35.223.103.207|irs-gate-government.com|2022-03-03 01:11:08 35.223.103.207|irs-government-process.com|2022-03-02 22:16:20 35.223.103.207|irs-income-tax.com|2022-03-02 16:42:42 35.223.103.207|irs-page-government.com|2022-03-02 23:40:15
Smoke Loader botnet controller @185.251.91.214
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Smoke Loader botnet controller located at 185.251.91.214 on port 80 (using HTTP POST): hXXp://afrocalite.ga/ afrocalite.ga. 600 IN A 185.251.91.214 Referencing malware binaries (MD5 hash): 3d75271eb12cedd6440f8ed22724840c — AV… Читать далее Smoke Loader botnet controller @185.251.91.214
Spamvertised website
Received: from zimbra.tieline.com (185.105.116.202) From: •𝐾𝑟𝑒𝑑𝑖𝑡t <[]> Subject: 𝑅𝑒𝑓𝑖𝑛𝑎𝑛𝑠𝑖𝑒𝑟 𝑑𝑖𝑛 𝑔𝑗𝑒𝑙𝑑 𝑣𝑖𝑎 𝑈𝑛𝑜 𝐹𝑖𝑛𝑎𝑛𝑠 𝑜𝑔 𝑠𝑝𝑎𝑟 𝑝𝑒𝑛𝑔𝑒𝑟 Date: Wed, 2 Mar 2022 10:4x:xx -0500 https://bit.ly/3syK9Nh 67.199.248.10 http://efmschool.com/gS?MjIxMTc2MnRFNTcxNTQ3M0VwMGlZMFdoMndIcjE1MTA2OUhC 199.217.116.38 https://accerpunt.com/?a=4875&oc=14730&c=41260&m=3&s1=2211762&s2=21b-2211762-5715473-151069-0-04793 34.90.180.192
phishing server
194.87.57.57|boi-alerts-ie.com|2022-03-02 11:34:38
Hosting phishing domains
ajaxtracker.com. 600 IN A 185.251.88.120 jqueryllc.net. 600 IN A 185.251.88.120 ______________________ Was: ajaxtracker.com. 600 IN A 185.87.51.67 jqueryllc.net. 600 IN A 185.87.51.67 ______________________ Was: 80.66.64.193 ajaxtracker.com 2022-03-01 19:41:33 80.66.64.193 jqueryllc.net 2022-03-01 18:42:55 ______________________ Was: ajaxtracker.com. 600 IN A 2.57.186.110 coupon-popup.net. 600 IN A 2.57.186.110 ______________________ Was: ajaxtracker.com. 600 IN A 91.142.77.233 coupon-popup.net. 600 IN A… Читать далее Hosting phishing domains
RedLineStealer botnet controller @95.216.21.217
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 95.216.21.217 on port 19597 TCP: $ telnet 95.216.21.217 19597 Trying 95.216.21.217… Connected to 95.216.21.217. Escape character… Читать далее RedLineStealer botnet controller @95.216.21.217
Malware botnet controller @104.21.22.115
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 104.21.22.115 on port 80 (using HTTP POST): hXXp://berryglobals21.xyz//inc/105d47e967eb0b.php $ dig +short berryglobals21.xyz 104.21.22.115 Other malicious domain names hosted on this IP address:… Читать далее Malware botnet controller @104.21.22.115
Phish spam source @13.115.207.214
Received: from www1322.sakura.ne.jp ([219.94.162.162]) by [] with esmtps (TLS1.2) tls TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (Exim 4.95) (envelope-from <donotreply-nepasrepondre-notifications.ca-nadapost-postes-canada.ca.17335340.admin@kawasho.org>) id [] for []; Wed, 02 Mar 2022 15:4x:xx +0000 Received: from EC2AMAZ-2K6HNOM (ec2-13-115-207-214.ap-northeast-1.compute.amazonaws.com [13.115.207.214]) (authenticated bits=0) by www1322.sakura.ne.jp (8.15.2/8.15.2) with ESMTPA id [] for []; Thu, 3 Mar 2022 00:4x:xx +0900 (JST) (envelope-from donotreply-nepasrepondre-notifications.ca-nadapost-postes-canada.ca.17335340.admin@kawasho.org) From: canadapost-postes-canada.caº item 173353401 <donotreply-nepasrepondre-notifications.ca-nadapost-postes-canada.ca.17335340.admin@kawasho.org>… Читать далее Phish spam source @13.115.207.214
Abused / misconfigured newsletter service (listbombing)
The host at this IP address is being (ab)used to «listbomb» email addresses: From: Jeffrey Teeuw <Jteeuw@doit.eu> Subject: Uitnodiging B-Bot Academy 9 maart Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk email campaigns. Problem… Читать далее Abused / misconfigured newsletter service (listbombing)
Spamvertised website
Received: from varilokaminadere.org.uk (varilokaminadere.org.uk. [158.51.98.177]) Date: Wed, 02 Mar 2022 07:1x:xx +0000 From: «Surge MasterCard» <contact@varilokaminadere.org.uk> Subject: The perfect credit card for all credit types. http://astraloched.site/track/[] 159.89.228.34 https://rockpriority.com/0/0/0/[] 195.133.83.235 https://warmenbrace.com/?s1=350676&s2=[]&s3=2357&s4=0&ow=&s10=739 188.114.96.0 https://stagningtrump.com/[] 104.21.2.162 https://beatxup.com/click?s2=[]&s1=350676&s3=2357&trvid=10561&s4=0&ow=36 111.90.158.39 https://coupvariant.com/?a=162&c=4035&s2=[]&s1=350676 104.21.37.240 https://ama.yourstrulynow.com/nl-nl/?o=4076&r=[]&a=162&sa=350676 188.114.96.0 https://payment.terr3fick.com/0ab9e/gateway.html?sid=[] 188.114.96.0