The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 66.29.151.252 on port 80 (using HTTP POST): hXXp://66.29.151.252/~nextimageblog/picture.php Referencing malware binaries (MD5 hash): 7b467054ca8f7e9692cd00419d0a1d40 — AV detection: 15 / 63 (23.81)
Loki botnet controller @104.21.79.142
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 104.21.79.142 on port 80 (using HTTP POST): hXXp://bouquetltd.xyz/five/fre.php $ dig +short bouquetltd.xyz 104.21.79.142 Referencing malware binaries (MD5 hash): 67ccc2f495dbb52f7268ace9b43c37bc — AV detection:… Читать далее Loki botnet controller @104.21.79.142
Loki botnet controller @172.67.146.15
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 172.67.146.15 on port 80 (using HTTP POST): hXXp://bouquetltd.xyz/five/fre.php $ dig +short bouquetltd.xyz 172.67.146.15 Referencing malware binaries (MD5 hash): 67ccc2f495dbb52f7268ace9b43c37bc — AV detection:… Читать далее Loki botnet controller @172.67.146.15
Loki botnet controller @172.67.160.125
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 172.67.160.125 on port 80 (using HTTP POST): hXXp://hdmidu.xyz/five/fre.php $ dig +short hdmidu.xyz 172.67.160.125 Other malicious domain names hosted on this IP address:… Читать далее Loki botnet controller @172.67.160.125
Maili.ee
$ host reeo.xyz reeo.xyz has address 195.24.66.89 This IP is mailing on behalf of Maili.ee.
Carding fraud tool site: luxchecker.pm / luxchecker.pw etc.
Selling balance checking to stolen credit card cybercriminals: «CC/DUMPS/AVS/BALANCE/PAYPAL CARD Checker. « https://luxchecker.pm/ https://luxchecker.pw/ luxchecker.pm. 600 IN A 45.8.127.131 luxchecker.pw. 600 IN A 45.8.127.131 ___________________ Was: luxchecker.pm. 600 IN A 185.87.48.30 luxchecker.pw. 600 IN A 185.87.48.30 ___________________ Was: luxchecker.pm. 600 IN A 185.125.219.61 luxchecker.pw. 600 IN A 185.125.219.61 ___________________ Was: luxchecker.pm. 600 IN A 198.11.180.178… Читать далее Carding fraud tool site: luxchecker.pm / luxchecker.pw etc.
AsyncRAT botnet controller @20.113.26.85
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 20.113.26.85 on port 8808 TCP: $ telnet 20.113.26.85 8808 Trying 20.113.26.85… Connected to 20.113.26.85. Escape character… Читать далее AsyncRAT botnet controller @20.113.26.85
Cybercriminal carding gang at cvv-net.su, cvv-ru.su etc.
Stolen credit card data websites: 165.227.225.78 cvv-market.su 2021-11-22 00:40:44 165.227.225.78 cvv-online.su 2021-11-18 15:32:11 165.227.225.78 cvv-pro.su 2021-11-03 16:56:25 165.227.225.78 cvv-ru.su 2021-11-22 07:29:01 165.227.225.78 cvvme-shop.su 2021-11-22 07:29:01 165.227.225.78 cvvme-store.su 2021-11-06 10:45:58 165.227.225.78 cvvme.club 2021-11-14 02:30:44 165.227.225.78 cvvme.info 2021-11-15 10:51:45 165.227.225.78 cvvme.online 2021-11-03 16:57:00 165.227.225.78 cvvme.shop 2021-11-17 04:20:14 165.227.225.78 www.cvv-ru.su 2021-11-22 08:25:18 _____________________ Was: cvv-net.su. 3599 IN A… Читать далее Cybercriminal carding gang at cvv-net.su, cvv-ru.su etc.
AveMariaRAT botnet controller @20.114.22.8
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 20.114.22.8 on port 7740 TCP: $ telnet 20.114.22.8 7740 Trying 20.114.22.8… Connected to 20.114.22.8. Escape character… Читать далее AveMariaRAT botnet controller @20.114.22.8
zkh15.top
This IP address is sending spam for Zacc Serum, a disk jockey located in Paris, France. Zacc Serum hired a bulk email organization named @Mail250 to send bulk email for them. @Mail250 sends a great deal of spam. We are not sure whether the list that sent this email came from the customer or from… Читать далее zkh15.top