142.44.189.93|jbfxlpcridbglpc.us-app-irs-gov.financial-assistance-available.com|2022-02-17 14:43:48 142.44.189.93|jbmyuhrl6ts2fci.www.us-app-irs-gov.financial-assistance-available.com|2022-02-17 14:44:00 142.44.189.93|jem8bcbjgdtd6te.us-app-irs-gov.financial-assistance-available.com|2022-02-17 14:44:10 142.44.189.93|josfspzsidx5eah.webmail.us-app-irs-gov.financial-assistance-available.com|2022-02-17 14:44:21 142.44.189.93|k3pzxwnbzjdawxe.webmail.us-app-irs-gov.financial-assistance-available.com|2022-02-17 14:44:32 142.44.189.93|kcj7jncuwu3yxgd.webmail.us-app-irs-gov.financial-assistance-available.com|2022-02-17 14:44:43 142.44.189.93|l6wlventyq9nsht.cpanel.us-app-irs-gov.financial-assistance-available.com|2022-02-17 14:44:54 142.44.189.93|m68avijvvmzyt97.cpcalendars.us-app-irs-gov.financial-assistance-available.com|2022-02-17 14:45:05 142.44.189.93|m7xsql2flzkglr9.cpanel.us-app-irs-gov.financial-assistance-available.com|2022-02-17 14:45:17 142.44.189.93|mh3xt272fqc1p9l.cpanel.us-app-irs-gov.financial-assistance-available.com|2022-02-17 14:45:28 142.44.189.93|mjiqiqqjxbsbsih.webmail.us-app-irs-gov.financial-assistance-available.com|2022-02-17 14:45:39 142.44.189.93|ngiybnjktos2szv.cpanel.us-app-irs-gov.financial-assistance-available.com|2022-02-17 14:45:50 142.44.189.93|ns1.workhardpaylater.online|2022-02-15 07:30:30 142.44.189.93|ns2.workhardpaylater.online|2022-02-15 07:30:30 142.44.189.93|nxhhqtuecapzluh.cpcalendars.us-app-irs-gov.financial-assistance-available.com|2022-02-17 14:46:01 142.44.189.93|o0dfcei06n3vnwl.webmail.us-app-irs-gov.financial-assistance-available.com|2022-02-17 14:46:12 142.44.189.93|o68jvvnjndgncwy.us-app-irs-gov.financial-assistance-available.com|2022-02-17 14:47:06 142.44.189.93|owtnod2y4nvuruo.cpcalendars.us-app-irs-gov.financial-assistance-available.com|2022-02-17 14:46:34 142.44.189.93|pllvszgl0bch32v.www.us-app-irs-gov.financial-assistance-available.com|2022-02-17 14:46:45 142.44.189.93|qqxuqlt6gxcgesa.us-app-irs-gov.financial-assistance-available.com|2022-02-17 14:46:55 142.44.189.93|qrse125x0u5zluj.cpanel.us-app-irs-gov.financial-assistance-available.com|2022-02-17 14:47:06 142.44.189.93|rqfgirhk4yispyt.www.us-app-irs-gov.financial-assistance-available.com|2022-02-17 14:47:17 142.44.189.93|rw6jywphqqdxlyx.cpcalendars.us-app-irs-gov.financial-assistance-available.com|2022-02-17 14:47:32 142.44.189.93|rw6mfjbyfafb9gu.cpcalendars.us-app-irs-gov.financial-assistance-available.com|2022-02-17 14:47:44 142.44.189.93|salutcompletrepli.co|2021-08-20 11:11:44 142.44.189.93|tbzdojpakdplozx.cpanel.us-app-irs-gov.financial-assistance-available.com|2022-02-17 14:47:54 142.44.189.93|thk8meozrjbhqjh.www.us-app-irs-gov.financial-assistance-available.com|2022-02-17 14:48:05 142.44.189.93|tkxhsirc49ax8cw.webmail.us-app-irs-gov.financial-assistance-available.com|2022-02-17… Читать далее phishing server
Malware botnet controller @82.146.40.179
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 82.146.40.179 on port 443: $ telnet 82.146.40.179 443 Trying 82.146.40.179… Connected to 82.146.40.179. Escape character is ‘^]’ Malicious domains observed at this… Читать далее Malware botnet controller @82.146.40.179
Loki botnet controller @188.114.97.22
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 188.114.97.22 on port 80 (using HTTP POST): hXXp://75bccc18b4d1631c2ecda542c872db27.tk/Ausin3/fre.php $ dig +short 75bccc18b4d1631c2ecda542c872db27.tk 188.114.97.22 Referencing malware binaries (MD5 hash): 02185f9c536261fc58cc159de1c62e0f — AV detection:… Читать далее Loki botnet controller @188.114.97.22
Loki botnet controller @172.67.185.204
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 172.67.185.204 on port 80 (using HTTP POST): hXXp://uklawfirm.bar/bobby/five/fre.php $ dig +short uklawfirm.bar 172.67.185.204 Referencing malware binaries (MD5 hash): 030231d96234f06ae09ca18d621241e5 — AV detection:… Читать далее Loki botnet controller @172.67.185.204
RaccoonStealer botnet controller @206.189.100.203
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. RaccoonStealer botnet controller located at 206.189.100.203 on port 80 (using HTTP GET): hXXp://206.189.100.203/wavesf Referencing malware binaries (MD5 hash): 26895e53b9a4a15fb3339a5172ebed4d — AV detection: 29 / 70 (41.43) 7b54ea7ef3102ab2cbc740fb2031b62a… Читать далее RaccoonStealer botnet controller @206.189.100.203
Botnet spammed phishing domains: Phishing Google users.
