Рубрика: hetzner.de

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. ArkeiStealer botnet controller located at 94.130.188.151 on port 80 (using HTTP POST): hXXp://94.130.188.151/517 $ nslookup 94.130.188.151 static.151.188.130.94.clients.your-server.de Referencing malware binaries (MD5 hash): 07c5633c282bab7ebd330036ae0771d4 — AV detection: 41… Читать далее ArkeiStealer botnet controller @94.130.188.151

With the correct magic sauce, this is a credit card phish. Without, some default wordpress template. 168.119.170.192 microsoft.tronsfertmex.co.uk 168.119.170.192 tronsfertmex.co.uk 168.119.170.192 d9c08f5.tronsfertmex.co.uk 168.119.170.192 find-you.co.uk 168.119.170.192 coinmolun.co.uk e.g. http://tronsfertmex.co.uk/?act=cl&pid=11111&uid=1111&vid=111&ofid=111&lid=1111&cid=1111 —> mongoldrape . com (broken due to geo fencing)

Received: from web.activeinteractive.nl (web.activeinteractive.nl [195.201.145.88]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client did not present a certificate) by X (Postfix) with ESMTPS id X for <X>; Mon, 7 Mar 2022 X Received: by web.activeinteractive.nl (Postfix, from userid 1010) id X; Mon, 7 Mar 2022 X To: X Subject: Opgave PloegerRangFestival Date: Mon, 7 Mar… Читать далее Spam source @195.201.145.88

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 162.55.169.112 on port 34175 TCP: $ telnet 162.55.169.112 34175 Trying 162.55.169.112… Connected to 162.55.169.112. Escape character… Читать далее RedLineStealer botnet controller @162.55.169.112

The host at this IP address is running a crypto currency mining pool that is currently being abused by cybercriminals for mining crypto currencies on malware infected computers. The following information should be sufficient for the identification and suspension of the abusive users: {«id»:1,»jsonrpc»:»2.0″,»method»:»login»,»params»:{«login»:»466XMc1Sg2BTtbHNM7y4yZaFPagsFBcrrMLnyqfw2tVNJePAoR3QMs8bJPJTXoHohXKsh4wgr46ouRFRzFztvpimGmHDLpv»,»pass»:»x»,»agent»:»XMRig/6.2.2 (Windows NT 10.0; Win64; x64) libuv/1.38.0 msvc/2019″,»algo»:[«cn/0″,»cn/1″,»cn/2″,»cn/r»,»cn/fast»,»cn/half»,»cn/xao»,»cn/rto»,»cn/rwz»,»cn/zls»,»cn/double»,»cn-lite/0″,»cn-lite/1″,»cn-heavy/0″,»cn-heavy/tube»,»cn-heavy/xhv»,»cn-pico»,»cn-pico/tlo»,»cn/ccx»,»rx/0″,»rx/wow»,»rx/loki»,»rx/arq»,»rx/sfx»,»rx/keva»,»argon2/chukwa»,»argon2/wrkz»,»astrobwt»,»kawpow»]}}

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 95.216.21.217 on port 19597 TCP: $ telnet 95.216.21.217 19597 Trying 95.216.21.217… Connected to 95.216.21.217. Escape character… Читать далее RedLineStealer botnet controller @95.216.21.217

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 159.69.234.3 on port 7707 TCP: $ telnet 159.69.234.3 7707 Trying 159.69.234.3… Connected to 159.69.234.3. Escape character… Читать далее AsyncRAT botnet controller @159.69.234.3

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 135.181.222.87 on port 35752 TCP: $ telnet 135.181.222.87 35752 Trying 135.181.222.87… Connected to 135.181.222.87. Escape character… Читать далее RedLineStealer botnet controller @135.181.222.87

This IP address hosts ukraine-vs-russia.com, then landing page in a large spam blast currently being sent from an unnamed VPS server at VPSNet Latvia. The spam urges recipients to click a link to «vote» on whether they support Russia or Ukraine in the current conflict. Spamhaus has not checked the link, but «click bait» of… Читать далее Spam Hosting (ukraine-vs-russia.com)

;; QUESTION SECTION: ;wealthy-investors.com. IN A ;; ANSWER SECTION: wealthy-investors.com. 240 IN A 23.231.40.101 wealthy-investors.com. 240 IN A 95.217.232.235 wealthy-investors.com. 240 IN A 104.223.153.137 wealthy-investors.com. 240 IN A 144.91.89.195 wealthy-investors.com. 240 IN A 31.207.45.238