The host at this IP address is currently being used to distribute malware. Malware distribution located here: hXXp://r0melte.duckdns.org/compactador.css $ dig +short r0melte.duckdns.org 40.74.228.28
Рубрика: microsoft.com
AsyncRAT botnet controller @20.98.113.24
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 20.98.113.24 on port 1604 TCP: $ telnet 20.98.113.24 1604 Trying 20.98.113.24… Connected to 20.98.113.24. Escape character… Читать далее AsyncRAT botnet controller @20.98.113.24
AsyncRAT botnet controller @20.199.121.197
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 20.199.121.197 on port 7707 TCP: $ telnet 20.199.121.197 7707 Trying 20.199.121.197… Connected to 20.199.121.197. Escape character… Читать далее AsyncRAT botnet controller @20.199.121.197
QuasarRAT botnet controller @51.13.32.87
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 51.13.32.87 on port 30921 TCP: $ telnet 51.13.32.87 30921 Trying 51.13.32.87… Connected to 51.13.32.87. Escape character… Читать далее QuasarRAT botnet controller @51.13.32.87
njrat botnet controller @51.103.75.40
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 51.103.75.40 on port 53011 TCP: $ telnet 51.103.75.40 53011 Trying 51.103.75.40… Connected to 51.103.75.40. Escape character… Читать далее njrat botnet controller @51.103.75.40
Credit card fraud gang hosting: bilzerian.ru / rescator.su (vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.)
Stolen credit card data websites/forums: 20.102.84.82 ccshopforcarding.ru 2021-09-10 11:26:21 20.102.84.82 crdpro.net 2021-09-10 10:57:03 _________________________ Was: 45.143.136.181 bilzerian.ru 2021-09-10 09:51:51 45.143.136.181 buycconline.ru 2021-09-09 20:06:13 45.143.136.181 cardersunion.ru 2021-09-09 18:49:43 45.143.136.181 ccshoplist.ru 2021-09-10 05:11:14 45.143.136.181 ccv.name 2021-09-09 12:12:40 45.143.136.181 creditcarddumpsites2019.ru 2021-09-09 23:06:26 45.143.136.181 cvv-fullz-shop.ru 2021-09-10 09:51:26 45.143.136.181 cvvfullzonlineshop.ru 2021-09-10 07:22:18 45.143.136.181 cvvvbvshop.ru 2021-09-09 18:06:21 45.143.136.181 fe-dumps.ru 2021-09-10 07:22:04… Читать далее Credit card fraud gang hosting: bilzerian.ru / rescator.su (vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.)
Credit card fraud gang hosting: bilzerian.ru / rescator.su (vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.)
Stolen credit card data websites/forums: shop-card-dumps.ru. 14400 IN A 13.70.24.70 pawn-store.su. 14400 IN A 13.70.24.70 ____________________________ Was: 82.223.66.102 acidaliaplanitia.com 2021-01-24 09:05:24 82.223.66.102 pawn-store.su 2021-09-09 01:41:06 82.223.66.102 shop-best-site-to-buy-cvv-2020.ru 2021-09-08 01:25:49 82.223.66.102 shop-card-dumps.ru 2021-09-08 05:16:46 82.223.66.102 shop-carder-store.ru 2021-09-08 07:31:32 82.223.66.102 shop-cvv-shop-2020.ru 2021-09-08 07:32:07 82.223.66.102 shop-dump-cards-for-sale.ru 2021-09-10 05:01:03 82.223.66.102 shop-dumps-with-pin-vendor.ru 2021-09-09 04:54:06 82.223.66.102 shop-store-cc.ru 2021-09-07 06:26:07 82.223.66.102 shopccshopcarding.ru… Читать далее Credit card fraud gang hosting: bilzerian.ru / rescator.su (vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.)
spam emitter @51.104.245.202
Received: from voluptatesogajh.static.206.123.90.157.clients.your-server.de (51.104.245.202) Date: Tue, 14 Sep 2021 20:1x:xx +0000 From: 💕MeetRussianLady💕 <news@your-server.de> Subject: 🔥[]🔥,Russiske piger søger ægte kærlighed http://blotto.biz/track/[] 146.56.169.102 https://www.incorport.com/J55PK4D/QZX6914/?sub1=7&sub2=[] 173.255.248.174 https://www.russianwomanlove.com/index.php/promote/click?aid=1484&oid=CP230172&qpid_offer_id=[]&qpid_subid=9343&source_tag=7&qpid_clickid=[] 52.40.246.237 https://www.charmdate.com/my/register_do.php 52.197.172.138
Phishing payload against SEB Pank (Estonia)
hxxps[://]168-63-75-255.cprapid[.]com/~example/red.html hosts a live phishing payload against SEB. $ host 168-63-75-255.cprapid.com 168-63-75-255.cprapid.com has address 168.63.75.255
Vjw0rm botnet controller @40.121.49.138
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 40.121.49.138 on port 8023 TCP: $ telnet 40.121.49.138 8023 Trying 40.121.49.138… Connected to 40.121.49.138. Escape character… Читать далее Vjw0rm botnet controller @40.121.49.138