Received: from varilokaminadere.org.uk (varilokaminadere.org.uk. [158.51.98.177]) Date: Wed, 02 Mar 2022 07:1x:xx +0000 From: «Surge MasterCard» <contact@varilokaminadere.org.uk> Subject: The perfect credit card for all credit types. http://astraloched.site/track/[] 159.89.228.34 https://rockpriority.com/0/0/0/[] 195.133.83.235 https://warmenbrace.com/?s1=350676&s2=[]&s3=2357&s4=0&ow=&s10=739 188.114.96.0 https://stagningtrump.com/[] 104.21.2.162 https://beatxup.com/click?s2=[]&s1=350676&s3=2357&trvid=10561&s4=0&ow=36 111.90.158.39 https://coupvariant.com/?a=162&c=4035&s2=[]&s1=350676 104.21.37.240 https://ama.yourstrulynow.com/nl-nl/?o=4076&r=[]&a=162&sa=350676 188.114.96.0 https://payment.terr3fick.com/0ab9e/gateway.html?sid=[] 188.114.96.0
AsyncRAT botnet controller @159.69.234.3
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 159.69.234.3 on port 7707 TCP: $ telnet 159.69.234.3 7707 Trying 159.69.234.3… Connected to 159.69.234.3. Escape character… Читать далее AsyncRAT botnet controller @159.69.234.3
phishing server
34.140.169.146|aib-supportedassist.com|2022-03-01 20:01:26 34.140.169.146|bawagdebitscards.com|2022-03-01 21:46:09 34.140.169.146|secure-useractivity-aib.com|2022-03-02 05:11:07 34.140.169.146|testnotice-identify.com|2022-03-01 20:01:22
phishing server
18.144.66.34|citi-o1.com|2022-02-26 14:31:09 18.144.66.34|citi-o2.com|2022-02-26 21:51:10 18.144.66.34|citi-o3.com|2022-02-27 21:11:10 18.144.66.34|citi-o4.com|2022-02-27 23:50:52 18.144.66.34|citi-o6.com|2022-03-02 02:11:17 18.144.66.34|citi-o8.com|2022-02-28 14:28:08 18.144.66.34|huntington-o1.com|2022-02-27 18:01:07 18.144.66.34|m8-usps.com|2022-02-24 13:28:51 18.144.66.34|usps-o1.com|2022-02-27 04:46:36
Assorted phish landing sites.
The following phishing domains are hosted here: a1ut.rest acconnt.rest acconut.co aconut.rest acount.rest aeut.rest etc-maicei-jp.top etc-malsei-jp.rest j2rx.top nii1.co nii2.co pe1t.top e.g. https://etc-maisei-jp.aeut.rest https://etc-maisei-jp.acconut.co
RedLineStealer botnet controller @185.137.234.33
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 185.137.234.33 on port 8080 TCP: $ telnet 185.137.234.33 8080 Trying 185.137.234.33… Connected to 185.137.234.33. Escape character… Читать далее RedLineStealer botnet controller @185.137.234.33
RedLineStealer botnet controller @135.181.222.87
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 135.181.222.87 on port 35752 TCP: $ telnet 135.181.222.87 35752 Trying 135.181.222.87… Connected to 135.181.222.87. Escape character… Читать далее RedLineStealer botnet controller @135.181.222.87
Socelars botnet controller @185.169.252.236
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Socelars botnet controller located at 185.169.252.236 on port 80 (using HTTP POST): hXXp://www.adcbnwa.com/Home/Index/hdecny $ dig +short www.adcbnwa.com 185.169.252.236 $ nslookup 185.169.252.236 vmi803628.contaboserver.net Referencing malware binaries (MD5 hash):… Читать далее Socelars botnet controller @185.169.252.236
Loki botnet controller @188.114.96.15
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 188.114.96.15 on port 80 (using HTTP POST): hXXp://75bccc18b4d1631c2ecda542c872db27.cf/Ausin2/fre.php $ dig +short 75bccc18b4d1631c2ecda542c872db27.cf 188.114.96.15 Referencing malware binaries (MD5 hash): 01dfa2db4bfb87e5a5d2d4e5d8c00f5f — AV detection:… Читать далее Loki botnet controller @188.114.96.15
Loki botnet controller @172.67.214.33
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 172.67.214.33 on port 80 (using HTTP POST): hXXp://250b48d798957fbf33b77ae8a74a45ca.cf/Ausin4/fre.php $ dig +short 250b48d798957fbf33b77ae8a74a45ca.cf 172.67.214.33 Referencing malware binaries (MD5 hash): 718d54f60e56cf100e9ebd53a93b8f5d — AV detection:… Читать далее Loki botnet controller @172.67.214.33