The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Smoke Loader botnet controller located at 45.132.17.131 on port 80 (using HTTP POST): hXXp://afrocalite.ga/ afrocalite.ga. 600 IN A 45.132.17.131 Referencing malware binaries (MD5 hash): 3d75271eb12cedd6440f8ed22724840c — AV… Читать далее Smoke Loader botnet controller @45.132.17.131
Spamvertised website
2022-03-05 honorways.com. 60 IN A 51.83.203.12 honorways.com. 60 IN A 66.135.5.40 2022-03-03 honorways.com. 60 IN A 107.167.88.28 Received: from o4vo.hothothouse.info (o4vo.hothothouse.info. [45.145.4.145]) From: «Costco» <[]@[].o4vo.hothothouse.info> Subject: New Post: $100 Offer here Date: Wed, 02 Mar 2022 21:2x:xx +0100 https://s3-us-west-2.amazonaws.com/dqan3ch6q/[] 52.218.200.224 http://ringleros.info//cl/4410_md/[] 135.148.12.1 https://cemtasm.com/[] 23.229.68.8 https://honorways.com/r2/7[] 190.124.47.122 http://accesstart.com/aff_c?offer_id=437&aff_id=1193&source=nd&aff_sub=costco&aff_sub2=[]&aff_sub3=1SG&aff_sub4=473816 104.21.6.239 https://targetsoul.ru/[] 172.67.177.195 https://grnep.com/[]?c=%7C437&k=&v=&s=1193&t=&cr=&src=nd&lp=&id=[] 172.67.204.141 https://promo.topdashdeals.com/nc-t2-c2/checkout/?affid=&cid=[]&reqid=&tid=[] 167.172.19.255
Malware botnet controller @185.251.89.83
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller at 185.251.89.83 on port 443: $ telnet 185.251.89.83 443 Trying 185.251.89.83… Connected to 185.251.89.83. Escape character is ‘^]’ Malicious domains observed at this IP… Читать далее Malware botnet controller @185.251.89.83
Malware botnet controller @194.87.253.110
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller at 194.87.253.110 on port 443: $ telnet 194.87.253.110 443 Trying 194.87.253.110… Connected to 194.87.253.110. Escape character is ‘^]’ Malicious domains observed at this IP… Читать далее Malware botnet controller @194.87.253.110
Abused crypto currency mining pool
The host at this IP address is running a crypto currency mining pool that is currently being abused by cybercriminals for mining crypto currencies on malware infected computers. The following information should be sufficient for the identification and suspension of the abusive users: {«id»:1,»jsonrpc»:»2.0″,»method»:»login»,»params»:{«login»:»44nSvHgJLRxZZeeiUV4hejL2p4g85v7ZLXLZGEqKnN6fJDK4mS1Hx2UaeyRd1gzvUmTbggJ37acWx3PqACu1bD3i6Q1yGaC»,»pass»:»Phoenix»,»agent»:»XMRig/6.16.2 (Windows NT 10.0; Win64; x64) libuv/1.38.0 msvc/2019″,»rigid»:»»,»algo»:[«rx/0″,»cn/2″,»cn/r»,»cn/fast»,»cn/half»,»cn/xao»,»cn/rto»,»cn/rwz»,»cn/zls»,»cn/double»,»cn/ccx»,»cn-lite/1″,»cn-heavy/0″,»cn-heavy/tube»,»cn-heavy/xhv»,»cn-pico»,»cn-pico/tlo»,»cn/upx2″,»cn/1″,»rx/wow»,»rx/arq»,»rx/graft»,»rx/sfx»,»rx/keva»,»argon2/chukwa»,»argon2/chukwav2″,»argon2/ninja»,»astrobwt»,»ghostrider»]}}
Abused / misconfigured newsletter service (listbombing)
The host at this IP address is being (ab)used to «listbomb» email addresses: From: Solveig Klatt <sp18-bse-011@cuiwah.edu.pk> Subject: Love of my life! I wish you a great day. Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages… Читать далее Abused / misconfigured newsletter service (listbombing)
Assorted phish landing sites.
citi-webhelp.com citiaccess.app citiaccess.co citiaccess.io citiprotected.io support4-citi.com uspostal.app wellshelp.app wellshelp.io CITIBANK USPS WELLS FARGO.
RedLineStealer botnet controller @162.55.169.112
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 162.55.169.112 on port 34175 TCP: $ telnet 162.55.169.112 34175 Trying 162.55.169.112… Connected to 162.55.169.112. Escape character… Читать далее RedLineStealer botnet controller @162.55.169.112
Malware botnet controller @51.15.239.39
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 51.15.239.39 on port 80 (using HTTP GET): hXXp://51.15.239.39/getfile/getfile//getfile/getfile/getfile/getfile/getfile/getfile/getfile/getfile/getfile/getfile/getfile/getfile/getfile/getfile/getfile/getfile/getfile $ nslookup 51.15.239.39 39-239-15-51.instances.scw.cloud Referencing malware binaries (MD5 hash): 036882b0a9acf373e83d00d62ecea992 — AV detection: 21… Читать далее Malware botnet controller @51.15.239.39
Socelars botnet controller @185.169.252.236
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Socelars botnet controller located at 185.169.252.236 on port 80 (using HTTP POST): hXXp://www.adcbnwa.com/Home/Index/hdecny $ dig +short www.adcbnwa.com 185.169.252.236 $ nslookup 185.169.252.236 vmi803628.contaboserver.net Referencing malware binaries (MD5 hash):… Читать далее Socelars botnet controller @185.169.252.236