62.4.16.134|accomingfirst.com|2021-09-22 09:47:03 62.4.16.134|account-paypalverif.com|2021-09-15 14:16:55 62.4.16.134|accountserviceset.com|2021-08-18 00:30:56 62.4.16.134|adminserviceid.com|2021-12-01 23:21:07 62.4.16.134|connection-secu.com|2021-09-07 13:51:05 62.4.16.134|connexion-pay.com|2021-09-23 06:06:28 62.4.16.134|connexion-secu.com|2021-09-20 08:12:12 62.4.16.134|consploeff.com|2021-11-09 21:46:15 62.4.16.134|cossplayhunt.com|2021-10-14 19:16:27 62.4.16.134|disneywebinc.com|2021-08-18 00:30:56 62.4.16.134|help-seviceamz.com|2021-08-18 00:26:09 62.4.16.134|hubtshop.com|2021-09-23 10:29:25 62.4.16.134|impotgouv-service.com|2021-09-16 07:46:25 62.4.16.134|information-clients.com|2021-10-27 17:51:44 62.4.16.134|log-account.com|2021-08-14 06:10:57 62.4.16.134|netlxsecure.com|2021-12-16 18:01:11 62.4.16.134|playmeoffwhite.com|2021-11-28 02:10:57 62.4.16.134|ppl-identite.com|2021-12-10 14:16:08 62.4.16.134|secureconnectpass.serveirc.com|2021-09-11 03:30:00 62.4.16.134|securisation-pay.com|2021-09-20 17:21:47 62.4.16.134|securntxoff.com|2021-11-03 02:41:29 62.4.16.134|servcurepayp.com|2021-11-21 11:26:09 62.4.16.134|servicepayplrest.com|2021-11-12 02:30:50 62.4.16.134|suivipick.fr|2021-08-11 02:05:27 62.4.16.134|support-ntflx-fr.com|2021-10-29 01:36:17 62.4.16.134|supportbip.com|2021-09-16 10:52:05 62.4.16.134|supportcancelupdates.com|2021-11-29 12:47:04 62.4.16.134|www.costfornegs.com|2021-12-16… Читать далее phishing server
App Development/Web Devlopment/SEO spam operation loose on PHPList
In the past few days, a spam operation that uses many domains in the From headers of its emails but has other characteristics that connect it is sending spam from PHPList. The numbers of domains are large, probably to evade domain blocklists. PHPList: Below is a set of redacted spam samples for you. We see… Читать далее App Development/Web Devlopment/SEO spam operation loose on PHPList
phishing server
34.125.169.135|l0g7n-gate6f.us|2021-12-12 22:25:51 34.125.169.135|ver1fy-dashboard.us|2021-12-16 17:36:09 34.125.169.135|vs76g.us|2021-12-12 22:20:50
phishing server
verifybecuprofile.com has address 13.40.70.238
Credit card fraud gang hosting (DNS): zuganov-lox.ru (hacked-paypal-accounts-dump.ru / fe-shop.su / vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.)
ns1.zuganov-lox.ru. 14400 IN A 185.246.67.106 ns2.zuganov-lox.ru. 14400 IN A 213.189.220.165 ____________________ Was: ns1.zuganov-lox.ru. 14400 IN A 45.128.53.184 ns2.zuganov-lox.ru. 14400 IN A 176.107.160.141 ____________________ Was: ns1.zuganov-lox.ru. 14400 IN A 5.181.255.171 ns2.zuganov-lox.ru. 14400 IN A 176.107.160.202 ____________________ Was: ns1.zuganov-lox.ru. 14400 IN A 5.181.255.171 ns2.zuganov-lox.ru. 14400 IN A 45.128.53.186 ____________________ Was: ns1.zuganov-lox.ru. 14400 IN A 5.181.255.171 ns2.zuganov-lox.ru. 14400… Читать далее Credit card fraud gang hosting (DNS): zuganov-lox.ru (hacked-paypal-accounts-dump.ru / fe-shop.su / vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.)
Cybercriminal carding gang at cvv-net.su, cvv-ru.su etc.
Stolen credit card data websites: 167.71.228.248 cvv-com.su 2021-12-07 08:11:30 167.71.228.248 cvv-market.su 2021-12-15 07:31:19 167.71.228.248 cvv-net.su 2021-12-07 08:12:10 167.71.228.248 cvv-pro.su 2021-12-15 07:31:09 167.71.228.248 cvv-ru.su 2021-12-16 12:28:29 167.71.228.248 cvvme-shop.su 2021-12-16 12:28:25 167.71.228.248 cvvme-store.su 2021-12-15 07:31:42 167.71.228.248 validcc-market.su 2021-12-14 14:26:35 167.71.228.248 validcc-su.su 2021-12-07 08:12:01 167.71.228.248 www.cvvme-store.su 2021-12-14 01:17:23 _____________________ Was: 165.227.225.78 cvv-market.su 2021-11-22 00:40:44 165.227.225.78 cvv-online.su 2021-11-18 15:32:11… Читать далее Cybercriminal carding gang at cvv-net.su, cvv-ru.su etc.
Carding fraud site/forums: fe-acc18.ru (DNS)
ns1.fe-acc18.ru. 300 IN A 128.199.244.220 ns2.fe-acc18.ru. 300 IN A 159.223.61.164 ns3.fe-acc18.ru. 296 IN A 45.9.20.220 __________________________ Was: ns1.fe-acc18.ru. 300 IN A 128.199.244.220 ns2.fe-acc18.ru. 300 IN A 159.223.74.144 ns3.fe-acc18.ru. 296 IN A 45.9.20.220 __________________________ Was: ns1.fe-acc18.ru. 300 IN A 159.223.69.200 ns2.fe-acc18.ru. 300 IN A 159.223.74.144 ns3.fe-acc18.ru. 296 IN A 45.9.20.220 __________________________ Was: ns1.fe-acc18.ru. 300 IN A… Читать далее Carding fraud site/forums: fe-acc18.ru (DNS)
AsyncRAT botnet controller @34.140.211.85
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 34.140.211.85 on port 7707 TCP: $ telnet 34.140.211.85 7707 Trying 34.140.211.85… Connected to 34.140.211.85. Escape character… Читать далее AsyncRAT botnet controller @34.140.211.85
phishing server
hXXps://citi-secure9.com/card-auth.php 52.161.24.93|citi-online1.com|2021-12-09 19:46:19 52.161.24.93|citi-secure0.com|2021-12-16 03:15:53 52.161.24.93|citi-secure1.com|2021-12-14 04:20:39 52.161.24.93|citi-secure2.com|2021-12-14 04:20:43 52.161.24.93|citi-secure9.com|2021-12-15 08:11:14 52.161.24.93|citionline09.com|2021-12-11 00:25:55 52.161.24.93|citionline3.com|2021-12-12 21:00:44 52.161.24.93|citisecure01.com|2021-12-12 01:25:47 52.161.24.93|citisecure02.com|2021-12-09 19:36:23 52.161.24.93|coinsbase2.com|2021-12-12 02:00:50
phishing server
20.114.48.255|urgent-wellsfargo.com|2021-12-16 02:45:53