Resolved www.ultra-sales.com to 198.23.252.71 Server: www.ultra-sales.com Gate file: /an/image.php Updates and other malware hosted here: hxxp://www.ultra-sales.com/hosted/ Hosting infos: http://whois.domaintools.com/198.23.252.71
193.107.19.151 (Reverse proxy malware hosted by 2×4.ru)
Server: 193.107.19.151 Bot connect port: 8898 Web login port: 2567 Server config: http://193.107.19.151/config.cfg According to the errors on the index page, it’s hosted on a windows vps. Hosting infos: http://whois.domaintools.com/193.107.19.151
shellysdailylife.info (Insomnia irc botnet hosted by volumedrive.com)
Resolved shellysdailylife.info to 199.115.228.38 Server: shellysdailylife.info Port: 44 Channel: #Insomnia #Insomnia 341 [+sntu] This is the second time this IP has been posted. The previous time it was also hosting insomnia ircbots. Hosting infos: http://whois.domaintools.com/199.115.228.38
mywebst0rage.info (Andromeda http botnet hosted by vhostlayer.com)
Resolved mywebst0rage.info to 37.221.163.131 Server: mywebst0rage.info Gate file: /admin/hippo/image.php Hosting infos: http://whois.domaintools.com/37.221.163.131
208.117.34.145(ngrBot hosted in United States Chicago Steadfast Networks)
Server: 208.117.34.145:1887 Server:185.12.14.131:1887 Username: eyaimlr Nickname: n{DE|XPa}eyaimlr Channel: #bon2 (Password: speedd) Channeltopic: :~pu hxxp://www.sendspace.com/pro/dl/ppbf96 26bc0e7256f2a7fb536bdd19e0464e49 ~s -o ~s Download URLs hxxp://69.31.136.17/dlpro/29c185ae59e68f635192223e650939a3/50fe994c/ppbf96/mariayonosy.exe (fs03n5.sendspace.com) hosting infos: http://whois.domaintools.com/208.117.34.145
voscomptesenligne.eu (Andromeda http botnet hosted by iws.co)
Resolved voscomptesenligne.eu to 91.223.82.179 Server: voscomptesenligne.eu Gate file: /joomla/image.php Plugins Rootkit: http://voscomptesenligne.eu/joomla/r.pack Formgrabber: http://voscomptesenligne.eu/joomla/f.pack Gate file: /joomla/fg.php http://whois.domaintools.com/91.223.82.179
105mb samples
This package contains irc bots.banking trojans,rootkits and other samples Only for analysing purposes Source Source
imageshoster.ru (Smoke loader http botnet hosted by santrex.net)
Resolved imageshoster.ru to 46.166.169.187 Server: imageshoster.ru Gate file: /pics/index.php This is the new smokebot domain of the beerpigfarm.ru installs guy. His previously domain adzu324nbasmdaoias.su is currently hosted on the same server. Sample: hxxp://46.166.177.120/smo Hosting infos: http://whois.domaintools.com/46.166.169.187
fuelcw.org (Pony loader hosted by ihc.ru)
Resolved fuelcw.org to 37.143.9.173 Server: fuelcw.org Gate file: /ios.php http://whois.domaintools.com/37.143.9.173
ugctrust.com (Andromeda http botnet hosted by prohost.kg)
Resolved ugctrust.com to 91.213.233.156 Server: ugctrust.com Gate file: /image.php Sample was discovered by unixfreaxjp. hosting infos: http://whois.domaintools.com/91.213.233.156