Browse Botnet C&Cs
Here you can browse the list of botnet Command&Control servers (C&Cs) tracked by Feodo Tracker, associated with Dridex and Emotet (aka Heodo). When Feodo Tracker was launched in 2010, it was ment to track Feodo botnet C&Cs. However, Feodo evolved further and different piece of malware of Feodo appeared:
- Cridex: also known as Bugat was an ebanking Trojan active until around 2013. This variant is not active anymore.
- Feodo: is a successor of the Cridex ebanking Trojan that first appeared in 2010. This variant is not active anymore.
- Geodo: is a successor of the Feodo ebanking Trojan that first appeared in 2014. This variant is commonly also known as Emotet. This variant is not active anymore.
- Dridex: is a successor of the Cridex ebanking Trojan. It first appeared in 2011 and is still very active as of today (2018). There are speculations that the botnet masters behind the ebanking Trojan Dyre moved their operation over to Dridex.
- Heodo: is a successor of the Geodo (aka Emotet). It first appeared in March 2017 and is also commonly known as Emotet. While it was initally used to commit ebanking fraud, it later turned over to a Pay-Per-Install (PPI)-like botnet which is propagating itself through compromised email credentials.
- TrickBot: has no code base with Emotet. However, TrickBot usually gets dropped by Emotet for lateral movement and to drop additional malware (such as Ryuk ransomware).
Filter for: Heodo (aka Emotet) TrickBot
| Firstseen (UTC) | Host | Malware | Status | SBL | Network (ASN) | Country |
|---|---|---|---|---|---|---|
| 2020-10-14 10:54:04 | 188.166.220.180 | Heodo |  Online | Not listed | AS14061 DIGITALOCEAN-ASN |  SG |
| 2020-10-14 08:03:26 | 200.127.14.97 | Heodo | Offline | Not listed | AS10481 Telecom Argentina S.A. |  AR |
| 2020-10-14 08:03:26 | 24.232.228.233 | Heodo | Offline | Not listed | AS10318 Telecom Argentina S.A. | AR |
| 2020-10-14 08:03:26 | 46.105.114.137 | Heodo | Online | Not listed | AS16276 OVH |  FR |
| 2020-10-14 08:03:26 | 95.85.33.23 | Heodo | Offline | Not listed | AS14061 DIGITALOCEAN-ASN |  NL |
| 2020-10-14 07:50:39 | 69.206.132.149 | Heodo | Offline | Not listed | AS12271 TWC-12271-NYC |  US |
| 2020-10-14 07:47:38 | 177.23.7.151 | Heodo | Online | Not listed | AS262886 LansofNet LTDA ME |  BR |
| 2020-10-13 21:51:21 | 42.200.96.63 | Heodo | Online | Not listed | AS4760 HKTIMS-AP HKT Limited |  HK |
| 2020-10-13 20:24:02 | 169.50.76.149 | Heodo | Offline | Not listed | AS36351 SOFTLAYER |  GB |
| 2020-10-13 20:24:02 | 47.36.140.164 | Heodo | Offline | Not listed | AS20115 CHARTER-20115 | US |
| 2020-10-13 19:55:59 | 188.157.101.114 | Heodo | Offline | Not listed | AS5483 MAGYAR-TELEKOM-MAIN-AS Magyar Telekom Nyrt. |  HU |
| 2020-10-13 19:18:36 | 221.147.142.214 | Heodo | Offline | Not listed | AS4766 KIXS-AS-KR Korea Telecom |  KR |
| 2020-10-13 19:18:36 | 51.38.50.144 | Heodo | Online | Not listed | AS16276 OVH | FR |
| 2020-10-13 19:18:36 | 188.40.170.197 | Heodo | Offline | Not listed | AS24940 HETZNER-AS |  DE |
