Emotet botnet controller hosted here: $ telnet 82.202.192.66 80 Trying 82.202.192.66… Connected to 82.202.192.66. Escape character is ‘^]’.
Spamvertised website
2022-03-01 gotogml.com. 60 IN A 45.8.127.154 2022-03-01 gotogml.com. 60 IN A 45.8.127.155 2022-02-24 gotogml.com. 60 IN A 147.182.245.65 2022-02-24 gotogml.com. 60 IN A 213.166.70.250 2022-02-24 gotogml.com. 60 IN A 213.166.70.175 2022-02-23 gotogml.com. 60 IN A 37.140.197.206 2022-02-20 gotogml.com. 60 IN A 45.8.127.154 2022-02-01 gotogml.com. 60 IN A 194.87.1.4 2022-01-31 gotogml.com. 60 IN A 194.87.1.5 2022-01-20… Читать далее Spamvertised website
Loki botnet controller @142.93.227.231
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 142.93.227.231 on port 80 (using HTTP POST): hXXp://142.93.227.231/oluwa/five/fre.php $ nslookup 142.93.227.231 afripot.buzz
Loki botnet controller @188.114.97.15
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 188.114.97.15 on port 80 (using HTTP POST): hXXp://75bccc18b4d1631c2ecda542c872db27.cf/Ausin2/fre.php $ dig +short 75bccc18b4d1631c2ecda542c872db27.cf 188.114.97.15 Referencing malware binaries (MD5 hash): 0049f8aff0372cd5b7066ae4622a0f9b — AV detection:… Читать далее Loki botnet controller @188.114.97.15
Socelars botnet controller @164.68.101.131
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Socelars botnet controller located at 164.68.101.131 on port 80 (using HTTP POST): hXXp://www.ebooktype.com/Home/Index/lkdinl $ dig +short www.ebooktype.com 164.68.101.131 $ nslookup 164.68.101.131 vmi808518.contaboserver.net Referencing malware binaries (MD5 hash):… Читать далее Socelars botnet controller @164.68.101.131
AsyncRAT botnet controller @52.15.81.204
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 52.15.81.204 on port 8808 TCP: $ telnet 52.15.81.204 8808 Trying 52.15.81.204… Connected to 52.15.81.204. Escape character… Читать далее AsyncRAT botnet controller @52.15.81.204
Spamvertised website
2022-03-01 gotogml.com. 60 IN A 45.8.127.155 2022-02-24 gotogml.com. 60 IN A 147.182.245.65 2022-02-24 gotogml.com. 60 IN A 213.166.70.250 2022-02-24 gotogml.com. 60 IN A 213.166.70.175 2022-02-23 gotogml.com. 60 IN A 37.140.197.206 2022-02-20 gotogml.com. 60 IN A 45.8.127.154 2022-02-01 gotogml.com. 60 IN A 194.87.1.4 2022-01-31 gotogml.com. 60 IN A 194.87.1.5 2022-01-20 gotogml.com. 60 IN A 194.87.185.11 2022-01-18… Читать далее Spamvertised website
Loki botnet controller @185.251.89.49
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 185.251.89.49 on port 80 (using HTTP POST): hXXp://hstfurnaces.net/gd4/fre.php hstfurnaces.net. 600 IN A 185.251.89.49 Referencing malware binaries (MD5 hash): 0d5b6c1f4ae4856fb7e00acd033c7938 — AV detection:… Читать далее Loki botnet controller @185.251.89.49
Credit card fraud gang hosting (DNS): idinaxui-netspama.ru (vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.)
Stolen credit card data websites (DNS servers): ns1.idinaxui-netspama.ru. 7168 IN A 172.245.36.102 ns2.idinaxui-netspama.ru. 7159 IN A 2.57.186.174 ___________________ Was: ns1.idinaxui-netspama.ru. 7168 IN A 194.87.218.158 ns2.idinaxui-netspama.ru. 7159 IN A 2.57.186.157 ___________________ Was: ns1.idinaxui-netspama.ru. 7168 IN A 194.87.218.158 ns2.idinaxui-netspama.ru. 7159 IN A 5.188.82.72 ___________________ Was: ns1.idinaxui-netspama.ru. 7168 IN A 5.188.88.192 ns2.idinaxui-netspama.ru. 7159 IN A 185.103.109.130 ___________________ Was:… Читать далее Credit card fraud gang hosting (DNS): idinaxui-netspama.ru (vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.)
Malware botnet controller @45.132.17.10
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller at 45.132.17.10 on port 443: $ telnet 45.132.17.10 443 Trying 45.132.17.10… Connected to 45.132.17.10. Escape character is ‘^]’ Malicious domains observed at this IP… Читать далее Malware botnet controller @45.132.17.10