The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 20.69.124.187 on port 6606 TCP: $ telnet 20.69.124.187 6606 Trying 20.69.124.187… Connected to 20.69.124.187. Escape character… Читать далее AsyncRAT botnet controller @20.69.124.187
RaccoonStealer botnet controller @185.3.95.153
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. RaccoonStealer botnet controller located at 185.3.95.153 on port 80 (using HTTP GET): hXXp://185.3.95.153/capibar $ nslookup 185.3.95.153 185-3-95-153.ip.linodeusercontent.com Referencing malware binaries (MD5 hash): 041e5cda57c8db6f67f754250cd71b91 — AV detection: 29… Читать далее RaccoonStealer botnet controller @185.3.95.153
Suspected Snowshoe Spam IP Range
Based on research, analysis of network data, our ‘snowshoe’ spam detection systems, intelligence sources and our experience, Spamhaus believes that this IP address range is being used or is about to be used for the purpose of high volume ‘snowshoe’ spam emission. As a precaution therefore we are listing this IP range in an SBL… Читать далее Suspected Snowshoe Spam IP Range
Suspected Snowshoe Spam IP Range
Based on research, analysis of network data, our ‘snowshoe’ spam detection systems, intelligence sources and our experience, Spamhaus believes that this IP address range is being used or is about to be used for the purpose of high volume ‘snowshoe’ spam emission. As a precaution therefore we are listing this IP range in an SBL… Читать далее Suspected Snowshoe Spam IP Range
Suspected Snowshoe Spam IP Range
Based on research, analysis of network data, our ‘snowshoe’ spam detection systems, intelligence sources and our experience, Spamhaus believes that this IP address range is being used or is about to be used for the purpose of high volume ‘snowshoe’ spam emission. As a precaution therefore we are listing this IP range in an SBL… Читать далее Suspected Snowshoe Spam IP Range
Malware botnet controller @34.138.254.66
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller at 34.138.254.66 on port 443. $ telnet 34.138.254.66 443 Trying 34.138.254.66… Connected to 34.138.254.66. Escape character is ‘^]’ $ dig +short -x 34.138.254.66 66.254.138.34.bc.googleusercontent.com.… Читать далее Malware botnet controller @34.138.254.66
Malware distribution & malware botnet controllers @34.94.211.117
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Smoke Loader botnet controller located at 34.94.211.117 on port 80 (using HTTP POST): hXXp://host-data-coin-11.com/ host-data-coin-11.com. 600 IN A 34.94.211.117 Referencing malware binaries (MD5 hash): 16a32ce5e3bde626c4fe08878a2c3682 — AV… Читать далее Malware distribution & malware botnet controllers @34.94.211.117
Spam hosting/Mx (multiple domains) (OMICS)
This IP address hosts the A records of multiple domains belonging to OMICS, under at least two of its business names — Austin Publishing and Remedy Publishing. OMICS is a publisher of «open-access» journals that solicits contributions and (by implication) subscriptions through spam sent to scraped, purchased and appended lists. Those domains include: Among the… Читать далее Spam hosting/Mx (multiple domains) (OMICS)
Spam MX services (remedypublication.net) (OMICS)
Google provides MX Services for the domain remedypublication.net, which belongs to Remedy Publishers, aka OMICS. OMICS is a publisher of «open-access» journals. It solicits contributions and (by implication) subscriptions to its journals by sending spam to scraped, purchased, or appended lists. OMICS has considerably over 100 SBL listings, over 40 of which are currently live.… Читать далее Spam MX services (remedypublication.net) (OMICS)
phishing server
34.106.142.138|boa-secures01.com|2022-01-23 20:51:17 34.106.142.138|boa-secures02.com|2022-01-23 20:56:13 34.106.142.138|boa-secures03.com|2022-01-23 22:01:02 34.106.142.138|chase-team1.com|2022-01-22 20:36:10 34.106.142.138|chase-team2.com|2022-01-22 21:25:54 34.106.142.138|chase-team3.com|2022-01-22 21:55:51 34.106.142.138|chase-team4.com|2022-01-22 22:15:53 34.106.142.138|chase-verified1.com|2022-01-23 18:35:59 —- 34.106.142.138|boa-secured05.com|2022-01-24 00:01:02 34.106.142.138|boa-secured06.com|2022-01-24 00:11:16 34.106.142.138|boa-secured07.com|2022-01-24 01:05:42 34.106.142.138|boa-secures01.com|2022-01-23 20:51:17 34.106.142.138|boa-secures02.com|2022-01-23 20:56:13 34.106.142.138|boa-secures03.com|2022-01-23 22:01:02 34.106.142.138|boa-secures04.com|2022-01-23 22:26:05 34.106.142.138|chase-team1.com|2022-01-22 20:36:10 34.106.142.138|chase-team2.com|2022-01-22 21:25:54 34.106.142.138|chase-team3.com|2022-01-22 21:55:51 34.106.142.138|chase-team4.com|2022-01-22 22:15:53 34.106.142.138|chase-verified1.com|2022-01-23 18:35:59