The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Metamorfo botnet controller located at 52.142.190.146 on port 80 (using HTTP POST): hXXp://loa2.kicks-ass.net/03/postUP.php $ dig +short loa2.kicks-ass.net 52.142.190.146 Referencing malware binaries (MD5 hash): 31926fdcac41cb5aae17a0e57783c4a2 — AV detection:… Читать далее Metamorfo botnet controller @52.142.190.146
RaccoonStealer botnet controller @139.162.146.59
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. RaccoonStealer botnet controller located at 139.162.146.59 on port 80 (using HTTP POST): hXXp://139.162.146.59/ $ nslookup 139.162.146.59 139-162-146-59.ip.linodeusercontent.com Referencing malware binaries (MD5 hash): 92d7f3e183a36f0d13c1f09bff7a6cad — AV detection: 18… Читать далее RaccoonStealer botnet controller @139.162.146.59
RedLineStealer botnet controller @194.163.144.67
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 194.163.144.67 on port 21227 TCP: $ telnet 194.163.144.67 21227 Trying 194.163.144.67… Connected to 194.163.144.67. Escape character… Читать далее RedLineStealer botnet controller @194.163.144.67
Malware botnet controller @13.58.89.178
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 13.58.89.178 on port 80 (using HTTP POST): hXXp://13.58.89.178/contador/serv.php $ nslookup 13.58.89.178 ec2-13-58-89-178.us-east-2.compute.amazonaws.com
Credit card fraud gang hosting (DNS): idinaxui-netspama.ru (vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.)
Stolen credit card data websites (DNS servers): ns1.idinaxui-netspama.ru. 7168 IN A 45.143.137.30 ns2.idinaxui-netspama.ru. 7159 IN A 198.244.220.111 ___________________ Was: ns1.idinaxui-netspama.ru. 7168 IN A 95.142.47.156 ns2.idinaxui-netspama.ru. 7159 IN A 87.251.79.161 ___________________ Was: ns1.idinaxui-netspama.ru. 7168 IN A 185.105.118.106 ns2.idinaxui-netspama.ru. 7159 IN A 2.57.186.170 ___________________ Was: ns1.idinaxui-netspama.ru. 7168 IN A 45.143.137.23 ns2.idinaxui-netspama.ru. 7159 IN A 2.57.186.170 ___________________ Was:… Читать далее Credit card fraud gang hosting (DNS): idinaxui-netspama.ru (vmad.su / amazingdumpsshop.ru / cvv-fullz-shop.ru etc.)
Credit card fraud gang hosting (DNS): florenciyas.su (shopltdccfreshshop.ru / shop-buying-cvv.ru etc.)
Stolen credit card data websites (DNS servers): ns1.florenciyas.su. 7174 IN A 195.14.189.116 ns2.florenciyas.su. 7167 IN A 51.195.255.167 __________________________ Was: ns1.florenciyas.su. 7174 IN A 87.251.79.163 ns2.florenciyas.su. 7167 IN A 109.107.184.239 __________________________ Was: ns1.florenciyas.su. 7174 IN A 2.57.186.176 ns2.florenciyas.su. 7167 IN A 185.204.3.164 __________________________ Was: ns1.florenciyas.su. 7174 IN A 2.57.186.176 ns2.florenciyas.su. 7167 IN A 5.188.89.71 __________________________ Was:… Читать далее Credit card fraud gang hosting (DNS): florenciyas.su (shopltdccfreshshop.ru / shop-buying-cvv.ru etc.)
Amadey botnet controller @5.182.4.47
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Amadey botnet controller located at 5.182.4.47 on port 80 (using HTTP POST): hXXp://5.182.4.47/k0uTrd3d/index.php Referencing malware binaries (MD5 hash): 4297279784bf4da33488b2b9e0f89ef6 — AV detection: 44 / 68 (64.71) 7d9b08b20133884fd55a92cc45f23bc2… Читать далее Amadey botnet controller @5.182.4.47
Malware botnet controller @212.109.196.83
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 212.109.196.83 on port 443: $ telnet 212.109.196.83 443 Trying 212.109.196.83… Connected to 212.109.196.83. Escape character is ‘^]’ gc-distribution.biz. 60 IN A 212.109.196.83
Malware botnet controllers @176.119.147.46
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 176.119.147.46 on port 443: $ telnet 176.119.147.46 443 Trying 176.119.147.46… Connected to 176.119.147.46. Escape character is… Читать далее Malware botnet controllers @176.119.147.46
spam source
185.187.116.126 mail116-126.us2.msgfocus.com «mail116-126.us2.msgfocus.com» 2022-02-06T22:00:00Z (+/-10 min) 185.187.116.126/32 (185.187.116.126 .. 185.187.116.126) == Sample ========================== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=msgf; d=msgfocus.com; h=Subject:Message-ID:Reply-To:To:List-Unsubscribe:From:Date:MIME-Version: Content-Type; bh=.*=; b=.*t.* .*M.* .*= Subject: President Trump dropped a bomb on Hannity Message-ID: <.*-7Wsn.*-.*-1.*4.*@email.nrscfundraising.org> Reply-To: «MAJOR Trump Alert (via NRSC)» <.*> To: .* List-Unsubscribe: <mailto:.*?subject=Unsubscribe> From: «MAJOR Trump Alert (via NRSC)» <info@email.nrscfundraising.org> Date: .*… Читать далее spam source