| 2020-10-13 18:06:28 | 208.180.207.205 | Heodo | Online | Not listed | AS19108 SUDDENLINK-COMMUNICATIONS | US |
| 2020-10-13 18:06:28 | 167.114.153.111 | Heodo | Online | Not listed | AS16276 OVH |  CA |
| 2020-10-13 16:15:24 | 94.212.52.40 | Heodo | Offline | Not listed | AS33915 TNF-AS | NL |
| 2020-10-13 16:15:24 | 190.164.135.81 | Heodo | Offline | Not listed | AS22047 VTR BANDA ANCHA S.A. |  CL |
| 2020-10-13 05:58:05 | 46.30.42.239 | TrickBot | Offline | Not listed | AS210079 EUROBYTE Eurobyte LLC, Moscow, Russia |  RU |
| 2020-10-13 05:58:04 | 45.141.103.31 | TrickBot | Offline | Not listed | AS48347 MTW-AS | RU |
| 2020-10-13 05:58:04 | 5.101.51.112 | TrickBot | Offline | SBL491488 | AS49505 SELECTEL | RU |
| 2020-10-13 05:58:04 | 148.251.27.76 | TrickBot | Offline | Not listed | AS24940 HETZNER-AS | DE |
| 2020-10-13 05:58:04 | 93.189.43.168 | TrickBot | Offline | Not listed | AS41853 NTCOM-AS | RU |
| 2020-10-13 05:58:04 | 212.80.217.69 | TrickBot | Offline | Not listed | AS50673 SERVERIUS-AS |  LT |
| 2020-10-13 05:58:04 | 195.123.237.37 | TrickBot | Offline | Not listed | AS204957 GREENFLOID-AS | SG |
| 2020-10-13 05:58:04 | 107.174.254.216 | TrickBot | Offline | Not listed | AS36352 AS-COLOCROSSING | US |
| 2020-10-13 05:58:04 | 194.5.250.113 | TrickBot | Offline | Not listed | AS64398 NXTHOST-64398 NXTHOST.COM - NXTSERVERS SRL |  RO |
| 2020-10-13 05:58:03 | 198.8.91.44 | TrickBot | Offline | Not listed | AS46562 PERFORMIVE | US |
| 2020-10-13 05:58:03 | 37.228.117.217 | TrickBot | Offline | Not listed | AS49505 SELECTEL | RU |
| 2020-10-13 05:58:03 | 185.125.46.53 | TrickBot | Offline | Not listed | AS48096 ITGRAD | RU |
| 2020-10-11 02:10:59 | 185.117.73.190 | TrickBot | Offline | SBL352624 | AS60117 HS | NL |
| 2020-10-11 01:50:40 | 195.123.240.130 | TrickBot | Offline | Not listed | AS204957 GREENFLOID-AS | US |
| 2020-10-11 00:07:35 | 45.89.127.128 | TrickBot | Offline | Not listed | AS30823 COMBAHTON combahton GmbH | DE |
| 2020-10-10 23:37:57 | 80.85.156.116 | TrickBot | Offline | Not listed | AS44493 CHELYABINSK-SIGNAL-AS | RU |
| 2020-10-10 13:29:46 | 51.89.177.8 | TrickBot | Offline | Not listed | AS16276 OVH | GB |
| 2020-10-10 09:31:06 | 37.220.6.115 | TrickBot | Offline | Not listed | AS20860 IOMART-AS | GB |
| 2020-10-10 09:31:06 | 45.89.127.118 | TrickBot | Offline | Not listed | AS30823 COMBAHTON combahton GmbH | DE |
| 2020-10-10 08:14:27 | 194.5.249.216 | TrickBot | Offline | Not listed | AS64398 NXTHOST-64398 NXTHOST.COM - NXTSERVERS SRL | RO |
| 2020-10-10 08:14:10 | 45.89.127.119 | TrickBot | Offline | Not listed | AS30823 COMBAHTON combahton GmbH | DE |
| 2020-10-10 07:58:29 | 62.108.35.36 | TrickBot | Offline | Not listed | AS30962 COMTRANCE-AS | DE |
| 2020-10-10 07:47:01 | 51.77.112.255 | TrickBot | Offline | Not listed | AS16276 OVH | FR |
| 2020-10-10 07:43:53 | 194.5.249.224 | TrickBot | Offline | Not listed | AS64398 NXTHOST-64398 NXTHOST.COM - NXTSERVERS SRL | RO |
| 2020-10-10 07:23:44 | 62.108.35.29 | TrickBot | Offline | Not listed | AS30962 COMTRANCE-AS | DE |
