The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 178.63.26.132 on port 29795 TCP: $ telnet 178.63.26.132 29795 Trying 178.63.26.132… Connected to 178.63.26.132. Escape character… Читать далее RedLineStealer botnet controller @178.63.26.132
Автор: blog
WSHRAT botnet controller @147.182.232.67
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 147.182.232.67 on port 7121 TCP: $ telnet 147.182.232.67 7121 Trying 147.182.232.67… Connected to 147.182.232.67. Escape character… Читать далее WSHRAT botnet controller @147.182.232.67
spam emitter @67.205.141.191
Received: from sharmacalgary.com (67.205.141.191) From: MenOnly <info@sharmacalgary.com> Subject: Få en større penis som kan spre alle kvinners lår Date: Fri, 01 Oct 2021 11:3x:xx +0000
RaccoonStealer botnet controller @172.67.176.216
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. RaccoonStealer botnet controller located at 172.67.176.216 on port 80 (using HTTP GET): hXXp://teletop.top/papatikmikr0 $ dig +short teletop.top 172.67.176.216 Referencing malware binaries (MD5 hash): 32df2eb9a83b1a97096aa403b6e5ce3f — AV detection:… Читать далее RaccoonStealer botnet controller @172.67.176.216
Malware botnet controller @194.87.206.141
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 194.87.206.141 on port 443 TCP: $ telnet 194.87.206.141 443 Trying 194.87.206.141… Connected to 194.87.206.141. Escape character… Читать далее Malware botnet controller @194.87.206.141
Без названия
$ host www.othervalid.com www.othervalid.com is an alias for othervalid.com. othervalid.com has address 213.32.106.141 othervalid.com has address 213.32.106.166 othervalid.com has address 213.32.106.139 othervalid.com has address 213.32.106.160 othervalid.com has address 213.32.106.170 Phished credit card data is collected here. https://jameshallybone.co.uk/small/js/register.php led us to «https://www.othervalid.com/?sl=x-x&data1=Track1&data2=Track2&tag={External_ID_from_traffic_source}&website={subID}&placement={sub_subID}» % Abuse contact for ‘213.32.106.128 — 213.32.106.255’ is ‘infrastructure.lu@olamobile.com’ inetnum: 213.32.106.128 — 213.32.106.255 netname:… Читать далее Без названия
Microsoft OneDrive credentials phishing payload
$ host laulupidu.all.lc laulupidu.all.lc has address 144.76.162.245 This IP hosts an active Microsoft OneDrive credentials phishing site.
Account access phishing payload
hxxps[://]www.ipfwstudenthousing[.]com/ZW4vOWk5NTFqM1UyODU3 hosts a live phishing payload.
Carding fraud site/forum: vclub.su
Stolen credit card data sites: vclub.su. 100 IN A 217.182.190.186 __________________________ vclub.su. 100 IN A 195.2.73.159 __________________________ vclub.su. 100 IN A 45.143.138.79 __________________________ vclub.su. 100 IN A 45.150.67.51 __________________________ vclub.su. 100 IN A 195.2.92.97 __________________________ vclub.su. 100 IN A 185.144.30.23 ___________________________ vclub.su. 100 IN A 45.138.157.16 ___________________________ vclub.su. 99 IN A 188.225.9.201 ___________________________ vclub.su. 299… Читать далее Carding fraud site/forum: vclub.su
FastFlux hosting provider — who use hacked servers to host malware, phish, etc. (DNS server)
https://bulletproof-hosting.com >>> https://bulletproof.su/? >>> https://t.me/ffservice? ns1.nospamdns.ru. 7162 IN A 82.146.48.239 ns2.nospamdns.ru. 7159 IN A 82.146.52.162 ________________ ns1.nospamdns.ru. 7162 IN A 193.47.33.229 ns2.nospamdns.ru. 7159 IN A 80.76.42.10 ________________ ns1.nospamdns.ru. 7162 IN A 193.47.33.229 ns2.nospamdns.ru. 7159 IN A 5.188.89.52 ________________ ns1.nospamdns.ru. 7162 IN A 91.224.22.113 ns2.nospamdns.ru. 7159 IN A 91.224.22.104 ________________ ns1.nospamdns.ru. 7162 IN A 91.224.22.65 ns2.nospamdns.ru.… Читать далее FastFlux hosting provider — who use hacked servers to host malware, phish, etc. (DNS server)