Resolved botbox.su to 95.211.187.5 Server: boxbot.su Port: 5050 Channel: #spm #spm :.s.a /104/115/120/99/34/45/56/57/52/38/57/20/21/36/21/45/36/56/44/32/50/49/107/97/8/67/102/120/ /104/115/120/99/34/45/56/57/52/38/57/20/21/36/21/45/36/56/44/32/50/49/ 481 408w4wf058939393020384493ds Hosting infos: http://whois.domaintools.com/95.211.187.5 Related md5s (Search on Malwr.com to download samples) Aspermod: a61efce0696000bc4f2ee3791918b02d
alhamad.biz (Solar http botnet hosted by softlayer.com)
Resolved alhamad.biz to 50.23.58.11 Server: alhamad.biz Gate file: /web/info.php Alternate domains (not currently registered): gilsoncherylfuelquest.bizburdickdoug-fuel.bizcallawayrickcanadian.bizcano-martintexas.bizcomptondeborah-exxon.bizdavenport-kirktexas.bizdearie-erin-international.bizdixon-christy-oklahoma.bizdonnellan-robert-2global.bizdoughertymichael-fhwa.bizdrewryamy-louisdreyfus.bizdudek-sabrina-nustarenergy.bizengelken-davidtank-management.bizfarishdanmurphy-oil.bizfelettoloucaboard.bizfitzgeraldjulian-sr2.biz It also tried to connect to a gate file hosted on a hacked site at hxxp://carriesbridalcollection.com/images/1/2/cart.php Hosting infos: http://whois.domaintools.com/50.23.58.11 Related md5s (Search on Malwr.com to download samples) Solar: f83706169037cf6da4bf04469428329a
updating-flash.cloudapp.net (Citadel banking malware hosted by Microsoft.com)
Resolved updating-flash.cloudapp.net to 137.116.247.7 Server: updating-flash.cloudapp.net Config file: /bleh/file.php Gate file: /bleh/gate.php Hosting infos: http://whois.domaintools.com/137.116.247.7 Related md5s (Search on Malwr.com to download samples) Citadel: b8010a8cce28c36dfb0cc1bcd87a5575
www.paloshke.org (Solar http botnet hosted by ghandi.net)
Resolved www.paloshke.org to 46.226.108.231 Server: www.paloshke.org Gate file: /index.php Alternate domains: www.bkcn.suwww.cahlr.comwww.rahmea.orgwww.businet.suwww.oscdfg.orgwww.monero.orgwww.webres.suwww.uwtriv.comwww.zmvnue.orgwww.oreape.comwww.xnighs.suwww.dvmnib.comwww.itmcff.orgwww.akwrzv.comwww.ivmqzc.orgwww.duvema.comwww.mtwogp.orgwww.hielah.comwww.apdekt.org Bitcoin mining infos: -a scrypt -s 20 –no-longpoll -q -o www2.oskefi.org:443 -u anonymous.1 -p -x Hosting infos: http://whois.domaintools.com/46.226.108.231 Related md5s Solar: eafe8ed59f752d7ae8240f3cdbc698f6
cmeef.info (Solar http botnet hosted by ecatel.net)
Resolved cmeef.info to 93.174.94.64 Server: cmeef.info Gate file: /e6ct/index.php Hosting infos: http://whois.domaintools.com/93.174.94.64 Related md5s (Search on Malwr.com to download samples) Solar: 61fd4c9405e168557ab279c86131634b
kasvatus.org (Solar http botnet hosted by hetzner.de)
Resolved kasvatus.org to 176.9.36.18 Server: kasvatus.org Gate file: /solar/index.php Thanks to Xylitol for a link to the sample Hosting infos: http://whois.domaintools.com/176.9.36.18 Related md5s (Search on Malwr.com to download samples) Solar: 946c4683c72f59558d9a211a8d8971cc
canc3r1nf0rmat10n.pw (Solar http botnet hosted by infiumhost.com)
Resolved canc3r1nf0rmat10n.pw to 188.190.123.59 Server: canc3r1nf0rmat10n.pw Gate file: /panel/index.php Hosting infos: http://whois.domaintools.com/188.190.123.59 Related md5s (Search on Malwr.com to download samples) Solar: 60a8e935b5418a76593bb97120da1adc
haveityourway.pw (betabot http botnet hosted by Alibabahost.com)
Resolved haveityourway.pw to 103.31.187.77 Server: haveityourway.pw Gate file: /members/order.php Alternate domains (currently not registered): thebestway42.pwitsoktohaveityourway.comlosmejoresburgers1.com The first domain was only registered yesterday. Hosting infos: http://whois.domaintools.com/103.31.187.77 Related md5s (Search on Malwr.com to download samples) Betabot: 3b0907c7bf881f8f5f9fa2190384d3dd
scum1904life.com (Andromeda http botnet hosted by 2×4.ru)
Resolved scum1904life.com to 193.107.16.146 Server: scum1904life.com Gate file: /gate.php Hosting infos: http://whois.domaintools.com/193.107.16.146 Related md5s (Search on Malwr.com to download samples) Andromeda: 6423dfa282aa03ee0e10c5331062a96c
n18b7273u1j.in (Betabot http botnet hosted by worldstream.nl)
Resolved n18b7273u1j.in to 217.23.3.102 Server: n18b7273u1j.in Gate file: /M_jsh1/order.php Alternate domains: b19jdn167t.in This is betabot version 1.5. This is the second betabot 1.5 botnet I have found, but the other one was just a different path on an already posted botnet, so it wasn’t worth a new post. You may note that the domains usedRead more...