Resolved spamtheinter.net to 94.102.51.123 Server: spamtheinter.net Gate file: /pony/gate.php Hosting infos: http://whois.domaintools.com/94.102.51.123 Related md5 (Download sample from Malwr.com) Pony: ab5c96e927c863a773271347a5713486
thepremiumsellers.com (Solar http botnet hosted by Ecatel.net)
Resolved thepremiumsellers.com to 94.102.51.123 Server: thepremiumsellers.com Gate file: /sol/index.php Hosting infos: http://whois.domaintools.com/94.102.51.123 Related md5 (Download sample from Malwr.com) Solar: f8fa95baecf6423c6e44ad701164fdd2
renterlocal.su (betabot http botnet hosted by fastflux botnet)
Server: renterlocal.su Gate file: /be/order.php Alternate domains: municipales.ru wmkdi.su dfntlk.su captioncodes.ru juliussdietz.ru Hosting infos: ; <<>> DiG 9.6.1-P1 <<>> renterlocal.su ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8938 ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 4, ADDITIONAL: 12 ;; QUESTION SECTION: ;renterlocal.su. IN A ;;Read more...
burrito.wut.re (Athena irc botnet hosted by ovh.net)
Resolved to burrito.wut.re to 37.59.53.162 Server: burrito.wut.re Port: 6667 Channel: ##a Hosting infos: http://whois.domaintools.com/37.59.53.162 Related md5 (Download samples from Malwr.com) Athena: ac5b059a66ab7005051e0afa598a7757
24E1tRfQaf31.in (Betabot http botnet hosted by ecatel.net)
Resolved 24e1trfqaf31.in to 94.102.49.76 Server: 24e1trfqaf31.in Gate file: /Kuod_9381a/order.php Alternate domains: 24ttgaezrtawae.in 13893ygh1uvbad.inibfuo2t1g1qdewr3.in (Currently suspended) The WHOIS info for this domain is pretty interesting. Looks like someone copied the WHOIS info of a major hackforums scammer. Hosting infos: http://whois.domaintools.com/94.102.49.76 Related md5s (Download samples from Malwr.com) Betabot: b47a148b57ce6a7e6e57b039315c77d4
sloodam.in (Betabot http botnet proxied by cloudflare.com)
Server: sloodam.in Gate file: /lolserver/james/order.php Yet another scriptkiddie seems to think that cloudflare is the best place to host his botnet. Lets see how fast they shut this down. Related md5s (Search on Malwr.com to download samples) Betabot: faf473886ef8775d6514ab898a550b3e
fewet.com (Athena http botnet hosted by wrzhost.com)
Resolved fewet.com to 91.218.244.229 Server: fewet.com Gate file: /panel/gate.php Hosting infos: http://whois.domaintools.com/91.218.244.229 Related md5s (Search on malwr.com to download samples) Athena: 00238d56ef41e39b7b1ec7870677efa0
llltd.ru (Betabot http botnet hosted by plusserver.de)
Resolved llltd.ru to 188.138.92.62 Server: llltd.ru Gate file: /order.php Alternate domain: lllink.ru Hosting infos: http://whois.domaintools.com/188.138.92.62 Related md5s (Search on Malwr.com to download samples) Betabot: d1945e16d2430c44c53e907b9a7f94a4
www.pen-t-house.com (Smoke loader hosted by leaseweb.com)
Resolved www.pen-t-house.com to 85.17.139.16 Server: www.pen-t-house.com Gate file: /baby/index.php Hosting infos: http://whois.domaintools.com/85.17.139.16 Related md5s (Search on Malwr.com to find samples) Smoke: d24b40d1c7d410e6069fc3eaf101b171
cf-fgdgwdvbs.com (Betabot http botnet hosted by server4.pro)
Resolved cf-fgdgwdvbs.com to 37.221.161.200 Server: cf-fgdgwdvbs.com Gate file: /content/design/in/images/ads/banner/order.php Alternate domains: (Currently registered) h1gh.to (Currently unregistered) vbt-one.bizchf-dfgsdfgplace.netded-rrwqwzjzjris.comseb-api.netswrgfderthgikhoplk.info greahthrhdse.infosab-rehrgfgdfg.org Hosting infos: http://whois.domaintools.com/37.221.161.200 Related md5s (Search on Malwr.com to download samples) Betabot: 4ecb1746a7a5b54d83f4b34cc23eb9fd