The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 172.67.180.126 on port 80 (using HTTP POST): hXXp://brokenskulltechnologies.tk/BN1/fre.php $ dig +short brokenskulltechnologies.tk 172.67.180.126 Referencing malware binaries (MD5 hash): 33e915c5057bbb6481b2d492d1bde0ed — AV detection:… Читать далее Loki botnet controller @172.67.180.126
Loki botnet controller @188.114.97.15
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 188.114.97.15 on port 80 (using HTTP POST): hXXp://dieselloil.buzz/bobby/five/fre.php $ dig +short dieselloil.buzz 188.114.97.15 Referencing malware binaries (MD5 hash): 00d56ddd073fc4e20d90087fd63a4dfc — AV detection:… Читать далее Loki botnet controller @188.114.97.15
Abused / misconfigured newsletter service (listbombing)
The host at this IP address is being (ab)used to «listbomb» email addresses: From: Quirk Chevrolet MA <leads@chevy.quirkautodealers.net> Subject: XXX, we may want to buy your vehicle. Try our trade in tool today and see what your vehicle is worth Problem description ============================ Spammers signed up for the bulk email service using the victim’s email… Читать далее Abused / misconfigured newsletter service (listbombing)
spam emitter @51.38.177.177
Received: from wavylines.xyz (wavylines.xyz. [51.38.177.177]) Subject: Details Apply Date: [DATE] From: «»[]»» <[]@wavylines.xyz> https://s3-us-west-2.amazonaws.com/ex2ak34tq/[] 52.218.204.24 http://typographyfirst.click//cl/4105_md/[] 193.36.237.179 https://zakatsnose.com/[] 193.68.89.144 https://acusticstoves.com/?s1=350310&s2=[]&s3=2576&s4=1553&ow=&s10=657 172.67.158.25 https://yettmarina.com/[] 104.21.11.116 https://chubberz.com/click?s2=[]&s1=350310&s3=2576&trvid=10386&s4=1553&ow=8 209.236.112.79 https://www.lz5bmtrk.com/4RQSJ/6JHXF/?sub2=[] 34.120.145.181 https://www.techratedgadgets.com/monthlydeal/PT1/?affid=3&c1=&c2=[]&c3=&click_id=[] 172.67.195.122
Loki botnet controller @188.114.96.15
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 188.114.96.15 on port 80 (using HTTP POST): hXXp://afripot.buzz/oluwa/five/fre.php $ dig +short afripot.buzz 188.114.96.15 Referencing malware binaries (MD5 hash): 01dfa2db4bfb87e5a5d2d4e5d8c00f5f — AV detection:… Читать далее Loki botnet controller @188.114.96.15
Spamvertised website
Received: from wavylines.xyz (wavylines.xyz. [51.38.177.177]) Subject: Details Apply Date: [DATE] From: «»[]»» <[]@wavylines.xyz> https://s3-us-west-2.amazonaws.com/ex2ak34tq/[] 52.218.204.24 http://typographyfirst.click//cl/4105_md/[] 193.36.237.179 https://zakatsnose.com/[] 193.68.89.144 https://acusticstoves.com/?s1=350310&s2=[]&s3=2576&s4=1553&ow=&s10=657 172.67.158.25 https://yettmarina.com/[] 104.21.11.116 https://chubberz.com/click?s2=[]&s1=350310&s3=2576&trvid=10386&s4=1553&ow=8 209.236.112.79 https://www.lz5bmtrk.com/4RQSJ/6JHXF/?sub2=[] 34.120.145.181 https://www.techratedgadgets.com/monthlydeal/PT1/?affid=3&c1=&c2=[]&c3=&click_id=[] 172.67.195.122
Carding fraud site/forum: infodig.is (InfoDIG.sx InfoDIG.ch InfoDIG.domains infodig.mn)
Stolen credit card data websites: https://ascarding.com/ >>> https://infodig.is/ infodig.ch. 600 IN A 176.119.159.81 infodig.domains. 600 IN A 176.119.159.81 infodig.sx. 600 IN A 176.119.159.81 ________________ Was: infodig.ch. 600 IN A 45.8.124.108 infodig.domains. 600 IN A 45.8.124.108 infodig.sx. 600 IN A 45.8.124.108 ________________ Was: infodig.ch. 600 IN A 8.212.135.34 infodig.domains. 600 IN A 8.212.135.34 infodig.sx. 600 IN… Читать далее Carding fraud site/forum: infodig.is (InfoDIG.sx InfoDIG.ch InfoDIG.domains infodig.mn)
Spamvertised website
2022-02-23 gotogml.com. 60 IN A 37.140.197.206 2022-02-20 gotogml.com. 60 IN A 45.8.127.154 2022-02-01 gotogml.com. 60 IN A 194.87.1.4 2022-01-31 gotogml.com. 60 IN A 194.87.1.5 2022-01-20 gotogml.com. 60 IN A 194.87.185.11 2022-01-18 gotogml.com. 60 IN A 5.188.160.30 Received: from iustocouny.newdom.com (20.77.57.222) Date: Mon, 17 Jan 2022 12:34:00 +0000 From: 💖💖 Charming Russian Girls 💖💖 <> Subject:… Читать далее Spamvertised website
spam emitters
Received: from s9.goronet.ru (45.147.177.179 [45.147.177.179]) Date: Tue, 22 Feb 2022 23:1x:xx +0000 From: Aleksandr <info@s9.goronet.ru> Subject: Предложение 45.147.177.20 goronet.ru 45.147.177.21 goronet.ru 45.147.177.179 goronet.ru
phishing server
18.188.42.158|signin-becu1help-error-id.com|2022-02-22 23:22:06 18.188.42.158|signin-macu1help-error-id.com|2022-02-22 00:07:33 18.188.42.158|signin-macu2help-error-id.com|2022-02-22 23:56:30