Another package with diferent samples for analysis purposes. Have fun. Samples
103.241.0.100(Citadel 1.3.5.1 hosted in Net Origin Group Pty Ltd)
Found by justaguy belgian pigs farmer lol. This is the install directory : hxxp://103.241.0.100/images/gallery/install/ This is the gate : hxxp://103.241.0.100/images/gallery/gate.php Here the sample Hosting infos: http://whois.domaintools.com/103.241.0.100
213.133.111.10(Ransomware hosted in Germany Nuremberg Hetzner Online Ag)
Here u can see the page where u are asked to pay via paysafecard for your illegal activities lol : http://213.133.111.10/panel/landing/gate.php Alot of directories are not protected so u can search for more. For the sample here Hosting infos: http://whois.domaintools.com/213.133.111.10
www.paloshke.org (Solar http botnet hosted by ghandi.net)
Resolved www.paloshke.org to 46.226.108.231 Server: www.paloshke.org Gate file: /index.php Alternate domains: www.bkcn.suwww.cahlr.comwww.rahmea.orgwww.businet.suwww.oscdfg.orgwww.monero.orgwww.webres.suwww.uwtriv.comwww.zmvnue.orgwww.oreape.comwww.xnighs.suwww.dvmnib.comwww.itmcff.orgwww.akwrzv.comwww.ivmqzc.orgwww.duvema.comwww.mtwogp.orgwww.hielah.comwww.apdekt.org Bitcoin mining infos: -a scrypt -s 20 –no-longpoll -q -o www2.oskefi.org:443 -u anonymous.1 -p -x Hosting infos: http://whois.domaintools.com/46.226.108.231 Related md5s Solar: eafe8ed59f752d7ae8240f3cdbc698f6
cmeef.info (Solar http botnet hosted by ecatel.net)
Resolved cmeef.info to 93.174.94.64 Server: cmeef.info Gate file: /e6ct/index.php Hosting infos: http://whois.domaintools.com/93.174.94.64 Related md5s (Search on Malwr.com to download samples) Solar: 61fd4c9405e168557ab279c86131634b
kasvatus.org (Solar http botnet hosted by hetzner.de)
Resolved kasvatus.org to 176.9.36.18 Server: kasvatus.org Gate file: /solar/index.php Thanks to Xylitol for a link to the sample Hosting infos: http://whois.domaintools.com/176.9.36.18 Related md5s (Search on Malwr.com to download samples) Solar: 946c4683c72f59558d9a211a8d8971cc
canc3r1nf0rmat10n.pw (Solar http botnet hosted by infiumhost.com)
Resolved canc3r1nf0rmat10n.pw to 188.190.123.59 Server: canc3r1nf0rmat10n.pw Gate file: /panel/index.php Hosting infos: http://whois.domaintools.com/188.190.123.59 Related md5s (Search on Malwr.com to download samples) Solar: 60a8e935b5418a76593bb97120da1adc
haveityourway.pw (betabot http botnet hosted by Alibabahost.com)
Resolved haveityourway.pw to 103.31.187.77 Server: haveityourway.pw Gate file: /members/order.php Alternate domains (currently not registered): thebestway42.pwitsoktohaveityourway.comlosmejoresburgers1.com The first domain was only registered yesterday. Hosting infos: http://whois.domaintools.com/103.31.187.77 Related md5s (Search on Malwr.com to download samples) Betabot: 3b0907c7bf881f8f5f9fa2190384d3dd
scum1904life.com (Andromeda http botnet hosted by 2×4.ru)
Resolved scum1904life.com to 193.107.16.146 Server: scum1904life.com Gate file: /gate.php Hosting infos: http://whois.domaintools.com/193.107.16.146 Related md5s (Search on Malwr.com to download samples) Andromeda: 6423dfa282aa03ee0e10c5331062a96c
n18b7273u1j.in (Betabot http botnet hosted by worldstream.nl)
Resolved n18b7273u1j.in to 217.23.3.102 Server: n18b7273u1j.in Gate file: /M_jsh1/order.php Alternate domains: b19jdn167t.in This is betabot version 1.5. This is the second betabot 1.5 botnet I have found, but the other one was just a different path on an already posted botnet, so it wasn’t worth a new post. You may note that the domains usedRead more...