The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 5.63.155.126 on port 80 (using HTTP GET): hXXp://sughicent.com/blaka.php $ dig +short sughicent.com 5.63.155.126 $ nslookup 5.63.155.126 5-63-155-126.cloudvps.regruhosting.ru Referencing malware binaries (MD5 hash):… Читать далее Malware botnet controller @5.63.155.126
Рубрика: reg.ru
DCRat botnet controller @89.108.102.163
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. DCRat botnet controller located at 89.108.102.163 on port 80 (using HTTP GET): hXXp://89.108.102.163/HttpprocessdefaultWindowsgenerator.php $ nslookup 89.108.102.163 89-108-102-163.cloudvps.regruhosting.ru Referencing malware binaries (MD5 hash): e9589c076fc51d358fe5eece0b2381da — AV detection: 31… Читать далее DCRat botnet controller @89.108.102.163
Spamvertised website
2022-02-23 gotogml.com. 60 IN A 37.140.197.206 2022-02-20 gotogml.com. 60 IN A 45.8.127.154 2022-02-01 gotogml.com. 60 IN A 194.87.1.4 2022-01-31 gotogml.com. 60 IN A 194.87.1.5 2022-01-20 gotogml.com. 60 IN A 194.87.185.11 2022-01-18 gotogml.com. 60 IN A 5.188.160.30 Received: from iustocouny.newdom.com (20.77.57.222) Date: Mon, 17 Jan 2022 12:34:00 +0000 From: 💖💖 Charming Russian Girls 💖💖 <> Subject:… Читать далее Spamvertised website
advance fee fraud spam source at rusloterei.ru
Mail server distributing advance fee fraud (‘419’) spam thanks to a compromised password. rusloterei.ru. 3600 IN A 151.248.120.89 =================================================================================== Return-Path: <info@rusloterei.ru> Received: from rusloterei.ru (HELO rusloterei.ru) (151.248.120.89) by x (x) with (AES256-SHA encrypted) ESMTPS; Thu, 13 Jan 2022 xx:xx:xx +0000 Received: from 42-233-24-185.static.servebyte.com ([185.24.233.42] helo=User) by rusloterei.ru with esmtpa (Exim 4.63) (envelope-from <info@rusloterei.ru>) id x;… Читать далее advance fee fraud spam source at rusloterei.ru
Malware botnet controller @194.58.97.14
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 194.58.97.14 on port 443 TCP: $ telnet 194.58.97.14 443 Trying 194.58.97.14… Connected to 194.58.97.14. Escape character… Читать далее Malware botnet controller @194.58.97.14
Malware botnet controller @31.31.198.106
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 31.31.198.106 on port 80 (using HTTP POST): hXXp://pnl34625.site/api/endpoint.php $ dig +short pnl34625.site 31.31.198.106 $ nslookup 31.31.198.106 server5.hosting.reg.ru Referencing malware binaries (MD5 hash):… Читать далее Malware botnet controller @31.31.198.106
apple user phishing server
194.58.97.112|appieid.me|2021-11-29 01:20:56 194.58.97.112|appield.me|2021-11-05 15:06:38 194.58.97.112|login-appleid.us|2021-11-17 21:26:14 194.58.97.112|maps-apple.com|2021-11-16 08:26:54 194.58.97.112|recover-apple.me|2021-11-29 03:26:02
Malware botnet controllers @91.224.22.142
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 91.224.22.142 on port 443: $ telnet 91.224.22.142 443 Trying 91.224.22.142… Connected to 91.224.22.142. Escape character is… Читать далее Malware botnet controllers @91.224.22.142
Carding fraud site/forum: briansclub.cm / briansclub.at (omerta.cc / rescator.cm / lampeduza.cm)
Stolen credit card data sites: <a href=»https://briansclub.at/register»><img src=»https://i.imgur.com/shMP31G.gif»></a> <a href=»https://briansclub.at/register»><img src=»https://i.imgur.com/XwRsPnJ.gif»></a> briansclub.cm. 600 IN A 91.224.22.46 _____________ Was: briansclub.cm. 600 IN A 91.240.242.114 _____________ Was: briansclub.cm. 60 IN A 185.105.91.69 _____________ Was: briansclub.cm. 60 IN A 190.115.18.206 _____________ Was: briansclub.cm. 600 IN A 45.139.184.171 _____________ Was: briansclub.cm. 600 IN A 185.217.199.119 _____________ Was: briansclub.at. 600… Читать далее Carding fraud site/forum: briansclub.cm / briansclub.at (omerta.cc / rescator.cm / lampeduza.cm)
Malware botnet controllers @91.224.22.76
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 91.224.22.76 on port 443: $ telnet 91.224.22.76 443 Trying 91.224.22.76… Connected to 91.224.22.76. Escape character is… Читать далее Malware botnet controllers @91.224.22.76