Рубрика: ispserver.com

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. DCRat botnet controller located at 92.63.107.136 on port 80 (using HTTP GET): hXXp://92.63.107.136/Cpu/binmessageframe/supportscriptrule/pluginhtopgenerator/limitmobiledemoCpu/datademoPref/logruleprodmobile/CamMath/antiDjango/WarPythonpluginPref/mobile/systemAutomessagerule/cuttrace/Pythonprodprodrecord/BigloadBase.php $ nslookup 92.63.107.136 pupokvasa79.fvds.ru Referencing malware binaries (MD5 hash): 96e94ea39fb8c0b3c6cd1a2d8455e0c3 — AV detection: 14… Читать далее DCRat botnet controller @92.63.107.136

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 79.174.13.108 on port 19006 TCP: $ telnet 79.174.13.108 19006 Trying 79.174.13.108… Connected to 79.174.13.108. Escape character… Читать далее RedLineStealer botnet controller @79.174.13.108

Hosting 100’s of sites with stolen credit card data: Stolen credit card data website example: ns1.kak-prigotovit-spagetti.ru. 21316 IN A 185.41.163.33 ns2.kak-prigotovit-spagetti.ru. 18328 IN A 149.154.71.252 __________________________ Was: ns1.kak-prigotovit-spagetti.ru. 21316 IN A 185.41.163.33 ns2.kak-prigotovit-spagetti.ru. 18328 IN A 69.25.117.209 __________________________ Was: ns1.kak-prigotovit-spagetti.ru. 21316 IN A 176.107.160.199 ns2.kak-prigotovit-spagetti.ru. 18328 IN A 193.201.126.111 __________________________ Was: ns1.kak-prigotovit-spagetti.ru. 21316 IN A… Читать далее Carding fraud site/forum DNS: kak-prigotovit-spagetti.ru (ccst0re.ru / yalelodge-shop.com / sky-fraud.su etc.)

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. DCRat botnet controller located at 62.109.1.30 on port 80 (using HTTP GET): hXXp://62.109.1.30/katanazeromultiplayer/ExternalProcessorgenerator.php $ nslookup 62.109.1.30 alexsandsbaskestr568s3.fvds.ru Referencing malware binaries (MD5 hash): 1780a6e981a00e14b15e88ff68b73d0f — AV detection: 32… Читать далее DCRat botnet controller @62.109.1.30

Stolen credit card data websites (DNS servers): ns1.florenciyas.su. 7174 IN A 212.109.195.164 ns2.florenciyas.su. 7167 IN A 194.53.111.144 __________________________ Was: ns1.florenciyas.su. 7174 IN A 138.124.182.69 ns2.florenciyas.su. 7167 IN A 95.181.172.156 __________________________ Was: ns1.florenciyas.su. 7174 IN A 185.246.67.177 ns2.florenciyas.su. 7167 IN A 5.188.88.98 ___________________________ Was: ns1.florenciyas.su. 7174 IN A 185.120.57.122 ns2.florenciyas.su. 7167 IN A 185.246.67.164 ___________________________ Was:… Читать далее Credit card fraud gang hosting (DNS): florenciyas.su (fe-shop.su / vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.)

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. DCRat botnet controller located at 80.87.194.232 on port 80 (using HTTP GET): hXXp://80.87.194.232/whell_/on/moss000/Jstraffic.php $ nslookup 80.87.194.232 agarou.fvds.ru

Received: from mail.static.54.119.201.195.clients.your-server.de ([188.120.248.182]) Date: Wed, 03 Nov 2021 05:4x:xx +0000 From: 🎁𝗨𝘄 𝗝𝘂𝗺𝗯𝗼🎁 <[]> Subject: [],𝘂𝘄 𝗝𝘂𝗺𝗯𝗼 𝘁𝗲𝗴𝗼𝗲𝗱𝗯𝗼𝗻 𝘀𝘁𝗮𝗮𝘁 𝗸𝗹𝗮𝗮𝗿!

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 94.250.255.5 on port 80 (using HTTP GET): hXXp://94.250.255.5/verify.php $ nslookup 94.250.255.5 pqhostingsadasd.fvds.ru Referencing malware binaries (MD5 hash): 3f76daa90a82c76be66b0b9868c97b01 — AV detection: 48/71… Читать далее Malware botnet controller @94.250.255.5

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. DCRat botnet controller located at 188.120.229.5 on port 80 (using HTTP GET): hXXp://188.120.229.5/boot/u927/ApiDefaultdownloads.php $ nslookup 188.120.229.5 vitalynovikov19.fvds.ru Referencing malware binaries (MD5 hash): 7c6b9d0070775f719e6ec9ffea045175 — AV detection: 20… Читать далее DCRat botnet controller @188.120.229.5

62.109.26.175 is currently in use as a nameserver for spamvertized domains. This enables the resolving of spammed domains to the actual websites. This SBL record can only be removed if 62.109.26.175 stops answering DNS queries for spamvertized domain names. 1 Nameservers seen on 62.109.26.175: NS2.KAK-PRIGOTOVIT-SPAGETTI.RU — 18sgorg.su — 2card.su — 2forcecc.ru — 3xshop.su — 850scoreorg.ru… Читать далее Spammer DNS hosting (cybercrime forums)