Рубрика: hetzner.de

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 5.9.55.235 on port 416 TCP: $ telnet 5.9.55.235 416 Trying 5.9.55.235… Connected to 5.9.55.235. Escape character… Читать далее Tofsee botnet controller @5.9.55.235

The host at this IP address is running a crypto currency mining pool that is currently being abused by cybercriminals for mining crypto currencies on malware infected computers. The following information should be sufficient for the identification and suspension of the abusive users: {«id»:1,»jsonrpc»:»2.0″,»method»:»login»,»params»:{«login»:»youssefchinelli359@gmail.com»,»pass»:»»,»agent»:»Windows Configuration Manager/2.0.0 (Windows NT 10.0; Win64; x64) libuv/1.38.0 msvc/2019″,»rigid»:»»,»algo»:[«rx/0″,»cn/2″,»cn/r»,»cn/fast»,»cn/half»,»cn/xao»,»cn/rto»,»cn/rwz»,»cn/zls»,»cn/double»,»cn-lite/1″,»cn-heavy/0″,»cn-heavy/tube»,»cn-heavy/xhv»,»cn-pico»,»cn-pico/tlo»,»cn/ccx»,»cn/upx2″,»cn/1″,»rx/wow»,»rx/arq»,»rx/sfx»,»rx/keva»,»argon2/chukwa»,»argon2/chukwav2″,»argon2/ninja»,»astrobwt»]}}

businessverifyforsecure04c.com has address 88.198.19.131 businessverifyforsecure03c.com has address 88.198.19.131 businessverifyforsecure02c.com has address 88.198.19.131 businessverifyforsecure01c.com has address 88.198.19.131 businessverifyforsecure05c.com has address 88.198.19.131

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 135.181.171.9 on port 45918 TCP: $ telnet 135.181.171.9 45918 Trying 135.181.171.9… Connected to 135.181.171.9. Escape character… Читать далее RedLineStealer botnet controller @135.181.171.9

Received: from static.167.56.4.46.clients.your-server.de ([46.4.56.167] helo=albiman.com) From: «Support» <support@albiman.com> Date: 5 Oct 2021 00:1x:xx +0200 Subject:Missed VoiceMail 05/10/2021 12:05:43 AM

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 178.63.26.132 on port 29795 TCP: $ telnet 178.63.26.132 29795 Trying 178.63.26.132… Connected to 178.63.26.132. Escape character… Читать далее RedLineStealer botnet controller @178.63.26.132

$ host laulupidu.all.lc laulupidu.all.lc has address 144.76.162.245 This IP hosts an active Microsoft OneDrive credentials phishing site.

hxxps[://]www.ipfwstudenthousing[.]com/ZW4vOWk5NTFqM1UyODU3 hosts a live phishing payload.

jpsecurepolicies-onlineapprove01.com has address 135.181.223.75 jpsecurepolicies-onlineapprove02.com has address 135.181.223.75 jpsecurepolicies-onlineapprove03.com has address 135.181.223.75 jpsecurepolicies-onlineapprove04.com has address 135.181.223.75 jpsecurepolicies-onlineapprove05.com has address 135.181.223.75 jpsecurepolicies-onlineapprove07.com has address 135.181.223.75 jpsecurepolicies-onlineapprove08.com has address 135.181.223.75 jpsecurepolicies-onlineapprove09.com has address 135.181.223.75 jpsecurepolicies-onlineapprove10.com has address 135.181.223.75

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. ArkeiStealer botnet controller located at 23.88.111.187 on port 80 (using HTTP POST): hXXp://23.88.111.187/ $ nslookup 23.88.111.187 static.187.111.88.23.clients.your-server.de Referencing malware binaries (MD5 hash): 1be0d2741eaac6804e24a7586b1086b0 — AV detection: 50… Читать далее ArkeiStealer botnet controller @23.88.111.187