nic.ru — Hosting.Black

Smoke Loader botnet controller @195.24.68.11

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Smoke Loader botnet controller located at 195.24.68.11 on port 80 (using HTTP POST): http://galala.ru/upload/ galala.ru. 3600 IN A 195.24.68.11 $ dig +short -x 91.189.114.12 wcarp.hosting.nic.ru.

Smoke Loader botnet controller @91.189.114.12

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Smoke Loader botnet controller located at 195.24.68.11 on port 80 (using HTTP POST): http://witra.ru/upload/ witra.ru. 3600 IN A 91.189.114.12 $ dig +short -x 91.189.114.12 wcarp.hosting.nic.ru.

phishing server

hXXps://att-rsa-support.com/go.php?ssl=yes $ host att-rsa-support.com att-rsa-support.com has address 89.104.81.226

Maili.ee

$ host reeo.xyz reeo.xyz has address 195.24.66.89 This IP is mailing on behalf of Maili.ee.

Snowshoe spam ranges

67.198.130.11 mail.pif.co.uk img5.blogscoops.com 2021-11-02T08:10:00Z (+/-10 min) 67.198.130.185 mail.pif.co.uk aeh.busnpro.club 2021-11-02T10:00:00Z (+/-10 min) 67.198.130.0/24 (67.198.130.0-67.198.130.255) 67.198.232.110 mail.pif.co.uk 67.198.232.110.CUSTOMER.VPLS.NET 2021-11-02T08:20:00Z (+/-10 min) 67.198.232.118 mail.pif.co.uk dan.aleurone.online 2021-11-02T08:30:00Z (+/-10 min) 67.198.232.120 mail.pif.co.uk slam.amating.site 2021-11-02T08:30:00Z (+/-10 min) 67.198.232.96/27 (67.198.232.96-67.198.232.127) 89.111.186.229 mail.pif.co.uk ui3h.gartinafi.com 2021-11-02T08:30:00Z (+/-10 min) 89.111.186.229/32 (89.111.186.229-89.111.186.229) 89.111.187.219 mail.pif.co.uk ucw6.gartinafi.com 2021-11-02T08:30:00Z (+/-10 min) 89.111.187.219/32 (89.111.187.219-89.111.187.219) 174.139.160.149 mail.pif.co.uk mqc.khaoula02.xyz 2021-11-02T08:20:00Z (+/-10… Читать далее Snowshoe spam ranges

Snowshoe spam ranges

Maili.ee

$ host uiie.xyz uiie.xyz has address 79.174.71.118 This IP is mailing on behalf of Maili.ee.

Tofsee botnet controller @77.222.55.43

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 77.222.55.43 on port 421 TCP: $ telnet 77.222.55.43 421 Trying 77.222.55.43… Connected to 77.222.55.43. Escape character… Читать далее Tofsee botnet controller @77.222.55.43

Maili.ee

Longtime ROKSO spam operation Arendame («Mihail Fortis») is spamming from new IPs today. Received: from 77-222-55-220.vps-ptr.clients.spaceweb.ru (77-222-55-220.vps-ptr.clients.spaceweb.ru [77.222.55.220]) Date: Mon, 17 Oct 2016 11:##:## +0300 From: «Maksude uudised» <reply@estdata.pw> Subject: Sõiduauto, erisoodustused ja ev mitteseotud kulud nüüd poole hinnaga <snip> Hind sisaldab õppetööd, õppematerjale, lõunat, kohvipause! Lisainfo ja osavõtuks registreerimine siit või 6556778, 5279999 <snip>… Читать далее Maili.ee

Maili.ee

ROKSO spammer Arendame («Mihail Fortis») is spamming from a new IP address. Received: from maili.pw (77-222-54-2.vps-ptr.clients.spaceweb.ru [77.222.54.2]) Date: Sun, 7 May 2017 20:##:## +0300 From: «E-posti Turundus» <kontakt@maili.pw> Subject: Maili_ee Kevadkampaania! <snip> E-posti turundus Eestis (B2B). masspostitus kampaania soodushinnaga! Lugupeetud Ettevõtja, <snip> Email Address: parimadpakkumised@gmail.com