Socelars botnet controller @161.97.64.205

The host at this IP address is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Socelars botnet controller located at 161.97.64.205 on port 80 (using HTTP POST):
hXXp://www.mkpmc.com/

$ dig +short www.mkpmc.com
161.97.64.205

$ nslookup 161.97.64.205
vmi779689.contaboserver.net

Referencing malware binaries (MD5 hash):
2560130545f5128d6f52af65262b7964 — AV detection: 41 / 69 (59.42)
582a63b29a17c25c0c2e13927151b68e — AV detection: 38 / 68 (55.88)
7667dc7e2d901dedaec918130ad96778 — AV detection: 52 / 69 (75.36)
88d588fe68575707eb25cc213f359a10 — AV detection: 42 / 67 (62.69)
96c5f768f8882832c9bed4da8365152f — AV detection: 41 / 68 (60.29)
aa22ad228485c6d70735be580f1b0c2d — AV detection: 41 / 68 (60.29)
b6038cccff037514a3cd3a2346abaa27 — AV detection: 48 / 67 (71.64)
de1ef07ba624c3a87efed3b9420aca56 — AV detection: 52 / 69 (75.36)

Other malicious domain names hosted on this IP address:
www.anquyebt.com 161.97.64.205
www.nvdmzf.com 161.97.64.205
www.mkpmc.com 161.97.64.205

Опубликовано
В рубрике contabo.de

Добавить комментарий

Ваш адрес email не будет опубликован.