GCleaner botnet controller @188.40.15.9

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

GCleaner botnet controller located at 188.40.15.9 on port 80 (using HTTP GET):
hXXp://favartif.top/getFile.php

Referencing malware binaries (MD5 hash):
a12b8d3cd6f1fee82d85eb2b6ecc4d72 — AV detection: 39 / 68 (57.35)
a361d0ab7facb9cb9d4f4508c45e7514 — AV detection: 36 / 68 (52.94)
aa88b9b2f738c62fbaedc19802aa05c7 — AV detection: 39 / 68 (57.35)
b42aad28b0c66a7c6350fb6e48f7c05a — AV detection: 38 / 67 (56.72)

Malware botnet controller at 51.38.95.22 on port 443.
$ telnet 188.40.15.9 443
Trying 188.40.15.9…
Connected to 188.40.15.9.
Escape character is ‘^]’

Malicious domains observed at this IP address:
favartif.top. 60 IN A 188.40.15.9

Опубликовано
В рубрике hetzner.de

Добавить комментарий

Ваш адрес email не будет опубликован.