Рубрика: nic.ru

ROKSO spammer Arendame («Mihail Fortis») is spamming from a new IP address and domain. Received: from 77-222-55-10.vps-ptr.clients.spaceweb.ru (77-222-55-10.vps-ptr.clients.spaceweb.ru [77.222.55.10]) Date: Wed, 6 Sep 2017 17:##:## +0300 From: «Maksumuudatused» <data@ckiri.xyz> Subject: UUS — Sõiduauto 2018, erisoodustused ja ev mitteseotud kulud — viimased 5 kohta <snip> Tere! Tuletame meelde, et juba järgmine nädal on tulemas eesti ühe… Читать далее Maili.ee

The host at this IP address (77.222.55.27) is either hijacked (compromised) or, more likely, operated by miscreants for the purpose of running port scans on other hosts in the internet. While we don’t know the purpose of the port scans originating from this IP address, such portscans are usually used to: * Find vulnerable devices… Читать далее Vulnerability scanner @77.222.55.27

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 77.222.60.127 on port 80 (using HTTP GET): hXXp://extenterms.top/data2.php $ dig +short extenterms.top 77.222.60.127 Other malicious domain names hosted on this IP address:… Читать далее Malware botnet controller @77.222.60.127

The host at this IP address (185.26.112.217) is either operated by cybercriminals or hosting compromised websites that are being used to distribute malware: http://wmi.1217bye.host/1.txt AS number: AS48287 AS name: RU-CENTER

This IP is sending on behalf of Maili.ee. Received: from c3368.colo.hc.ru (unknown [79.174.69.60]) by x (Postfix) with ESMTPS id x for <x>; Sun, 30 Aug 2020 ##:##:## +0100 (BST) From: ABC Keeltekool <VARIOUS@hugemailer.com> <- forgery Subject: Inglise keel täiskasvanutele, koolinortele ja lastele Date: Sun, 30 Aug 2020 ##:##:## +0300

The host at this IP address is hosting a website that have been compromised by threat actors to distribute Emotet (aka Heodo) malware. The following URL is hosting a webshell that is being accessed by the threat actors programmatically to place malware on the website: URL: http://mobilepro-tm.online/xcuidf.php Host: mobilepro-tm.online IP address: 195.24.68.19 Hostname: wcarp.hosting.nic.ru

The host at this IP address is hosting a website that have been compromised by threat actors to distribute Emotet (aka Heodo) malware. The following URL is hosting a webshell that is being accessed by the threat actors programmatically to place malware on the website: URL: http://pc03.su/isalcnkpdhfzxtg.php Host: pc03.su IP address: 195.24.68.15 Hostname: wcarp.hosting.nic.ru

The host at this IP address is hosting a website that have been compromised by threat actors to distribute Emotet (aka Heodo) malware. The following URL is hosting a webshell that is being accessed by the threat actors programmatically to place malware on the website: URL: http://www.mss2.ru/wp-content/uploads/2013/09/JST10x.php Host: www.mss2.ru IP address: 195.208.1.108 Hostname: std-carp8-http.nic.ru

The host at this IP address is hosting a website that have been compromised by threat actors to distribute Emotet (aka Heodo) malware. The following URL is hosting a webshell that is being accessed by the threat actors programmatically to place malware on the website: URL: http://xn--80adimcjlj5abbup.xn--p1ai/ieputqbkyho.php Host: xn--80adimcjlj5abbup.xn--p1ai IP address: 178.210.84.112 Hostname: h698292.r01host.ru

The host at this IP address is hosting a website that have been compromised by threat actors to distribute Emotet (aka Heodo) malware. The following URL is hosting a webshell that is being accessed by the threat actors programmatically to place malware on the website: URL: http://xn--80adimcjlj5abbup.xn--p1ai/wp-admin/css/colors/blue/JST10x.php Host: xn--80adimcjlj5abbup.xn--p1ai IP address: 178.210.84.112 Hostname: h698292.r01host.ru