The host at this IP address is hosting a website that have been compromised by threat actors to distribute Emotet (aka Heodo) malware. The following URL is hosting a webshell that is being accessed by the threat actors programmatically to place malware on the website: URL: http://pc03.su/isalcnkpdhfzxtg.php Host: pc03.su IP address: 195.24.68.15 Hostname: wcarp.hosting.nic.ru
Emotet malware distribution @195.208.1.108 [compromise website]
The host at this IP address is hosting a website that have been compromised by threat actors to distribute Emotet (aka Heodo) malware. The following URL is hosting a webshell that is being accessed by the threat actors programmatically to place malware on the website: URL: http://www.mss2.ru/wp-content/uploads/2013/09/JST10x.php Host: www.mss2.ru IP address: 195.208.1.108 Hostname: std-carp8-http.nic.ru
Emotet malware distribution @178.210.84.112 [compromise website]
The host at this IP address is hosting a website that have been compromised by threat actors to distribute Emotet (aka Heodo) malware. The following URL is hosting a webshell that is being accessed by the threat actors programmatically to place malware on the website: URL: http://xn--80adimcjlj5abbup.xn--p1ai/ieputqbkyho.php Host: xn--80adimcjlj5abbup.xn--p1ai IP address: 178.210.84.112 Hostname: h698292.r01host.ru
Emotet malware distribution @178.210.84.112 [compromise website]
The host at this IP address is hosting a website that have been compromised by threat actors to distribute Emotet (aka Heodo) malware. The following URL is hosting a webshell that is being accessed by the threat actors programmatically to place malware on the website: URL: http://xn--80adimcjlj5abbup.xn--p1ai/wp-admin/css/colors/blue/JST10x.php Host: xn--80adimcjlj5abbup.xn--p1ai IP address: 178.210.84.112 Hostname: h698292.r01host.ru
Maili.ee
This IP is mailing on behalf of Maili.ee.
Maili.ee
$ host beew.xyz beew.xyz has address 195.24.67.219 This IP is mailing on behalf of Maili.ee.
Maili.ee
$ host emmo.xyz emmo.xyz has address 195.24.66.52 This IP is mailing on behalf of Maili.ee.
Hancitor botnet controller @77.222.42.67
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Hancitor botnet controller located at 77.222.42.67 on port 80 (using HTTP POST): hXXp://sudepallon.com/8/forum.php $ dig +short sudepallon.com 77.222.42.67 Referencing malware binaries (MD5 hash): 71999a9d2f15e164c9b1fa926aa6444b — AV detection:… Читать далее Hancitor botnet controller @77.222.42.67
Spamvertised domains
Received: from mail-sor-f41.google.com (mail-sor-f41.google.com. [209.85.220.41]) From: «Failed_Dieters .Diet_Conspiracy» <physical.appearance.mistakes@gmail.com> Date: Sun, 4 Jul 2021 19:38:44 +0000 Subject: Grow P with 67% by eating this weird Chinese fruit! https://storage.googleapis.com/aisssiin/ai.html https://dachtech.net/aisienpower/ https://mwbliss.com/6777/326/2/? https://aizenpower.com/video.php?aff_id=54&subid2=[]&subid=326 https://www.buygoods.com/secure/?sessid2=[]&aff_id=54&sid=326&sid2=[]&account_id=6686&screen=checkout_one&product_codename=aip1&redirect=[]&item=1 Spamvertised domains registered through Namecheap.com, all utilised by the same spam operation: dachtech.net aizenpower.com thedentitox.com
Hosting botmasterlabs.org / botmasterlabs.net spam/phish operation (DNS)
Spamming & phishing tools and systems: ;; QUESTION SECTION: ;botmasterlabs.org. IN NS ;; ANSWER SECTION: botmasterlabs.org. 1799 IN NS freedns1.registrar-servers.com. 45.58.122.82 botmasterlabs.org. 1799 IN NS freedns2.registrar-servers.com. botmasterlabs.org. 1799 IN NS freedns3.registrar-servers.com. botmasterlabs.org. 1799 IN NS freedns4.registrar-servers.com. botmasterlabs.org. 1799 IN NS freedns5.registrar-servers.com. _____________ Was: botmasterlabs.org. 899 IN A 95.165.28.86 ;; QUESTION SECTION: ;botmasterlabs.org. IN NS ;;… Читать далее Hosting botmasterlabs.org / botmasterlabs.net spam/phish operation (DNS)