According to our telemetry and our own intelligence, the host at this IP address has been setup by cyber criminals for the exclusive purpose of hosting phishing sites, malware distribution sites and/or botnet controllers. We therefore advise our users to block any traffic from/to this IP address. Malware botnet controller located at 194.87.210.182 443 TCP:… Читать далее Malware / Botnet / Phishing hosting server @194.87.210.182
Abused / misconfigured newsletter service (listbombing)
The host at this IP address is being (ab)used to «listbomb» email addresses: From: Bulgin Connectivity <marketing@bulgin.com> Subject: Want to stay connected with Bulgin? Let us know. Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and… Читать далее Abused / misconfigured newsletter service (listbombing)
spam emitter @137.184.92.231
Received: from mail.kervincth.com ([137.184.92.231]) From: «Felix, Investeringsmanager» <contact@kervincth.com> Subject: ✅ U bent succesvol ingediend Date: Thu, 24 Mar 2022 07:3x:xx +0000
spam emitter @137.184.50.86
Received: from mail.nbuiklab.live ([137.184.50.86]) From: «Account Update» <contact@nbuiklab.live> Subject: [], betaal vandaag uw BTC uit Date: Wed, 23 Mar 2022 09:0x:xx -0700
Credit card fraud gang hosting (DNS): idinaxui-netspama.ru (vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.)
Stolen credit card data websites (DNS servers): ns1.idinaxui-netspama.ru. 7168 IN A 2.57.187.21 ns2.idinaxui-netspama.ru. 7159 IN A 213.178.155.85 ___________________ Was: ns1.idinaxui-netspama.ru. 7168 IN A 46.17.248.102 ns2.idinaxui-netspama.ru. 7159 IN A 94.103.88.31 ___________________ Was: ns1.idinaxui-netspama.ru. 7168 IN A 87.251.79.154 ns2.idinaxui-netspama.ru. 7159 IN A 195.2.81.30 ___________________ Was: ns1.idinaxui-netspama.ru. 7168 IN A 87.251.79.154 ns2.idinaxui-netspama.ru. 7159 IN A 185.142.98.38 ___________________ Was:… Читать далее Credit card fraud gang hosting (DNS): idinaxui-netspama.ru (vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.)
phishing server
Fake URL shorteners for phishing 34.83.90.245|client02-supp0rt5.info|2022-03-23 21:51:16 34.83.90.245|client02-supp0rt5.net|2022-03-23 21:36:48 34.83.90.245|client03-supp0rt2.com|2022-03-23 18:02:26 34.83.90.245|securle05-web1.com|2022-03-22 18:22:39 34.83.90.245|server-security02.com|2022-03-23 02:40:44 34.83.90.245|server-security02.info|2022-03-23 00:55:56 34.83.90.245|server-security02.net|2022-03-23 00:35:36 34.83.90.245|web02users-server.com|2022-03-22 22:56:21
phishing server
52.191.24.11|cit1-fraud.online|2022-03-23 21:01:21 52.191.24.11|cit1fraud.online|2022-03-23 20:42:47 52.191.24.11|defi-walleterrorconnect.online|2022-03-22 15:07:09 52.191.24.11|my-citi.online|2022-03-23 20:41:36 52.191.24.11|net-farg0.online|2022-03-22 22:06:12 52.191.24.11|uwells-service.online|2022-03-23 20:01:34 52.191.24.11|verify-me.info|2022-03-22 21:31:39 52.191.24.11|verify-wells.me|2022-03-22 20:51:54
phishing server
20.219.128.26|chase-safeauth.ddns.net|2022-03-19 15:03:54 20.219.128.26|chase-safeauth1.ddns.net|2022-03-20 15:04:00
Botnet infrastucture @188.127.235.177
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 157.90.114.133 on port 443: $ telnet 188.127.235.177 443 Trying 188.127.235.177… Connected to 188.127.235.177. Escape character is ‘^]’ Related malicious domains observed at… Читать далее Botnet infrastucture @188.127.235.177
Malware botnet controller @78.47.1.204
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller at 78.47.1.204 on port 443. $ telnet 78.47.1.204 443 Trying 78.47.1.204… Connected to 78.47.1.204. Escape character is ‘^]’ Malicious domains observed at this IP… Читать далее Malware botnet controller @78.47.1.204