Server: gemers9.ru Gate file: /damm/5425/order.php Looks like Hackforum skiddies even carry their love for Cloudflare to their botnets Related md5s (Download samples from Malwr.com) Betabot: 684eb10838071bda6f68c26838056f72
ironsr.com (Betabot http botnet hosted by OVH.net)
Resolved ironsr.com to 46.105.104.99 Server: ironsr.com Gate file: /img/order.php Hosting info: http://whois.domaintools.com/46.105.104.99 Related md5s (Download samples from Malwr.com) Betabot: cfb9f0c9844da8731607f2af878f8b78
techsavynerds.net (Betabot http botnet hosted by ixam-hosting.com)
Resolved techsavynerds.net to 37.221.163.158 Server: techsavynerds.net Gate file: /signup/inc/order.php Hosting info: http://whois.domaintools.com/37.221.163.158 Related md5s (Download sample from Malwr.com) Betabot: 0703af1757f7fd6764ebbe4c244de2a4
trik.su (Snk aspermod irc botnet hosted by midphase.com)
Resolved trik.su to 174.127.123.4 Server: trik.su Port: 5050 Channel: #trk #trk :.j #upd .u trk2 /120/126/99/107/25/61/37/112/72/120/110/67/113/123/122/115/35/64/118/114/35/123/85/74/78/111/125/83/8/55/46/39/32/63/42/55/63/35/44/11/42/38/32/37/120/110/121/ Channel: #upd #upd :.u trk2 /120/126/99/107/25/61/37/103/86/99/120/83/100/118/123/98/98/13/108/108/35/123/85/74/15/107/97/69/ Hosting info: http://whois.domaintools.com/174.127.123.4 Related md5s (Download samples from Malwr.com) Aspermod: 1f876d3830527f22f84205069695d3d2
vvvhhhccc.com (Betabot http botnet hosted by dacentec.com)
Resolved vvvhhhccc.com to 192.111.153.98 Server: vvvhhhccc.com Gate file: /8/8/8/be/order.php Alternate domains: virusprotect.su virus-protector.net latinodancewears.com.vn He has a plasma http botnet on the same domain that he is using to mine dogecoins. Gate file: /8/8/plasma/login.php Hosting info: http://whois.domaintools.com/192.111.153.98 Related md5s (Download samples from Malwr.com) Betabot: a58ddb7a7a3b823ff0ddd541f136d9f4 Plasma: 401459ef275cf0639a855a4dff234bf5 Mining info: Stratum+tcp://pool.dogechain.info:3333 -u latinodresses.plasmahttp -p x
videotr.in (Facebook spreading browser extension proxied by cloudflare)
This is aimed at Turkish Facebook users. The scripts used by the extension are hosted over several domains. The infection starts with the site hxxp://www.videotr.in, which plays a short videoclip. The video is then interrupted and the user is urged to run an exe that is downloaded to fix the issue. The exe creates aRead more...
Fbcentral.net (Betabot http botnet hosted by ixam-hosting.com)
Resolved fbcentral.net to 109.163.228.196 Server: fbcentral.net Gate file: /orders/order.php Related md5s (Download samples from Malwr.com) Betabot: ffb8efe74954a348a3ec397c132cce96 Hosting info: http://whois.domaintools.com/109.163.228.196
199.187.121.82 (pBots hosted by databasebydesignllc.com)
Server: 199.187.121.82 Port: 7802 * There are 1 users and 3702 invisible on 1 servers * 127 :unknown connection(s) * 2 :channels formed * I have 3703 clients and 0 servers * Current Local Users: 3703 Max: 3785 * Current Global Users: 3703 Max: 3785 Channel: #bom# Channel Users Topic #sick# 341 [+smntMu] #bom# 3385Read more...
googleisearch.com (ferret DDOS botnet hosted by sigmait.dk)
Resolved googleisearch.com to 195.20.141.115 Server: googleisearch.com Gate file: /tmp/search.php The panel is version 2.2, indicating continued development since it’s discovery. Hosting info: http://whois.domaintools.com/195.20.141.115 Related md5s (Download samples from Malwr.com) Ferret: bcf167ad78a41f695b766531ed3a6fea
iappleblog.net (Betabot http botnet hosted by ubris-hosting.com)
Resolved iappleblog.net to 37.9.55.98 Server: iappleblog.net Gate file: /img/beta/order.php Alternate domains: iapplegeek.com androidistore.net This is the first betabot 1.7 I’ve seen in the wild. Thanks to Xylitol for the C&C info. Looks like the network signatures need to be updated Hosting info: http://whois.domaintools.com/37.9.55.98 Related md5s (Download sample from Malwr.com) Betabot: 5f3b16af36bfa193a222222035c7321c