Рубрика: hetzner.de

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 142.132.184.130 on port 15150 TCP: $ telnet 142.132.184.130 15150 Trying 142.132.184.130… Connected to 142.132.184.130. Escape character… Читать далее RedLineStealer botnet controller @142.132.184.130

ArkeiStealer botnet controller hosted here: https://mastodon.online/@banda1ker https://mastodon.online/@k1llerniax https://mastodon.online/@prophef1 https://mastodon.online/@samsa11 https://mastodon.social/@banda6ker https://mastodon.social/@kill5rnax https://mastodon.social/@prophef6 $ dig +short mastodon.online 95.216.4.252

ArkeiStealer botnet controller hosted here: https://mstdn.social/@kipriauk9 $ dig +short mas.to 116.202.14.219

ArkeiStealer botnet controller hosted here: https://mas.to/@bardak1ho $ dig +short mas.to 88.99.75.82

ArkeiStealer botnet controller hosted here: https://ruhr.social/@sam9al $ dig +short ruhr.social 78.46.16.22

Mail server distributing advance fee fraud (‘419’) spam since Fri, 18 Mar 2022 10:20 UTC. cryptogroup.net. 60 IN A 65.108.10.44 ===================================================================== Return-Path: <acme@cryptogroup.net> Received: from cryptogroup.net (cryptogroup.net [65.108.10.44]) by x (Postfix) with ESMTPS id x for <x>; Fri, 18 Mar 2022 xx:xx:xx +0000 (UTC) Reply-To: ukraine@manavadhikarprotection.org From: INFO UKRAIN <acme@cryptogroup.net> Subject: FROM UKRAINE Date: Fri,… Читать далее advance fee fraud spam source at cryptogroup.net

usaa.com-index.secure-onlinebanking.com.niagaracricketcenter.com has address 135.181.222.28

This IP address has been sending quantities of package delivery scam emails for a bit over a week. THe URI in the email is also hosted on this IP address. This is almost certainly a compromised website with a malware infection. Received: from kob.su (kob.su [138.201.18.87]) Date: Sat, 12 Mar 2022 09:##:## +0300 From: Postnord… Читать далее Malware/Fraud Package Delivery Scam Emitter/Web Hosting!

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 95.216.16.35 on port 80 TCP: $ telnet 95.216.16.35 80 Trying 95.216.16.35… Connected to 95.216.16.35. Escape character… Читать далее RedLineStealer botnet controller @95.216.16.35

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 159.69.234.4 on port 4782 TCP: $ telnet 159.69.234.4 4782 Trying 159.69.234.4… Connected to 159.69.234.4. Escape character… Читать далее QuasarRAT botnet controller @159.69.234.4