google-site-verification.com. 600 IN A 45.8.124.95 googletags-manager.com. 600 IN A 45.8.124.95 _____________ Was: google-site-verification.com. 600 IN A 185.251.89.62 googletags-manager.com. 600 IN A 185.251.89.62 _____________ Was: 91.224.22.23 google-site-verification.com 2022-02-15 04:03:32 91.224.22.23 googletags-manager.com 2022-02-15 04:36:40 91.224.22.23 script-analytic.com 2022-02-15 03:41:36 _____________ Was: 91.224.22.55 google-site-verification.com 2022-02-14 03:58:56 91.224.22.55 googletags-manager.com 2022-02-13 04:15:53 91.224.22.55 login-mobile-alert.com 2021-10-09 08:11:17 91.224.22.55 login-mobile-approve.com 2021-10-09 08:11:29 _____________… Читать далее Botnet spammed phishing domains: Phishing Google users.
Carding fraud site/forum: infodig.is (InfoDIG.sx InfoDIG.ch InfoDIG.domains infodig.mn)
Stolen credit card data websites: https://ascarding.com/ >>> https://infodig.is/ infodig.ch. 600 IN A 213.226.114.240 infodig.domains. 600 IN A 213.226.114.240 infodig.sx. 600 IN A 213.226.114.240 ________________ Was: infodig.ch. 600 IN A 2.57.187.115 infodig.domains. 600 IN A 2.57.187.115 infodig.sx. 600 IN A 2.57.187.115 ________________ Was: infodig.ch. 600 IN A 45.143.137.99 infodig.domains. 600 IN A 45.143.137.99 infodig.sx. 600 IN… Читать далее Carding fraud site/forum: infodig.is (InfoDIG.sx InfoDIG.ch InfoDIG.domains infodig.mn)
spam source
82.148.3.14 correio93.suavedocumentos.cloud «docu43.ijubggmfhjgafsiugeggufoarcdaemsb.pw» 2022-02-17T03:20:00Z (+/-10 min) 82.148.3.128 thiago03.williandocumentados.cloud «docu30.ijubggmfhjgafsiugeggufoarcdaemsb.pw» 2022-02-17T04:40:00Z (+/-10 min) 82.148.3.155 cindy09.ninghq.us «docu33.ijubggmfhjgafsiugeggufoarcdaemsb.pw» 2022-02-17T03:30:00Z (+/-10 min) 82.148.3.190 sul509.paineldocs.cloud «docu34.ijubggmfhjgafsiugeggufoarcdaemsb.pw» 2022-02-17T03:20:00Z (+/-10 min) 82.148.3.197 x6.empresariar2211.cloud «docu23.ijubggmfhjgafsiugeggufoarcdaemsb.pw» 2022-02-17T03:20:00Z (+/-10 min) 82.148.3.248 «docu48.ijubggmfhjgafsiugeggufoarcdaemsb.pw» 2022-02-17T05:00:00Z (+/-10 min) 82.148.3.0/24 (82.148.3.0 .. 82.148.3.255) == Sample ========================== Received: by .* (Postfix, from userid 33) id .*4.*; .* (-03) To: .*… Читать далее spam source
ArkeiStealer botnet controller @95.216.180.153
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. ArkeiStealer botnet controller located at 95.216.180.153 on port 80 (using HTTP POST): hXXp://95.216.180.153/565 $ nslookup 95.216.180.153 static.153.180.216.95.clients.your-server.de Referencing malware binaries (MD5 hash): 09637f910840cebb2f1e2524414c8d62 — AV detection: 9… Читать далее ArkeiStealer botnet controller @95.216.180.153
RedLineStealer botnet controller @142.132.184.130
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 142.132.184.130 on port 34971 TCP: $ telnet 142.132.184.130 34971 Trying 142.132.184.130… Connected to 142.132.184.130. Escape character… Читать далее RedLineStealer botnet controller @142.132.184.130