45.9.74.36 - StrellaStealer

Comments

This IP and the related domains are being used to distribute StrellaStealer. This is a sibling of #707. See also: https://github.com/mitchellkrogza/phishing/pull/466

Wildcard domain records

32.36.74.9.45|malicious

Sub-Domain records

No response

Hosts (RFC:953) specific records, not used by DNS RPZ firewalls

No response

SeafeSearch records

No response

Screenshots

Screenshot

Links to external sources

http://45.9.74.36:8888/
https://urlscan.io/search/#page.domain%3A45.9.74.36
https://search.censys.io/hosts/45.9.74.36/data/table#80-TCP-HTTP
https://www.virustotal.com/gui/file/0a075ad634639f5b99b2764f05f364884115ebf4ffeaff54342a25d04befaaef

logs from uBlock Origin

N/A

mypdns / matrix

45.9.74.36 - StrellaStealer #745

Comments

Wildcard domain records

Sub-Domain records

Hosts (RFC:953) specific records, not used by DNS RPZ firewalls

SeafeSearch records

Screenshots

Links to external sources

logs from uBlock Origin