Browse Botnet C&Cs

You are currently viewing the database entry for the Heodo botnet command&control server (C&C) 98.191.228.168. You can get additional information about this C&C here, such as first seen, last seen and associated malware samples.

Database Entry


Host:98.191.228.168
Hostname:wsip-98-191-228-168.tu.ok.cox.net
Status:Offline
Spamhaus SBL:Not listed
Malware:Heodo -
AS number:AS22773
AS name:ASN-CXA-ALL-CCI-22773-RDC - Cox Communications Inc.
Country:- US
First seen:2018-10-04 16:11:00 UTC
Last seen:2019-01-08 07:38:44 UTC

Malware Samples


The table below documents all malware samples associated with this Heodo botnet command&control server (C&C).

Timestamp (UTC)Malware Sample (MD5 hash)VTHostPortSignature
2019-01-23 12:28:44a88f8ad47e285d5a991bbabac6ea0992Virustotal results 39/71 (54.93%) 98.191.228.168990Quakbot
2019-01-23 12:28:44a88f8ad47e285d5a991bbabac6ea0992Virustotal results 39/71 (54.93%) 98.191.228.168990Quakbot
2019-01-17 10:27:1940bd588d8b0808ae1d62e56ae36075daVirustotal results 24/70 (34.29%) 98.191.228.168990Quakbot
2019-01-09 05:32:1660248f127e1080d29817cf0e34846d80Virustotal results 47/69 (68.12%) 98.191.228.168990Heodo
2019-01-08 07:59:5422802374e06e132ee9ae7fd99a15a308Virustotal results 48/67 (71.64%) 98.191.228.168990Heodo
2018-12-26 10:24:26adc662fd2799e1e42bc96e42c4b56698Virustotal results 35/72 (48.61%) 98.191.228.168990Quakbot
2018-12-22 11:50:53e9d5f8c5d6461d75ef65bc30b514e927Virustotal results 11/68 (16.18%) 98.191.228.168990Quakbot
2018-12-22 11:12:111dc06010af8da0c59ea89d39ebf1b5c5Virustotal results 36/71 (50.70%) 98.191.228.168990Quakbot
2018-11-20 10:36:5898e4982938e175b6053f25ed532e2984Virustotal results 41/58 (70.69%) 98.191.228.168990Heodo

# of malware samples: 9