This package was posted in one hacking board as http bot. After checking the file here results: Domains used : hoseen454r.com inactive onetimes27s.com active Resolved : [ onetimes27s.com ] To [ 178.250.245.186 ] Panel: hxxp://178.250.245.186/pref1/ password protected Sample here Hosting infos: http://whois.domaintools.com/178.250.245.186
gki2mpdt3rsokbmv.onion (Irc botnet hosted on a Tor hidden service)
Server: gki2mpdt3rsokbmv.onion Port: 6667 Channel: #channel Oper: [wac] (wac@9bedb2.host): ac[wac] #channel[wac] lair.hell.net :Cerberus Server[wac] idle 00:00:18, signon: Tue May 13 18:24:47[wac] End of WHOIS list. The owner must have used very old bot code to create this, as it fails to work properly on windows 7 and higher. Related md5s (Download sample from Malwr.com) Ircbot:Read more...
sinsec.net (Betabot http botnet hosted by alibabahost.com)
Resolved sinsec.net to 37.221.170.96 Server: sinsec.net Gate file: /turndown/order.php Alternate domains: divinestresser.info radicalpkz.com perp.pw thefox.pw uploadme.pw perp.se Domain info: sinsec.net Domain Name: SINSEC.NET Registry Domain ID: 1814650535_DOMAIN_NET-VRSN Registrar WHOIS Server: whois.enom.com Registrar URL: www.enom.com Updated Date: 2013-07-12 10:27:24Z Creation Date: 2013-07-12 17:27:00Z Registrar Registration Expiration Date: 2014-07-12 17:27:00Z Registrar: ENOM, INC. Registrar IANA ID: 48Read more...
api.wifi-update.biz (Betabot http botnet hosted by oneandone.net)
Resolved api.wifi-update.biz to 87.106.241.22 Server: api.wifi-update.biz Gate file: /cdn/img.php Alternate domains: api-radio-def.de api.lul.pw api.tba.pw Domain info: wifi-update.biz Domain Name: WIFI-UPDATE.BIZ Domain ID: D58641421-BIZ Sponsoring Registrar: BIZCN.COM, INC. Sponsoring Registrar IANA ID: 471 Registrar URL (registration services): www.bizcn.com Domain Status: clientTransferProhibited Registrant ID: ORGEH90335606834 Registrant Name: Erkki Hagstrom Registrant Organization: ErkkiHagstrom Registrant Address1: Gesterbyntie 51 RegistrantRead more...
frizzcams.com (Betabot http botnet hosted by Balticservers.com)
Resolved frizzcams.com to 5.199.165.239 Server: frizzcams.com Gate file: /beta/order.php Alternate domains: fapncam.com proxypool.info update-silo.com This has the same C&C domains as this betabot, just in a different order. It’s involved with spreading a youtube views boosting bot. Domain info: frizzcams.com Domain Name: FRIZZCAMS.COM Registrar: MONIKER ONLINE SERVICES LLC Registrant [4327848]: Moniker Privacy Services FRIZZCAMS.COM@monikerprivacy.net MonikerRead more...
b.mypaintdressk13.com (Betabot http botnet hosted by sprintdatacenter.pl)
Resolved b.mypaintdressk13.com to 188.68.255.207 Server: b.mypaintdressk13.com Gate file: /direct/mail/order.php Alternate domains: b.dietmydartk5.com b.pixartzonek4.comb.stop2teasemek3.comb.thegamejuststarted10k12.comb.thegamejuststarted11k7.comb.thegamejuststarted12k11.comb.thegamejuststarted13k8.comb.thegamejuststarted14k9.comb.thegamejuststarted15k10.comb.uandmearevideos1k1.comb.uandmearevideos2k2.com Hosting info: http://whois.domaintools.com/188.68.255.207 Related md5s (Download samples from Malwr.com) Betabot: 9085ab7965bc67c6a8a6f2c83a22fb49
btctycoon.net(Betabot hosted in Canada Montreal Ovh Hosting Inc.)
Thanks to Xylitol for infos. Resolved : [btctycoon.net] To [192.99.21.12] Other : hxxp://www.btctycoon.net/info/blah.php Sample: hxxp://www.btctycoon.net/webapps/BTCclient.exe Hosting Infos : http://whois.domaintools.com/192.99.21.12