Results of Lookup
redacted.ip is listed
This IP address was detected and listed 4 times in the past 28 days, and 1 times in the past 24 hours. The most recent detection was at Thu Aug 17 18:55:00 2017 UTC +/- 5 minutes
This IP address is infected with, or is NATting for a machine infected with the ZeuS trojan, also known as "Zbot" and "WSNPoem".
ZeuS is a malicious software (malware) used by cyber-criminals to commit e-banking fraud and steal sensitive personal data, such as credentials (username, password) for online services (email, webmail, etc.).
The infection was detected by observing this IP address attempting to make contact to a ZeuS Command and Control server (C&C), a central server used by the criminals to control with ZeuS infected computers (bots).
More information about the ZeuS Trojan can be found here:
- Microsoft Malware Protection Center: Win32/Zbot
- Symantec: Trojan.Zbot
- McAfee Labs Threat Advisory: PWS-Zbot
You can try Kaspersky's Zbot killer to get this infection detected/removed. However, we strongly recommend you to completely re-install your operating system to get this infection removed permanently.
This was detected by a TCP connection from "redacted.ip" on port "n/a" going to IP address "220.127.116.11" (the sinkhole) on port "80".
The botnet command and control domain for this connection was "b65951f4c254.net".
This detection corresponds to a connection at Thu Aug 17 18:54:13 2017 UTC (this timestamp is believed accurate to within one second).Detection Information Summary Destination IP 18.104.22.168 Destination port 80 Source IP redacted.ip Source port n/a C&C name/domain b65951f4c254.net Protocol TCP Time Thu Aug 17 18:54:13 2017 UTC