The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 188.120.232.237 on port 80 (using HTTP GET): hXXp://188.120.232.237/API/2/configure.php $ nslookup 188.120.232.237 artemy.gvozdik.fvds.ru Referencing malware binaries (MD5 hash): 04905f7a5d19e2dba9634cb7bb246af7 — AV detection: 37… Читать далее Malware botnet controller @188.120.232.237
RaccoonStealer botnet controller @178.62.198.37
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. RaccoonStealer botnet controller located at 178.62.198.37 on port 80 (using HTTP POST): hXXp://178.62.198.37/ Referencing malware binaries (MD5 hash): 01c811b8c6e03cefe0d00a3bbf4bec95 — AV detection: 25 / 69 (36.23) 0312b0d1320dd31619225bfeae780ccb… Читать далее RaccoonStealer botnet controller @178.62.198.37
Loki botnet controller @188.114.96.15
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 188.114.96.15 on port 80 (using HTTP POST): hXXp://chrisupdated.xyz/ttboi/five/fre.php $ dig +short chrisupdated.xyz 188.114.96.15 Referencing malware binaries (MD5 hash): 01dfa2db4bfb87e5a5d2d4e5d8c00f5f — AV detection:… Читать далее Loki botnet controller @188.114.96.15
phishing server
162.19.140.64|access-bot.xyz|2022-03-20 18:22:04 162.19.140.64|access-dsu.com|2022-03-20 18:21:51 162.19.140.64|apple-assistances.live|2022-03-21 00:56:50 162.19.140.64|apple-devices-ld.live|2022-03-21 00:56:26 162.19.140.64|apple-konum.live|2022-03-21 01:02:11 162.19.140.64|apple-konums.live|2022-03-21 01:01:36 162.19.140.64|apple-lost-device.com|2022-03-12 06:06:22 162.19.140.64|apple-online-device.com|2022-03-20 15:01:13 162.19.140.64|apple-sistem.com|2022-03-13 20:06:13 162.19.140.64|apple-system.com|2022-03-13 22:45:50 162.19.140.64|apple-za.support|2022-02-23 22:56:35 162.19.140.64|assistances-apples.com|2022-03-20 17:16:27 162.19.140.64|cloud-loca.us|2022-03-15 01:11:19 162.19.140.64|cloud-locaid.us|2022-03-21 04:45:23 162.19.140.64|com-alert.cloud|2022-03-18 18:47:22 162.19.140.64|com-devicealert.info|2022-03-20 16:37:19 162.19.140.64|com-devlce.live|2022-03-20 20:36:21 162.19.140.64|com-location.me|2022-03-16 15:02:51 162.19.140.64|com-notifications.live|2022-03-20 20:46:39 162.19.140.64|cpcontacts.apple-konum.live|2022-03-08 08:39:08 162.19.140.64|find-lphons-maps.live|2022-03-20 08:51:24 162.19.140.64|find-mylphone.net|2022-03-19 22:06:03 162.19.140.64|findlocketphons.live|2022-03-20 09:41:27 162.19.140.64|findmy-device.net|2022-03-16 13:38:04 162.19.140.64|hosting-uk.live|2022-03-20 16:41:58 162.19.140.64|icloud-account-login.us|2022-03-20 08:06:32 162.19.140.64|id-icioud.co|2022-03-17 04:11:45 162.19.140.64|konum-apple.live|2022-03-20… Читать далее phishing server
Без названия
172.104.155.146|hsbc-online-wlp.com|2022-03-20 08:55:51 172.104.155.146|ibank-auth-nbg.com|2022-03-21 00:16:58 172.104.155.146|ibank-wlp-nbg.com|2022-03-21 00:06:28 172.104.155.146|auth-vdm.com|2022-03-13 08:11:42 172.104.155.146|auth-wlp.com|2022-03-12 14:11:51 172.104.155.146|bmburgerpro1.com|2022-02-10 07:08:06 172.104.155.146|bmburgerpro2.com|2022-02-10 01:37:47 172.104.155.146|bmburgerpro3.com|2022-02-14 15:37:35 172.104.155.146|discountdomainspro1.com|2022-03-17 15:20:00 172.104.155.146|discountdomainspro2.com|2022-03-10 03:06:03 172.104.155.146|discountdomainspro3.com|2022-03-10 03:06:21 172.104.155.146|dos-ierprogeratl1.com|2022-02-13 