The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 45.90.34.87 on port 418 TCP: $ telnet 45.90.34.87 418 Trying 45.90.34.87… Connected to 45.90.34.87. Escape character… Читать далее Tofsee botnet controller @45.90.34.87
Автор: blog
Carding fraud site/forum: cvv-dumps-2021.ru etc.
45.147.179.37 capital-one-walmart-cc.ru 2021-07-14 02:18:04 45.147.179.37 freebie-fullz.ru 2021-07-14 04:11:12 45.147.179.37 pl-transcom.site 2021-07-01 09:11:51 45.147.179.37 walmart-capital-one-cc.ru 2021-07-14 03:23:14 ____________________ Was: 45.147.178.7 best-cvv-shop.ru 2021-07-13 15:48:19 45.147.178.7 capital-one-walmart-cc.ru 2021-07-13 13:28:40 45.147.178.7 fancourier.ro.item-payufor.pw 2021-06-23 02:10:23 45.147.178.7 item-payufor.pw 2021-06-22 03:10:46 45.147.178.7 itpdevelop.ru 2021-06-18 14:26:29 45.147.178.7 walmart-capital-one-cc.ru 2021-07-13 14:49:24 45.147.178.7 www.itpdevelop.ru 2021-06-13 04:52:16 ________________ Was: walmart-capital-one-cc.ru. 14399 IN A 54.212.6.247 54.212.6.247 walmart-capital-one-cc.ru… Читать далее Carding fraud site/forum: cvv-dumps-2021.ru etc.
Credit card fraud gang hosting: hacked-paypal-accounts-dump.ru (zuganov-lox.ru / fe-shop.su / vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.)
Stolen credit card data websites (DNS servers): cvv-black.ru. 14400 IN A 45.141.76.239 unicc-dark-web-link.ru. 14400 IN A 45.141.76.239 ______________________ Was: 52.53.171.79 bank-of-america-atm-card-no-cvv.ru 2021-07-11 01:05:47 52.53.171.79 best-website-to-buy-cc.ru 2021-07-11 11:16:06 52.53.171.79 cc-checker-site.ru 2021-07-07 02:00:57 52.53.171.79 cvv-black.ru 2021-07-09 14:26:06 52.53.171.79 cvv-dumps-2020.ru 2021-07-11 11:16:02 52.53.171.79 cvv-fullz-online-shop.ru 2021-07-10 16:13:34 52.53.171.79 ftp.debit-card-dump.ru 2021-07-08 22:50:58 52.53.171.79 imap.buy-company-fullz.ru 2021-07-08 22:50:30 52.53.171.79 imap.cheap-fullz.ru 2021-07-08 22:50:53… Читать далее Credit card fraud gang hosting: hacked-paypal-accounts-dump.ru (zuganov-lox.ru / fe-shop.su / vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.)
Spam support service
We currently consider Beget LLC as «spam support service» according to Spamhaus SBL policy. Beget LLC is providing bulletproof domain registration services to botnet operators and rejects abuse reports send by Spamhaus and 3rd parties: ================================== <support@beget.com>: host mx1.beget.com[5.101.158.68] said: 550-Message discarded as high-probability spam. Contact support@beget.ru ( 550 1mTIPl-0005Sw-6a ) (in reply to end… Читать далее Spam support service
Abused / misconfigured newsletter service (listbombing)
The host at this IP address is being (ab)used to «listbomb» email addresses: From: hello@marciakorenhof.com Subject: Vanavond om 20.00 Live Q&A op Instagram 🙄 Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk email campaigns.… Читать далее Abused / misconfigured newsletter service (listbombing)
sqlservercentral.com (Newsletter with dirty list)
SQL Server Central, a website about SQL, has a list to which it sends daily emails. That list is clearly very old and unmaintained, and SQL Server Central is as a consequence hitting spamtraps. This list desperately needs cleaning, and a new process to ensure that recipients of this email still want it and are… Читать далее sqlservercentral.com (Newsletter with dirty list)
FastFlux hosting provider: bulletproof.su — who use hacked servers to host malware, phish, etc.
https://bulletproof-hosting.com >>> https://bulletproof.su/? >>> https://t.me/ffservice? bulletproof.su. 14399 IN A 54.153.104.186 _________________ Was: bulletproof.su. 14399 IN A 13.57.17.224 13.57.17.224 bulletproof-hosting.net 2021-07-20 08:00:53 13.57.17.224 pinkshop.info 2021-07-21 13:54:38 _________________ Was: bulletproof.su. 14400 IN A 54.183.0.249 bulletproof-hosting.com. 14400 IN A 54.183.0.249 _________________ Was: bulletproof.su. 14400 IN A 44.193.18.240 bulletproof-hosting.com. 14400 IN A 44.193.18.240 _________________ Was: bulletproof.su. 14399 IN A… Читать далее FastFlux hosting provider: bulletproof.su — who use hacked servers to host malware, phish, etc.
spam emitter @54.240.7.17
Received: from a7-17.smtp-out.eu-west-1.amazonses.com (54.240.7.17) From: Marie Mohamed <marie@economychats.com> Subject: Enligt överenskommelsen [], mer information inför mötet på Måndag Date: Tue, 17 Aug 2021 06:4x:xx +0000
excelaccountant.com (MX) (Pioneer Educator)
Amazon hosts the A record and website of the domain freecpewebinar.com. The owners of this domain are using ESP Benchmark Email to send spam emails to scraped, purchased or appended lists. Amazon: please deal with this spam hosting per your AUP/TOS. Received: from pmta604.dedicated.bmsend.com (pmta604.dedicated.bmsend.com [12.174.236.139]) Date: Sat, 21 Aug 2021 12:##:## -0400 From: Bob… Читать далее excelaccountant.com (MX) (Pioneer Educator)
AsyncRAT botnet controller @18.133.124.202
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 18.133.124.202 on port 4784 TCP: $ telnet 18.133.124.202 4784 Trying 18.133.124.202… Connected to 18.133.124.202. Escape character… Читать далее AsyncRAT botnet controller @18.133.124.202