The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller at 45.8.124.126 on port 443: $ telnet 45.8.124.126 443 Trying 45.8.124.126… Connected to 45.8.124.126. Escape character is ‘^]’ Malicious domains observed at this IP… Читать далее Malware botnet controller @45.8.124.126
Malware distribution & botnet controller @185.251.91.198
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 185.251.91.198 on port 443: $ telnet 185.251.91.198 443 Trying 185.251.91.198… Connected to 185.251.91.198. Escape character is… Читать далее Malware distribution & botnet controller @185.251.91.198
Loki botnet controller @185.251.91.120
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 185.251.91.120 on port 80 (using HTTP POST): hXXp://hstfurnaces.net/gd4/fre.php hstfurnaces.net. 600 IN A 185.251.91.120 Referencing malware binaries (MD5 hash): 0d5b6c1f4ae4856fb7e00acd033c7938 — AV detection:… Читать далее Loki botnet controller @185.251.91.120
ArkeiStealer botnet controller @195.133.45.103
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. ArkeiStealer botnet controller located at 195.133.45.103 on port 80 (using HTTP POST): hXXp://ginta.link/51874.php ginta.link. 600 IN A 195.133.45.103 Referencing malware binaries (MD5 hash): 7fa2addd324521e120f07e6fd1f6d190 — AV detection:… Читать далее ArkeiStealer botnet controller @195.133.45.103
Spam source @209.85.208.66
Received: from mail-ed1-f66.google.com (mail-ed1-f66.google.com [209.85.208.66]) by X (Postfix) with ESMTPS id X for <X>; Thu, 3 Mar 2022 1X Received: by mail-ed1-f66.google.com with SMTP id X for <X>; Thu, 03 Mar 2022 X DKIM-Signature: X X-Google-DKIM-Signature: X X-Gm-Message-State: X X-Google-Smtp-Source: X X-Received: by 2002:aa7:cc82:0:b0:410:d2b0:1a07 with SMTP id X; Thu, 03 Mar 2022 X MIME-Version: 1.0… Читать далее Spam source @209.85.208.66
Spam source @40.92.21.31
Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12olkn2031.outbound.protection.outlook.com [40.92.21.31]) by X (Postfix) with ESMTPS id X for <X>; Thu, 3 Mar 2022 X […] Received: from RO1PR80MB0060.lamprd80.prod.outlook.com (2603:10d6:4:18::22) by FR1PR80MB0149.lamprd80.prod.outlook.com (2603:10d6:202:d::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5038.14; Thu, 3 Mar 2022 X Received: from RO1PR80MB0060.lamprd80.prod.outlook.com ([fe80::7cb8:ec06:2690:1add]) by RO1PR80MB0060.lamprd80.prod.outlook.com ([fe80::7cb8:ec06:2690:1add%11]) with mapi id X; Thu, 3 Mar 2022… Читать далее Spam source @40.92.21.31
Cybercrime site/forum: infodig.ch / infodig.domains / infodig.sx
Stolen credit card data websites: https://ascarding.com/ >>> https://infodig.is/ infodig.ch. 600 IN A 45.8.124.79 infodig.domains. 600 IN A 45.8.124.79 infodig.sx. 600 IN A 45.8.124.79 ________________ Was: infodig.ch. 600 IN A 45.144.66.23 infodig.domains. 600 IN A 45.144.66.23 infodig.sx. 600 IN A 45.144.66.23 ________________ Was: infodig.ch. 600 IN A 185.87.49.197 infodig.domains. 600 IN A 185.87.49.197 infodig.sx. 600 IN… Читать далее Cybercrime site/forum: infodig.ch / infodig.domains / infodig.sx
Spamvertised website
Received: from o4vo.hothothouse.info (o4vo.hothothouse.info. [45.145.4.145]) From: «Costco» <[]@[].o4vo.hothothouse.info> Subject: New Post: $100 Offer here Date: Wed, 02 Mar 2022 21:2x:xx +0100 https://s3-us-west-2.amazonaws.com/dqan3ch6q/[] 52.218.200.224 http://ringleros.info//cl/4410_md/[] 135.148.12.1 https://cemtasm.com/[] 23.229.68.8 https://honorways.com/r2/7[] 190.124.47.122 http://accesstart.com/aff_c?offer_id=437&aff_id=1193&source=nd&aff_sub=costco&aff_sub2=[]&aff_sub3=1SG&aff_sub4=473816 104.21.6.239 https://targetsoul.ru/[] 172.67.177.195 https://grnep.com/[]?c=%7C437&k=&v=&s=1193&t=&cr=&src=nd&lp=&id=[] 172.67.204.141 https://promo.topdashdeals.com/nc-t2-c2/checkout/?affid=&cid=[]&reqid=&tid=[] 167.172.19.255
DCRat botnet controller @82.146.48.223
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. DCRat botnet controller located at 82.146.48.223 on port 80 (using HTTP GET): hXXp://82.146.48.223/63/TrackGenerator/Phpjavascript0/SecureProtect0Base/defaultuniversalLocalcentralDownloads.php $ nslookup 82.146.48.223 sq.hack.fvds.ru Referencing malware binaries (MD5 hash): 6e4f52db7bfdadb99a8dfb7f1f6b9333 — AV detection: 29… Читать далее DCRat botnet controller @82.146.48.223
DCRat botnet controller @80.87.196.100
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. DCRat botnet controller located at 80.87.196.100 on port 80 (using HTTP GET): hXXp://80.87.196.100/providerphpgame.php $ nslookup 80.87.196.100 lolsasha123zzz.fvds.ru