ArkeiStealer botnet controller hosted here: https://ruhr.social/@sam9al $ dig +short ruhr.social 78.46.16.22
ArkeiStealer botnet controller @104.21.80.230
ArkeiStealer botnet controller hosted here: https://c.im/@banda3ker https://c.im/@killern3ax https://c.im/@kipriauk11 https://c.im/@prophef3 https://c.im/@sergeev47 $ dig +short c.im 104.21.80.230 172.67.155.17
ArkeiStealer botnet controller @172.67.155.17
ArkeiStealer botnet controller hosted here: https://c.im/@banda3ker https://c.im/@killern3ax https://c.im/@kipriauk11 https://c.im/@prophef3 https://c.im/@sergeev47 $ dig +short c.im 104.21.80.230 172.67.155.17
phishing server
lockverifyaccounts-supportchse01ac.duckdns.org has address 51.12.90.241
scholarlyopenaccessjournals.com (OPast Publishing Group)
3/21/2022: This IP address hosts the A record and a working mailserver for the domain scholarlyopenaccessjournals.com. This domain is active in spam sent by OPast Publishing Group, a publisher of «open-access» journals that solicits contributions and (by implication) fees and/or subscriptions through spam sent to scraped, purchased, and appended lists. A previosu SBL listing for… Читать далее scholarlyopenaccessjournals.com (OPast Publishing Group)
Malware botnet controller @77.223.99.210[second listing]
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 77.223.99.210 port 443: $ telnet 77.223.99.210 443 Trying 77.223.99.210… Connected to 77.223.99.210. Escape character is ‘^]’… Читать далее Malware botnet controller @77.223.99.210[second listing]
phishing server
129.158.206.234|online-secure0-web-boa.com|2022-03-21 20:37:09
Spam Tracking URI on Bare IP Address (OMICS)
This IP address is tracking opens in spam sen by OMICS, a publisher of «open-access» journals that solicits contributions and (by implication) fees and/or subscriptions through spam sent to scraped, purchased, or appended email addresses. At the end of the email are two bits of code that are not visible in the email as rendered… Читать далее Spam Tracking URI on Bare IP Address (OMICS)
phishing server / malware server
35.237.6.148|login6verify-7citiaccess.dns04.com|2022-03-17 19:03:09 35.237.6.148|verifysignin2dataciti6e.ns02.info|2022-03-21 10:28:51
Hosting phishing domains
ajaxtracker.com. 600 IN A 45.10.247.93 jqueryllc.net. 600 IN A 45.10.247.93 ______________________ Was: ajaxtracker.com. 600 IN A 45.134.255.121 jqueryllc.net. 600 IN A 45.134.255.121 ______________________ Was: ajaxtracker.com. 600 IN A 91.224.23.175 jqueryllc.net. 600 IN A 91.224.23.175 ______________________ Was: ajaxtracker.com. 600 IN A 31.13.213.112 jqueryllc.net. 600 IN A 31.13.213.112 ______________________ Was: ajaxtracker.com. 600 IN A 185.251.88.36 jqueryllc.net. 600… Читать далее Hosting phishing domains