using fake «Short URL» domains to SMS phish 130.162.39.185|authly-infob2.com|2022-01-19 20:07:09 130.162.39.185|bverify-2info.com|2022-01-19 14:13:29 130.162.39.185|clean-verify2host.com|2022-01-18 18:07:30 130.162.39.185|hostb2-verifyuser.com|2022-01-18 19:07:25 130.162.39.185|security-serverb2.com|2022-01-18 01:12:51 130.162.39.185|securlyb2-info.com|2022-01-19 18:12:02 130.162.39.185|userb02-authen9.com|2022-01-19 17:27:49 130.162.39.185|verifyb2-server09.com|2022-01-18 18:12:16 130.162.39.185|web-hostverify.com|2022-01-17 18:17:13
Malware botnet controller @194.87.185.5
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 194.87.185.5 on port 443: $ telnet 194.87.185.5 443 Trying 194.87.185.5… Connected to 194.87.185.5. Escape character is… Читать далее Malware botnet controller @194.87.185.5
Loki botnet controller @178.128.244.245
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 178.128.244.245 on port 80 (using HTTP POST): hXXp://178.128.244.245/search.php Referencing malware binaries (MD5 hash): 04d719f8f064331d96a9eaed4788f16c — AV detection: 19 / 67 (28.36) 38d24c5271d3d1a401b412d68eff5861… Читать далее Loki botnet controller @178.128.244.245
Credit card fraud gang hosting (DNS): florenciyas.su (fe-shop.su / vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.)
Stolen credit card data websites (DNS servers): ns1.florenciyas.su. 7174 IN A 206.81.26.163 ns2.florenciyas.su. 7167 IN A 185.220.177.151 __________________________ Was: ns1.florenciyas.su. 7174 IN A 45.81.7.116 ns2.florenciyas.su. 7167 IN A 45.15.161.151 __________________________ Was: ns1.florenciyas.su. 7174 IN A 45.81.7.116 ns2.florenciyas.su. 7167 IN A 45.139.186.210 __________________________ Was: ns1.florenciyas.su. 7174 IN A 88.119.179.157 ns2.florenciyas.su. 7167 IN A 176.107.160.149 __________________________ Was:… Читать далее Credit card fraud gang hosting (DNS): florenciyas.su (fe-shop.su / vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.)
affiliate spam @insidernewstoday.net
2022-01-19 insidernewstoday.net. 60 IN A 142.93.194.160 2022-01-06 insidernewstoday.net. 60 IN A 159.223.165.61 2021-11-16 insidernewstoday.net. 60 IN A 137.184.131.231 Received: from cj6i463.merrell.pl (23.97.251.208) From: Male Enhancement – Granite <cupEU@cupEU.fi> Subject: ❤️ Are you the Man you Could Be? Try Granite!❤️ Date: Sat, 13 Nov 2021 23:4x:xx +0000 http://23.11.133.34.bc.googleusercontent.com/t?encv=2&v=[] 34.133.11.23 https://puysegura.com/?E=[]&s1=16&s2=38226 18.236.164.87 https://enadtaerg.com/?E=[]&s1=16&s2=38226&ckmguid=[] 13.52.80.238 https://insidernewstoday.net/male/en/med-journal/v2/granite/?AFID=428015&CID=430234&ADID=2359327&SID=4504&AffiliateReferenceID=[] 208.68.36.33
AsyncRAT botnet controller @167.71.7.168
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 167.71.7.168 on port 7707 TCP: $ telnet 167.71.7.168 7707 Trying 167.71.7.168… Connected to 167.71.7.168. Escape character… Читать далее AsyncRAT botnet controller @167.71.7.168
Malware hosting (escallation)
Malware hosting with no response to notifications: SBL540633 147.135.126.103 2022-01-16 [Spamhaus] FINAL REMINDER: Malware distribution at 147.135.126.103 (SBL540633) SBL540633 147.135.126.103 2022-01-13 [Spamhaus] REMINDER: Malware distribution at 147.135.126.103 (SBL540633) SBL540633 147.135.126.103 2022-01-12 SBL Notify: IP: 147.135.126.103 added to Spamhaus Block List (SBL) NetRange: 147.135.126.100 — 147.135.126.103 CIDR: 147.135.126.100/30 NetName: OVH-CUST-10640361 NetHandle: NET-147-135-126-100-1 Parent: OUL-16 (NET-147-135-0-0-1) NetType:… Читать далее Malware hosting (escallation)
Tofsee botnet controller @194.87.185.165
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 194.87.185.165 on port 443 TCP: $ telnet 194.87.185.165 443 Trying 194.87.185.165… Connected to 194.87.185.165. Escape character… Читать далее Tofsee botnet controller @194.87.185.165
Malware botnet controllers @51.254.57.46
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 51.254.57.46 on port 443: $ telnet 51.254.57.46 443 Trying 51.254.57.46… Connected to 51.254.57.46. Escape character is… Читать далее Malware botnet controllers @51.254.57.46
DCRat botnet controller @178.250.157.127
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. DCRat botnet controller located at 178.250.157.127 on port 80 (using HTTP GET): hXXp://178.250.157.127/Php_updatedlePrivate.php $ nslookup 178.250.157.127 mandera.but.fvds.ru Referencing malware binaries (MD5 hash): 411f9446b442f1562501e75f2e6705a0 — AV detection: 47… Читать далее DCRat botnet controller @178.250.157.127