Mail.ru hosts the MX record of the domain personal.ee, which appears in the dropbox email address in in spam sent by ROKSO spammer Maili.ee. Personal.ee has been spamming through Maili.ee for years, although until today without using its domain name for quite some time. At this point, we strongly suspect that this domain amd bisomess… Читать далее Maili.ee
Рубрика: mail.ru
Malware distribution @217.69.139.110
The host at this IP address (217.69.139.110) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: http://sputnikmailru.cdnmail.ru/mailruhomesearch.exe?rfr=811550 AS number: AS47764 AS name: MAILRU-AS Mail.Ru Hostname: msk1.cdnmail.ru
Malware distribution @94.100.180.110
The host at this IP address (94.100.180.110) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: http://sputnikmailru.cdnmail.ru/mailruhomesearch.exe?rfr=811550 AS number: AS47764 AS name: MAILRU-AS Mail.Ru Hostname: msk2.cdnmail.ru
AgentTesla botnet controller @95.163.212.79
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. AgentTesla botnet controller located at 95.163.212.79 on port 80 (using HTTP POST): hXXp://nortonlilly.info/emma/inc/a92079a4564cf9.php $ dig +short nortonlilly.info 95.163.212.79 $ nslookup 95.163.212.79 79.mcs.mail.ru
Loki and AgentTesla botnet controllers @89.208.196.209
===== Updated 2020-02-08 to include SBL477579. ===== The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 89.208.196.209 on port 80 (using HTTP POST): hXXp://expertisem.net/agutaz/direct/pushin/fre.php $ dig +short expertisem.net 89.208.196.209 $ nslookup… Читать далее Loki and AgentTesla botnet controllers @89.208.196.209
Loki botnet controller @95.163.208.143
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 95.163.208.143 on port 80 (using HTTP POST): hXXp://shehig.com/ig3/fre.php $ dig +short shehig.com 95.163.208.143 $ nslookup 95.163.208.143 143.mcs.mail.ru
spam emitter @87.239.106.46
Received: from domrf-win-ad.domrf.ru (87.239.106.46 [87.239.106.46]) by [] with SMTP id []; Wed, 5 May 2021 01:3x:xx -0700 (PDT) Received: from [51.89.157.6] ([51.89.157.6]) by domrf-win-ad.domrf.ru with Microsoft SMTPSVC(10.0.17763.1); Wed, 5 May 2021 08:1x:xx +0000 Subject: Re: Investment Opportunity From: «Hello Friend» <user@rcit.by> Date: Wed, 05 May 2021 01:1x:xx -0700 Reply-To: 039876467@tomsk.ru Dear Friend, I have an… Читать далее spam emitter @87.239.106.46