HawkEye botnet controller @74.125.142.108

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller located at 74.125.142.108 on port 587 TCP (SMTP from/to: ugosouth400@gmail.com):
$ telnet 74.125.142.108 587
Trying 74.125.142.108…
Connected to 74.125.142.108.
Escape character is ‘^]’

$ nslookup 74.125.142.108
ie-in-f108.1e100.net

Other malicious domain names hosted on this IP address:
gmail-imap.l.google.com 74.125.142.108
gmail-pop.l.google.com 74.125.142.108
gmail-smtp-msa.l.google.com 74.125.142.108
smtp.gmail.com 74.125.142.108

Referencing malware samples (MD5 hash):
01d507b7e87fcce8c3953f35497798e7 — AV detection: 31/41 (75.61%)
1748ee1835da4e6999c2486b31bfc3c0 — AV detection: 33/46 (71.74%)
5dd91bd166b156c2cff990551a0c80dc — AV detection: 34/70 (48.57%)
64fbd815a17818d26dc8945aa95ea239 — AV detection: 61 / 67 (91.04%)
808a4ea6f8546a726f4e347113e2eb14 — AV detection: 28/72 (38.89%)
dd7777e14ad5bb9c63ed604144183b87 — AV detection: 32/42 (76.19%)
ed11e3879d87aabacdec7c2641def3e8 — AV detection: 44/70 (62.86%)
f710d22f46d5044dfee58607899333b0 — AV detection: 54 / 71 (76.06%)
f84a16b1ab3cfc62f22213eda0e2b47f — AV detection: 52 / 70 (74.29%)
fbc4c66711a55c74ac7ffa4a871353a0 — AV detection: 60 / 69 (86.96%)

Опубликовано
В рубрике google.com

Добавить комментарий

Ваш адрес email не будет опубликован.