Received: from s8.megojom.ru (megojom.ru [77.244.216.133]) Date: Tue, 30 Nov 2021 04:0x:xx +0000 From: Aleksandr <info@s8.megojom.ru> Subject: Предложение 77.244.216.130 tefalongo.ru 77.244.216.131 eseneno.ru 77.244.216.132 derwerer.ru 77.244.216.133 megojom.ru 77.244.216.134 welbryh.ru
Рубрика: selectel.ru
Malicious redirectors.
Was SBL537335 47.254.173.194/32 Was SBL537237 47.74.89.251/32 Was SBL537181 47.251.40.77/32 188.246.235.218 transit-uk.com 188.246.235.218 nhs.auth-covid-pass.com hermes.online-postage-delivery.com has address 188.246.235.218 online-postage-delivery.com has address 188.246.235.218 dpd-parcel-reschedule.com has address 45.130.41.12 ————————————— Nothing legitimate is hosted here. auth-covid-pass.com has address 47.254.173.194 nhs.auth-covid-pass.com has address 47.254.173.194 delayed-gb.com has address 47.254.173.194 hermes.online-postage-delivery.com has address 47.254.173.194 online-postage-delivery.com has address 47.254.173.194 dpd-parcel-reschedule.com has address 45.130.41.12… Читать далее Malicious redirectors.
Botnet hosting (escalation)
Due to massive and repeated botnet hosting, as well as the fact that hostway provides bulletproof hosting to botnet operators by ignoring abuse reports sent by Spamhaus and 3rd parties, we consider their network as harmful and risky for our users. As a result, we advise our users to not accept network traffic from hostway.ru’s… Читать далее Botnet hosting (escalation)
RedLineStealer botnet controller @185.189.167.130
RedLineStealer botnet controller hosted here: $ telnet 185.189.167.130 38637 Trying 185.189.167.130… Connected to 185.189.167.130. Escape character is ‘^]’.
RemoteManipulator botnet controller @77.223.124.210
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 77.223.124.210 on port 5655 TCP: $ telnet 77.223.124.210 5655 Trying 77.223.124.210… Connected to 77.223.124.210. Escape character… Читать далее RemoteManipulator botnet controller @77.223.124.210
Malware botnet controllers @95.213.165.229
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Smoke Loader botnet controller located at 212.193.50.94 on port 80 (using HTTP POST): hXXp://xacokuo80.top/ xacokuo80.top. 600 IN A 95.213.165.229 The host at this IP address is currently… Читать далее Malware botnet controllers @95.213.165.229
Malware botnet controller @194.87.1.69
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 194.87.1.69 on port 443: $ telnet 194.87.1.69 443 Trying 194.87.1.69… Connected to 194.87.1.69. Escape character is… Читать далее Malware botnet controller @194.87.1.69
spam emitters
Received: from s2.megojom.ru (megojom.ru [95.213.249.189]) Date: Fri, 26 Nov 2021 09:3x:xx +0000 From: Aleksandr <info@s2.megojom.ru> Subject: Предложение 95.213.249.186 tefalongo.ru 95.213.249.187 eseneno.ru 95.213.249.188 derwerer.ru 95.213.249.189 megojom.ru 95.213.249.190 welbryh.ru
Loki botnet controller @95.213.216.149
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Loki botnet controller located at 95.213.216.149 on port 80 (using HTTP POST): hXXp://secure01-redirect.net/fx/fre.php $ dig +short secure01-redirect.net 95.213.216.149 $ nslookup 95.213.216.149 cr10.xyz
spam emitters
Received: from s12.megojom.ru (megojom.ru [185.186.3.12]) Date: Tue, 23 Nov 2021 08:0x:xx +0000 From: Aleksandr <info@s12.megojom.ru> Subject: Предложение 185.186.3.10 tefalongo.ru 185.186.3.11 eseneno.ru 185.186.3.12 megojom.ru 185.186.3.13 derwerer.ru 185.186.3.14 welbryh.ru