Resolved betabot.zapto.org to 106.187.88.52 Server: betabot.zapto.org Gate file: /beta/order.php Alternate domains: 7obby.com betabu.zapto.org Hosting infos: http://whois.domaintools.com/106.187.88.52
steroids-buy-anabolic.com (Betabot http botnet hosted by balticservers.com)
Resolved steroids-buy-anabolic.com to 5.199.167.132 Server: steroids-buy-anabolic.com Gate file: order.php There don’t appear to be any alternate domains for this bot. The domain previously hosted panels for ddos bots. Hosting infos: http://whois.domaintools.com/5.199.167.132
rocksolidswag.no-ip.org (Betabot http botnet hosted by ecatel.net)
Resolved rocksolidswag.no-ip.org to 89.248.160.146 Server: rocksolidswag.no-ip.org Gate file: /swag/order.php Alternate domains: swazers.com pirateleaks.us lilseizurespizza.com trytoperceive.me The owner is mining some bitcoins: http://askaa_worker:penis@us3.eclipsemc.com:8337 Hosting infos: http://whois.domaintools.com/89.248.160.146
infuego.ru (Betabot http botnet hosted by altushost.com)
Resolved infuego.ru to 37.46.127.164 Server: infuego.ru Gate file: /forums/order.php Alternate domains: virtualdreams.ruwinyl.wsoffshored.suwinyle.su Hosting info: http://whois.domaintools.com/37.46.127.164
h.opennews.su (irc botnet hosted by qhoster.com)
Resolved h.opennews.su to 5.45.181.254 Server: h.opennews.su Port: 9000 Channel: #sp Channel password: yop Topic for #sp is: !wB/smZJsKbDADvo5ab8sIF/r5RP7kkXfEsreBMH+9hiVs3ilngzFHh0Ph9sbgtC/EeqYw5x0Vj2IqRyb/knFS+LUzo6bf3cW/A1SyUXkVxz8ERDPS2K/qHObIS3TFyR2JAiWdnWc82S3KnAwUHQFMEb6h/kQqB9TcZElsKS4BnyDiGp1B19crjVgBes7+ilkHVmFLRRgoSPyUBx71ioiUporVdeOIEUhA547CIbp0odHxRQ41LK9wPz13N8KYZx6/QE//rZhBqCorPJqg3w= Topic for #sp set by SNK at Thu Apr 04 06:16:09 2013 Example bot nick: n{USA-XPx86u}gjekbowg Alternate domains: f.eastmoon.pl gigasbh.org gigasphere.su o.dailyradio.su photobeat.su s.richlab.pl uranus.kei.su xixbh.com xixbh.net You may recognize some of the domains from previous postsRead more...
70mb samples
Multiple samples from diferent sources including irc,http bots,banking trojans,rats etc have fun analysing Source
klev11.ru(G-Bot hosted in Russian Federation Moscow Mchost.ru)
Resolved : [klev11.ru] To [178.208.83.19] Panel here:hxxp://klev11.ru/g/login.php Sample here hosting infos: http://whois.domaintools.com/178.208.83.19
notify.mpa-a.com (Citadel banking malware hosted by msm.ru)
Resolved notify.mpa-a.com to 95.163.76.59 Server: notify.mpa-a.com Config file: notify.mpa-a.com/msupd6.bin Gate file: notify.mpa-a.com/index.php Hosting infos: http://whois.domaintools.com/95.163.76.59