According to our telemetry and our own intelligence, the host at this IP address has been setup by cyber criminals for the exclusive purpose of hosting phishing sites, malware distribution sites and/or botnet controllers. We therefore advise our users to block any traffic from/to this IP address. Malware botnet controller located at 34.138.15.9 port 443… Читать далее Malware / Botnet / Phishing hosting server @34.138.15.9

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 35.228.103.145 on port 443 TCP: $ telnet 35.228.103.145 443 Trying 35.228.103.145… Connected to 35.228.103.145. Escape character… Читать далее Tofsee botnet controller @35.228.103.145

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Smoke Loader botnet controller located at 34.118.37.165 on port 80 (using HTTP POST): hXXp://coin-coin-file-9.com/ coin-coin-file-9.com. 600 IN A 34.118.37.165 Referencing malware binaries (MD5 hash): 16a32ce5e3bde626c4fe08878a2c3682 — AV… Читать далее Malware distribution & malware botnet controllers @34.118.37.165

mobile-auth-ref-093483.com has address 34.118.84.207 EasyWeb Login TD Canada Trust 34.118.84.207|accesweb-securite-797387.com|2022-02-01 04:56:13 34.118.84.207|accesweb-securite-91015394.com|2022-02-01 03:11:32 34.118.84.207|accesweb-securite-927964.com|2022-01-31 03:26:21 34.118.84.207|auth-ref-048279.com|2022-01-31 06:54:29 34.118.84.207|auth-ref-056382.com|2022-01-31 06:51:46 34.118.84.207|auth-ref-093483.com|2022-01-31 03:26:31 34.118.84.207|auth-ref-093631.com|2022-02-01 04:01:34 34.118.84.207|mobile-auth-ref-093483.com|2022-02-01 02:11:35

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 35.226.107.62 on port 443: $ telnet 35.226.107.62 443 Trying 35.226.107.62… Connected to 35.226.107.62. Escape character is… Читать далее Malware distribution & botnet controller @35.226.107.62

According to our telemetry and our own intelligence, the host at this IP address has been setup by cyber criminals for the exclusive purpose of hosting phishing sites, malware distribution sites and/or botnet controllers. We therefore advise our users to block any traffic from/to this IP address. Malware botnet controller located at 34.90.81.5 port 443… Читать далее Malware / Botnet / Phishing hosting server @34.90.81.5

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 34.88.129.31 on port 443: $ telnet 34.88.129.31 443 Trying 34.88.129.31… Connected to 34.88.129.31. Escape character is… Читать далее Malware botnet controller @34.88.129.31

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller at 34.69.176.228 on port 443. $ telnet 34.69.176.228 443 Trying 34.69.176.228… Connected to 34.69.176.228. Escape character is ‘^]’ $ dig +short -x 34.69.176.228 66.254.138.34.bc.googleusercontent.com.… Читать далее Malware botnet controller @34.69.176.228

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 35.228.143.125 on port 80 (using HTTP POST): hXXp://secure01-redirect.net/gc5/fre.php secure01-redirect.net. 600 IN A 35.228.143.125 Referencing malware binaries (MD5 hash): 551b922ffeac1a93a892a5b15f4465ee — AV detection:… Читать далее Loki botnet controller @35.228.143.125

35.246.214.97|365online-securesupport.com|2022-02-01 21:36:48 35.246.214.97|3authenticationsecureserver.ae.org|2022-02-02 01:36:14 35.246.214.97|97.214.246.35.bc.googleusercontent.com|2021-04-01 04:46:21 35.246.214.97|alert404-aib.com|2022-02-02 02:56:09 35.246.214.97|authorizelogininfo.net|2022-02-02 01:26:23 35.246.214.97|online-open24-support.com|2022-02-01 19:32:37 35.246.214.97|overdue-tax.com|2022-02-02 02:56:03 35.246.214.97|secure-aib-mobile.com|2022-02-01 19:32:47 2/4/2022 35.246.214.97|365live-digitalnotice.com|2022-02-03 13:47:38 35.246.214.97|365live-digitalnotices.com|2022-02-03 23:11:44 35.246.214.97|365live-helpdesk.com|2022-02-03 12:51:58 35.246.214.97|365online-authenticaccountsecurity.com|2022-02-03 17:18:00 35.246.214.97|365online-secureacces.com|2022-02-02 19:56:32 35.246.214.97|365online-securedsupport.com|2022-02-02 20:57:09 35.246.214.97|365online-securesupport.com|2022-02-01 21:36:48 35.246.214.97|365onlineweb-helper.com|2022-02-03 17:33:23 35.246.214.97|365secured-authentication.com|2022-02-04 13:33:06 35.246.214.97|3authenticationsecureserver.ae.org|2022-02-04 15:42:13 35.246.214.97|97.214.246.35.bc.googleusercontent.com|2021-04-01 04:46:21 35.246.214.97|aib-mobile-security.com|2022-02-03 16:57:26 35.246.214.97|aib-mobileservice.com|2022-02-04 11:57:18 35.246.214.97|aibauthuser.com|2022-02-03 14:08:38 35.246.214.97|aibinfo-authentication.com|2022-02-03 13:12:51 35.246.214.97|aibloginservice.com|2022-02-03 13:02:22 35.246.214.97|aibonline-authenticator.com|2022-02-03 22:17:05 35.246.214.97|aibonline-recovery.com|2022-02-02 13:44:00 35.246.214.97|aibsecured-support.com|2022-02-03 16:41:55… Читать далее phishing server