Browse Botnet C&Cs

You are currently viewing the database entry for the Heodo botnet command&control server (C&C) 70.166.122.236. You can get additional information about this C&C here, such as first seen, last seen and associated malware samples.

Database Entry

Host:	70.166.122.236
Hostname:	wsip-70-166-122-236.ph.ph.cox.net
Status:	Offline
Spamhaus SBL:	Not listed
Malware:	Heodo
AS number:	AS22773
AS name:	ASN-CXA-ALL-CCI-22773-RDC - Cox Communications Inc., US
Country:	US
First seen:	2018-09-28 15:03:17 UTC
Last seen:	2018-09-28 19:51:47 UTC

Malware Samples

The table below documents all malware samples associated with this Heodo botnet command&control server (C&C).

Timestamp (UTC)	Malware Sample (MD5 hash)	VT	Host	Port	Signature
2018-10-02 15:56:14	288789a6cfa379607c1a3474628d6f9c	32/69 (46.38%)	70.166.122.236	80	Heodo
2018-10-01 11:09:24	c84422854a302d6b6343f5e05e7c2006	11/69 (15.94%)	70.166.122.236	80	Heodo
2018-10-01 07:06:22	48f5e0bc201fa94c78cff7f7d028fb1d	34/69 (49.28%)	70.166.122.236	80	Heodo
2018-10-01 07:01:34	eb777443ecb73f4e3a01f6a2bae32f4f	10/69 (14.49%)	70.166.122.236	80	Heodo
2018-10-01 06:14:50	8c12d1710b03613d60ec46dac08ef5a1	24/69 (34.78%)	70.166.122.236	80	Heodo
2018-09-30 09:44:52	1feb2a391cd4f44a9400b9b85caa141f	30/69 (43.48%)	70.166.122.236	80	Heodo
2018-09-30 08:57:07	a9eaba39d6da574b4b9782180763ce8b	23/69 (33.33%)	70.166.122.236	80	Heodo
2018-09-30 08:05:45	bed3d35c3b8adecca48a3b16d6c7a6fe	23/69 (33.33%)	70.166.122.236	80	Heodo
2018-09-29 12:19:00	79330b9cafdbc050117ef78e1a411737	14/69 (20.29%)	70.166.122.236	80	Heodo
2018-09-29 08:51:55	1b215e84750de8ae3600df92154b1537	11/64 (17.19%)	70.166.122.236	80	Heodo
2018-09-29 07:34:55	9a13774ec532cdb556bd21f426521483	30/68 (44.12%)	70.166.122.236	80	Heodo
2018-09-29 07:01:16	ded641f741d8eda8be254e981d37c29c	35/69 (50.72%)	70.166.122.236	80	Heodo
2018-09-29 06:57:02	fb8a5275bcb5d6fd799fdb6868faeebc	30/68 (44.12%)	70.166.122.236	80	Heodo

# of malware samples: 13