Month: November 2013

sagagame.me (Betabot http botnet hosted by digitalocean.com)

By I_Post_Ur_Info, November 21, 2013
Uncategorized

Resolved sagagame.me to 162.243.107.99 Server:  sagagame.me Gate file:  /game/order.php Additonal IP: 69.172.212.16 The domain was only registered on the 20th. Not very good at hiding their botnet. Hosting info: http://whois.domaintools.com/162.243.107.99 Related md5s (Download sample from Malwr.com) Betabot: 48c1b1adda95b72577fda15642db20fd

62.76.179.167 (Betabot http botnet hosted by clodo.ru)

By I_Post_Ur_Info, November 12, 2013
Uncategorized

Server:  62.76.179.167 Gate file:  /ateb/order.php backup IP/Domains:  85.143.166.167 nns4fgc284dcnaz.us (Sinkholed by Anubis networks) nn3dv00gsvdaqv.us Downloads gameover zeus and necurs rootkit from the same IP. Hosting infos:  http://whois.domaintools.com/62.76.179.167 Related md5s (Download samples from Malwr.com) Betabot: af43ea0fc92ef858f0d86836c851df08 Gameover Zeus: 97496e1e10a0242ab78651a3cb2fce42 Necurs: 6e66daf2457fc549905d89549b1ed3b3

ircd.port0.org (pbot irc botnet hosted by datahouse.ru)

By I_Post_Ur_Info, November 10, 2013
Uncategorized

Sample obtained from http://www.malekal.com/2013/11/09/attaque-web-bitcoin-et-php-shell/ Resolved ircd.port0.org to 89.188.108.30 Server:  ircd.port0.org Port:  3303 There are 1 users and 3897 invisible on 1 servers 1 :operator(s) online 157 :unknown connection(s) 7 :channels formed I have 3898 clients and 0 servers 3898 4515 :Current local users 3898, max 4515 Channel:  #q Channel Users Topic #q 602 [+smu] Oper:Read more...

mp3items.com (betabot http botnet hosted by netvision.net.il)

By I_Post_Ur_Info, November 9, 2013
Uncategorized

Resolved mp3items.com to 212.235.107.195 Server:  mp3items.com Gate file:  /N_883s/order.php Alternate domains: australia.ddns.netbetabot.ddns.netconnect.ddns.netdriver.ddns.neteuropetraffic.ddns.netmixtraffic.ddns.netsecure.ddns.netsecurity.ddns.netsocial.ddns.netsouthamerica.ddns.netstatus.ddns.netusa.ddns.netusatraffic.ddns.netvenezuela.ddns.netwinguard.servehttp.com Hosting infos:  http://whois.domaintools.com/212.235.107.195 Related md5s (Download sample from Malwr.com) Betabot: 09d4bacf54a26053e046af2469c66a15

top-glenyx.com (betabot http botnet hosted by Fastflux)

By I_Post_Ur_Info, November 7, 2013
Uncategorized

Server:  top-glenyx.com Gate file:  /forum/userline.php Alternate domains: svl-trusted.com marinzer-3.com amerillia.net matterix-net.net Hosting infos: ;; QUESTION SECTION: ;top-glenyx.com. IN A ;; ANSWER SECTION: top-glenyx.com. 150 IN A 46.211.201.46 top-glenyx.com. 150 IN A 68.190.213.192 top-glenyx.com. 150 IN A 74.141.113.20 top-glenyx.com. 150 IN A 76.118.32.199 top-glenyx.com. 150 IN A 77.120.152.66 top-glenyx.com. 150 IN A 77.122.245.155 top-glenyx.com. 150 INRead more...

spaceshuttle.co.ua (betabot http botnet hosted by Panamaserver.com)

By I_Post_Ur_Info, November 7, 2013
Uncategorized

Resolved spaceshuttle.co.ua to 190.123.47.66 Server:  spaceshuttle.co.ua Gate file:  /joomla/images/order.php Alternate domains: orbiter.biz.ua ringostars.info digues.info Hosting infos: http://whois.domaintools.com/190.123.47.66 Related md5s (Download sample from Malwr.com) Betabot: d4d7b5553bce35569f816cb66d5cb838 Edit: Blocked domains from dns.dat *antivirus* 127.0.0.1 bitdefender.com 127.0.0.1 download.bitdefender.com 127.0.0.1 update.bitdefender.com 127.0.0.1 wfbs51-p.activeupdate.trendmicro.com 127.0.0.1 wfbs60-p.activeupdate.trendmicro.com 127.0.0.1 iau.trendmicro.com 127.0.0.1 licenseupdate.trendmicro.com 127.0.0.1 csm-as.activeupdate.trendmicro.com 127.0.0.1 wfbs6-icss-p.activeupdate.trendmicro.com 127.0.0.1 oc.activeupdate.trendmicro.com 127.0.0.1 update.avg.com 127.0.0.1 update.grisoft.comRead more...