Resolved sweet1sfl.com to 89.45.14.99 Server: sweet1sfl.com Gate file: /par/bfg.php Altnerate domain: meetinets.com Hosting infos: http://whois.domaintools.com/89.45.14.99
gamingplanet.us (Betabot http botnet hosted by worldstream.nl)
Resolved gamingplanet.us to 109.236.82.200 Server: gamingplanet.us Gate file: /codeserver/order.php Alternative domain: freegamebox.us Hosting infos: http://whois.domaintools.com/109.236.82.200 Related md5s (search on malwr.com to download the samples): Betabot: ebf466da7b5f7ed3390f4c68f880bb68
www.vbvx.com (Betabot http botnet hosted by ovh.net)
Resolved www.vbvx.com to 94.23.56.186 Server: www.vbvx.com Gate file: /remote/order.php Bitcoin mining info: Shell.exe” -o http://vbvx.com:8344 -u shubhank008_work -p plawasthi -t 0 -I 10 macromedia.exe” -o http://vbvx.com:8344 -u shubhank008_work -p plawasthi -g no -t 2 Looks like he’s running a mining proxy on his vps. Hosting infos: http://whois.domaintools.com/94.23.56.186 Related md5s (search on malwr.com to download theRead more...
mena012.no-ip.biz (Athena and Betabot http botnets hosted by santrex.net)
Resolved mena012.no-ip.biz to 46.166.173.11 Athena http Server: mena012.no-ip.biz Gate file: /gate.php Betabot Server: mena012.no-ip.biz Gate file: /beta/order.php Hosting infos: http://whois.domaintools.com/46.166.173.11
1rb4hiu.name (Betabot http botnet hosted by liquid-solutions.biz)
Resolved 1rb4hiu.name to 198.23.250.163 Server: 1rb4hiu.name Gate file: /path/order.php Alternate domains: 2snrgk3.nameekyn6w.nameylen5d87.bizy4d5g1v.biz8y14gf5s.biz Hosting infos: http://whois.domaintools.com/198.23.250.163
hackattaksuceuse.biz (Betabot http botnet hosted by Fastflux)
Server: hackattaksuceuse.biz Gate file: /~.homo/analytics.php Alternate domains: lavidalocapd.biz allahwouakbaaahhh.co.in amemeuch.biz betazbraxxx.co.in hacktipucov2.org jesaispastropkoimettre.org laradimcrelou.co.in thebossinfly.org tktlamifa.co.in whatdaaafuckinyourhead.biz x42v72.biz zbraaadanstfesse.org suxme.itsprosolutions.org This is the source of the citadel and pony just posted. I’m not sure why the owner would set up his betabot for fastflux and not his citadel though. Hosting infos: ;; QUESTION SECTION: ;hackattaksuceuse.biz.Read more...
89.163.181.135 (Citadel banking malware hosted by unitedcolo.de)
Server: 89.163.181.135 Gate file: /.~/ineed/stats.php Config file: /.~/ineed/file.php They forgot to remove the installation directory: hxxp://89.163.181.135/.~/ineed/install/ Found on the same betabot as the recently posted pony loader. Hosting infos: http://whois.domaintools.com/89.163.181.135
93.115.85.58 (Pony loader hosted by voxility.net)
Server: 93.115.85.58 Gate file: /pox/stats.php While investigating a betabot, I found a load of different malware. Here’s a pony loader. It downloads files from hxxp://cy-corp.com/pg/ Hosting infos: http://whois.domaintools.com/93.115.85.58
solutionswiki.com (Andromeda http botnet hosted by alibabahost.com)
Resolved solutionswiki.com to 109.163.233.107 Server: solutionswiki.com Gate file: /pages/image.php There is also a betabot hosted on the same domain. Mining infos: dasHosts.exe -a scrypt-jane -o http://37.221.170.226:8344 -O YFicRwX9HpMkVovPPWG3NAJ9Tpom3YeXqC:x Hosting infos: http://whois.domaintools.com/109.163.233.107
r.gigaionjumbie.biz (Power loader http botnet hosted by digital-forex.net)
Resolved r.gigaionjumbie.biz to 5.199.171.131, 5.199.171.132, 5.199.171.133 Server: r.gigaionjumbie.biz Gate file: /images/gx.php Alternate domains: x.dailyradio.su x.kei.su Hosting infos: http://whois.domaintools.com/5.199.171.131 http://whois.domaintools.com/5.199.171.132 http://whois.domaintools.com/5.199.171.133