The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 45.140.167.2 on port 443: $ telnet 45.140.167.2 443 Trying 45.140.167.2… Connected to 45.140.167.2. Escape character is… Читать далее Malware botnet controller @45.140.167.2
Рубрика: ispserver.com
Spamvertised website
2021-12-23 nadisdh.com. 60 IN A 212.109.198.63 2021-12-18 nadisdh.com. 60 IN A 188.120.247.101 2021-12-17 nadisdh.com. 60 IN A 91.223.180.111 2021-12-09 nadisdh.com. 60 IN A 212.109.199.195 2021-12-08 nadisdh.com. 60 IN A 212.109.199.174 Received: from eaquegmhjm.cloudfront.net (20.68.129.110) From: Collagen, Collagen, <noreply@info.dnb.no> Subject: 𝟔 𝐠𝐨𝐝𝐞 𝐠𝐫𝐮𝐧𝐧𝐞𝐫 𝐭𝐢𝐥 å 𝐭𝐚 𝐂𝐨𝐥𝐥𝐚𝐠𝐞𝐧 𝐏𝐥𝐮𝐬 Date: Mon, 06 Dec 2021 10:5x:xx +0000 http://nadisdh.com/rd/[]… Читать далее Spamvertised website
Spamvertised website
2021-12-22 nadisdh.com. 60 IN A 212.109.196.155 2021-12-18 nadisdh.com. 60 IN A 188.120.247.101 2021-12-17 nadisdh.com. 60 IN A 91.223.180.111 2021-12-09 nadisdh.com. 60 IN A 212.109.199.195 2021-12-08 nadisdh.com. 60 IN A 212.109.199.174 Received: from eaquegmhjm.cloudfront.net (20.68.129.110) From: Collagen, Collagen, <noreply@info.dnb.no> Subject: 𝟔 𝐠𝐨𝐝𝐞 𝐠𝐫𝐮𝐧𝐧𝐞𝐫 𝐭𝐢𝐥 å 𝐭𝐚 𝐂𝐨𝐥𝐥𝐚𝐠𝐞𝐧 𝐏𝐥𝐮𝐬 Date: Mon, 06 Dec 2021 10:5x:xx +0000 http://nadisdh.com/rd/[]… Читать далее Spamvertised website
Spamvertised website
2021-12-18 nadisdh.com. 60 IN A 188.120.247.101 2021-12-17 nadisdh.com. 60 IN A 91.223.180.111 2021-12-09 nadisdh.com. 60 IN A 212.109.199.195 2021-12-08 nadisdh.com. 60 IN A 212.109.199.174 Received: from eaquegmhjm.cloudfront.net (20.68.129.110) From: Collagen, Collagen, <noreply@info.dnb.no> Subject: 𝟔 𝐠𝐨𝐝𝐞 𝐠𝐫𝐮𝐧𝐧𝐞𝐫 𝐭𝐢𝐥 å 𝐭𝐚 𝐂𝐨𝐥𝐥𝐚𝐠𝐞𝐧 𝐏𝐥𝐮𝐬 Date: Mon, 06 Dec 2021 10:5x:xx +0000 http://nadisdh.com/rd/[] 188.120.247.225 https://www.explicitcrackbeams.com/[]/?sub1=10&sub2=[]&sub3=[] 209.236.123.241 http://www6.andromedanebula.com/?[] 35.186.238.101
Credit card fraud gang hosting (DNS): zuganov-lox.ru (hacked-paypal-accounts-dump.ru / fe-shop.su / vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.)
ns1.zuganov-lox.ru. 14400 IN A 185.246.67.106 ns2.zuganov-lox.ru. 14400 IN A 213.189.220.165 ____________________ Was: ns1.zuganov-lox.ru. 14400 IN A 45.128.53.184 ns2.zuganov-lox.ru. 14400 IN A 176.107.160.141 ____________________ Was: ns1.zuganov-lox.ru. 14400 IN A 5.181.255.171 ns2.zuganov-lox.ru. 14400 IN A 176.107.160.202 ____________________ Was: ns1.zuganov-lox.ru. 14400 IN A 5.181.255.171 ns2.zuganov-lox.ru. 14400 IN A 45.128.53.186 ____________________ Was: ns1.zuganov-lox.ru. 14400 IN A 5.181.255.171 ns2.zuganov-lox.ru. 14400… Читать далее Credit card fraud gang hosting (DNS): zuganov-lox.ru (hacked-paypal-accounts-dump.ru / fe-shop.su / vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.)
