Malware botnet controller @34.138.254.66

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller at 34.138.254.66 on port 443.
$ telnet 34.138.254.66 443
Trying 34.138.254.66…
Connected to 34.138.254.66.
Escape character is ‘^]’

$ dig +short -x 34.138.254.66
66.254.138.34.bc.googleusercontent.com.

Malicious domains observed at this IP address:
atom-softs.com. 600 IN A 34.138.254.66
atom-tw.com. 600 IN A 34.138.254.66
atom-tweak.net. 600 IN A 34.138.254.66
atomtweak.com. 600 IN A 34.138.254.66
beachbig.com. 600 IN A 34.138.254.66
best1488.com. 600 IN A 34.138.254.66
blackinstalls.com. 600 IN A 34.138.254.66
bthuu.com. 600 IN A 34.138.254.66
chinett.com. 600 IN A 34.138.254.66
cloudjah.com. 600 IN A 34.138.254.66
cranonline.com. 600 IN A 34.138.254.66
cranonline.com. 600 IN A 34.138.254.66
dailykan.com. 600 IN A 34.138.254.66
dailykan.com. 600 IN A 34.138.254.66
djher.com. 600 IN A 34.138.254.66
djher.com. 600 IN A 34.138.254.66
far-lbs.com. 600 IN A 34.138.254.66
freehar.com. 600 IN A 34.138.254.66
freehar.com. 600 IN A 34.138.254.66
g-farlab.com. 600 IN A 34.138.254.66
glclick.com. 600 IN A 34.138.254.66
glclick.com. 600 IN A 34.138.254.66
gokaef.com. 600 IN A 34.138.254.66
gripeee.com. 600 IN A 34.138.254.66
gvnoweb.com. 600 IN A 34.138.254.66
i-farlab.com. 600 IN A 34.138.254.66
i-farlabs.com. 600 IN A 34.138.254.66
i-labspro.com. 600 IN A 34.138.254.66
in-softs.com. 600 IN A 34.138.254.66
it-farlab.com. 600 IN A 34.138.254.66
johnsol.com. 600 IN A 34.138.254.66
kayattr.com. 600 IN A 34.138.254.66
labs-pr.com. 600 IN A 34.138.254.66
liveme202.com. 600 IN A 34.138.254.66
mindurl.com. 600 IN A 34.138.254.66
mindurl.com. 600 IN A 34.138.254.66
nanbier.com. 600 IN A 34.138.254.66
netgul.com. 600 IN A 34.138.254.66
nextinstall.info. 600 IN A 34.138.254.66
noplayboy.com. 600 IN A 34.138.254.66
noplayboy.com. 600 IN A 34.138.254.66
offtechnology.com. 600 IN A 34.138.254.66
ouclick.com. 600 IN A 34.138.254.66
ouclick.com. 600 IN A 34.138.254.66
payfilms.com. 600 IN A 34.138.254.66
search1search.com. 600 IN A 34.138.254.66
sharemem.com. 600 IN A 34.138.254.66
soft-me.com. 600 IN A 34.138.254.66
softsme.com. 600 IN A 34.138.254.66
spiritualpay.top. 600 IN A 34.138.254.66
thepe.net. 600 IN A 34.138.254.66
thispacific-pact.top. 600 IN A 34.138.254.66
zodomain.com. 600 IN A 34.138.254.66