The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 159.65.243.143 on port 8080 TCP: $ telnet 159.65.243.143 8080 Trying 159.65.243.143… Connected to 159.65.243.143. Escape character… Читать далее AsyncRAT botnet controller @159.65.243.143
Phishing server
137.184.128.66|accessservicenoreply.com|2022-02-08 01:16:37 137.184.128.66|mysignon-navy-federal-info.info|2022-02-11 17:17:24
Malware botnet controller @62.109.31.38
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 62.109.31.38 on port 443: $ telnet 62.109.31.38 443 Trying 62.109.31.38… Connected to 62.109.31.38. Escape character is ‘^]’ gc-distribution.biz. 60 IN A 62.109.31.38
Malware botnet controller @194.169.163.229
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 194.169.163.229 on port 443: $ date && curl -ILk https://194.169.163.229/ Fri Feb 11 22:44:50 UTC 2022… Читать далее Malware botnet controller @194.169.163.229
Malware botnet controller @45.10.244.12
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 45.10.244.12 on port 443: $ telnet 45.10.244.12 443 Trying 45.10.244.12… Connected to 45.10.244.12. Escape character is… Читать далее Malware botnet controller @45.10.244.12
Credit card fraud gang hosting (DNS): idinaxui-netspama.ru (vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.)
Stolen credit card data websites (DNS servers): ns1.idinaxui-netspama.ru. 7168 IN A 38.83.79.215 ns2.idinaxui-netspama.ru. 7159 IN A 198.244.220.112 ___________________ Was: ns1.idinaxui-netspama.ru. 7168 IN A 135.125.234.148 ns2.idinaxui-netspama.ru. 7159 IN A 139.99.247.43 ___________________ Was: ns1.idinaxui-netspama.ru. 7168 IN A 45.143.137.30 ns2.idinaxui-netspama.ru. 7159 IN A 198.244.220.111 ___________________ Was: ns1.idinaxui-netspama.ru. 7168 IN A 95.142.47.156 ns2.idinaxui-netspama.ru. 7159 IN A 87.251.79.161 ___________________ Was:… Читать далее Credit card fraud gang hosting (DNS): idinaxui-netspama.ru (vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.)
CobaltStrike botnet controller @143.244.178.247
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 143.244.178.247 on port 8081 TCP: $ telnet 143.244.178.247 8081 Trying 143.244.178.247… Connected to 143.244.178.247. Escape character… Читать далее CobaltStrike botnet controller @143.244.178.247
AZORult botnet controller @172.67.180.183
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. AZORult botnet controller located at 172.67.180.183 on port 80 (using HTTP POST): hXXp://australiadish.bar/kendrick/index.php $ dig +short australiadish.bar 172.67.180.183 Referencing malware binaries (MD5 hash): 681f206fe52d8049f3ca6743211d2c7c — AV detection:… Читать далее AZORult botnet controller @172.67.180.183
DCRat botnet controller @94.250.248.104
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. DCRat botnet controller located at 94.250.248.104 on port 80 (using HTTP GET): hXXp://94.250.248.104/dataframeCpuCam/Cambin/poolcore/scriptCamsystem/antiPrefscreenlog/linehttpWp.php $ nslookup 94.250.248.104 thedrugachannel1.fvds.ru Referencing malware binaries (MD5 hash): 00b7402b5445ae00f6cfff05b8957a36 — AV detection: 25… Читать далее DCRat botnet controller @94.250.248.104
Malware / Botnet / Phishing hosting server @185.251.88.212
Malware botnet controller located at 87.251.79.144 port 443 TCP: $ telnet 185.251.88.212 443 Trying 185.251.88.212… Connected to 185.251.88.212. Escape character is ‘^]’ kanimx01.top. 600 IN A 185.251.88.212 kanogo06.top. 600 IN A 185.251.88.212