23.251.255.154 e255-154.smtp-out.amazonses.com «e255-154.smtp-out.amazonses.com» 2022-03-07T22:10:00Z (+/-10 min) 23.251.255.189 e255-189.smtp-out.amazonses.com «e255-189.smtp-out.amazonses.com» 2022-03-07T22:10:00Z (+/-10 min) 23.251.255.203 e255-203.smtp-out.amazonses.com «e255-203.smtp-out.amazonses.com» 2022-03-07T22:10:00Z (+/-10 min) 23.251.255.204 e255-204.smtp-out.amazonses.com «e255-204.smtp-out.amazonses.com» 2022-03-07T22:10:00Z (+/-10 min) 23.251.255.207 e255-207.smtp-out.amazonses.com «e255-207.smtp-out.amazonses.com» 2022-03-07T22:10:00Z (+/-10 min) 23.251.255.213 e255-213.smtp-out.amazonses.com «e255-213.smtp-out.amazonses.com» 2022-03-07T22:10:00Z (+/-10 min) 23.251.255.218 e255-218.smtp-out.amazonses.com «e255-218.smtp-out.amazonses.com» 2022-03-07T22:10:00Z (+/-10 min) 23.251.255.227 e255-227.smtp-out.amazonses.com «e255-227.smtp-out.amazonses.com» 2022-03-07T22:10:00Z (+/-10 min) 23.251.255.232 e255-232.smtp-out.amazonses.com «e255-232.smtp-out.amazonses.com» 2022-03-07T22:10:00Z (+/-10 min) 23.251.255.236… Читать далее spam source
spam source
23.251.255.154 e255-154.smtp-out.amazonses.com «e255-154.smtp-out.amazonses.com» 2022-03-07T22:10:00Z (+/-10 min) 23.251.255.189 e255-189.smtp-out.amazonses.com «e255-189.smtp-out.amazonses.com» 2022-03-07T22:10:00Z (+/-10 min) 23.251.255.203 e255-203.smtp-out.amazonses.com «e255-203.smtp-out.amazonses.com» 2022-03-07T22:10:00Z (+/-10 min) 23.251.255.204 e255-204.smtp-out.amazonses.com «e255-204.smtp-out.amazonses.com» 2022-03-07T22:10:00Z (+/-10 min) 23.251.255.207 e255-207.smtp-out.amazonses.com «e255-207.smtp-out.amazonses.com» 2022-03-07T22:10:00Z (+/-10 min) 23.251.255.213 e255-213.smtp-out.amazonses.com «e255-213.smtp-out.amazonses.com» 2022-03-07T22:10:00Z (+/-10 min) 23.251.255.218 e255-218.smtp-out.amazonses.com «e255-218.smtp-out.amazonses.com» 2022-03-07T22:10:00Z (+/-10 min) 23.251.255.227 e255-227.smtp-out.amazonses.com «e255-227.smtp-out.amazonses.com» 2022-03-07T22:10:00Z (+/-10 min) 23.251.255.232 e255-232.smtp-out.amazonses.com «e255-232.smtp-out.amazonses.com» 2022-03-07T22:10:00Z (+/-10 min) 23.251.255.236… Читать далее spam source
Malware botnet controller @185.251.91.209
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 185.251.91.209 port 443: $ telnet 185.251.91.209 443 Trying 185.251.91.209… Connected to 185.251.91.209. Escape character is ‘^]’… Читать далее Malware botnet controller @185.251.91.209
Smoke botnet controller and malware distribution @45.8.124.53
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Smoke Loader botnet controller located at 45.8.124.53 on port 80 (using HTTP POST): hXXp://file-coin-host-12.com/ file-coin-host-12.com. 600 IN A 45.8.124.53 Referencing malware binaries (MD5 hash): 709cdc8f1ffceb73206dec78221d895e — AV… Читать далее Smoke botnet controller and malware distribution @45.8.124.53
Malware / Botnet / Phishing hosting server @45.10.247.88
According to our telemetry and our own intelligence, the host at this IP address has been setup by cyber criminals for the exclusive purpose of hosting phishing sites, malware distribution sites and/or botnet controllers. We therefore advise our users to block any traffic from/to this IP address. Malware botnet controller located at 45.10.247.88 port 443… Читать далее Malware / Botnet / Phishing hosting server @45.10.247.88
phishing server
52.179.19.80|secure38-wells.com|2022-03-08 22:41:06 52.179.19.80|secure97-wells.com|2022-03-08 22:41:04
RaccoonStealer botnet controller @85.159.212.113
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. RaccoonStealer botnet controller located at 85.159.212.113 on port 80 (using HTTP GET): hXXp://85.159.212.113/brun09s $ nslookup 85.159.212.113 85-159-212-113.ip.linodeusercontent.com Referencing malware binaries (MD5 hash): 3e322c58527c0ff237722c50c62bcbe5 — AV detection: 30… Читать далее RaccoonStealer botnet controller @85.159.212.113
learningpro360.com (P2P Hub)
This IP range is sending spam for learningpro360.com, which belongs to P2P Hub, an operator of business training seminars/webinars. P2P Hub appears not to be using that name at the moment, probably to evade detection. SENDING IPs: 178.18.240.2 sha2.learningpro360.com 178.18.240.3 sha3.learningpro360.com 178.18.240.4 sha4.learningpro360.com 178.18.240.5 sha5.learningpro360.com 178.18.240.6 sha6.learningpro360.com SPAM SAMPLE: Received: from sha#.learningpro360.com (sha#.learningpro360.com [178.18.240.##]) Date:… Читать далее learningpro360.com (P2P Hub)
DCRat botnet controller @89.108.102.163
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. DCRat botnet controller located at 89.108.102.163 on port 80 (using HTTP GET): hXXp://89.108.102.163/HttpprocessdefaultWindowsgenerator.php $ nslookup 89.108.102.163 89-108-102-163.cloudvps.regruhosting.ru Referencing malware binaries (MD5 hash): e9589c076fc51d358fe5eece0b2381da — AV detection: 31… Читать далее DCRat botnet controller @89.108.102.163
Spamvertised website
2022-03-08 efmschool.com. 100 IN A 163.172.97.102 Received: from zimbra.tieline.com (185.105.116.202) From: •𝐾𝑟𝑒𝑑𝑖𝑡t <[]> Subject: 𝑅𝑒𝑓𝑖𝑛𝑎𝑛𝑠𝑖𝑒𝑟 𝑑𝑖𝑛 𝑔𝑗𝑒𝑙𝑑 𝑣𝑖𝑎 𝑈𝑛𝑜 𝐹𝑖𝑛𝑎𝑛𝑠 𝑜𝑔 𝑠𝑝𝑎𝑟 𝑝𝑒𝑛𝑔𝑒𝑟 Date: Wed, 2 Mar 2022 10:4x:xx -0500 https://bit.ly/3syK9Nh 67.199.248.10 http://efmschool.com/gS?MjIxMTc2MnRFNTcxNTQ3M0VwMGlZMFdoMndIcjE1MTA2OUhC 199.217.116.38 https://accerpunt.com/?a=4875&oc=14730&c=41260&m=3&s1=2211762&s2=21b-2211762-5715473-151069-0-04793 34.90.180.192