The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. AZORult botnet controller located at 172.67.141.104 on port 80 (using HTTP POST): hXXp://nnpcoil.buzz/kendrick/index.php $ dig +short nnpcoil.buzz 172.67.141.104 Referencing malware binaries (MD5 hash): 3e3151d99d8934059d42a37202e4e443 — AV detection:… Читать далее AZORult botnet controller @172.67.141.104
Suspected Snowshoe Spam IP Range — SELECTEL-NET
Based on research, analysis of network data, our ‘snowshoe’ spam detection systems, intelligence sources and our experience, Spamhaus believes that this IP address range is being used or is about to be used for the purpose of high volume ‘snowshoe’ spam emission. As a precaution therefore we are listing this IP range in an SBL… Читать далее Suspected Snowshoe Spam IP Range — SELECTEL-NET
Carding fraud site/forum: infodig.is (InfoDIG.sx InfoDIG.ch InfoDIG.domains infodig.mn)
Stolen credit card data websites: https://ascarding.com/ >>> https://infodig.is/ infodig.ch. 600 IN A 45.8.124.108 infodig.domains. 600 IN A 45.8.124.108 infodig.sx. 600 IN A 45.8.124.108 ________________ Was: infodig.ch. 600 IN A 8.212.135.34 infodig.domains. 600 IN A 8.212.135.34 infodig.sx. 600 IN A 8.212.135.34 ________________ Was: infodig.ch. 600 IN A 213.226.114.240 infodig.domains. 600 IN A 213.226.114.240 infodig.sx. 600 IN… Читать далее Carding fraud site/forum: infodig.is (InfoDIG.sx InfoDIG.ch InfoDIG.domains infodig.mn)
RedLineStealer botnet controller @65.21.127.115
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 65.21.127.115 on port 18297 TCP: $ telnet 65.21.127.115 18297 Trying 65.21.127.115… Connected to 65.21.127.115. Escape character… Читать далее RedLineStealer botnet controller @65.21.127.115
Loki botnet controller @172.67.214.33
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 172.67.214.33 on port 80 (using HTTP POST): hXXp://250b48d798957fbf33b77ae8a74a45ca.cf/Ausin4/fre.php $ dig +short 250b48d798957fbf33b77ae8a74a45ca.cf 172.67.214.33 Referencing malware binaries (MD5 hash): 718d54f60e56cf100e9ebd53a93b8f5d — AV detection:… Читать далее Loki botnet controller @172.67.214.33
Loki botnet controller @104.21.23.231
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 104.21.23.231 on port 80 (using HTTP POST): hXXp://250b48d798957fbf33b77ae8a74a45ca.cf/Ausin4/fre.php $ dig +short 250b48d798957fbf33b77ae8a74a45ca.cf 104.21.23.231 Referencing malware binaries (MD5 hash): 718d54f60e56cf100e9ebd53a93b8f5d — AV detection:… Читать далее Loki botnet controller @104.21.23.231
DcRAT botnet controller @3.128.107.74
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 3.128.107.74 on port 10328 TCP: $ telnet 3.128.107.74 10328 Trying 3.128.107.74… Connected to 3.128.107.74. Escape character… Читать далее DcRAT botnet controller @3.128.107.74
phishing server
164.90.132.145|authchase01s.com|2022-02-21 01:36:27
phishing server
access-cancel-payee.com has address 185.251.89.102 access-reject-device.com has address 185.251.89.102 access-reject-payee.com has address 185.251.89.102 boi-365onlinerecovery.net has address 185.251.89.102 boi-365recoveryonline.net has address 185.251.89.102 boi-online365recovery.net has address 185.251.89.102 cancellation-access-payee.com has address 185.251.89.102 decline-access-payee.com has address 185.251.89.102 myhermesdelivery.com has address 185.251.89.102 nhs-vaccinations.com has address 185.251.89.102 o2mobileuk.com has address 185.251.89.102 payee-access-reject.com has address 185.251.89.102 payee-verify-decline.com has address 185.251.89.102 reject-access-device.com has address… Читать далее phishing server
phishing server
45.143.93.106|access-cancel-payee.com|2022-02-20 17:51:20 45.143.93.106|access-reject-device.com|2022-02-20 18:11:17 45.143.93.106|access-reject-payee.com|2022-02-20 17:56:27 45.143.93.106|boi-365onlinerecovery.net|2022-02-20 18:02:05 45.143.93.106|boi-365recoveryonline.net|2022-02-20 18:06:41 45.143.93.106|cancellation-access-payee.com|2022-02-20 18:01:56 45.143.93.106|decline-access-payee.com|2022-02-20 18:06:31 45.143.93.106|myhermesdelivery.com|2022-02-20 18:06:19 45.143.93.106|nhs-vaccinations.com|2022-02-20 18:06:24 45.143.93.106|o2mobileuk.com|2022-02-20 18:01:45 45.143.93.106|payee-access-reject.com|2022-02-20 17:51:38 45.143.93.106|payee-verify-decline.com|2022-02-20 17:31:40 45.143.93.106|reject-access-device.com|2022-02-20 17:56:14 45.143.93.106|reject-payee-verify.com|2022-02-20 18:21:31 45.143.93.106|reschedulepackage.com|2022-02-20 18:01:53 45.143.93.106|revenue-ie-claimtaxback.com|2022-02-20 18:21:40