Spamvertised website
2021-12-09 nadisdh.com. 60 IN A 212.109.199.195 2021-12-08 nadisdh.com. 60 IN A 212.109.199.174 Received: from eaquegmhjm.cloudfront.net (20.68.129.110) From: Collagen, Collagen, <noreply@info.dnb.no> Subject: 𝟔 𝐠𝐨𝐝𝐞 𝐠𝐫𝐮𝐧𝐧𝐞𝐫 𝐭𝐢𝐥 å 𝐭𝐚 𝐂𝐨𝐥𝐥𝐚𝐠𝐞𝐧 𝐏𝐥𝐮𝐬 Date: Mon, 06 Dec 2021 10:5x:xx +0000 http://nadisdh.com/rd/[] 188.120.247.225 https://www.explicitcrackbeams.com/[]/?sub1=10&sub2=[]&sub3=[] 209.236.123.241 http://www6.andromedanebula.com/?[] 35.186.238.101
Spamvertised website
2021-12-08 nadisdh.com. 60 IN A 212.109.199.174 Received: from eaquegmhjm.cloudfront.net (20.68.129.110) From: Collagen, Collagen, <noreply@info.dnb.no> Subject: 𝟔 𝐠𝐨𝐝𝐞 𝐠𝐫𝐮𝐧𝐧𝐞𝐫 𝐭𝐢𝐥 å 𝐭𝐚 𝐂𝐨𝐥𝐥𝐚𝐠𝐞𝐧 𝐏𝐥𝐮𝐬 Date: Mon, 06 Dec 2021 10:5x:xx +0000 http://nadisdh.com/rd/[] 188.120.247.225 https://www.explicitcrackbeams.com/[]/?sub1=10&sub2=[]&sub3=[] 209.236.123.241 http://www6.andromedanebula.com/?[] 35.186.238.101
Spamvertised website
Received: from eaquegmhjm.cloudfront.net (20.68.129.110) From: Collagen, Collagen, <noreply@info.dnb.no> Subject: 𝟔 𝐠𝐨𝐝𝐞 𝐠𝐫𝐮𝐧𝐧𝐞𝐫 𝐭𝐢𝐥 å 𝐭𝐚 𝐂𝐨𝐥𝐥𝐚𝐠𝐞𝐧 𝐏𝐥𝐮𝐬 Date: Mon, 06 Dec 2021 10:5x:xx +0000 http://nadisdh.com/rd/[] 188.120.247.225 https://www.explicitcrackbeams.com/[]/?sub1=10&sub2=[]&sub3=[] 209.236.123.241 http://www6.andromedanebula.com/?[] 35.186.238.101
Malware botnet controller @82.146.57.170
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 82.146.57.170 on port 80 (using HTTP GET): hXXp://82.146.57.170/gate.php $ nslookup 82.146.57.170 peterverihin4.fvds.ru Referencing malware binaries (MD5 hash): 35718909f91d0229ab56cb060cb2284f — AV detection: 6… Читать далее Malware botnet controller @82.146.57.170
Malware botnet controller @212.109.199.95
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 212.109.199.95 on port 80 (using HTTP POST): hXXp://212.109.199.95/collector.php $ nslookup 212.109.199.95 peterverihin.fvds.ru Referencing malware binaries (MD5 hash): 35718909f91d0229ab56cb060cb2284f — AV detection: 6… Читать далее Malware botnet controller @212.109.199.95