03:19:30 172.104.155.146|dos-ierprogeratl2.com|2022-02-13 04:46:10 172.104.155.146|dos-ierprogeratl3.com|2022-02-14 06:08:38 172.104.155.146|hiltonpromaxgopro.com|2022-03-21 00:26:51 172.104.155.146|hiltonpromaxgopro88.com|2022-03-21 00:27:16 172.104.155.146|hotelsuisegdipro1.com|2022-03-10 03:06:11 172.104.155.146|hotelsuisegdipro3.com|2022-03-10 03:06:31 172.104.155.146|hotelsuisegdipro4.com|2022-03-10 03:06:05 172.104.155.146|hotelsuisegdipro5.com|2022-03-10 03:06:16 172.104.155.146|hotsegdihopro1.com|2022-03-10 03:06:30 172.104.155.146|li1671-146.members.linode.com|2021-05-24 15:26:35 172.104.155.146|managewixpro1.com|2022-03-10 03:06:24 172.104.155.146|managewixpro2.com|2022-03-10 03:06:12 172.104.155.146|managewixpro3.com|2022-03-10 03:06:11 172.104.155.146|managewixpro4.com|2022-03-10 03:06:33 172.104.155.146|managewixpro5.com|2022-03-10 03:06:30 172.104.155.146|managewixpro6.com|2022-03-10… Читать далее Без названия
advance fee fraud spam source at cryptogroup.net
Mail server distributing advance fee fraud (‘419’) spam since Fri, 18 Mar 2022 10:20 UTC. cryptogroup.net. 60 IN A 65.108.10.44 ===================================================================== Return-Path: <acme@cryptogroup.net> Received: from cryptogroup.net (cryptogroup.net [65.108.10.44]) by x (Postfix) with ESMTPS id x for <x>; Fri, 18 Mar 2022 xx:xx:xx +0000 (UTC) Reply-To: ukraine@manavadhikarprotection.org From: INFO UKRAIN <acme@cryptogroup.net> Subject: FROM UKRAINE Date: Fri,… Читать далее advance fee fraud spam source at cryptogroup.net
phishing server
91.134.124.234|ameli-informations.fr|2022-03-17 04:06:34 91.134.124.234|auth-amazon.app|2022-03-20 19:32:18 91.134.124.234|auth-france.com|2022-03-17 04:06:30 91.134.124.234|auth-paypal.fr|2022-03-20 16:31:23 91.134.124.234|credit-agricole-mobile.fr|2022-01-28 10:02:31 91.134.124.234|infos-ameli.com|2022-01-19 23:06:53 91.134.124.234|support-trezor.io|2022-01-28 19:17:50 91.134.124.234|support-validation.fr|2022-03-17 04:06:54
phishing sites
usaa.com-index.secure-onlinebanking.com.niagaracricketcenter.com has address 135.181.222.28
phishing server
137.74.233.175|client-support-service.com|2022-03-07 04:36:10 137.74.233.175|paypal-authenticate-secure.com|2022-03-19 22:56:17 137.74.233.175|serviceclient-connexion.com|2022-03-01 08:11:45 137.74.233.175|supportrenouv-carte.com|2022-03-18 09:23:37
Abused crypto currency mining pool
The host at this IP address is running a crypto currency mining pool that is currently being abused by cybercriminals for mining crypto currencies on malware infected computers. The following information should be sufficient for the identification and suspension of the abusive users: {«id»:1,»jsonrpc»:»2.0″,»method»:»login»,»params»:{«login»:»44W9eLcymm66Eie5AyD11jYW1DaJ4GTHzZEu1QELPGS3U9vKtWEyUCaCFwhn4af8zjeQ2MWeuLgCVDTjAjiGUbyYAtQBvC1″,»pass»:»10k»,»agent»:»XMRig/6.16.4 (Windows NT 10.0; Win64; x64) libuv/1.42.0 msvc/2019″,»algo»:[«cn/1″,»cn/2″,»cn/r»,»cn/fast»,»cn/half»,»cn/xao»,»cn/rto»,»cn/rwz»,»cn/zls»,»cn/double»,»cn/ccx»,»cn-lite/1″,»cn-heavy/0″,»cn-heavy/tube»,»cn-heavy/xhv»,»cn-pico»,»cn-pico/tlo»,»cn/upx2″,»rx/0″,»rx/wow»,»rx/arq»,»rx/graft»,»rx/sfx»,»rx/keva»,»argon2/chukwa»,»argon2/chukwav2″,»argon2/ninja»,»astrobwt»,»ghostrider»]}}