The host at this IP address is running a crypto currency mining pool that is currently being abused by cybercriminals for mining crypto currencies on malware infected computers. The following information should be sufficient for the identification and suspension of the abusive users: {«id»:1,»jsonrpc»:»2.0″,»method»:»login»,»params»:{«login»:»44W9eLcymm66Eie5AyD11jYW1DaJ4GTHzZEu1QELPGS3U9vKtWEyUCaCFwhn4af8zjeQ2MWeuLgCVDTjAjiGUbyYAtQBvC1″,»pass»:»10k»,»agent»:»XMRig/6.16.4 (Windows NT 10.0; Win64; x64) libuv/1.42.0 msvc/2019″,»algo»:[«cn/1″,»cn/2″,»cn/r»,»cn/fast»,»cn/half»,»cn/xao»,»cn/rto»,»cn/rwz»,»cn/zls»,»cn/double»,»cn/ccx»,»cn-lite/1″,»cn-heavy/0″,»cn-heavy/tube»,»cn-heavy/xhv»,»cn-pico»,»cn-
phishing server
triusst.top has address 142.93.71.147 Truist | Personal Banking, Commercial Banking, Mortgages, Investments 142.93.71.147|b3cu.top|2022-03-18 08:13:42 142.93.71.147|rzgionstransfer.icu|2022-03-17 18:19:05 142.93.71.147|safe1bequ.org|2022-03-15 20:22:25 142.93.71.147|secure-d58af5074-notify.tech|2022-03-16 14:03:14 142.93.71.147|secure-d58af5174-notify.us|2022-03-19 07:12:20 142.93.71.147|secured-d58af507401b31e6ac098e0abe578b31-helpauth.com|2022-03-17 03:26:19 142.93.71.147|secured-regions174-notify.us|2022-03-19 16:01:45 142.93.71.147|triusst.top|2022-03-16 22:36:24
Socelars botnet controller @161.97.64.205
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Socelars botnet controller located at 161.97.64.205 on port 80 (using HTTP POST): hXXp://www.pouncehousecafe.com/ $ dig +short www.pouncehousecafe.com 161.97.64.205 $ nslookup 161.97.64.205 vmi779689.contaboserver.net Referencing malware binaries (MD5 hash):… Читать далее Socelars botnet controller @161.97.64.205
Socelars botnet controller @164.68.101.131
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Socelars botnet controller located at 164.68.101.131 on port 80 (using HTTP POST): hXXp://www.shanthikuteera.com/Home/Index/hsadhy $ dig +short www.shanthikuteera.com 164.68.101.131 $ nslookup 164.68.101.131 vmi808518.contaboserver.net Referencing malware binaries (MD5 hash):… Читать далее Socelars botnet controller @164.68.101.131
Loki botnet controller @193.124.118.81
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 193.124.118.81 port 443: $ telnet 193.124.118.81 443 Trying 193.124.118.81… Connected to 193.124.118.81. Escape character is ‘^]’… Читать далее Loki botnet controller @193.124.118.81
Loki botnet controller @193.124.118.81
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 193.124.118.81 port 443: $ telnet 193.124.118.81 443 Trying 193.124.118.81… Connected to 193.124.118.81. Escape character is ‘^]’… Читать далее Loki botnet controller @193.124.118.81
Metamorfo botnet controller @52.161.4.23
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Metamorfo botnet controller located at 52.161.4.23 on port 80 (using HTTP POST): hXXp://hotliksjfu.isa-hockeynut.com/novidades/inspecionando.php $ dig +short hotliksjfu.isa-hockeynut.com 52.161.4.23
Carding fraud site/forum DNS: domen-domik.ru (best-dumps.su / yalelodge-shop.com / sky-fraud.su etc.)
Hosting dozens of sites with stolen credit card data: Stolen credit card data website example: https://best-dumps.su/ ;; QUESTION SECTION: ;best-dumps.su. IN NS ;; ANSWER SECTION: best-dumps.su. 14399 IN NS ns2.domen-domik.ru. best-dumps.su. 14399 IN NS ns1.domen-domik.ru. ns1.domen-domik.ru. 7139 IN A 45.155.207.228 ns2.domen-domik.ru. 7135 IN A 45.10.245.129 _________________ ns1.domen-domik.ru. 7139 IN A 91.224.23.180 ns2.domen-domik.ru. 7135 IN A… Читать далее Carding fraud site/forum DNS: domen-domik.ru (best-dumps.su / yalelodge-shop.com / sky-fraud.su etc.)
DCRat botnet controller @192.95.55.233
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. DCRat botnet controller located at 192.95.55.233 on port 80 (using HTTP GET): hXXp://192.95.55.233/sqlflowerLongpoll/ExternalPhpRequestuniversalWordpress.php $ nslookup 192.95.55.233 ip233.ip-192-95-55.net Referencing malware binaries (MD5 hash): 4cf069be997dfededa0d39b70fc3e52f — AV detection: 39… Читать далее DCRat botnet controller @192.95.55.233
phishing server
20.39.51.89|secure74-wells.com|2022-03-18 06:06:48