Resolved msn.3utilities.com to 80.82.66.43 Server: msn.3utilities.com Port: 81 Gate file: /help/order.php Alternate domains: videoparadise.biz kittybook.biz msn1981.3utilities.com dates4you.tk Three out of the five domains are free and easy to get suspended. Pro botherder here. Bitcoin mining info: stratum+tcp://eu-stratum.btcguild.com:3333 -u m4tr1x_neo -p 123 -t 0 -I -3 Litecoin mining info: -a scrypt -o http://kittybook.no-ip.biz:8332 -u m4tr1x_0Read more...
93.115.93.30 (Andromeda http botnet hosted by voxility.net)
Server: 93.115.93.30 Gate file: /moneymaker/image.php Plugins Rootkit: hxxp://93.115.93.30/moneymaker/r.pack Socks: hxxp://93.115.93.30/moneymaker/s.pack Formgrabber: hxxp://93.115.93.30/moneymaker/f.pack Gate file: /moneymaker/fg.php Hosting infos: http://whois.domaintools.com/93.115.93.30
umadais.pw (Betabot http botnet hosted by alibabahost.com)
Resolved umadais.pw to 109.163.229.189 Server: umadais.pw Gate file: /a/order.php Alternate domains: yyaammppuu.pw blamaldo.pw Hosting infos: http://whois.domaintools.com/109.163.229.189
stateqa.biz (Andromeda http botnet hosted by plusserver.de)
Resolved stateqa.biz to 188.138.88.81 Server: stateqa.biz Gate file: /andrei/image.php Cracked andromeda seems to be making a comeback, after all the betabots posted recently. Hosting infos: http://whois.domaintools.com/188.138.88.81
fahfasd.pw (Andromeda http botnet hosted by xeneurope.com)
Resolved fahfasd.pw to 109.235.51.249 Server: fahfasd.pw Gate file: /Panel/image.php Plugins Rootkit: hxxp://fahfasd.pw/Panel/plugins/r.pack Socks: hxxp://fahfasd.pw/Panel/plugins/s.pack Formgrabber: hxxp://fahfasd.pw/Panel/plugins/f.pack Gate file: /Panel/fg.php Hosting infos: http://whois.domaintools.com/109.235.51.249
moneybooster.info (Andromeda http botnet hosted by leaseweb.com)
Resolved moneybooster.info to 95.211.211.90 Server: moneybooster.info Gate file: /bc/image.php I guess betabot isn’t working for him anymore. What a waste of $320. Hosting infos: http://whois.domaintools.com/95.211.211.90
solutionswiki.com (Betabot http botnet hosted by alibabahost.com)
Resolved solutionswiki.com to 109.163.233.107 Server: solutionswiki.com Port: 4137 Gate file: /system/order.php I don’t know why betabot owners keep putting their http servers on ports other than 80. Seems pretty dumb. I guess you can only expect so much from a HF bot and it’s owners. Hosting infos: http://whois.domaintools.com/109.163.233.107
hardstunt.com (Andromeda http botnet proxied by cloudflare.com)
Resolved hardstunt.com to 108.162.198.113, 108.162.199.113 Server: hardstunt.com Gate file: /blob/image.php Hosting a botnet behind cloudflare seems like a bad idea.Lets see if I can get this blocked. EDIT: CloudFlare received your malware report dated April 28, 2013 regarding: hardstunt.com Please be aware CloudFlare is a network provider offering a reverse proxy, pass-through security service. WeRead more...
crispershf.hc0.me (Andromeda http botnet hosted by Ecatel.net)
Resolved crispershf.hc0.me to 80.82.69.144 Server: crispershf.hc0.me Gate file: /panel/image.php Hosting infos: http://whois.domaintools.com/80.82.69.144
fearboot.com (Andromeda http botnet hosted by vmbox.co)
Resolved fearboot.com to 198.20.67.10 Server: fearboot.com Gate file: /andro/image.php Visit http://fearboot.com/p.php or http://fearboot.com/phpinfo.php for information about the server. Hosting infos: http://whois.domaintools.com/198.20.67.10