| 2020-10-09 17:00:02 | 35.164.230.208 | TrickBot | Offline | SBL497742 | AS16509 AMAZON-02 | US |
| 2020-10-08 18:59:24 | 191.191.23.135 | Heodo | Offline | Not listed | AS28573 CLARO S.A. | BR |
| 2020-10-08 18:59:21 | 46.101.58.37 | Heodo | Online | Not listed | AS14061 DIGITALOCEAN-ASN | GB |
| 2020-10-08 18:59:20 | 192.232.229.54 | Heodo | Online | Not listed | AS46606 UNIFIEDLAYER-AS-1 | US |
| 2020-10-08 18:58:24 | 120.150.218.241 | Heodo | Online | Not listed | AS1221 ASN-TELSTRA Telstra Corporation Ltd |  AU |
| 2020-10-08 18:58:22 | 186.74.215.34 | Heodo | Online | Not listed | AS11556 Cable & Wireless Panama |  PA |
| 2020-10-08 18:58:16 | 162.241.140.129 | Heodo | Online | Not listed | AS46606 UNIFIEDLAYER-AS-1 | US |
| 2020-10-08 17:57:05 | 185.14.30.247 | TrickBot | Offline | Not listed | AS21100 ITLDC-NL | NL |
| 2020-10-08 17:48:00 | 72.143.73.234 | Heodo | Offline | Not listed | AS812 ROGERS-COMMUNICATIONS | CA |
| 2020-10-07 21:52:02 | 194.5.249.126 | TrickBot | Offline | Not listed | AS64398 NXTHOST-64398 NXTHOST.COM - NXTSERVERS SRL | RO |
| 2020-10-07 17:08:41 | 174.118.202.24 | Heodo | Online | Not listed | AS812 ROGERS-COMMUNICATIONS | CA |
| 2020-10-06 23:29:46 | 185.99.2.176 | TrickBot | Offline | Not listed | AS200698 GLOBALHOST-BOSNIA-AS |  BA |
| 2020-10-06 15:03:51 | 82.146.54.254 | TrickBot | Offline | Not listed | AS29182 THEFIRST-AS | RU |
| 2020-10-06 15:03:51 | 194.5.249.136 | TrickBot | Offline | Not listed | AS64398 NXTHOST-64398 NXTHOST.COM - NXTSERVERS SRL | RO |
| 2020-10-05 20:30:16 | 109.13.179.195 | Heodo | Online | Not listed | AS15557 LDCOMNET | FR |
| 2020-10-05 17:07:07 | 92.242.40.12 | TrickBot | Offline | Not listed | AS205840 VM-HOSTING | RU |
| 2020-10-05 17:07:05 | 85.99.2.140 | TrickBot | Offline | Not listed | AS9121 TTNET |  TR |
| 2020-10-05 13:31:43 | 192.175.111.217 | Heodo | Offline | Not listed | AS32613 IWEB-AS | CA |
| 2020-10-02 16:58:07 | 104.161.32.10 | TrickBot | Offline | Not listed | AS53755 IOFLOOD | US |
| 2020-10-02 16:58:06 | 212.80.219.98 | TrickBot | Offline | Not listed | AS50673 SERVERIUS-AS | LT |
| 2020-10-02 16:58:06 | 91.200.101.192 | TrickBot | Offline | Not listed | AS30823 COMBAHTON combahton GmbH | DE |
| 2020-10-02 16:58:06 | 94.250.254.84 | TrickBot | Offline | Not listed | AS29182 THEFIRST-AS | RU |
| 2020-10-02 16:58:06 | 85.143.219.36 | TrickBot | Offline | Not listed | AS201848 TRADERSOFT | RU |
| 2020-10-02 16:58:06 | 45.8.230.108 | TrickBot | Offline | Not listed | AS48347 MTW-AS | RU |
| 2020-10-02 16:58:05 | 94.250.255.217 | TrickBot | Offline | Not listed | AS29182 THEFIRST-AS | RU |
| 2020-10-02 16:58:05 | 194.156.98.172 | TrickBot | Offline | Not listed | AS135330 ADCDATACOM-AS-AP ADCDATA.COM | HK |
| 2020-10-02 16:58:05 | 195.2.93.227 | TrickBot | Offline | Not listed | AS48282 VDSINA-AS | NL |
| 2020-10-02 16:58:05 | 194.5.249.31 | TrickBot | Offline | Not listed | AS64398 NXTHOST-64398 NXTHOST.COM - NXTSERVERS SRL | RO |
