The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 45.8.124.154 on port 80 (using HTTP POST): hXXp://hstfurnaces.net/gd4/fre.php hstfurnaces.net. 600 IN A 45.8.124.154 Referencing malware binaries (MD5 hash): 0d5b6c1f4ae4856fb7e00acd033c7938 — AV detection:… Читать далее Loki botnet controller @45.8.124.154
Spam Emitter (OMICS)
This IP address is sending spam for OMICS, a publisher of «open-access» journals that solicits contributions and (by implication) fees and/or subscriptions through spam sent to scraped, purchased, or appended lists. Received: from e5.openaccesscfp.biz (e5.openaccesscfp.biz [46.101.235.229]) Date: Fri, 4 Mar 2022 09:##:## +0530 From: Blood Pressure and Hypertension <editor@openaccesscfp.biz> Reply-To: Blood Pressure and Hypertension <submissions@advscientificsol.biz>… Читать далее Spam Emitter (OMICS)
Spam Hosting (OMICS)
Cloudlare hosts the A records and website of the domain acmcasereport.com. This domain belongs to OMICS, a publisher of «open-access» journals that spams scraped, purchased, or appended lists to solicit contributions and (by implication) fees and/or subscriptions. Cloudflare: Please remove this domain and any others held by the same entity from your service. Received: from… Читать далее Spam Hosting (OMICS)
Spam Hosting (OMICS)
Cloudlare hosts the A records and website of the domain acmcasereport.com. This domain belongs to OMICS, a publisher of «open-access» journals that spams scraped, purchased, or appended lists to solicit contributions and (by implication) fees and/or subscriptions. Cloudflare: Please remove this domain and any others held by the same entity from your service. Received: from… Читать далее Spam Hosting (OMICS)
Malware botnet controller @167.114.43.24
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 167.114.43.24 on port 44567 TCP: $ telnet 167.114.43.24 44567 Trying 167.114.43.24… Connected to 167.114.43.24. Escape character… Читать далее Malware botnet controller @167.114.43.24
Socelars botnet controller @161.97.64.205
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Socelars botnet controller located at 161.97.64.205 on port 80 (using HTTP POST): hXXp://www.wvmjack.com/ $ dig +short www.wvmjack.com 161.97.64.205 $ nslookup 161.97.64.205 vmi779689.contaboserver.net Referencing malware binaries (MD5 hash):… Читать далее Socelars botnet controller @161.97.64.205
Cybercrime sites
briansclub.cm. 600 IN A 176.119.147.190 _______________________________ Was: 185.244.172.79 briansclub.cm 2022-03-04 03:29:56 _______________________________ Was: 34.65.197.40 luxchecker.pm 2022-02-15 03:02:33 34.65.197.40 luxchecker.pw 2022-02-14 18:27:31 34.65.197.40 briankrebs.cm 2022-02-07 13:01:01 34.65.197.40 briansclub.cm 2022-02-08 01:25:33 34.65.197.40 marketo.best 2022-02-08 12:08:53 34.65.197.40 marketo.cash 2022-02-08 12:09:48 34.65.197.40 marketo.center 2022-02-08 12:08:22 34.65.197.40 marketo.city 2022-02-08 12:08:51 34.65.197.40 marketo.cloud 2022-02-08 12:08:16 _______________________________ Was: marketo.best. 600 IN A… Читать далее Cybercrime sites
Hosting phishing domains
45.8.124.95 ajaxtracker.com 2022-03-04 23:46:44 45.8.124.95 jqueryllc.net 2022-03-03 19:51:28 ______________________ Was: ajaxtracker.com. 600 IN A 2.57.186.110 coupon-popup.net. 600 IN A 2.57.186.110 ______________________ Was: ajaxtracker.com. 600 IN A 91.142.77.233 coupon-popup.net. 600 IN A 91.142.77.233 ______________________ Was: 185.87.49.227 ajaxtracker.com 2022-02-28 09:28:30 185.87.49.227 purechal.com 2022-02-28 11:21:32 ______________________ Was: ajaxtracker.com. 600 IN A 141.8.194.6 coupon-popup.net. 600 IN A 141.8.194.6 ______________________… Читать далее Hosting phishing domains
Abused / misconfigured newsletter service (listbombing)
The host at this IP address is being (ab)used to «listbomb» email addresses: From: Aileen Tillmann <std500051@ac.eap.gr> Subject: I’m going to need a handsome and sexy man tonight. Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages… Читать далее Abused / misconfigured newsletter service (listbombing)
phishing server
34.152.61.78|citi-hub.io|2022-03-05 01:26:35 34.152.61.78|citi-hub.net|2022-03-04 20:31:54 34.152.61.78|citi-security.org|2022-03-04 22:46:59 34.152.61.78|citi-webservice.com|2022-03-04 19:44:25