The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 144.76.183.53 on port 5634 TCP: $ telnet 144.76.183.53 5634 Trying 144.76.183.53… Connected to 144.76.183.53. Escape character… Читать далее RedLineStealer botnet controller @144.76.183.53
RedLineStealer botnet controller @195.133.47.114
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 195.133.47.114 on port 38127 TCP: $ telnet 195.133.47.114 38127 Trying 195.133.47.114… Connected to 195.133.47.114. Escape character… Читать далее RedLineStealer botnet controller @195.133.47.114
ParallaxRAT botnet controller @51.195.57.232
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 51.195.57.232 on port 6080 TCP: $ telnet 51.195.57.232 6080 Trying 51.195.57.232… Connected to 51.195.57.232. Escape character… Читать далее ParallaxRAT botnet controller @51.195.57.232
Malware botnet controller @18.228.11.80
Malware botnet controller hosted here: http://ec2-18-228-11-80.sa-east-1.compute.amazonaws.com/TES/M98867567576756U6U6U67.zip http://ec2-18-228-11-80.sa-east-1.compute.amazonaws.com/TEST_2/dados.txt http://ec2-18-228-11-80.sa-east-1.compute.amazonaws.com/TEST_2/clientes.php http://ec2-18-228-11-80.sa-east-1.compute.amazonaws.com/TEST_2/erttrry565465454r.php $ dig +short ec2-18-228-11-80.sa-east-1.compute.amazonaws.com 18.228.11.80 $ dig +short f1n2nc32022.com 103.125.218.24
Carding fraud site/forums: fe-acc18.ru
Stolen credit card data sites: https://procrd.biz/ >>> https://i.imgur.com/dnhfzOq.gif >>> https://www.fe-acc18.ru/ 213.52.129.206 fe-acc18.ru 2021-12-17 01:23:41 ________________ Was: 185.236.231.138 fe-acc18.ru 2021-12-15 15:38:08 ________________ Was: 159.203.41.229 fe-acc18.ru 2021-12-13 03:21:12 ________________ Was: 216.73.159.30 fe-acc18.ru 2021-12-11 00:05:42 ________________ Was: 45.9.20.217 fe-acc18.ru 2021-12-09 23:33:45 216.73.159.30 fe-acc18.ru 2021-12-11 00:05:42 ________________ Was: 91.241.19.78 fe-acc18.ru 2021-12-09 01:40:53 ________________ Was: fe-acc18.ru. 300 IN A 193.56.146.111… Читать далее Carding fraud site/forums: fe-acc18.ru
phishing server
159.65.217.144|confirmdisco.com|2021-12-17 03:32:22 159.65.217.144|confirmreigons.com|2021-12-17 06:28:56 159.65.217.144|myinfo-citi.com|2021-12-17 02:12:40
Suspected Snowshoe Spam IP Range — Sanjay, Raj
Based on research, analysis of network data, our ‘snowshoe’ spam detection systems, intelligence sources and our experience, Spamhaus believes that this IP address range is being used or is about to be used for the purpose of high volume ‘snowshoe’ spam emission. As a precaution therefore we are listing this IP range in an SBL… Читать далее Suspected Snowshoe Spam IP Range — Sanjay, Raj
Malware botnet controller @5.9.224.220
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller at 5.9.224.220 on port 443. $ telnet 5.9.224.220 443 Trying 5.9.224.220… Connected to 5.9.224.220. Escape character is ‘^]’ Malicious domains observed at this IP… Читать далее Malware botnet controller @5.9.224.220
Guildma botnet controller @54.39.227.187
The host at this IP address is hosted a Guildma botnet tier-2 controller, targeting Brazilian internet users: http://54.39.227.187
MooBot botnet controller @139.162.59.39
MooBot botnet controller hosted here: $ telnet 139.162.59.39 7074 Trying 139.162.59.39… Connected to 139.162.59.39. Escape character is ‘^]’.