PayPal phishing spam in Estonian Subject: Avastasime hiljuti teie kontolt kahtlase tegevuse being sent today from 23.239.3.121, 45.56.84.42, 139.162.154.210, 212.71.247.164
Рубрика: linode.com
Phishing origination against PayPal
PayPal phishing spam in Estonian Subject: Avastasime hiljuti teie kontolt kahtlase tegevuse being sent today from 23.239.3.121, 45.56.84.42, 139.162.154.210, 212.71.247.164
Phishing origination against PayPal
PayPal phishing spam in Estonian Subject: Avastasime hiljuti teie kontolt kahtlase tegevuse being sent today from 23.239.3.121, 45.56.84.42, 139.162.154.210, 212.71.247.164
Phishing origination against PayPal
PayPal phishing spam in Estonian Subject: Avastasime hiljuti teie kontolt kahtlase tegevuse being sent today from 23.239.3.121, 45.56.84.42, 139.162.154.210, 212.71.247.164
Malware botnet controller @45.79.239.23
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 45.79.239.23 on port 80 (using HTTP GET): hXXp://45.79.239.23/version.php $ nslookup 45.79.239.23 li2164-23.members.linode.com Referencing malware binaries (MD5 hash): deaad3ea1c708cd99e41c4043169aa4d — AV detection: 20… Читать далее Malware botnet controller @45.79.239.23
Credit card fraud domain hosting: cvvstore.su (adminshop.su / fullz.su / buycvvshop.su)
fe-shop-cc.com. 14399 IN A 178.79.187.121 hackseller.su. 14399 IN A 178.79.187.121 cvvstore.su. 14399 IN A 178.79.187.121 _________________ Was: adminshop.su. 14399 IN A 46.8.153.60 46.173.214.148 mail.cc-shop.su 2021-03-06 04:49:40 46.173.214.148 cc-shop.su 2021-03-06 04:49:40 46.173.214.148 fe-shop-cc.com 2021-03-06 00:17:59 46.173.214.148 mail.hackseller.su 2021-03-05 22:04:31 46.173.214.148 hackseller.su 2021-03-05 22:04:31 46.173.214.148 shopdump.su 2021-03-05 16:08:58 46.173.214.148 amigo-shop.su 2021-03-05 11:04:52 _________________ Was: fullz.su. 14399 IN… Читать далее Credit card fraud domain hosting: cvvstore.su (adminshop.su / fullz.su / buycvvshop.su)
Carding fraud site/forum DNS: s-fraud.ru / monopoly.ms / sky-fraud.ru / fe-acc18.ru etc.
Stolen credit card data sites. https://sky-fraud.ru IP 172.105.53.220 https://uas-store.ru/login/ IP 167.99.134.30 https://trump-dmps.ru/login/ IP 167.99.134.30 172.105.53.220 monopoly.ms 2021-04-20 16:23:14 uas-store.ru. 299 IN A 167.99.134.30 s-fraud.ru. 3599 IN A 94.26.224.98 sky-fraud.ru. 3599 IN A 172.105.53.220 fe-acc18.ru. 15 IN A 185.252.84.28 _______________________ Was: uas-store.ru. 3599 IN A 185.236.232.28 s-fraud.ru. 3599 IN A 185.236.232.251 sky-fraud.ru. 3599 IN A 185.236.232.251… Читать далее Carding fraud site/forum DNS: s-fraud.ru / monopoly.ms / sky-fraud.ru / fe-acc18.ru etc.
Emotet malware distribution @192.46.224.33 [compromise website]
The host at this IP address is hosting a website that have been compromised by threat actors to distribute Emotet (aka Heodo) malware. The following URL is hosting a webshell that is being accessed by the threat actors programmatically to place malware on the website: URL: http://bitsisland.com/wp-content/themes/festive/upgrade/JST10x.php Host: bitsisland.com IP address: 192.46.224.33 Hostname: li2183-33.members.linode.com
Malware botnet controller @172.105.155.183
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 172.105.155.183 on port 80 (using HTTP GET): hXXp://ret.space/checkin $ dig +short ret.space 172.105.155.183 $ nslookup 172.105.155.183 li2071-183.members.linode.com Referencing malware binaries (MD5 hash):… Читать далее Malware botnet controller @172.105.155.183
phishing server
hXXp://chichhatruc1.cf/thailand chichdangtiec.tk chichhoahau6.ga chichthuvu4.ga chichhoahau3.cf chichhoahau2.tk chichmitraditto2.cf chichvanh1.gq chichmitraditto2.ml chichbonghoa1.gq chichmitraditto1.tk chichhaohao1.ga chichtuanh4.ml chichaiphuong2.ga chichhatruc1.cf ditvandoi2.gq quaxinhgai2.ml gaixinhwa3.gq gaixinhwa3.ga