The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Socelars botnet controller located at 161.97.64.205 on port 80 (using HTTP POST): hXXp://www.ntyswhcm.com/ $ dig +short www.ntyswhcm.com 161.97.64.205 $ nslookup 161.97.64.205 vmi779689.contaboserver.net Referencing malware binaries (MD5 hash):… Читать далее Socelars botnet controller @161.97.64.205
phishing server
13.90.201.44|secure52-wells.com|2022-02-16 14:42:21 13.90.201.44|secure73-wells.com|2022-02-17 02:25:36
phishing server
13.68.240.109|citibankfrauddeptt.com|2022-02-16 23:56:47 13.68.240.109|citisecuritydept.com|2022-02-16 22:26:58
Assorted phish landing sites.
And people wonder why ga/ml/cf/gq have a terrible reputation. All these and more: 34.102.120.35 mypaidygjhs.ga 34.102.120.35 mypaidyseveghk.ml 34.102.120.35 mysoftbankesues.ml 34.102.120.35 mypaidygjhs.cf 34.102.120.35 mypaidygjhsjh.gq 34.102.120.35 mysoftbankesho.cf 34.102.120.35 mysoftbankesiesa.cf 34.102.120.35 mysoftbankeselouts.gq 34.102.120.35 mypaidygjhsjh.ml 34.102.120.35 mypaidygjhsjh.ga 34.102.120.35 mysoftbankesues.gq 34.102.120.35 mysoftbankeselouts.ga 34.102.120.35 mypaidysevegh.ml 34.102.120.35 mypaidygjhsfdk.ml 34.102.120.35 mysoftbankesuesde.gq 34.102.120.35 mysoftbankesiesa.gq 34.102.120.35 mysoftbankesues.cf 34.102.120.35 mysoftbankesho.ml 34.102.120.35 mypaidyseveghk.cf 34.102.120.35 mypaidygjhsfdk.ga 34.102.120.35 mysoftbankesiesa.ml… Читать далее Assorted phish landing sites.
Malware botnet controller @185.251.91.177
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 185.251.91.177 on port 443: $ telnet 185.251.91.177 443 Trying 185.251.91.177… Connected to 185.251.91.177. Escape character is… Читать далее Malware botnet controller @185.251.91.177
Malware distribution & botnet controller @193.42.113.118
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 193.42.113.118 on port 443: $ telnet 193.42.113.118 443 Trying 193.42.113.118… Connected to 193.42.113.118. Escape character is… Читать далее Malware distribution & botnet controller @193.42.113.118
spam source
[!] This SBL record is to show an example of ongoing network abuse. It currently is not being published in the SBL list, but is instead being presented on the webpage so that the network owner has evidence to investigate and correct the problem. w 54.240.26.8 a26-8.smtp-out.us-west-2.amazonses.com «a26-8.smtp-out.us-west-2.amazonses.com» 2022-02-15T17:00:00Z (+/-10 min) 54.240.26.8/32 (54.240.26.8 .. 54.240.26.8)… Читать далее spam source
spam source
[!] This SBL record is to show an example of ongoing network abuse. It currently is not being published in the SBL list, but is instead being presented on the webpage so that the network owner has evidence to investigate and correct the problem. w 54.240.26.7 a26-7.smtp-out.us-west-2.amazonses.com «a26-7.smtp-out.us-west-2.amazonses.com» 2022-02-16T14:30:00Z (+/-10 min) w+ 54.240.26.9 a26-9.smtp-out.us-west-2.amazonses.com «a26-9.smtp-out.us-west-2.amazonses.com»… Читать далее spam source
spam source
[!] This SBL record is to show an example of ongoing network abuse. It currently is not being published in the SBL list, but is instead being presented on the webpage so that the network owner has evidence to investigate and correct the problem. w 54.240.8.27 a8-27.smtp-out.amazonses.com «a8-27.smtp-out.amazonses.com» 2022-02-15T23:20:00Z (+/-10 min) w 54.240.8.28 a8-28.smtp-out.amazonses.com «a8-28.smtp-out.amazonses.com»… Читать далее spam source
spam source
[!] This SBL record is to show an example of ongoing network abuse. It currently is not being published in the SBL list, but is instead being presented on the webpage so that the network owner has evidence to investigate and correct the problem. w 54.240.8.27 a8-27.smtp-out.amazonses.com «a8-27.smtp-out.amazonses.com» 2022-02-15T23:20:00Z (+/-10 min) w 54.240.8.28 a8-28.smtp-out.amazonses.com «a8-28.smtp-out.amazonses.com»… Читать далее spam source