Received: from static.169.41.108.65.clients.your-server.de ([65.108.41.169] helo=loghanfrelght.com) From: «Jude» <jude@loghanfrelght.com> Date: 13 Oct 2021 15:3x:xx +0200 Subject:PO 38723
Carding fraud site/forums: fe-acc18.ru (DNS)
ns1.fe-acc18.ru. 273 IN A 67.205.169.224 ns2.fe-acc18.ru. 273 IN A 206.189.103.131 ns3.fe-acc18.ru. 273 IN A 194.145.227.153 ___________________________ Was: ns1.fe-acc18.ru. 299 IN A 159.65.60.44 ns2.fe-acc18.ru. 299 IN A 206.189.37.24 ;; QUESTION SECTION: ;ns1.fe-acc18.ru. IN A ;; ANSWER SECTION: ns1.fe-acc18.ru. 300 IN A 159.65.60.44 ;; AUTHORITY SECTION: fe-acc18.ru. 300 IN NS ns1.fe-acc18.ru. fe-acc18.ru. 300 IN NS ns2.fe-acc18.ru. fe-acc18.ru.… Читать далее Carding fraud site/forums: fe-acc18.ru (DNS)
Carding fraud site/forums: fe-acc18.ru (DNS)
ns1.fe-acc18.ru. 273 IN A 67.205.169.224 ns2.fe-acc18.ru. 273 IN A 206.189.103.131 ns3.fe-acc18.ru. 273 IN A 194.145.227.153 ___________________________ Was: ns1.fe-acc18.ru. 299 IN A 159.65.60.44 ns2.fe-acc18.ru. 299 IN A 206.189.37.24 ;; QUESTION SECTION: ;ns1.fe-acc18.ru. IN A ;; ANSWER SECTION: ns1.fe-acc18.ru. 300 IN A 159.65.60.44 ;; AUTHORITY SECTION: fe-acc18.ru. 300 IN NS ns1.fe-acc18.ru. fe-acc18.ru. 300 IN NS ns2.fe-acc18.ru. fe-acc18.ru.… Читать далее Carding fraud site/forums: fe-acc18.ru (DNS)
spam emitter @54.240.48.103
Received: from a48-103.smtp-out.amazonses.com (54.240.48.103) From: Anna Axelsson <anna@topwiss.com> Subject: Rop till gårdagens högsta inkomsttagare! Date: Wed, 13 Oct 2021 16:0x:xx +0000
RaccoonStealer botnet controller @172.67.168.153
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. RaccoonStealer botnet controller located at 172.67.168.153 on port 80 (using HTTP GET): hXXp://telegatt.top/agrybirdsgamerept $ dig +short telegatt.top 172.67.168.153 Referencing malware binaries (MD5 hash): 56ac1130ae56b1fe76660923ededc39c — AV detection:… Читать далее RaccoonStealer botnet controller @172.67.168.153
phishing server
onlineidchase07bredirect.support has address 35.232.10.102 verifyonlineidchase07b.support has address 35.232.10.102
phishing server
wfbankconnectsecure.com has address 66.29.143.97 helpinfologin.com has address 66.29.143.97 mobile-check-online.com has address 66.29.143.97 mobile-check-your-account.com has address 66.29.143.97 support-check-your-account.com has address 66.29.143.97
Malware botnet controllers @82.202.194.6
Malware botnet controller located at 82.202.194.6 on port 443: $ telnet 82.202.194.6 443 Trying 82.202.194.6… Connected to 82.202.194.6. Escape character is ‘^]’ privacy-toolz-for-you-5000.top. 600 IN A 82.202.194.6 privacytoolzfor-you5000.top. 600 IN A 82.202.194.6 Referencing malware binaries (MD5 hash): 4854a42e3f0e398b5555a9e1af39aefd — AV detection: 21 / 67 (31.34) 7082262c3e64ebe2c4044e012e680d1a — AV detection: 17 / 64 (26.56) d46b9640171929979ce9e6b061fecfef —… Читать далее Malware botnet controllers @82.202.194.6
Malware botnet controller @5.188.42.121
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 5.188.42.121 on port 443 TCP: $ telnet 5.188.42.121 443 Trying 5.188.42.121… Connected to 5.188.42.121. Escape character… Читать далее Malware botnet controller @5.188.42.121
Metamorfo botnet controller @172.67.215.87
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Metamorfo botnet controller located at 172.67.215.87 on port 80 (using HTTP GET): hXXp://bcorvo.com/cookieDatabase/ $ dig +short bcorvo.com 172.67.215.87 Other malicious domain names hosted on this IP address:… Читать далее Metamorfo botnet controller @172.67.215.87