Resolved www.ultra-sales.com to 198.23.252.71 Server: www.ultra-sales.com Gate file: /an/image.php Updates and other malware hosted here: hxxp://www.ultra-sales.com/hosted/ Hosting infos: http://whois.domaintools.com/198.23.252.71
193.107.19.151 (Reverse proxy malware hosted by 2×4.ru)
Server: 193.107.19.151 Bot connect port: 8898 Web login port: 2567 Server config: http://193.107.19.151/config.cfg According to the errors on the index page, it’s hosted on a windows vps. Hosting infos: http://whois.domaintools.com/193.107.19.151
shellysdailylife.info (Insomnia irc botnet hosted by volumedrive.com)
Resolved shellysdailylife.info to 199.115.228.38 Server: shellysdailylife.info Port: 44 Channel: #Insomnia #Insomnia 341 [+sntu] This is the second time this IP has been posted. The previous time it was also hosting insomnia ircbots. Hosting infos: http://whois.domaintools.com/199.115.228.38
mywebst0rage.info (Andromeda http botnet hosted by vhostlayer.com)
Resolved mywebst0rage.info to 37.221.163.131 Server: mywebst0rage.info Gate file: /admin/hippo/image.php Hosting infos: http://whois.domaintools.com/37.221.163.131
voscomptesenligne.eu (Andromeda http botnet hosted by iws.co)
Resolved voscomptesenligne.eu to 91.223.82.179 Server: voscomptesenligne.eu Gate file: /joomla/image.php Plugins Rootkit: http://voscomptesenligne.eu/joomla/r.pack Formgrabber: http://voscomptesenligne.eu/joomla/f.pack Gate file: /joomla/fg.php http://whois.domaintools.com/91.223.82.179
imageshoster.ru (Smoke loader http botnet hosted by santrex.net)
Resolved imageshoster.ru to 46.166.169.187 Server: imageshoster.ru Gate file: /pics/index.php This is the new smokebot domain of the beerpigfarm.ru installs guy. His previously domain adzu324nbasmdaoias.su is currently hosted on the same server. Sample: hxxp://46.166.177.120/smo Hosting infos: http://whois.domaintools.com/46.166.169.187
fuelcw.org (Pony loader hosted by ihc.ru)
Resolved fuelcw.org to 37.143.9.173 Server: fuelcw.org Gate file: /ios.php http://whois.domaintools.com/37.143.9.173
ugctrust.com (Andromeda http botnet hosted by prohost.kg)
Resolved ugctrust.com to 91.213.233.156 Server: ugctrust.com Gate file: /image.php Sample was discovered by unixfreaxjp. hosting infos: http://whois.domaintools.com/91.213.233.156
kiz.no-ip.biz (Pony loader hosted by vmbox.co)
Resolved kiz.no-ip.biz to 94.242.238.213 Server: kiz.no-ip.biz Gate file: /xen/ride/gate.php Hosting infos: http://whois.domaintools.com/94.242.238.213
othar.tk (Gbot http bot hosted by mchost.ru)
Resolved othar.tk to 178.208.80.88 Server: othar.tk Gate file: //getcmd.php Hosting infos: http://whois.domaintools.com/178.208.80.88