Resolved mr7x0728.biz to 37.221.165.118 Server: mr7x0728.biz Gate file: /beta/order.php For all the info about the owners vps you would ever need, just check this page: hxxp://mr7x0728.biz/p.php (it looks like he’s splurged on the Standard vps package) Hosting infos: http://whois.domaintools.com/37.221.165.118
florasister.com (Ice-9 banking malware hosted by neoweb.ru)
Resolved florasister.com to 81.176.232.201 Server: florasister.com Gate file: gigling.php (backup hxxp://forandroid.tk/yandex.php (suspended)) Sites checked for configs (no droppers appear to be live): hxxp://www.jcurve.com/templates/beez/params.php hxxp://www.ivemon.es/templates/beez/params.php hxxp://www.justicecameroun.com/templates/beez/params.php hxxp://www.jackwalshcarpets.com/Joomla/templates/beez/params.php hxxp://www.kocaelidho.org.tr/templates/beez/params.php hxxp://www.moraditrade.com/en/templates/beez/params.php hxxp://www.mm-nn.com/main/templates/beez/params.php hxxp://www.jakmurowane.pl/templates/beez/params.php Also attempted to connect to bigdealworked.com on port 9702 Hosting infos: http://whois.domaintools.com/81.176.232.201
betabot.zapto.org (Betabot http botnet hosted by linode.com)
Resolved betabot.zapto.org to 106.187.88.52 Server: betabot.zapto.org Gate file: /beta/order.php Alternate domains: 7obby.com betabu.zapto.org Hosting infos: http://whois.domaintools.com/106.187.88.52
steroids-buy-anabolic.com (Betabot http botnet hosted by balticservers.com)
Resolved steroids-buy-anabolic.com to 5.199.167.132 Server: steroids-buy-anabolic.com Gate file: order.php There don’t appear to be any alternate domains for this bot. The domain previously hosted panels for ddos bots. Hosting infos: http://whois.domaintools.com/5.199.167.132
rocksolidswag.no-ip.org (Betabot http botnet hosted by ecatel.net)
Resolved rocksolidswag.no-ip.org to 89.248.160.146 Server: rocksolidswag.no-ip.org Gate file: /swag/order.php Alternate domains: swazers.com pirateleaks.us lilseizurespizza.com trytoperceive.me The owner is mining some bitcoins: http://askaa_worker:penis@us3.eclipsemc.com:8337 Hosting infos: http://whois.domaintools.com/89.248.160.146
infuego.ru (Betabot http botnet hosted by altushost.com)
Resolved infuego.ru to 37.46.127.164 Server: infuego.ru Gate file: /forums/order.php Alternate domains: virtualdreams.ruwinyl.wsoffshored.suwinyle.su Hosting info: http://whois.domaintools.com/37.46.127.164
h.opennews.su (irc botnet hosted by qhoster.com)
Resolved h.opennews.su to 5.45.181.254 Server: h.opennews.su Port: 9000 Channel: #sp Channel password: yop Topic for #sp is: !wB/smZJsKbDADvo5ab8sIF/r5RP7kkXfEsreBMH+9hiVs3ilngzFHh0Ph9sbgtC/EeqYw5x0Vj2IqRyb/knFS+LUzo6bf3cW/A1SyUXkVxz8ERDPS2K/qHObIS3TFyR2JAiWdnWc82S3KnAwUHQFMEb6h/kQqB9TcZElsKS4BnyDiGp1B19crjVgBes7+ilkHVmFLRRgoSPyUBx71ioiUporVdeOIEUhA547CIbp0odHxRQ41LK9wPz13N8KYZx6/QE//rZhBqCorPJqg3w= Topic for #sp set by SNK at Thu Apr 04 06:16:09 2013 Example bot nick: n{USA-XPx86u}gjekbowg Alternate domains: f.eastmoon.pl gigasbh.org gigasphere.su o.dailyradio.su photobeat.su s.richlab.pl uranus.kei.su xixbh.com xixbh.net You may recognize some of the domains from previous postsRead more...
notify.mpa-a.com (Citadel banking malware hosted by msm.ru)
Resolved notify.mpa-a.com to 95.163.76.59 Server: notify.mpa-a.com Config file: notify.mpa-a.com/msupd6.bin Gate file: notify.mpa-a.com/index.php Hosting infos: http://whois.domaintools.com/95.163.76.59
xixbh.net (ngrbot irc botnet hosted by oneandone.net)
Resolved xixbh.net to 212.227.83.111, 213.165.68.138, 85.25.86.198 Server: xixbh.net (alternate domains: xixbh.com gigasbh.org) Port: 1863 Server password: jobs Channel: #jobs Topic for #jobs is: !dl hxxp://hotfile.com/dl/200451226/2ff4c3f/orf4Duu.html Topic for #jobs set by x at Fri Mar 29 13:40:52 2013 SSL is required to connect to this server This is the same guy as these previous posts.
dictionarysrnifty.no-ip.org (Athena irc botnet hosted by infiumhost.com)
Resolved dictionarysrnifty.no-ip.org to 188.190.99.19 Server: dictionarysrnifty.no-ip.org Port: 9001 * I have 83 clients and 0 servers * 83 451 :Current local users 83, max 451 Channel: #alpha Topic for #alpha is: !botkill.start Topic for #alpha set by LK at Fri Mar 29 10:30:08 2013 All users are also joined to the channel #lobby on connection.Read more...