The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 142.132.184.130 on port 15150 TCP: $ telnet 142.132.184.130 15150 Trying 142.132.184.130… Connected to 142.132.184.130. Escape character… Читать далее RedLineStealer botnet controller @142.132.184.130
Socelars botnet controller @161.97.64.205
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Socelars botnet controller located at 161.97.64.205 on port 80 (using HTTP POST): hXXp://www.bassgangspitroast.com/ $ dig +short www.bassgangspitroast.com 161.97.64.205 $ nslookup 161.97.64.205 vmi779689.contaboserver.net Referencing malware binaries (MD5 hash):… Читать далее Socelars botnet controller @161.97.64.205
Socelars botnet controller @185.169.252.236
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Socelars botnet controller located at 185.169.252.236 on port 80 (using HTTP POST): hXXp://www.sdbiaopaichang.com/Home/Index/hsadhy $ dig +short www.sdbiaopaichang.com 185.169.252.236 $ nslookup 185.169.252.236 vmi803628.contaboserver.net Referencing malware binaries (MD5 hash):… Читать далее Socelars botnet controller @185.169.252.236
QuasarRAT botnet controller @161.97.148.204
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 161.97.148.204 on port 1604 TCP: $ telnet 161.97.148.204 1604 Trying 161.97.148.204… Connected to 161.97.148.204. Escape character… Читать далее QuasarRAT botnet controller @161.97.148.204
Malware botnet controller @188.114.96.7
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 188.114.96.7 on port 80 (using HTTP GET): hXXp://fairsence.com/campaign/ $ dig +short fairsence.com 188.114.96.7 Referencing malware binaries (MD5 hash): 0064caa7177eaa04510478f45c135cb7 — AV detection:… Читать далее Malware botnet controller @188.114.96.7
phishing server
cardmember-citizens.servehttp.com has address 164.92.87.16
spam Emitter (@Mail250)
This IP address is sending spam for a bulk email firm, @Mail250. This company sends from scattered VPS servers at cheap VPS providers, with a large number of esp-like domains. It sends a good deal of spam, and therefore (not surprisingly) has many previous sBL listings. Received: from sfr57.top (sfr57.top [51.79.69.115]) Date: Wed, 23 Mar… Читать далее spam Emitter (@Mail250)
phishing server
35.200.127.154|aeoncojapan.nltwkp.cn|2022-03-17 04:10:19 35.200.127.154|etc-meisazi.cf|2022-03-23 16:42:27 35.200.127.154|etc-mesiaixjp.ga|2022-03-23 16:42:36 35.200.127.154|etc-mesiaixjp.tk|2022-03-23 16:51:45 35.200.127.154|smt.docomo.chickenkiller.com|2022-03-19 10:27:45 35.200.127.154|ufjapan.nvzfh.cn|2022-03-17 04:01:49 35.200.127.154|ufjapan.penjingw.cn|2022-03-16 12:10:54
Spam MX Services (peertechz.com) (PeertechZ) (OMICS)
3/23/2022: After Endurance (Newfold) teerminated services to PeertechZ, this domain moved to a VPS at Digital Ocean. Listing that IP address to protect Spamhaus users. $ host peertechz.com peertechz.com has address 139.59.71.26 peertechz.com mail is handled by 30 mx.peertechz.com. 3/11/2022 [SBL544800]: These IP addresses host the MX record of the domain peertechz.com. This domain belongs… Читать далее Spam MX Services (peertechz.com) (PeertechZ) (OMICS)
Credit card fraud gang hosting (DNS): idinaxui-netspama.ru (vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.)
Stolen credit card data websites (DNS servers): ns1.idinaxui-netspama.ru. 7168 IN A 46.17.248.102 ns2.idinaxui-netspama.ru. 7159 IN A 94.103.88.31 ___________________ Was: ns1.idinaxui-netspama.ru. 7168 IN A 87.251.79.154 ns2.idinaxui-netspama.ru. 7159 IN A 195.2.81.30 ___________________ Was: ns1.idinaxui-netspama.ru. 7168 IN A 87.251.79.154 ns2.idinaxui-netspama.ru. 7159 IN A 185.142.98.38 ___________________ Was: ns1.idinaxui-netspama.ru. 7168 IN A 195.2.81.236 ns2.idinaxui-netspama.ru. 7159 IN A 185.142.98.38 ___________________ Was:… Читать далее Credit card fraud gang hosting (DNS): idinaxui-netspama.ru (vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.)