The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.
Smoke Loader botnet controller located at 194.87.253.188 on port 80 (using HTTP POST):
hXXp://file-coin-host-12.com/
file-coin-host-12.com. 600 IN A 194.87.253.188
Referencing malware binaries (MD5 hash):
709cdc8f1ffceb73206dec78221d895e — AV detection: 23 / 67 (34.33)
9fe895c3631429459b128bff1cb6f948 — AV detection: 20 / 66 (30.30)
d0f36dcf733939b17f962b83082e15b1 — AV detection: 23 / 67 (34.33)
Malware distribution located here:
hXXp://file-coin-coin-10.com/files/3668_1644349684_8220.exe
hXXp://privacy-tools-for-you-783.com/downloads/toolspab2.exe
file-coin-coin-10.com. 600 IN A 194.87.253.188
privacy-tools-for-you-783.com. 600 IN A 194.87.253.188
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.
Malware botnet controller located at 194.87.253.188 on port 443:
$ telnet 194.87.253.188 443
Trying 194.87.253.188…
Connected to 194.87.253.188.
Escape character is ‘^]’
Additional malicious domains observed at this IP address:
coin-file-file-19.com. 600 IN A 194.87.253.188
file-coin-coin-10.com. 600 IN A 194.87.253.188
file-coin-host-12.com. 600 IN A 194.87.253.188
file-file-host8.com. 600 IN A 194.87.253.188
privacy-tools-for-you-782.com. 600 IN A 194.87.253.188
privacy-tools-for-you-783.com. 600 IN A 194.87.253.188
stats404.info. 600 IN A 194.87.253.188