Автор: blog

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 34.91.203.83 on port 443 TCP: $ telnet 34.91.203.83 443 Trying 34.91.203.83… Connected to 34.91.203.83. Escape character… Читать далее RaccoonStealer botnet controller @34.91.203.83

Stolen credit card data sites: rescator.cm. 599 IN A 35.228.131.165 35.228.131.165 rescator.cn 2021-03-06 35.228.131.165 rescator.cm 2021-03-04 35.228.131.165 ns1.dzdns.net.rescator.at 2021-03-03 35.228.131.165 4jslg.rescator.cm 2021-03-01 35.228.131.165 ns2.dzdns.net.rescator.cm 2021-02-27 briansclub.cm. 599 IN A 34.89.90.228 ________________ Was: rescator.cm. 599 IN A 34.90.252.91 34.90.252.91|146457687.superms-shop.su|2021-02-08 07:10:52 34.90.252.91|270213053.superms-shop.su|2021-02-08 06:00:31 34.90.252.91|golokolosqwer.xyz|2021-02-06 23:25:03 34.90.252.91|ms-shoplive.su|2021-02-08 12:56:50 34.90.252.91|ms-shoponline.su|2021-02-08 01:42:38 34.90.252.91|newms-shop.su|2021-02-09 06:50:34 34.90.252.91|superms-shop.su|2021-02-09 04:20:20 briansclub.at. 59 IN A… Читать далее Carding fraud site/forum: rescator.cn / rescator.cm (briansclub.cm / lampeduza.cm / omerta.cc)

Stolen credit card data sites: briansclub.at. 166 IN A 35.234.120.206 35.234.120.206 briansclub.cm 2021-03-09 35.234.120.206 briansclub.at 2021-03-09 ________________ Was: briansclub.at. 599 IN A 34.65.63.70 ________________ Was: briansclub.at. 599 IN A 8.209.73.103 rescator.cm. 599 IN A 34.90.252.91 cvv-store.cc. 599 IN A 103.209.102.141 cvv-store.cc. 599 IN A 94.242.58.188 vendeta.su. 599 IN A 103.209.102.141 vendeta.su. 599 IN A 94.242.58.188… Читать далее Carding fraud site/forum: briansclub.at / rescator.cm (lampeduza.cm / omerta.cc)

msftsln.com. 599 IN A 35.228.8.88 35.228.8.88 connectl-wellslfargo.top 2021-03-11 35.228.8.88 adslstickerfi.world 2021-03-10 35.228.8.88 paypal-info.top 2021-03-08 35.228.8.88 msftsln.com 2021-03-08 35.228.8.88 www.poplicvuzrtop.top 2021-03-05 35.228.8.88 www.kontowmeineu.top 2021-03-05 35.228.8.88 www.ebavuzpbeit.top 2021-03-05 35.228.8.88 www.connectlwellslfargo.top 2021-03-05 35.228.8.88 www.connectl-wellslfargo.top 2021-03-05 35.228.8.88 poplicvuzrtop.top 2021-03-05 35.228.8.88 kontowmeineu.top 2021-03-05 35.228.8.88 ebavuzpbeit.top 2021-03-05 35.228.8.88 connectlwellslfargo.top 2021-03-05 35.228.8.88 linkdirectservice.com 2021-03-05 35.228.8.88 www.connectwellslfargo.top 2021-03-03 35.228.8.88 www.connect-wellsifargo.top 2021-03-03 35.228.8.88 www.connectwellsifargo.top… Читать далее Botnet spammed phishing domain hosting

The host at this IP address is currently being used to distribute malware. Malware distribution located here: hXXp://www.plug-fbnotification.com/coloqaq/parse.exe hXXp://www.plug-fbnotification.com/coloqaq/parse-bak.exe $ dig +short www.plug-fbnotification.com 35.220.235.49 $ nslookup 35.220.235.49 49.235.220.35.bc.googleusercontent.com Referencing malware binaries (MD5 hash): 06893bfcf2b686712006596aa8af83b7 — AV detection: 17 / 70 (24.29) 06a40bb884c2ee66926861c7b80591c5 — AV detection: 24 / 69 (34.78) 071c33b5b8f1dd782c1c29ad57392fd8 — AV detection: 20 /… Читать далее Malware distribution @35.220.235.49

Stolen credit card data websites. trump-dumps.ru. 599 IN A 34.65.136.62 ___________________ Was: trump-dumps.ru. 599 IN A 91.203.192.4 2020-12-30 09:44:25 amwsb.top A 91.203.192.4 2020-12-21 11:22:27 jahjaho.net A 91.203.192.4 2020-12-29 12:17:08 login-panel-account.net A 91.203.192.4 2020-12-23 08:04:20 trueholidaysfunglass.net A 91.203.192.4 2021-01-01 11:44:51 xyxyxt.net A 91.203.192.4 __________________________ Was: trump-dumps.ru. 599 IN A 8.209.97.209 2020-12-30 18:13:16 verify-ptsb.com A 8.209.97.209 2020-11-22… Читать далее Carding fraud site/forums trump-dumps.ru (iprofit.cc / megasearch.su / carderspro.com / carderpro.com)

Initially appears to be a stolen domain from GoDaddy being used as a spammer landing page. www.whskysr.com www.whtrsn.com —> New as of 27 Mar 21 www.frscosr.com —> New as of 22 May 21 Please investigate

The host at this IP address is emitting spam emails. Spam sample ========================================= From: joehugg838@gmail.com Subject: Complete software solutions =========================================

cloudflareplus.net. 599 IN A 35.187.16.185 35.187.16.185 jquery.su 2021-03-22 35.187.16.185 googlemgr.net 2021-03-22 35.187.16.185 gooqlescript.com 2021-03-21 35.187.16.185 googleinfo.name 2021-03-21 35.187.16.185 googiemanager.com 2021-03-21 35.187.16.185 cloubfiare.net 2021-03-21 35.187.16.185 googlemanagerads.com 2021-03-21 35.187.16.185 qodaddy.net 2021-03-20 ______________ Was: paribas-biznesplanet-logowanie.com. 599 IN A 45.143.136.30 ______________ Was: paribas-biznesplanet-logowanie.com. 599 IN A 185.193.143.242 ______________ Was: paribas-biznesplanet-logowanie.com. 599 IN A 91.203.193.159 2020-11-01 14:30:41 amwsb.top A 91.203.193.159… Читать далее Hosting bank phishing domains

Stolen credit card data websites: bestcvvshop.ru. 599 IN A 35.239.245.68 bestcvvshop.ru. 599 IN A 35.222.206.117 cc4you.su. 599 IN A 35.239.245.68 cc4you.su. 599 IN A 35.222.206.117 _________________ Was: host bestcvvshop.ru bestcvvshop.ru has address 34.121.110.90 host cc4you.su cc4you.su has address 34.121.110.90 host spamming-tools.cc spamming-tools.cc has address 34.121.110.90 34.121.110.90 feshop-dumps.cc 2021-03-17 34.121.110.90 piratescc.cc 2021-03-17 34.121.110.90 fe-dumps.su 2021-03-16 34.121.110.90… Читать далее Cybercriminal credit-card theft carding gang at bestcvvshop.ru, cvvstore.cc, cc4you.su, kingscard.cc etc.