| 2020-10-02 16:58:05 | 91.210.171.82 | TrickBot | Offline | Not listed | AS9123 TIMEWEB-AS | RU |
| 2020-10-02 16:58:05 | 195.123.241.182 | TrickBot | Offline | Not listed | AS204957 GREENFLOID-AS | US |
| 2020-10-02 16:58:05 | 62.108.35.179 | TrickBot | Offline | Not listed | AS30962 COMTRANCE-AS | DE |
| 2020-10-02 16:58:05 | 51.89.177.18 | TrickBot | Offline | Not listed | AS16276 OVH | GB |
| 2020-10-02 16:58:04 | 62.108.35.204 | TrickBot | Offline | Not listed | AS30962 COMTRANCE-AS | DE |
| 2020-10-02 16:58:04 | 195.123.241.157 | TrickBot | Offline | Not listed | AS204957 GREENFLOID-AS | US |
| 2020-10-02 16:58:04 | 88.150.197.186 | TrickBot | Offline | Not listed | AS20860 IOMART-AS | GB |
| 2020-10-02 16:58:03 | 45.155.173.196 | TrickBot | Offline | Not listed | AS30823 COMBAHTON combahton GmbH | DE |
| 2020-10-02 16:58:03 | 195.123.239.59 | TrickBot | Offline | Not listed | AS204957 GREENFLOID-AS | SG |
| 2020-10-02 16:58:03 | 194.5.249.107 | TrickBot | Offline | Not listed | AS64398 NXTHOST-64398 NXTHOST.COM - NXTSERVERS SRL | RO |
| 2020-10-02 16:23:26 | 185.234.72.147 | TrickBot | Offline | Not listed | AS30823 COMBAHTON combahton GmbH | DE |
| 2020-10-02 15:19:53 | 45.141.103.194 | TrickBot | Offline | Not listed | AS48347 MTW-AS | RU |
| 2020-10-02 15:17:21 | 185.105.1.149 | TrickBot | Offline | Not listed | AS199524 GCORE |  IN |
| 2020-10-02 15:17:21 | 185.99.2.180 | TrickBot | Offline | Not listed | AS200698 GLOBALHOST-BOSNIA-AS | BA |
| 2020-10-01 17:08:32 | 93.189.40.214 | TrickBot | Offline | Not listed | AS41853 NTCOM-AS | RU |
| 2020-09-29 22:51:45 | 71.15.245.148 | Heodo | Online | Not listed | AS20115 CHARTER-20115 | US |
| 2020-09-29 22:51:40 | 104.131.123.136 | Heodo | Online | Not listed | AS14061 DIGITALOCEAN-ASN | US |
| 2020-09-29 22:34:06 | 24.231.51.190 | Heodo | Offline | Not listed | AS15146 CABLEBAHAMAS |  BS |
| 2020-09-29 22:24:33 | 113.203.238.130 | Heodo | Online | Not listed | AS9387 SHARPTEL-AS-AP SHARP TELECOM (PRIVATE) LIMITED |  PK |
| 2020-09-29 22:11:06 | 116.91.240.96 | Heodo | Offline | Not listed | AS2519 VECTANT ARTERIA Networks Corporation |  JP |
| 2020-09-29 22:10:53 | 104.193.103.61 | Heodo | Offline | Not listed | AS23546 DELCOM-ASN | US |
| 2020-09-29 22:10:22 | 202.22.141.45 | Heodo | Offline | Not listed | AS56089 OFFRATEL-AS-AP OFFRATEL |  NC |
| 2020-09-29 16:45:44 | 45.89.127.27 | TrickBot | Offline | Not listed | AS30823 COMBAHTON combahton GmbH | GB |
| 2020-09-28 18:20:15 | 80.241.255.202 | Heodo | Offline | Not listed | AS16010 MAGTICOMAS Caucasus-Online |  GE |
| 2020-09-28 18:20:14 | 130.0.132.242 | Heodo | Offline | Not listed | AS30722 VODAFONE-IT-ASN |  IT |
| 2020-09-28 18:20:11 | 91.146.156.228 | Heodo | Offline | Not listed | AS8462 TARR1 | HU |
| 2020-09-28 18:20:08 | 78.188.106.53 | Heodo | Online | Not listed | AS9121 TTNET | TR |
| 2020-09-28 18:20:07 | 187.49.206.134 | Heodo | Offline | Not listed | AS53059 Center Prestadora Servicos S/C Ltda | BR |
| 2020-09-28 18:20:04 | 105.186.233.33 | Heodo | Offline | Not listed | AS37457 Telkom-Internet |  ZA |