Рубрика: digitalocean.com

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 143.198.217.144 on port 587 TCP (SMTP to: merchandise@enche.com): $ telnet 143.198.217.144 587 Trying 143.198.217.144… Connected to… Читать далее AgentTesla botnet controller @143.198.217.144

Received: from DB6PR0301CA0048.eurprd03.prod.outlook.com (2603:10a6:4:54::16) Date: Thu, 03 Feb 2022 02:5x:xx +0000 From: Top Alternative Investment <[]@[].s100viewpoints.com> Subject: 𝗧𝗵𝗲 𝗴𝗿𝗲𝗮𝘁𝗲𝘀𝘁 𝗺𝗼𝗻𝗲𝘆 𝗿𝗲𝘃𝗼𝗹𝘂𝘁𝗶𝗼𝗻 𝗼𝗳 𝗮𝗹𝗹 𝘁𝗶𝗺𝗲 http://s100viewpoints.com/[] 159.223.48.46 https://volarealora.com/[] 193.124.15.64 https://www.nmxkj4trk.com/[]/?sub1=351076&sub2=[] 34.120.5.10

147.182.197.50|citizensauthsec.com|2022-02-05 04:10:55 147.182.197.50|citizenshop.co|2022-02-04 20:31:55 147.182.197.50|citizensonline.net|2022-02-05 01:31:45

143.244.168.70|secure-chaseverifyb07.com|2022-02-05 14:51:24 143.244.168.70|user-verifysecure.com|2022-02-05 15:47:07

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. RaccoonStealer botnet controller located at 138.68.162.128 on port 80 (using HTTP POST): hXXp://138.68.162.128/ Referencing malware binaries (MD5 hash): 2889e88bc0bdf81e9c5968ad2cc99609 — AV detection: 36 / 65 (55.38) 2c2257bcd86b6a26dafead1c5da4c9f6… Читать далее RaccoonStealer botnet controller @138.68.162.128

Received: from packer-5fda1fd0-09a5-142a-3523-97579cab2dc7 (143.110.217.240 [143.110.217.240]) Subject: Je pakket wacht op levering Date: Wed, 19 Jan 2022 15:2x:xx +0000 From: DHL <support@nerosys.net>

Received: from ekshop.live (159.65.144.32 [159.65.144.32]) Subject: Uw pakket wacht op levering. Date: Wed, 19 Jan 2022 15:3x:xx +0000 From: DHL <support@aspirebangla.com>

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 167.99.118.70 on port 3543 TCP: $ telnet 167.99.118.70 3543 Trying 167.99.118.70… Connected to 167.99.118.70. Escape character… Читать далее STRRAT botnet controller @167.99.118.70

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 178.128.244.245 on port 80 (using HTTP POST): hXXp://178.128.244.245/search.php Referencing malware binaries (MD5 hash): 04d719f8f064331d96a9eaed4788f16c — AV detection: 19 / 67 (28.36) 38d24c5271d3d1a401b412d68eff5861… Читать далее Loki botnet controller @178.128.244.245

Stolen credit card data websites (DNS servers): ns1.florenciyas.su. 7174 IN A 206.81.26.163 ns2.florenciyas.su. 7167 IN A 185.220.177.151 __________________________ Was: ns1.florenciyas.su. 7174 IN A 45.81.7.116 ns2.florenciyas.su. 7167 IN A 45.15.161.151 __________________________ Was: ns1.florenciyas.su. 7174 IN A 45.81.7.116 ns2.florenciyas.su. 7167 IN A 45.139.186.210 __________________________ Was: ns1.florenciyas.su. 7174 IN A 88.119.179.157 ns2.florenciyas.su. 7167 IN A 176.107.160.149 __________________________ Was:… Читать далее Credit card fraud gang hosting (DNS): florenciyas.su (fe-shop.su / vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.)