97.219.250|irsfederalgovernment.001www.com|2022-03-23 16:02:19 20.97.219.250|irsfederalhome.online|2022-03-28 12:42:06 20.97.219.250|irstaxsfederal.001www.com|2022-03-23 11:36:30 20.97.219.250|profile-irs-information.com|2022-03-17 18:18:41 20.97.219.250|rdx-federalgov.com|2022-03-19 18:36:18
irs phishing server
40.71.68.125|irs-covid-federal.com|2022-03-22 11:44:49 40.71.68.125|irs-covid-government.com|2022-03-22 11:44:49 40.71.68.125|irs-federal-home.com|2022-03-22 07:17:13 40.71.68.125|irs-federal-impact.com|2022-03-22 08:14:04 40.71.68.125|irs-impact-federal.com|2022-03-21 19:31:15 40.71.68.125|irs-info-federal.com|2022-03-28 13:02:34 40.71.68.125|irs-recovery-government.com|2022-03-23 08:13:07 40.71.68.125|primeinfoid.com|2022-03-19 21:36:10 40.71.68.125|primesecid.com|2022-03-21 14:16:38 40.71.68.125|revision.primeinfoid.com|2022-03-19 23:16:19 40.71.68.125|verify-bills.com|2022-03-20 16:16:56
Spam MX services (austinpublishinggroup.com) (OMICS) (SECOND SBL LISTING!)
3/28/2022: This spam domain has moved to a new IP address after it was terminated by its previous host, choopa.com. $ host austinpublishinggroup.com austinpublishinggroup.com has address 104.248.199.0 austinpublishinggroup.com mail is handled by 10 mail.austinpublishinggroup.com. Please review the information from the listing below to understand why it is listed here. 3/24/2022 [SBL545758]: This spam domain has… Читать далее Spam MX services (austinpublishinggroup.com) (OMICS) (SECOND SBL LISTING!)
spam emitter @137.184.69.187
Received: from mail.halchushy.com ([137.184.69.187]) From: Théo, Investeringsmanager <contact@halchushy.com> Subject: Gefeliciteerd, uw investeringsplan is klaar [] 🤑 Date: Mon, 28 Mar 2022 07:3x:xx +0000
Cybercrime sites
95.213.224.6 valve-lab.com 2022-03-24 16:47:23 95.213.224.6 webnomercy.com 2022-03-27 12:06:36 95.213.224.6 safepapl.com 2022-03-21 19:01:28 _______________________________ Was: 80.66.64.216 by-first254.com 2022-03-20 22:32:16 80.66.64.216 crawler11.com 2022-03-20 19:21:43 80.66.64.216 ggalive.info 2022-03-20 22:06:51 80.66.64.216 hyperhyper8.com 2022-03-20 17:37:55 80.66.64.216 item-status-404.com 2022-03-19 15:51:29 80.66.64.216 kraten.info 2022-03-21 01:10:48 80.66.64.216 mydepot-redelivery-form.com 2022-03-16 01:51:44 80.66.64.216 mydepot-redelivery-status.com 2022-03-15 13:02:16 80.66.64.216 mydepot-redelivery-support.com 2022-03-19 22:16:28 80.66.64.216 mydepot-reschedule-form.com 2022-03-15 11:37:49 80.66.64.216… Читать далее Cybercrime sites
Hosting phishing domains
213.178.155.116 ajaxtracker.com 2022-03-27 07:01:26 213.178.155.116 jqueryllc.net 2022-03-28 06:12:01 ______________________ Was: ajaxtracker.com. 600 IN A 209.209.114.121 jqueryllc.net. 600 IN A 209.209.114.121 ______________________ Was: ajaxtracker.com. 600 IN A 93.189.41.184 jqueryllc.net. 600 IN A 93.189.41.184 ______________________ Was: ajaxtracker.com. 600 IN A 194.87.110.112 jqueryllc.net. 600 IN A 194.87.110.112 ______________________ Was: ajaxtracker.com. 600 IN A 185.244.180.46 jqueryllc.net. 600 IN A… Читать далее Hosting phishing domains