Received: from s12.megojom.ru (megojom.ru [185.186.3.12]) Date: Tue, 23 Nov 2021 08:0x:xx +0000 From: Aleksandr <info@s12.megojom.ru> Subject: Предложение 185.186.3.10 tefalongo.ru 185.186.3.11 eseneno.ru 185.186.3.12 megojom.ru 185.186.3.13 derwerer.ru 185.186.3.14 welbryh.ru
DCRat botnet controller @80.87.194.232
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. DCRat botnet controller located at 80.87.194.232 on port 80 (using HTTP GET): hXXp://80.87.194.232/whell_/on/moss000/Jstraffic.php $ nslookup 80.87.194.232 agarou.fvds.ru
CompanyLeads.org
CompanyLeads.org. 300 IN A 137.184.44.221 Received: from [103.13.114.169] (helo=stuff.datalist.me) Date: Tue, 23 Nov 2021 06:4x:xx +0100 From: Maria Hanson <maria@datalist.me> Subject: UK Leads Black Friday Hi from CompanyLeads.org We are running a special on our UK Database! 16,290,681 Leads for a mere £49 once off. Visit us on CompanyLeads.org/UK Thank you! Maria Hanson
RedLineStealer botnet controller @135.181.245.89
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 135.181.245.89 on port 24368 TCP: $ telnet 135.181.245.89 24368 Trying 135.181.245.89… Connected to 135.181.245.89. Escape character… Читать далее RedLineStealer botnet controller @135.181.245.89
RemoteManipulator botnet controller @95.213.205.83
===== Moved from SBL537019 95.213.205.82. ===== ===== Moved from SBL535812 185.175.44.167. ===== The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 95.213.205.83 on port 5655… Читать далее RemoteManipulator botnet controller @95.213.205.83
Malware botnet controllers @91.224.22.142
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 91.224.22.142 on port 443: $ telnet 91.224.22.142 443 Trying 91.224.22.142… Connected to 91.224.22.142. Escape character is… Читать далее Malware botnet controllers @91.224.22.142
cloudflare-proxy.com malware @ 3.25.227.21
Malware hosted here: cloudflare-proxy.com A 3.25.227.21
RedLineStealer botnet controller @135.181.129.119
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 135.181.129.119 on port 4805 TCP: $ telnet 135.181.129.119 4805 Trying 135.181.129.119… Connected to 135.181.129.119. Escape character… Читать далее RedLineStealer botnet controller @135.181.129.119
Socelars botnet controller @185.209.229.184
The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Socelars botnet controller located at 185.209.229.184 on port 80 (using HTTP GET): hXXp://www.kittyschwartz.com/ $ dig +short www.kittyschwartz.com 185.209.229.184 $ nslookup 185.209.229.184 vmi718271.contaboserver.net Referencing malware binaries (MD5 hash):… Читать далее Socelars botnet controller @185.209.229.184
spam support (domains)
domain used in spam operation getfolifort.com 104.21.95.217