Malware / Botnet / Phishing hosting server @185.251.89.138

According to our telemetry and our own intelligence, the host at this IP address has been setup by cyber criminals for the exclusive purpose of hosting phishing sites, malware distribution sites and/or botnet controllers. We therefore advise our users to block any traffic from/to this IP address.

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller at 185.251.89.138 port 443.
$ telnet 185.251.89.138 443
Trying 185.251.89.138…
Connected to 185.251.89.138.
Escape character is ‘^]’

Malicious domains observed at this IP address:
atom-softs.com. 600 IN A 185.251.89.138
atom-tw.com. 600 IN A 185.251.89.138
atom-tweak.net. 600 IN A 185.251.89.138
atomtweak.com. 600 IN A 185.251.89.138
atomtweaks.com. 600 IN A 185.251.89.138
banhamm.com. 600 IN A 185.251.89.138
beachbig.com. 600 IN A 185.251.89.138
best1488.com. 600 IN A 185.251.89.138
bethats.com. 600 IN A 185.251.89.138
blackinstalls.com. 600 IN A 185.251.89.138
bthuu.com. 600 IN A 185.251.89.138
chinett.com. 600 IN A 185.251.89.138
cloudjah.com. 600 IN A 185.251.89.138
cranonline.com. 600 IN A 185.251.89.138
dailykan.com. 600 IN A 185.251.89.138
djher.com. 600 IN A 185.251.89.138
far-lbs.com. 600 IN A 185.251.89.138
farlabed.com. 600 IN A 185.251.89.138
farlabus.com. 600 IN A 185.251.89.138
farlabweb.com. 600 IN A 185.251.89.138
freehar.com. 600 IN A 185.251.89.138
fuck-systems.com. 600 IN A 185.251.89.138
g-farlab.com. 600 IN A 185.251.89.138
geoshit.com. 600 IN A 185.251.89.138
getnek.com. 600 IN A 185.251.89.138
glclick.com. 600 IN A 185.251.89.138
gokaef.com. 600 IN A 185.251.89.138
gripeee.com. 600 IN A 185.251.89.138
gvnoweb.com. 600 IN A 185.251.89.138
i-farlab.com. 600 IN A 185.251.89.138
i-farlabs.com. 600 IN A 185.251.89.138
i-labspro.com. 600 IN A 185.251.89.138
in-softs.com. 600 IN A 185.251.89.138
it-farlab.com. 600 IN A 185.251.89.138
johnsol.com. 600 IN A 185.251.89.138
kayattr.com. 600 IN A 185.251.89.138
koren24.com. 600 IN A 185.251.89.138
labs-pr.com. 600 IN A 185.251.89.138
liveme202.com. 600 IN A 185.251.89.138
mindurl.com. 600 IN A 185.251.89.138
myfarlab.com. 600 IN A 185.251.89.138
nanbier.com. 600 IN A 185.251.89.138
netgul.com. 600 IN A 185.251.89.138
newfarlab.com. 600 IN A 185.251.89.138
nextinstall.info. 600 IN A 185.251.89.138
noplayboy.com. 600 IN A 185.251.89.138
offtechnology.com. 600 IN A 185.251.89.138
ouclick.com. 600 IN A 185.251.89.138
payfilms.com. 600 IN A 185.251.89.138
pcrare.com. 600 IN A 185.251.89.138
proatomtweak.com. 600 IN A 185.251.89.138
royalyo.com. 600 IN A 185.251.89.138
search1search.com. 600 IN A 185.251.89.138
sharemem.com. 600 IN A 185.251.89.138
soft-me.com. 600 IN A 185.251.89.138
softsme.com. 600 IN A 185.251.89.138
spiritualpay.top. 600 IN A 185.251.89.138
thepe.net. 600 IN A 185.251.89.138
thispacific-pact.top. 600 IN A 185.251.89.138
vrsrat.com. 600 IN A 185.251.89.138
wwwwcube.com. 600 IN A 185.251.89.138
yourkok.com. 600 IN A 185.251.89.138
zodomain.com. 600 IN A 185.251.89.138

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *