Abuse Message [AbuseID:84C17E:1F]: AbuseNormal: SBL Notify: IP: added to Spamhaus Botnet Controller List (BCL)

 SBL519488 — The Spamhaus Project — SBL International Anti-Spam System
 Hello hetzner.de Abuse Desk,
 This is an automated message from the Spamhaus Block List (SBL) database
 to advise that the IP below has been added to sbl.spamhaus.org:
 RedLineStealer botnet controller @
 SBL Ref: SBL519488
 The reason for listing the IP address(es) is explained at the url:
 If this problem has already been taken care, a removal request can
 be sent for SBL519488 by emailing:
 Note that the email must tell us how the problem has been resolved (we need
 to know exactly how the issue has been dealt with and that this problem is fully terminated).
 Please always include «SBL519488» in the Subject of any emails to
 sbl-removals@spamhaus.org regarding this listing.
   SBL System Robot
   The Spamhaus Project
 You can review all current SBL listings concerning your network here:
 More information may be availble in the new Spamhaus ISP Portal, including
 free API access to CSS and XBL listings. Sign up for a PBL account here
 to access the Spamhaus ISP Portal:
 You are receiving this notification because you are the designated abuse
 contact for your network. If you do not want to be alerted whenever IPs
 on your network are listed in the SBL, please advise us by contacting
 ISP Abuse Desk Resources……..: https://www.spamhaus.org/isp/
 Spamhaus Block List (SBL)…….: https://www.spamhaus.org/sbl/
 Exploits Block List (XBL)…….: https://www.spamhaus.org/xbl/
 Botnet Controller List (BCL)….: https://www.spamhaus.org/bcl/
 Don’t Route or Peer List (DROP).: https://www.spamhaus.org/drop/
 Register Of Known Spammers……: https://www.spamhaus.org/rokso/
The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller located at on port 81 TCP:
$ telnet 81
Connected to
Escape character is ‘^]’

$ nslookup

Referencing malware samples (MD5 hash):
487cbebe3e0e954d3cd2d42a5daf2f67 — AV detection: 53 / 71 (74.65%)
4920169cae3b94797609bcf4d6bc5df4 — AV detection: 19 / 70 (27.14%)
4f095e73016bbf9432ec5a14f66239c0 — AV detection: 37 / 71 (52.11%)
6d258ba9a819c1b345e85e857eab26cf — AV detection: 37 / 70 (52.86%)

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *