Found by Yewnix. Resolved : [tripwire.rr.nu] To [37.59.53.162] Server: tripwire.rr.nu:6667 Channel: #x00 Hosting infos: http://whois.domaintools.com/37.59.53.162
seosaw.pw (betabot http botnet hosted by plusserver.de)
Resolved seosaw.pw to 188.138.125.103 Server: seosaw.pw Gate file: /wq782jwoqkQy19qkdh27hqudqj/order.php Alternate domains: microsoftgo.pw updateom.info seosaw.info googlerw.info Downloads what looks like Sefnit from hxxp://now.googlefast.pw/remote/index.php?u=48&istan Hosting info: http://whois.domaintools.com/188.138.125.103 Related md5s (Download sample from Malwr.com Betabot: daee8c5056fbbf1964588e70cb371fae Sefnit: b99ed8704716ab6ff273e3dc66fe3cfb
gemers9.ru (Betabot http botnet proxied by cloudflare.com)
Server: gemers9.ru Gate file: /damm/5425/order.php Looks like Hackforum skiddies even carry their love for Cloudflare to their botnets Related md5s (Download samples from Malwr.com) Betabot: 684eb10838071bda6f68c26838056f72
ironsr.com (Betabot http botnet hosted by OVH.net)
Resolved ironsr.com to 46.105.104.99 Server: ironsr.com Gate file: /img/order.php Hosting info: http://whois.domaintools.com/46.105.104.99 Related md5s (Download samples from Malwr.com) Betabot: cfb9f0c9844da8731607f2af878f8b78
techsavynerds.net (Betabot http botnet hosted by ixam-hosting.com)
Resolved techsavynerds.net to 37.221.163.158 Server: techsavynerds.net Gate file: /signup/inc/order.php Hosting info: http://whois.domaintools.com/37.221.163.158 Related md5s (Download sample from Malwr.com) Betabot: 0703af1757f7fd6764ebbe4c244de2a4
trik.su (Snk aspermod irc botnet hosted by midphase.com)
Resolved trik.su to 174.127.123.4 Server: trik.su Port: 5050 Channel: #trk #trk :.j #upd .u trk2 /120/126/99/107/25/61/37/112/72/120/110/67/113/123/122/115/35/64/118/114/35/123/85/74/78/111/125/83/8/55/46/39/32/63/42/55/63/35/44/11/42/38/32/37/120/110/121/ Channel: #upd #upd :.u trk2 /120/126/99/107/25/61/37/103/86/99/120/83/100/118/123/98/98/13/108/108/35/123/85/74/15/107/97/69/ Hosting info: http://whois.domaintools.com/174.127.123.4 Related md5s (Download samples from Malwr.com) Aspermod: 1f876d3830527f22f84205069695d3d2
vvvhhhccc.com (Betabot http botnet hosted by dacentec.com)
Resolved vvvhhhccc.com to 192.111.153.98 Server: vvvhhhccc.com Gate file: /8/8/8/be/order.php Alternate domains: virusprotect.su virus-protector.net latinodancewears.com.vn He has a plasma http botnet on the same domain that he is using to mine dogecoins. Gate file: /8/8/plasma/login.php Hosting info: http://whois.domaintools.com/192.111.153.98 Related md5s (Download samples from Malwr.com) Betabot: a58ddb7a7a3b823ff0ddd541f136d9f4 Plasma: 401459ef275cf0639a855a4dff234bf5 Mining info: Stratum+tcp://pool.dogechain.info:3333 -u latinodresses.plasmahttp -p x
videotr.in (Facebook spreading browser extension proxied by cloudflare)
This is aimed at Turkish Facebook users. The scripts used by the extension are hosted over several domains. The infection starts with the site hxxp://www.videotr.in, which plays a short videoclip. The video is then interrupted and the user is urged to run an exe that is downloaded to fix the issue. The exe creates aRead more...
Fbcentral.net (Betabot http botnet hosted by ixam-hosting.com)
Resolved fbcentral.net to 109.163.228.196 Server: fbcentral.net Gate file: /orders/order.php Related md5s (Download samples from Malwr.com) Betabot: ffb8efe74954a348a3ec397c132cce96 Hosting info: http://whois.domaintools.com/109.163.228.196
199.187.121.82 (pBots hosted by databasebydesignllc.com)
Server: 199.187.121.82 Port: 7802 * There are 1 users and 3702 invisible on 1 servers * 127 :unknown connection(s) * 2 :channels formed * I have 3703 clients and 0 servers * Current Local Users: 3703 Max: 3785 * Current Global Users: 3703 Max: 3785 Channel: #bom# Channel Users Topic #sick# 341 [+smntMu] #bom# 3385Read more...