GCleaner botnet controller @51.38.95.22

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

GCleaner botnet controller located at 51.38.95.22 on port 80 (using HTTP GET):
hXXp://favartif.top/getFile.php

Referencing malware binaries (MD5 hash):
a12b8d3cd6f1fee82d85eb2b6ecc4d72 — AV detection: 39 / 68 (57.35)
a361d0ab7facb9cb9d4f4508c45e7514 — AV detection: 36 / 68 (52.94)
aa88b9b2f738c62fbaedc19802aa05c7 — AV detection: 39 / 68 (57.35)
b42aad28b0c66a7c6350fb6e48f7c05a — AV detection: 38 / 67 (56.72)

Malware botnet controller at 51.38.95.22 on port 443.
$ telnet 51.38.95.22 443
Trying 51.38.95.22…
Connected to 51.38.95.22.
Escape character is ‘^]’

Malicious domains observed at this IP address:
favartif.top. 60 IN A 51.38.95.22

Опубликовано
В рубрике ovh.net

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *