Malware / Botnet / Phishing hosting server @176.113.80.174

According to our telemetry and our own intelligence, the host at this IP address has been setup by cyber criminals for the exclusive purpose of hosting phishing sites, malware distribution sites and/or botnet controllers. We therefore advise our users to block any traffic from/to this IP address.

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller located at 176.113.80.174 port 443:
$ telnet 176.113.80.174 443
Trying 176.113.80.174…
Connected to 176.113.80.174.
Escape character is ‘^]’

Malicious domains observed on this IP address:
ch-accounts-binance.com. 600 IN A 176.113.80.174
ch-compliance-binance.com. 600 IN A 176.113.80.174
dnb-mobilbankno.com. 600 IN A 176.113.80.174
es-blockchain.com. 600 IN A 176.113.80.174
espana-blockchain.com. 600 IN A 176.113.80.174
m-sparebank.info. 600 IN A 176.113.80.174
mmc-ventures.com. 600 IN A 176.113.80.174
nordea-norge.info. 600 IN A 176.113.80.174
nordeafi-peruutus.com. 600 IN A 176.113.80.174
opfi-peruutus.com. 600 IN A 176.113.80.174
ph-accounts-binance.com. 600 IN A 176.113.80.174
rebate-binance.com. 600 IN A 176.113.80.174
tesla-santander.com. 600 IN A 176.113.80.174

Опубликовано
В рубрике ruvds.com

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *