147.182.249.253|secure02a-citi-logon-account.com|2021-12-11 19:08:58 147.182.249.253|secure03a-citi-logon-account.com|2021-12-11 19:15:41
Carding fraud site/forums: fe-acc18.ru (DNS)
ns1.fe-acc18.ru. 300 IN A 128.199.244.220 ns2.fe-acc18.ru. 300 IN A 159.223.74.144 ns3.fe-acc18.ru. 296 IN A 45.9.20.220 __________________________ Was: ns1.fe-acc18.ru. 300 IN A 159.223.69.200 ns2.fe-acc18.ru. 300 IN A 159.223.74.144 ns3.fe-acc18.ru. 296 IN A 45.9.20.220 __________________________ Was: ns1.fe-acc18.ru. 300 IN A 159.223.69.200 ns2.fe-acc18.ru. 300 IN A 159.223.74.144 ns3.fe-acc18.ru. 296 IN A 45.9.20.218 __________________________ Was: ns1.fe-acc18.ru. 300 IN A… Читать далее Carding fraud site/forums: fe-acc18.ru (DNS)
phishing server
35.237.86.164|01chase-updated2.us|2021-12-02 00:30:58 35.237.86.164|chsec02.us|2021-12-02 00:31:07 35.237.86.164|ci10a.us|2021-12-10 05:20:50 35.237.86.164|cmdt03.us|2021-11-30 04:45:55 35.237.86.164|cui89.us|2021-12-08 00:41:16 35.237.86.164|farg0-0wellsrestor.us|2021-12-03 19:25:58 35.237.86.164|klgf02.us|2021-12-03 19:16:04 35.237.86.164|klnm02.us|2021-12-03 12:51:47 35.237.86.164|l0g1ngate08-ver1fy.us|2021-12-08 17:36:05 35.237.86.164|l0g1ngate15-ver1fy.us|2021-12-10 02:10:51 35.237.86.164|l0g1ngate16-ver1fy.us|2021-12-10 07:46:41 35.237.86.164|sec53-restor01.us|2021-12-03 02:06:26 35.237.86.164|smileyeshop.com|2021-04-16 12:52:03 35.237.86.164|updat01-yourciti.us|2021-11-29 23:11:13 35.237.86.164|ver1fy-pr0f1lgate09.us|2021-12-11 02:20:37
log4j exploit server @163.172.157.143
ldap://163.172.157.143:1389/sztxqk
phishing server
3.144.236.119|authverify00.com|2021-12-10 01:39:32 3.144.236.119|chasebankcard-alert.com|2021-12-10 15:21:21 3.144.236.119|citicard-secure.com|2021-12-10 21:50:47 3.144.236.119|citio21auth.com|2021-12-10 02:10:55 3.144.236.119|wellsfargocard-alert.com|2021-12-10 01:10:55
Malware distribution and malware botnet controller @45.8.124.229
The host at this IP address is currently being used to distribute malware. Malware distribution located here: hXXp://neofunkyjunky.com/work/top.exe neofunkyjunky.com. 600 IN A 45.8.124.229 Malware botnet controller @46.173.214.57 port 443. $ telnet 45.8.124.229 443 Trying 45.8.124.229… Connected to 45.8.124.229. Escape character is ‘^]’ endback.biz. 600 IN A 45.8.124.229 Referencing malware binaries (MD5 hash): 0304056cf9847bfb1b045621ad92a7e5 — AV… Читать далее Malware distribution and malware botnet controller @45.8.124.229
Spam Emitter (GFORD Institute of Management)
This IP address is sending spam for the GFORD Institute of Management, a persistent spam operation that provides business training seminars/webinars and spams scraped, purchased or appended lists to advertise their services. Received: from <x> (vps-ec1a970d.vps.ovh.ca [167.114.36.142]) Received: from LAPTOP1BQ96IGC (unknown [223.233.73.158]) Date: Fri, 10 Dec 2021 11:##:## +0530 From: «Piyush Verma» <namoa436@gmail.com> Subject: Webinar… Читать далее Spam Emitter (GFORD Institute of Management)
credit card scammers hosted by Cloudflare
Fake «age verification» site designed to steal credit card information ageverifyonline.com. 300 IN A 172.67.205.86 ageverifyonline.com. 300 IN A 104.21.22.148 Domain name: ageverifyonline.com Registry Domain ID: 2579050177_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 2021-11-16T05:31:19.28Z Creation Date: 2020-12-16T17:57:02.00Z Registrar Registration Expiration Date: 2022-12-16T17:57:02.00Z Registrar: NAMECHEAP INC Registrar IANA ID: 1068 Registrar Abuse Contact… Читать далее credit card scammers hosted by Cloudflare
credit card scammers hosted by Cloudflare
Fake «age verification» site designed to steal credit card information ageverifyonline.com. 300 IN A 172.67.205.86 ageverifyonline.com. 300 IN A 104.21.22.148 Domain name: ageverifyonline.com Registry Domain ID: 2579050177_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 2021-11-16T05:31:19.28Z Creation Date: 2020-12-16T17:57:02.00Z Registrar Registration Expiration Date: 2022-12-16T17:57:02.00Z Registrar: NAMECHEAP INC Registrar IANA ID: 1068 Registrar Abuse Contact… Читать далее credit card scammers hosted by Cloudflare
phishing server
hXXps://lrsgovtax.onigirimold.com/form/personal $ host lrsgovtax.onigirimold.com lrsgovtax.onigirimold.com has address 52.142.57.129 52.142.57.129|help-coinbaseupdateinformation.zaddomainzad.com|2021-12-03 22:45:44 52.142.57.129|lrsgov.onigirimold.com|2021-12-10 01:07:49 52.142.57.129|lrsgovtax.onigirimold.com|2021-12-10 17:08:16