Resolved paradisetest.ru to 184.22.118.71 Server: paradisetest.ru Gate file: /par/bfg.php The installation directory is still up and includes an EULA. Someone should ask iserdo how well using a EULA worked out for him Hosting infos: http://whois.domaintools.com/184.22.118.71
armadva.ru (Amageddon ddos botnet hosted by hostnoc.net)
Resolved armadva.ru to 184.22.118.71 Server: armadva.ru Gate file: /arm/gs.php Other domains it tries to connect to if this one is down: armab.ru armatri.ru You can see a record of a previous attack in the virustotal sandbox records. Hosting infos: http://whois.domaintools.com/184.22.118.71
serv16.3sli.us(ngrBot hosted in Romania Bucharest Voxility S.r.l.)
Thanks to anonymous guy here for the sample wich u can download here:hxxp://sharesend.com/ola3pkmx for finding this botnet Resolved : [serv16.3sli.us] To [109.163.233.44] 109.163.233.44:8939Nick: n{US|XPa}uufzjxqUsername: uufzjxqServer Pass: newJoined Channel: ##new with Password newChannel Topic for Channel ##new: “&mod usbi on &mod pdef on &mdns hxxp://109.163.233.44/dns.txt” hosting infos: http://whois.domaintools.com/109.163.233.44
zxvfircd.no-ip.biz (Athena irc botnet hosted by digitalocean.com)
Resolved zxvfircd.no-ip.biz to 192.34.58.99 Server: zxvfircd.no-ip.biz Port: 6667 Current global users 213, max 506 Channel: #bots Topic for #bot is: hxxp://192.34.58.99/WinDefender.exeTopic for #bot set by FreeBSD at Fri Feb 01 17:56:41 2013 #bot 212 [+nt] hxxp://192.34.58.99/WinDefender.exe Hosting infos: http://whois.domaintools.com/192.34.58.99
46.38.63.119(reptile mod hosted in Russian Federation Moscow Jsc Tel Company)
From the nick format looks like reptile mod Local users: 45 147 Current local users 45, max 147 Global users: 45 147 Current global users 45, max 147 Server: 46.38.63.119:6667 Username: 3 Nickname: [D|x86|DEU|XP|1020942] Channel: #inet (Password: ) Channeltopic: :?bitcoin-24896128560982359857125906 gpu high * Topic for #inet set by Dexter at Mon Jan 28 15:08:05 2013Read more...
monstercvv.cc (Multilocker 3 winlocker hosted by altushost.com)
Resolved monstercvv.cc to 37.46.125.111 Server: monstercvv.cc Gate file: /mplock/Panel/lending/tds.php Lots of interestingly named zips on the root of the domain. Hosting infos: http://whois.domaintools.com/37.46.125.111