wellsf-confirm.com has address 129.151.91.181
phishing server
xn--bankofamrica-cwb.net (bankofamęrica.net) has address 150.136.10.126
phishing server
chase-secureinfo.com has address 129.146.194.242 citizen-onlinebank.com has address 129.146.194.242
Credit card fraud domain hosting: cvvstore.su (adminshop.su / fullz.su / buycvvshop.su)
fe-shop-cc.com. 14399 IN A 178.79.187.121 hackseller.su. 14399 IN A 178.79.187.121 cvvstore.su. 14399 IN A 178.79.187.121 _________________ Was: adminshop.su. 14399 IN A 46.8.153.60 46.173.214.148 mail.cc-shop.su 2021-03-06 04:49:40 46.173.214.148 cc-shop.su 2021-03-06 04:49:40 46.173.214.148 fe-shop-cc.com 2021-03-06 00:17:59 46.173.214.148 mail.hackseller.su 2021-03-05 22:04:31 46.173.214.148 hackseller.su 2021-03-05 22:04:31 46.173.214.148 shopdump.su 2021-03-05 16:08:58 46.173.214.148 amigo-shop.su 2021-03-05 11:04:52 _________________ Was: fullz.su. 14399 IN… Читать далее Credit card fraud domain hosting: cvvstore.su (adminshop.su / fullz.su / buycvvshop.su)
Emotet malware distribution @192.46.224.33 [compromise website]
The host at this IP address is hosting a website that have been compromised by threat actors to distribute Emotet (aka Heodo) malware. The following URL is hosting a webshell that is being accessed by the threat actors programmatically to place malware on the website: URL: http://bitsisland.com/wp-content/themes/festive/upgrade/JST10x.php Host: bitsisland.com IP address: 192.46.224.33 Hostname: li2183-33.members.linode.com
Carding fraud site/forum DNS: s-fraud.ru / monopoly.ms / sky-fraud.ru / fe-acc18.ru etc.
Stolen credit card data sites. https://sky-fraud.ru IP 172.105.53.220 https://uas-store.ru/login/ IP 167.99.134.30 https://trump-dmps.ru/login/ IP 167.99.134.30 172.105.53.220 monopoly.ms 2021-04-20 16:23:14 uas-store.ru. 299 IN A 167.99.134.30 s-fraud.ru. 3599 IN A 94.26.224.98 sky-fraud.ru. 3599 IN A 172.105.53.220 fe-acc18.ru. 15 IN A 185.252.84.28 _______________________ Was: uas-store.ru. 3599 IN A 185.236.232.28 s-fraud.ru. 3599 IN A 185.236.232.251 sky-fraud.ru. 3599 IN A 185.236.232.251… Читать далее Carding fraud site/forum DNS: s-fraud.ru / monopoly.ms / sky-fraud.ru / fe-acc18.ru etc.
Malware botnet controller @172.105.155.183
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 172.105.155.183 on port 80 (using HTTP GET): hXXp://ret.space/checkin $ dig +short ret.space 172.105.155.183 $ nslookup 172.105.155.183 li2071-183.members.linode.com Referencing malware binaries (MD5 hash):… Читать далее Malware botnet controller @172.105.155.183
phishing server
hXXp://chichhatruc1.cf/thailand chichdangtiec.tk chichhoahau6.ga chichthuvu4.ga chichhoahau3.cf chichhoahau2.tk chichmitraditto2.cf chichvanh1.gq chichmitraditto2.ml chichbonghoa1.gq chichmitraditto1.tk chichhaohao1.ga chichtuanh4.ml chichaiphuong2.ga chichhatruc1.cf ditvandoi2.gq quaxinhgai2.ml gaixinhwa3.gq gaixinhwa3.ga
Phishing server
hXXp://lestaribataritedjo14.gq/2k2quy lestaribataritedjo14.gq wuleetiawan4.ml suryadtahyadi10.gq freddybcordell.gq suryadtahyadi14.tk imanoseteawan16.gq imanoseteawan14.ga imanoseteawan12.ga indahsaritanudjaja11.ga wuleetiawan1.cf indahsaritanudjaja4.ml indahsaritanudjaja1.ga wuleetiawan2.gq wuleetiawan5.cf lestaribataritedjo13.gq lestaribataritedjo12.ml indahsaritanudjaja4.cf indahsaritanudjaja11.gq indahsaritanudjaja10.gq cahayafannyrachman10.tk cahayafannyrachman5.gq indahsaritanudjaja.cf cahayafannyrachman11.tk cahayafannyrachman2.tk ivanagusgunawa3.gq ivanagusgunawa3.ga ivanagusgunawa.ml ratudianmuljana6.gq cahayafannyrachman7.ga ratudianmuljana6.cf ratudianmuljana7.cf wulanratuhartono.ml ratudianmuljana2.ml titambec.com ratudianmuljana8.gq wraplamb.com ponblant.com wulanratuhartono.tk coregges.com maentrit.com toecrard.com muracilk.com glimensk.com cheemeae.com shourvii.com adsepee.tk megacahyayuwono.gq ratudianmuljana7.ml ratudianmuljana2.tk adeirwantahyadiv.ga dharmawijaya1.ga stephensstanley.ga mistymmccreight.ga timothyandrews.gq… Читать далее Phishing server
Hosting fraud property websites: DNS server at: 172.105.195.142
Re-listing Dig ovccorp.com.mx @172.105.195.142 ;; QUESTION SECTION: ;ovccorp.com.mx. IN A ;; ANSWER SECTION: ovccorp.com.mx. 14400 IN A 172.105.195.142 _______ ccvidantaclub.com justfly-corp.com.mx lawfirmofseantravisscott.com lawofficeofkylepeters.com thevilla-groupresort.com vidantaresorts-mx.com Example — not Marriott International corporation: marriotthotelsandresorts.com. 14399 IN A 160.153.252.108 ;; QUESTION SECTION: ;marriotthotelsandresorts.com. IN NS ;; ANSWER SECTION: marriotthotelsandresorts.com. 21599 IN NS ns1.hostsconect.com. marriotthotelsandresorts.com. 21599 IN NS ns2.hostsconect.com.… Читать далее Hosting fraud property websites: DNS server at: 172.105.195.142