The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 144.126.209.63 on port 6606 TCP: $ telnet 144.126.209.63 6606 Trying 144.126.209.63… Connected to 144.126.209.63. Escape character… Читать далее AsyncRAT botnet controller @144.126.209.63
Spamvertised website
Received: from o4vo.hothothouse.info (o4vo.hothothouse.info. [45.145.4.145]) From: «Costco» <[]@[].o4vo.hothothouse.info> Subject: New Post: $100 Offer here Date: Wed, 02 Mar 2022 21:2x:xx +0100 https://s3-us-west-2.amazonaws.com/dqan3ch6q/[] 52.218.200.224 http://ringleros.info//cl/4410_md/[] 135.148.12.1 https://cemtasm.com/[] 23.229.68.8 https://honorways.com/r2/7[] 190.124.47.122 http://accesstart.com/aff_c?offer_id=437&aff_id=1193&source=nd&aff_sub=costco&aff_sub2=[]&aff_sub3=1SG&aff_sub4=473816 104.21.6.239 https://targetsoul.ru/[] 172.67.177.195 https://grnep.com/[]?c=%7C437&k=&v=&s=1193&t=&cr=&src=nd&lp=&id=[] 172.67.204.141 https://promo.topdashdeals.com/nc-t2-c2/checkout/?affid=&cid=[]&reqid=&tid=[] 167.172.19.255
Spamvertised website
Received: from o4vo.hothothouse.info (o4vo.hothothouse.info. [45.145.4.145]) From: «Costco» <[]@[].o4vo.hothothouse.info> Subject: New Post: $100 Offer here Date: Wed, 02 Mar 2022 21:2x:xx +0100 https://s3-us-west-2.amazonaws.com/dqan3ch6q/[] 52.218.200.224 http://ringleros.info//cl/4410_md/[] 135.148.12.1 https://cemtasm.com/[] 23.229.68.8 https://honorways.com/r2/7[] 190.124.47.122 http://accesstart.com/aff_c?offer_id=437&aff_id=1193&source=nd&aff_sub=costco&aff_sub2=[]&aff_sub3=1SG&aff_sub4=473816 104.21.6.239 https://targetsoul.ru/[] 172.67.177.195 https://grnep.com/[]?c=%7C437&k=&v=&s=1193&t=&cr=&src=nd&lp=&id=[] 172.67.204.141 https://promo.topdashdeals.com/nc-t2-c2/checkout/?affid=&cid=[]&reqid=&tid=[] 167.172.19.255
Abused crypto currency mining pool
The host at this IP address is running a crypto currency mining pool that is currently being abused by cybercriminals for mining crypto currencies on malware infected computers. The following information should be sufficient for the identification and suspension of the abusive users: {«id»:1,»jsonrpc»:»2.0″,»method»:»login»,»params»:{«login»:»47kLyhPj2TqLvjAKrBPA5D3TmxVW3kHLA8rFip2Udh86fCBstekGtDTbGtyLjk93THCycDcvPwJAPaG5JLMgzyJpMnigLPe»,»pass»:»testg»,»agent»:»XMRig/6.16.2 (Windows NT 10.0; Win64; x64) libuv/1.42.0 gcc/10.1.0″,»algo»:[«cn/1″,»cn/2″,»cn/r»,»cn/fast»,»cn/half»,»cn/xao»,»cn/rto»,»cn/rwz»,»cn/zls»,»cn/double»,»cn/ccx»,»cn-lite/1″,»cn-heavy/0″,»cn-heavy/tube»,»cn-heavy/xhv»,»cn-pico»,»cn-pico/tlo»,»cn/upx2″,»rx/0″,»rx/wow»,»rx/arq»,»rx/graft»,»rx/sfx»,»rx/keva»,»argon2/chukwa»,»argon2/chukwav2″,»argon2/ninja»,»astrobwt»,»ghostrider»]}}
Abused crypto currency mining pool
The host at this IP address is running a crypto currency mining pool that is currently being abused by cybercriminals for mining crypto currencies on malware infected computers. The following information should be sufficient for the identification and suspension of the abusive users: {«id»:1,»jsonrpc»:»2.0″,»method»:»login»,»params»:{«login»:»466XMc1Sg2BTtbHNM7y4yZaFPagsFBcrrMLnyqfw2tVNJePAoR3QMs8bJPJTXoHohXKsh4wgr46ouRFRzFztvpimGmHDLpv»,»pass»:»x»,»agent»:»XMRig/6.2.2 (Windows NT 10.0; Win64; x64) libuv/1.38.0 msvc/2019″,»algo»:[«cn/0″,»cn/1″,»cn/2″,»cn/r»,»cn/fast»,»cn/half»,»cn/xao»,»cn/rto»,»cn/rwz»,»cn/zls»,»cn/double»,»cn-lite/0″,»cn-lite/1″,»cn-heavy/0″,»cn-heavy/tube»,»cn-heavy/xhv»,»cn-pico»,»cn-pico/tlo»,»cn/ccx»,»rx/0″,»rx/wow»,»rx/loki»,»rx/arq»,»rx/sfx»,»rx/keva»,»argon2/chukwa»,»argon2/wrkz»,»astrobwt»,»kawpow»]}}
Gozi botnet controller @143.198.56.58
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Gozi botnet controller located at 143.198.56.58 on port 80 (using HTTP GET): hXXp://143.198.56.58/peer/XXX Referencing malware binaries (MD5 hash): 83c0ef52beab49e8094e11b315220f78 — AV detection: 26 / 70 (37.14)
AZORult botnet controller @188.114.97.15
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. AZORult botnet controller located at 188.114.97.15 on port 80 (using HTTP POST): hXXp://whija2.xyz/index.php $ dig +short whija2.xyz 188.114.97.15 Referencing malware binaries (MD5 hash): 0049f8aff0372cd5b7066ae4622a0f9b — AV detection:… Читать далее AZORult botnet controller @188.114.97.15
1ms0rryMiner botnet controller @91.106.207.11
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. 1ms0rryMiner botnet controller located at 91.106.207.11 on port 80 (using HTTP GET): hXXp://solomap5.beget.tech/cmd.php $ dig +short solomap5.beget.tech 91.106.207.11 $ nslookup 91.106.207.11 m2.ikarus1.beget.com Referencing malware binaries (MD5 hash):… Читать далее 1ms0rryMiner botnet controller @91.106.207.11
Abused / misconfigured newsletter service (listbombing)
The host at this IP address is being (ab)used to «listbomb» email addresses: From: Doris Blanchet <orestes.penafield@up.ac.pa> Subject: Doris is ready to have sex with you. Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk… Читать далее Abused / misconfigured newsletter service (listbombing)
Malware distribution & botnet controller @46.17.248.27
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 46.17.248.27 on port 443: $ telnet 46.17.248.27 443 Trying 46.17.248.27… Connected to 46.17.248.27. Escape character is… Читать далее Malware distribution & botnet controller @46.17.248.27