Resolved googleisearch.com to 195.20.141.115 Server: googleisearch.com Gate file: /tmp/search.php The panel is version 2.2, indicating continued development since it’s discovery. Hosting info: http://whois.domaintools.com/195.20.141.115 Related md5s (Download samples from Malwr.com) Ferret: bcf167ad78a41f695b766531ed3a6fea
iappleblog.net (Betabot http botnet hosted by ubris-hosting.com)
Resolved iappleblog.net to 37.9.55.98 Server: iappleblog.net Gate file: /img/beta/order.php Alternate domains: iapplegeek.com androidistore.net This is the first betabot 1.7 I’ve seen in the wild. Thanks to Xylitol for the C&C info. Looks like the network signatures need to be updated Hosting info: http://whois.domaintools.com/37.9.55.98 Related md5s (Download sample from Malwr.com) Betabot: 5f3b16af36bfa193a222222035c7321c
93.174.94.158 (Linux Perl bots hosted by Ecatel.net)
Server: 93.174.94.158 Port: 6667 * There are 1 users and 3854 invisible on 1 servers * 24 :unknown connection(s) * 45 :channels formed * I have 3855 clients and 0 servers * 3855 15196 :Current local users 3855, max 15196 * 3855 5212 :Current global users 3855, max 5212 Channel: #X (Perl bots) Bot SourceRead more...
uploadwith.me (Betabot http botnet hosted by datashack.net)
Resolved uploadwith.me to 63.141.233.107 Server: uploadwith.me Gate file: /ashg653/order.php Alternate domain: strike-file-hosting.us Hosting info: http://whois.domaintools.com/63.141.233.107 Notice anything interesting about this IP? CustName: Chris Gravenstein Address: 201 E. 16th st City: North Kansas City StateProv: MO PostalCode: 64116 Country: US RegDate: 2013-10-21 Updated: 2013-10-21 Ref: http://whois.arin.net/rest/customer/C04738525 That’s right, Chris Gravenstein, aka digital has managed to topRead more...