The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Socelars botnet controller located at 45.94.58.223 on port 80 (using HTTP POST): hXXp://www.uspzsx.com/Home/Index/djksye $ dig +short www.uspzsx.com 45.94.58.223 $ nslookup 45.94.58.223 vmi771097.contaboserver.net Referencing malware binaries (MD5 hash):… Читать далее Socelars botnet controller @45.94.58.223
RedLineStealer botnet controller @95.143.179.185
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 95.143.179.185 on port 31334 TCP: $ telnet 95.143.179.185 31334 Trying 95.143.179.185… Connected to 95.143.179.185. Escape character… Читать далее RedLineStealer botnet controller @95.143.179.185
Abused crypto currency mining pool
The host at this IP address is running a crypto currency mining pool that is currently being abused by cybercriminals for mining crypto currencies on malware infected computers. The following information should be sufficient for the identification and suspension of the abusive users: {«id»:1,»jsonrpc»:»2.0″,»method»:»login»,»params»:{«login»:»6059336″,»pass»:»myminer»,»agent»:»XMRig/6.15.2 (Windows NT 10.0; Win64; x64) libuv/1.38.0 msvc/2019″,»rigid»:»»,»algo»:[«rx/0″,»cn/2″,»cn/r»,»cn/fast»,»cn/half»,»cn/xao»,»cn/rto»,»cn/rwz»,»cn/zls»,»cn/double»,»cn/ccx»,»cn-lite/1″,»cn-heavy/0″,»cn-heavy/tube»,»cn-heavy/xhv»,»cn-pico»,»cn-pico/tlo»,»cn/upx2″,»cn/1″,»rx/wow»,»rx/arq»,»rx/graft»,»rx/sfx»,»rx/keva»,»argon2/chukwa»,»argon2/chukwav2″,»argon2/ninja»,»astrobwt»]}}
Malware botnet controller @172.67.136.96
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 172.67.136.96 on port 80 (using HTTP GET): hXXp://askiff.xyz/cookie/useStatistics/count $ dig +short askiff.xyz 172.67.136.96 Referencing malware binaries (MD5 hash): 0cbc41dabe91178f48bdc58913c3bf02 — AV detection:… Читать далее Malware botnet controller @172.67.136.96
Malware botnet controllers @194.87.1.18
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 194.87.1.18 on port 443: $ telnet 194.87.1.18 443 Trying 194.87.1.18… Connected to 194.87.1.18. Escape character is… Читать далее Malware botnet controllers @194.87.1.18
phishing server
147.182.216.209|regions-personal-banking.co|2022-01-14 22:54:04 147.182.216.209|regions-redirect.co|2022-01-14 22:21:13
Abused / misconfigured newsletter service (listbombing)
The host at this IP address is being (ab)used to «listbomb» email addresses: From: contact@panneau-banderole-plexi.fr <contact@panneau-banderole-plexi.fr> Subject: Votre enseigne lumineuse rétroéclairée Problem description ============================ Spammers signed up for the bulk email service using the victim’s email address. As a result, the victim is being «listbombed» with transactional messages and bulk email campaigns. Problem resolution ============================… Читать далее Abused / misconfigured newsletter service (listbombing)
spam support (domains)
Domain used in spam operation myfamilyfun.club [172.67.214.170]
spam emitters
Received: from s6.kroshem.ru (s6.kroshem.ru [79.143.24.134]) Date: Thu, 13 Jan 2022 20:1x:xx +0000 From: Aleksandr <info@s6.kroshem.ru> Subject: Предложение 79.143.24.130 kroshem.ru 79.143.24.131 kroshem.ru 79.143.24.132 kroshem.ru 79.143.24.133 kroshem.ru 79.143.24.134 kroshem.ru
Carding fraud site/forum: c2bit.mu etc.
https://u.to/UzssGA >>> http://c2bit.mu/en/#/ http://vn5socks.net/images/c2bit1.gif c2bit.pw. 600 IN A 194.87.185.57 c2bit.mu. 600 IN A 194.87.185.57 _________________ Was: c2bit.pw. 600 IN A 185.251.89.10 c2bit.mu. 600 IN A 185.251.89.10 _________________ Was: c2bit.pw. 600 IN A 46.173.218.192 c2bit.mu. 600 IN A 46.173.218.192 _________________ Was: c2bit.pw. 600 IN A 31.28.27.177 c2bit.mu. 600 IN A 31.28.27.177 _________________ Was: c2bit.pw. 600 IN… Читать далее Carding fraud site/forum: c2bit.mu etc.