The host at this IP address is currently being used to distribute malware. Malware distribution located here: hXXp://95.181.152.139/rrghost.exe Referencing malware binaries (MD5 hash): 01506977f93139155d8b8fd0b571470c — AV detection: 40 / 61 (65.57) 09d5cb1ce36967235ccae5c7e5d81ddc — AV detection: 32 / 64 (50.00) 0ed55fa041adc2cb12006d044306633b — AV detection: 39 / 68 (57.35) 111235284fa41f19e41f117a9ad43372 — AV detection: 35 / 64 (54.69)… Читать далее Malware distribution @95.181.152.139
Рубрика: msk.host
RedLineStealer botnet controller @95.181.152.177
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 95.181.152.177 on port 21142 TCP: $ telnet 95.181.152.177 21142 Trying 95.181.152.177… Connected to 95.181.152.177. Escape character… Читать далее RedLineStealer botnet controller @95.181.152.177
Malware botnet controller @95.181.152.184
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 95.181.152.184 on port 2021 TCP: $ telnet 95.181.152.184 2021 Trying 95.181.152.184… Connected to 95.181.152.184. Escape character… Читать далее Malware botnet controller @95.181.152.184
RedLineStealer botnet controller @95.181.152.5
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 95.181.152.5 on port 46927 TCP: $ telnet 95.181.152.5 46927 Trying 95.181.152.5… Connected to 95.181.152.5. Escape character… Читать далее RedLineStealer botnet controller @95.181.152.5
Credit card fraud gang hosting (DNS): florenciyas.su (fe-shop.su / vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.)
Stolen credit card data websites (DNS servers): ns1.florenciyas.su. 7174 IN A 95.181.172.145 ns2.florenciyas.su. 7167 IN A 5.188.88.38 ____________________________ Was: ns1.florenciyas.su. 7174 IN A 185.246.67.177 ns2.florenciyas.su. 7167 IN A 5.188.88.98 ___________________________ Was: ns1.florenciyas.su. 7174 IN A 185.120.57.122 ns2.florenciyas.su. 7167 IN A 185.246.67.164 ___________________________ Was: ns1.florenciyas.su. 7174 IN A 195.133.53.22 ns2.florenciyas.su. 7167 IN A 92.63.96.56 ___________________________ Was:… Читать далее Credit card fraud gang hosting (DNS): florenciyas.su (fe-shop.su / vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.)
Carding fraud site/forum: infodig.is (InfoDIG.sx InfoDIG.ch InfoDIG.domains infodig.mn)
Stolen credit card data websites: https://ascarding.com/ >>> https://infodig.is/ 45.9.20.254 infodig.sx 2021-09-08 17:40:15 _________________________ Was: infodig.is. 21599 IN A 185.26.105.244 ;; QUESTION SECTION: ;infodig.is. IN MX ;; ANSWER SECTION: infodig.is. 21599 IN MX 10 mx1.netim.net. infodig.is. 21599 IN MX 10 mx2.netim.net. InfoDIG.sx. 3599 IN A 91.214.124.80 InfoDIG.ch. 3599 IN A 91.214.124.80 InfoDIG.domains. 3599 IN A 91.214.124.80… Читать далее Carding fraud site/forum: infodig.is (InfoDIG.sx InfoDIG.ch InfoDIG.domains infodig.mn)
Malware botnet controller @45.138.72.98
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 45.138.72.98 on port 443 TCP: $ telnet 45.138.72.98 443 Trying 45.138.72.98… Connected to 45.138.72.98. Escape character… Читать далее Malware botnet controller @45.138.72.98
Carding fraud site/forum DNS: kak-prigotovit-spagetti.ru (ccst0re.ru / yalelodge-shop.com / sky-fraud.su etc.)
Hosting 100’s of sites with stolen credit card data: Stolen credit card data website example: ns1.kak-prigotovit-spagetti.ru. 21316 IN A 195.22.152.216 ns2.kak-prigotovit-spagetti.ru. 18328 IN A 95.181.152.18 __________________________ Was: ns1.kak-prigotovit-spagetti.ru. 21316 IN A 46.17.106.132 ns2.kak-prigotovit-spagetti.ru. 18328 IN A 5.188.88.191 __________________________ Was: ns1.kak-prigotovit-spagetti.ru. 21316 IN A 185.120.56.166 ns2.kak-prigotovit-spagetti.ru. 18328 IN A 95.181.155.48 ___________________________ Was: ns1.kak-prigotovit-spagetti.ru. 21316 IN A… Читать далее Carding fraud site/forum DNS: kak-prigotovit-spagetti.ru (ccst0re.ru / yalelodge-shop.com / sky-fraud.su etc.)
Credit card fraud gang hosting (DNS): florenciyas.su (fe-shop.su / vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.)
Stolen credit card data websites (DNS servers): ns1.florenciyas.su. 7174 IN A 138.124.182.69 ns2.florenciyas.su. 7167 IN A 95.181.172.156 __________________________ Was: ns1.florenciyas.su. 7174 IN A 185.246.67.177 ns2.florenciyas.su. 7167 IN A 5.188.88.98 ___________________________ Was: ns1.florenciyas.su. 7174 IN A 185.120.57.122 ns2.florenciyas.su. 7167 IN A 185.246.67.164 ___________________________ Was: ns1.florenciyas.su. 7174 IN A 195.133.53.22 ns2.florenciyas.su. 7167 IN A 92.63.96.56 ___________________________ Was:… Читать далее Credit card fraud gang hosting (DNS): florenciyas.su (fe-shop.su / vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.)