Loki botnet controller @185.251.90.150

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller located at 185.251.90.150 port 443:
$ telnet 185.251.90.150 443
Trying 185.251.90.150…
Connected to 185.251.90.150.
Escape character is ‘^]’

Malicious domains observed at this IP address:
app-decline-transaction-help.com. 600 IN A 185.251.90.150
customer-id8319.com. 600 IN A 185.251.90.150
decline-transaction-request-help.com. 600 IN A 185.251.90.150
deliveryparceluk-reschedule.info. 600 IN A 185.251.90.150
lloyds-accessaccount.com. 600 IN A 185.251.90.150
mysantsmobile-app.com. 600 IN A 185.251.90.150
nhs-applycovid-pass.com. 600 IN A 185.251.90.150
nhscovidapplypass.com. 600 IN A 185.251.90.150
o2updatebilling.com. 600 IN A 185.251.90.150
orderhome-testkit.com. 600 IN A 185.251.90.150
po-local-branchs.com. 600 IN A 185.251.90.150
po-missed-shipment.com. 600 IN A 185.251.90.150
po-redeliverpackage.com. 600 IN A 185.251.90.150
post-relocation.com. 600 IN A 185.251.90.150
posupport-help.com. 600 IN A 185.251.90.150
redeliver-myitem.com. 600 IN A 185.251.90.150
reschedule-mypo.com. 600 IN A 185.251.90.150
resolve-billing-error.com. 600 IN A 185.251.90.150
revenue-taxreturn.com. 600 IN A 185.251.90.150
verify-transaction-decline.com. 600 IN A 185.251.90.150

Добавить комментарий

Ваш адрес email не будет опубликован.