Resolved humlaburd.org to 5.199.164.92 Server: humlaburd.org Gate file: /spidey/order.php Hosting infos: http://whois.domaintools.com/5.199.164.92 Related md5s (search on malwr.com to download the samples): Betabot: 80ac8731fa69e1480719982bd527042e
trakd.ws (Betabot http botnet hosted by intermedia.md)
Resolved trakd.ws to 89.45.14.72 Server: trakd.ws Gate file: /bb/order.php Alternate domains: trakd.biz trakd.ru Hosting infos: http://whois.domaintools.com/89.45.14.72 Related md5s (search on malwr.com to download the samples): Betabot: a0a66dfbdf1ce76782ba20a07a052976
37.221.160.132 (Kaiten irc botnet hosted by voxility.net)
Server: 37.221.160.132 Port: 443 Channel: #yodawg Channel password: lol.WH #yodawg 58 [+smnu] yo dawg i herd u like backdoors so we put a backdoor in ur backdoor so u can get owned while u own Check his server usage here: hxxp://fkn.ddos.cat/p.php Another one from x00 http://pastebin.com/fgjJGFxt Hosting infos: http://whois.domaintools.com/37.221.160.132
irc.byroe.net (Lightaidra Router botnet hosted by fdcservers.net)
Resolved irc.byroe.net to 204.45.97.42, 103.13.240.2, 109.123.112.25, 91.121.73.41 Server: irc.byroe.net Port: 6667 Channel: #priv8 #priv8 728 [+pmntr] CAUTION P.R.I.V.A.T.E CAUTION AuthHost: @csops.byroe.net Oper: [SuPrem0] (~BaGol0@csops.byroe.net): BaGol0[SuPrem0] is a registered nick[SuPrem0] ~#priv8 [SuPrem0] is away (Not Here !!!)[SuPrem0] is a Staff Byroe[SuPrem0] idle 08:04:23, signon: Mon Apr 15 07:04:56[SuPrem0] End of WHOIS list. Payload: hxxp://50.116.7.213/mymail/skins/larry/images/googiespell/.a/getbinaries.sh Hosting infos:Read more...
x.e1b2.org (ngrBot irc botnet hosted by namecheap.com)
Resolved x.e1b2.org to 192.64.114.16, 192.64.114.184 Server: x.e1b2.org Port: 80 Server password: 666666 Channel: ##Rox-x01## Topic for ##Rox-x01## is: !m on !s -n !mod usbi on !NAZEL hxxp://www8.0zz0.com/2013/05/25/23/865519528.gif !NAZEL hxxp://www12.0zz0.com/2013/05/24/15/675195622.gif !NAZEL hxxp://www12.0zz0.com/2013/05/21/06/487587018.gif Topic for ##Rox-x01## set by xXx at Mon May 27 14:47:02 2013 The server requires SSL to connect Alternate domains: x.e2b3.org x.c1d2.org x.x1ua.org x.x1x2.suRead more...
www.istanbulnakliyecileri.com (Andromeda http botnet hosted by ozkula.com.tr)
Resolved www.istanbulnakliyecileri.com to 37.247.108.48 Server: www.istanbulnakliyecileri.com Gate file: /firmalar/and/image.php Plugins Rootkit: hxxp://www.istanbulnakliyecileri.com/firmalar/and/r.pack Socks: hxxp://www.istanbulnakliyecileri.com/firmalar/and/s.pack Formgrabber: hxxp://www.istanbulnakliyecileri.com/firmalar/and/f.pack Gate file: hxxp://www.istanbulnakliyecileri.com/firmalar/and/fg.php This appears to be hosted on a hacked site. Hosting infos: http://whois.domaintools.com/37.247.108.48 Related md5s (search on malwr.com to download the samples): 8709c21be7d72c8ec8aaaa55ccc64b84
runawaswarm.ru (Ice 9 banking malware hosted by hc.ru)
Resolved runawaswarm.ru to 79.174.65.19 Server: runawaswarm.ru Config file: /xml/config.php Gate file: /xml/redir.php Hosting infos: http://whois.domaintools.com/79.174.65.19 Related md5s (search on malwr.com to download the samples): a9ca2d05060008f988ed72db5eebe67f
www.w0000t.com (Betabot http botnet hosted by ecatel.net)
Resolved www.w0000t.com to 80.82.64.25 Server: www.w0000t.com Gate file: /000003/order.php Alternate domains: www.modmarkgoldshop.com www.mogians.com Hosting infos: http://whois.domaintools.com/80.82.64.25 Related md5s (search on malwr.com to download the samples): a1286fd94984fd2de857f7b846062b5e
host0r.net (Andromeda http botnet hosted by instantdedicated.com)
Resolved host0r.net to 188.95.48.213 Server: host0r.net Gate file: /anz/l0ad.php Hosting infos: http://whois.domaintools.com/188.95.48.213 Related md5s (search on malwr.com to download the samples): 4a2fa3e509fd8b048f1b03eb319dfdf9
xogogo.org (Paradise ddos botnet hosted by adman.com)
Resolved xogogo.org to 93.170.131.114 Server: xogogo.org Gate file: /par/bfg.php Hosting infos: http://whois.domaintools.com/93.170.131.114 Related md5s (search on malwr.com to download the samples): Paradise bot: 5724c61a33708b5fdefa3125ea32b2d0 EDIT: The botnet is currently attacking a site POST /par/bfg.php HTTP/1.1 Host: xogogo.org User-Agent: PARADISE Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 10 status=get HTTP/1.1 200 OK Date: Tue, 28 May 2013 13:31:16Read more...