The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 77.246.158.377 on port 443: $ telnet 77.246.158.37 443 Trying 77.246.158.37… Connected to 77.246.158.37. Escape character is ‘^]’ gc-distribution.biz. 60 IN A 77.246.158.377
Spamvertised website
2022-02-20 gotogml.com. 60 IN A 45.8.127.154 2022-02-01 gotogml.com. 60 IN A 194.87.1.4 2022-01-31 gotogml.com. 60 IN A 194.87.1.5 2022-01-20 gotogml.com. 60 IN A 194.87.185.11 2022-01-18 gotogml.com. 60 IN A 5.188.160.30 Received: from iustocouny.newdom.com (20.77.57.222) Date: Mon, 17 Jan 2022 12:34:00 +0000 From: 💖💖 Charming Russian Girls 💖💖 <> Subject: Find Your Russian Girl Who is… Читать далее Spamvertised website
spam emitter @172.104.15.248
Received: from obamacare-plans.com (172-104-15-248.ip.linodeusercontent.com. [172.104.15.248]) From: C. v. S. <apache@vsptechnologies.com> Date: Subject: Confirm Today https://massdelivery.ru/user/files/27706/[] 185.112.82.151 https://futurretrees.com/0/0/0/[] 185.147.127.154 https://trolleyriders.com/?s1=350575&s2=[]&s3=2575&s4=1290&ow=&s10=31 172.67.138.252 https://urbanusdent.com/[] 104.21.42.8
spam emitter @138.201.189.85
previous emission tied to the same spammer: Received: from olvb.dealsdia.com (static.249.32.55.162.clients.your-server.de. [162.55.32.249]) From: 💲CashApp <CashApp@olvb.dealsdia.com> Date: Fri, 18 Feb 2022 11:5x:xx +0000 Subject: 💲 CashApp Funds sent to {[] } 💳 ? Received: from fkel.affiliateddeal.com (static.85.189.201.138.clients.your-server.de. [138.201.189.85]) From: Cash App💲 <CashApp@fkel.affiliateddeal.com> Date: Sun, 20 Feb 2022 05:0x:xx +0000 Subject: 💲 CashApp Funds sent to {[]… Читать далее spam emitter @138.201.189.85
Spamvertised website
Received: from fkel.affiliateddeal.com (static.85.189.201.138.clients.your-server.de. [138.201.189.85]) From: Cash App💲 <CashApp@fkel.affiliateddeal.com> Date: Sun, 20 Feb 2022 05:0x:xx +0000 Subject: 💲 CashApp Funds sent to {[] } 💳 ? https://storage.googleapis.com/rdcoffer/offertrc.html#l[] http://olkj.dailycouponcard.com/redirection/rdt.php?track=[] 198.8.93.182 https://offerlink.co/?a=3059&oc=34056&c=66168&m=3&s1=13&s2=[]&email_address=[] 34.255.103.64 https://rdmroot.com/?a=3059&oc=34056&c=66168&m=3&s1=13&s2=[]&email_address=[]&ckmguid=[] 54.74.214.1 https://us-newcashppy.yousweeps.com/#/?reqid=[]2&oid=27945&a=3059&cid=[]&s1=13&email_address=[] 172.67.159.65
Spam source @52.100.167.204
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12hn2204.outbound.protection.outlook.com [52.100.167.204]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN «mail.protection.outlook.com», Issuer «DigiCert Cloud Services CA-1» (not verified)) by X (Postfix) with ESMTPS id X for <X>; Sun, 20 Feb 2022 X […] Received: from SN6PR14MB2479.namprd14.prod.outlook.com (2603:10b6:805:ea::17) by BN6PR1401MB2082.namprd14.prod.outlook.com (2603:10b6:405:55::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id X; Sun, 20 Feb… Читать далее Spam source @52.100.167.204
Spamvertised website
Received: from mail211.sea101.rsgsv.net (45.159.12.17) From: Siste dag<info@sovehn.com> Subject: -lt’s time to renew your registration Date: Sat, 19 Feb 2022 12:1x:xx -0500 https://cutt.ly/EPQXnYE 172.67.8.238 http://deedhq.com/vB?MjE5ODI3NW5nNTYwNjYxNEp3MHlPMFRKMlBUcjE0NjkxMVha 209.239.116.49 http://stamptions.com/2198275ng5606614Jw0yO0TJ2PTr146911XZ 206.196.98.136 https://www.zekys.com/TNDQSZH7/XD1GFPDJ/?sub1=2198275&sub2=21b-2198275-5606614-146911-0-08322 35.227.247.224 https://norton.ow5a.net/c/19264/761883/4405?subId1=9887d7d313cc47bfbef318701d7debba&subId2=21b-2198275-5606614-146911-0-08322&sharedid=426430_2198275 99.80.181.127
Malware botnet controllers @185.251.91.119
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 185.251.91.119 on port 443: $ telnet 185.251.91.119 443 Trying 185.251.91.119… Connected to 185.251.91.119. Escape character is… Читать далее Malware botnet controllers @185.251.91.119
Tofsee botnet controller @45.8.124.99
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse. Malware botnet controller located at 45.8.124.99 on port 443 TCP: $ telnet 45.8.124.99 443 Trying 45.8.124.99… Connected to 45.8.124.99. Escape character… Читать далее Tofsee botnet controller @45.8.124.99
FastFlux hosting provider — who use hacked servers to host malware, phish, etc. (DNS server)
https://bulletproof-hosting.com >>> https://bulletproof.su/? >>> https://t.me/ffservice? ns1.nospamdns.ru. 7162 IN A 51.77.158.21 ns2.nospamdns.ru. 7159 IN A 195.14.189.85 ________________ ns1.nospamdns.ru. 7162 IN A 147.78.64.176 ns2.nospamdns.ru. 7159 IN A 5.188.89.72 ________________ ns1.nospamdns.ru. 7162 IN A 147.78.64.176 ns2.nospamdns.ru. 7159 IN A 213.189.219.126 ________________ ns1.nospamdns.ru. 7162 IN A 2.57.187.44 ns2.nospamdns.ru. 7159 IN A 213.59.127.149 ________________ ns1.nospamdns.ru. 7162 IN A 2.57.186.199 ns2.nospamdns.ru.… Читать далее FastFlux hosting provider — who use hacked servers to host malware, phish, etc. (DNS server)