Loki botnet controller @188.166.172.139

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Loki botnet controller located at 188.166.172.139 on port 80 (using HTTP POST):
hXXp://mail.jithiadaproperties.com/swtnvmbr/logs/fre.php

$ dig +short mail.jithiadaproperties.com
188.166.172.139

$ nslookup 188.166.172.139
mail.jithiadaproperties.com

Referencing malware binaries (MD5 hash):
7efb4f2ba3a9fdc54539b9b8562de02b — AV detection: 20 / 66 (30.30)
abb2534013892b17b41b42337b50d268 — AV detection: 26 / 68 (38.24)
fc8ff34786b65abf4bc931f25225f845 — AV detection: 33 / 66 (50.00)

Добавить комментарий

Ваш адрес email не будет опубликован.