The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 139.59.179.53 on port 80 (using HTTP POST): hXXp://candinavia.ga/teejay/logs/fre.php $ dig +short candinavia.ga 139.59.179.53 $ nslookup 139.59.179.53 qontracshipping.ga Referencing malware binaries (MD5 hash):… Читать далее Loki botnet controller @139.59.179.53
AsyncRAT botnet controller @51.81.142.111
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 51.81.142.111 on port 6666 TCP: $ telnet 51.81.142.111 6666 Trying 51.81.142.111… Connected to 51.81.142.111. Escape character… Читать далее AsyncRAT botnet controller @51.81.142.111
spam source
[!] This SBL record is to show an example of ongoing network abuse. It currently is not being published in the SBL list, but is instead being presented on the webpage so that the network owner has evidence to investigate and correct the problem. 23.251.255.151 e255-151.smtp-out.amazonses.com «e255-151.smtp-out.amazonses.com» 2022-02-15T15:40:00Z (+/-10 min) 23.251.255.152 e255-152.smtp-out.amazonses.com «e255-152.smtp-out.amazonses.com» 2022-02-15T15:40:00Z (+/-10… Читать далее spam source
spam support (domains)
Domain used in spam operation pritto789234.xyz [52.10.27.176]
Assorted phish landing sites.
Good old dynamic DNS… https://mercari-email.ddnsking.com https://mercari-email.ddns.net https://mrcari-emie.ddnsking.com
phishing server
34.102.120.239|citidpt.com|2022-02-15 04:41:07 34.102.120.239|citidpts.com|2022-02-15 22:01:57 34.102.120.239|citisverify.com|2022-02-16 01:26:41 34.102.120.239|verify-citi.us|2022-02-15 20:52:24 34.102.120.239|verifycitis.com|2022-02-16 01:02:28
ArkeiStealer botnet controller @213.226.114.217
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. ArkeiStealer botnet controller located at 213.226.114.217 on port 80 (using HTTP POST): hXXp://woou.link/548152.php $ dig +short woou.link 213.226.114.217 Referencing malware binaries (MD5 hash): 0251d24781ef86814ff23e2910ad73f3 — AV detection:… Читать далее ArkeiStealer botnet controller @213.226.114.217
RaccoonStealer botnet controller @178.79.161.18
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. RaccoonStealer botnet controller located at 178.79.161.18 on port 80 (using HTTP POST): hXXp://178.79.161.18/ $ nslookup 178.79.161.18 178-79-161-18.ip.linodeusercontent.com Referencing malware binaries (MD5 hash): 06ac3d3481c09cf82f67226f9035a973 — AV detection: 27… Читать далее RaccoonStealer botnet controller @178.79.161.18
irs phishing server
hXXps://us-irs.gov-get-my-economic-impact-payment-of-corona-virus.com/form/personal $ host us-irs.gov-get-my-economic-impact-payment-of-corona-virus.com us-irs.gov-get-my-economic-impact-payment-of-corona-virus.com has address 62.210.119.235
Botnet spammed phishing domains: Phishing Google users.
google-site-verification.com. 600 IN A 185.251.89.62 googletags-manager.com. 600 IN A 185.251.89.62 _____________ Was: 91.224.22.23 google-site-verification.com 2022-02-15 04:03:32 91.224.22.23 googletags-manager.com 2022-02-15 04:36:40 91.224.22.23 script-analytic.com 2022-02-15 03:41:36 _____________ Was: 91.224.22.55 google-site-verification.com 2022-02-14 03:58:56 91.224.22.55 googletags-manager.com 2022-02-13 04:15:53 91.224.22.55 login-mobile-alert.com 2021-10-09 08:11:17 91.224.22.55 login-mobile-approve.com 2021-10-09 08:11:29 _____________ Was: 5.188.89.142 google-site-verification.com 2022-01-15 02:13:39 5.188.89.142 googletags-manager.com 2022-01-15 01:48:37 5.188.89.142 script-analytic.com 2022-01-15… Читать далее Botnet spammed phishing domains: Phishing Google users.