myaccountonline03-redirect.me has address 34.134.105.14 onlineverifyuser07.support has address 34.134.105.14
phishing server
hXXps://gr-new-payment-security.link/ $ host gr-new-payment-security.link gr-new-payment-security.link has address 46.101.130.239
phishing server
sevice-securepass.gq has address 161.97.112.151 sevice-securepass.ml has address 161.97.112.151 sevice-securepass.cf has address 161.97.112.151 sevice-securepass.ga has address 161.97.112.151 noreplay-postalcertiplus.gq has address 161.97.112.151 securite-bancaire-belgique.ml has address 161.97.112.151 noreplayto-assistance.gq has address 161.97.112.151 cristal-secure.cf has address 161.97.112.151 postalgm.ml has address 161.97.112.151 noreplayto-assistance.tk has address 161.97.112.151 cristal-secure.ml has address 161.97.112.151 securite-banque-france.ga has address 161.97.112.151 securite-bancaire-france.ml has address 161.97.112.151 securite-bancaire-france.tk has address… Читать далее phishing server
RaccoonStealer botnet controller @104.21.17.146
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. RaccoonStealer botnet controller located at 104.21.17.146 on port 80 (using HTTP GET): hXXp://teletop.top/stevuitreen $ dig +short teletop.top 104.21.17.146 Referencing malware binaries (MD5 hash): 0bea974fca09703496dcca41ce759790 — AV detection:… Читать далее RaccoonStealer botnet controller @104.21.17.146
spam emitters
Received: from s6.megojom.ru (megojom.ru [185.186.2.109]) Date: Tue, 5 Oct 2021 10:0x:xx +0000 From: Aleksandr <info@s6.megojom.ru> Subject: Предложение 185.186.2.106 qweter.ru 185.186.2.107 telefonsho.ru 185.186.2.108 yeremont.ru 185.186.2.109 megojom.ru 185.186.2.110 uwentos.ru
RedLineStealer botnet controller @135.181.171.9
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 135.181.171.9 on port 45918 TCP: $ telnet 135.181.171.9 45918 Trying 135.181.171.9… Connected to 135.181.171.9. Escape character… Читать далее RedLineStealer botnet controller @135.181.171.9
spam support (domains)
domain used in spam operation 45gb456h.xyz|192.64.119.251
spam emitter @212.47.235.186
Received: from ellehcim.com (212.47.235.186) From: Bitcoin Era<noreply@bitcoincode.ru!>; <noreply@email.ellos.no> Subject: Tiden er inne nå! Date: Mon, 04 Oct 2021 23:4x:xx +0000
spam emitter @212.47.251.55
Received: from htebazile.com (212.47.251.55) From: Bitcoin Era<noreply@bitcoincode.ru!>; <noreply@email.ellos.no> Subject: Tiden er inne nå! Date: Tue, 05 Oct 2021 05:0x:xx +0000
Credit card fraud gang hosting (DNS): zuganov-lox.ru (hacked-paypal-accounts-dump.ru / fe-shop.su / vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.)
ns1.zuganov-lox.ru. 14400 IN A 188.120.224.194 ns2.zuganov-lox.ru. 14400 IN A 195.54.32.116 ____________________ Was: ns1.zuganov-lox.ru. 14400 IN A 94.142.143.206 ns2.zuganov-lox.ru. 14400 IN A 185.170.10.55 ____________________ Was: ns1.zuganov-lox.ru. 14400 IN A 185.87.51.144 ns2.zuganov-lox.ru. 14400 IN A 138.124.182.68 ____________________ Was: ns1.zuganov-lox.ru. 14399 IN A 54.67.78.34 ns2.zuganov-lox.ru. 14399 IN A 178.154.194.181 _____________________ Thu 29 Jul 2021 04:27:58 PM UTC ns1.zuganov-lox.ru… Читать далее Credit card fraud gang hosting (DNS): zuganov-lox.ru (hacked-paypal-accounts-dump.ru / fe-shop.su / vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.)