The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 185.43.6.25 on port 443: $ telnet 185.43.6.25 443 Trying 185.43.6.25… Connected to 185.43.6.25. Escape character is ‘^]’ Malicious domains observed at this… Читать далее Malware botnet controller @185.43.6.25
Рубрика: ispserver.com
Malware botnet controller @62.109.31.38
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 62.109.31.38 on port 443: $ telnet 62.109.31.38 443 Trying 62.109.31.38… Connected to 62.109.31.38. Escape character is ‘^]’ gc-distribution.biz. 60 IN A 62.109.31.38
DCRat botnet controller @94.250.248.104
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. DCRat botnet controller located at 94.250.248.104 on port 80 (using HTTP GET): hXXp://94.250.248.104/dataframeCpuCam/Cambin/poolcore/scriptCamsystem/antiPrefscreenlog/linehttpWp.php $ nslookup 94.250.248.104 thedrugachannel1.fvds.ru Referencing malware binaries (MD5 hash): 00b7402b5445ae00f6cfff05b8957a36 — AV detection: 25… Читать далее DCRat botnet controller @94.250.248.104
Malware botnet controller @212.109.196.83
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 212.109.196.83 on port 443: $ telnet 212.109.196.83 443 Trying 212.109.196.83… Connected to 212.109.196.83. Escape character is ‘^]’ gc-distribution.biz. 60 IN A 212.109.196.83
Malware botnet controller @37.230.116.213
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 37.230.116.213 on port 443: $ telnet 37.230.116.213 443 Trying 37.230.116.213… Connected to 37.230.116.213. Escape character is ‘^]’ gc-distribution.biz. 60 IN A 37.230.116.213
DCRat botnet controller @178.250.157.127
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. DCRat botnet controller located at 178.250.157.127 on port 80 (using HTTP GET): hXXp://178.250.157.127/Php_updatedlePrivate.php $ nslookup 178.250.157.127 mandera.but.fvds.ru Referencing malware binaries (MD5 hash): 411f9446b442f1562501e75f2e6705a0 — AV detection: 47… Читать далее DCRat botnet controller @178.250.157.127
spam emitter @37.230.114.201
Received: from s8.browesen.ru (37.230.114.201 [37.230.114.201]) Date: Sun, 2 Jan 2022 23:0x:xx +0000 From: Aleksandr <info@s8.browesen.ru> Subject: Предложение
Credit card fraud gang hosting (DNS): zuganov-lox.ru (hacked-paypal-accounts-dump.ru / fe-shop.su / vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.)
ns1.zuganov-lox.ru. 14400 IN A 185.60.134.205 ns2.zuganov-lox.ru. 14400 IN A 213.189.220.165 ____________________ Was: ns1.zuganov-lox.ru. 14400 IN A 185.43.6.204 ns2.zuganov-lox.ru. 14400 IN A 213.189.220.165 ____________________ Was: ns1.zuganov-lox.ru. 14400 IN A 185.243.56.182 ns2.zuganov-lox.ru. 14400 IN A 213.189.220.165 ____________________ Was: ns1.zuganov-lox.ru. 14400 IN A 185.158.153.46 ns2.zuganov-lox.ru. 14400 IN A 213.189.220.165 ____________________ Was: ns1.zuganov-lox.ru. 14400 IN A 91.243.57.184 ns2.zuganov-lox.ru. 14400… Читать далее Credit card fraud gang hosting (DNS): zuganov-lox.ru (hacked-paypal-accounts-dump.ru / fe-shop.su / vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.)
DCRat botnet controller @83.220.170.182
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. DCRat botnet controller located at 83.220.170.182 on port 80 (using HTTP GET): hXXp://83.220.170.182/poolcore/loggame/record/system/prod/cutlocalframe/systemframegameframe/pluginlog/searchersystemanti/limitWarbin/scriptCambootframe/geoApiLinuxflower.php $ nslookup 83.220.170.182 detasyt.fvds.ru Referencing malware binaries (MD5 hash): 094530622888dbbc9f0aa7312af93208 — AV detection: 44… Читать далее DCRat botnet controller @83.220.170.182
Credit card fraud gang hosting (DNS): zuganov-lox.ru (hacked-paypal-accounts-dump.ru / fe-shop.su / vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.)
ns1.zuganov-lox.ru. 14400 IN A 185.43.6.204 ns2.zuganov-lox.ru. 14400 IN A 213.189.220.165 ____________________ Was: ns1.zuganov-lox.ru. 14400 IN A 185.243.56.182 ns2.zuganov-lox.ru. 14400 IN A 213.189.220.165 ____________________ Was: ns1.zuganov-lox.ru. 14400 IN A 185.158.153.46 ns2.zuganov-lox.ru. 14400 IN A 213.189.220.165 ____________________ Was: ns1.zuganov-lox.ru. 14400 IN A 91.243.57.184 ns2.zuganov-lox.ru. 14400 IN A 213.189.220.165 ____________________ Was: ns1.zuganov-lox.ru. 14400 IN A 185.246.67.106 ns2.zuganov-lox.ru. 14400… Читать далее Credit card fraud gang hosting (DNS): zuganov-lox.ru (hacked-paypal-accounts-dump.ru / fe-shop.su / vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.)