Resolved www.istanbulnakliyecileri.com to 37.247.108.48 Server: www.istanbulnakliyecileri.com Gate file: /firmalar/and/image.php Plugins Rootkit: hxxp://www.istanbulnakliyecileri.com/firmalar/and/r.pack Socks: hxxp://www.istanbulnakliyecileri.com/firmalar/and/s.pack Formgrabber: hxxp://www.istanbulnakliyecileri.com/firmalar/and/f.pack Gate file: hxxp://www.istanbulnakliyecileri.com/firmalar/and/fg.php This appears to be hosted on a hacked site. Hosting infos: http://whois.domaintools.com/37.247.108.48 Related md5s (search on malwr.com to download the samples): 8709c21be7d72c8ec8aaaa55ccc64b84
runawaswarm.ru (Ice 9 banking malware hosted by hc.ru)
Resolved runawaswarm.ru to 79.174.65.19 Server: runawaswarm.ru Config file: /xml/config.php Gate file: /xml/redir.php Hosting infos: http://whois.domaintools.com/79.174.65.19 Related md5s (search on malwr.com to download the samples): a9ca2d05060008f988ed72db5eebe67f
www.w0000t.com (Betabot http botnet hosted by ecatel.net)
Resolved www.w0000t.com to 80.82.64.25 Server: www.w0000t.com Gate file: /000003/order.php Alternate domains: www.modmarkgoldshop.com www.mogians.com Hosting infos: http://whois.domaintools.com/80.82.64.25 Related md5s (search on malwr.com to download the samples): a1286fd94984fd2de857f7b846062b5e
host0r.net (Andromeda http botnet hosted by instantdedicated.com)
Resolved host0r.net to 188.95.48.213 Server: host0r.net Gate file: /anz/l0ad.php Hosting infos: http://whois.domaintools.com/188.95.48.213 Related md5s (search on malwr.com to download the samples): 4a2fa3e509fd8b048f1b03eb319dfdf9
xogogo.org (Paradise ddos botnet hosted by adman.com)
Resolved xogogo.org to 93.170.131.114 Server: xogogo.org Gate file: /par/bfg.php Hosting infos: http://whois.domaintools.com/93.170.131.114 Related md5s (search on malwr.com to download the samples): Paradise bot: 5724c61a33708b5fdefa3125ea32b2d0 EDIT: The botnet is currently attacking a site POST /par/bfg.php HTTP/1.1 Host: xogogo.org User-Agent: PARADISE Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 10 status=get HTTP/1.1 200 OK Date: Tue, 28 May 2013 13:31:16Read more...
sweet1sfl.com (Paradise ddos botnet hosted by intermedia.md)
Resolved sweet1sfl.com to 89.45.14.99 Server: sweet1sfl.com Gate file: /par/bfg.php Altnerate domain: meetinets.com Hosting infos: http://whois.domaintools.com/89.45.14.99
gamingplanet.us (Betabot http botnet hosted by worldstream.nl)
Resolved gamingplanet.us to 109.236.82.200 Server: gamingplanet.us Gate file: /codeserver/order.php Alternative domain: freegamebox.us Hosting infos: http://whois.domaintools.com/109.236.82.200 Related md5s (search on malwr.com to download the samples): Betabot: ebf466da7b5f7ed3390f4c68f880bb68
www.vbvx.com (Betabot http botnet hosted by ovh.net)
Resolved www.vbvx.com to 94.23.56.186 Server: www.vbvx.com Gate file: /remote/order.php Bitcoin mining info: Shell.exe” -o http://vbvx.com:8344 -u shubhank008_work -p plawasthi -t 0 -I 10 macromedia.exe” -o http://vbvx.com:8344 -u shubhank008_work -p plawasthi -g no -t 2 Looks like he’s running a mining proxy on his vps. Hosting infos: http://whois.domaintools.com/94.23.56.186 Related md5s (search on malwr.com to download theRead more...
mena012.no-ip.biz (Athena and Betabot http botnets hosted by santrex.net)
Resolved mena012.no-ip.biz to 46.166.173.11 Athena http Server: mena012.no-ip.biz Gate file: /gate.php Betabot Server: mena012.no-ip.biz Gate file: /beta/order.php Hosting infos: http://whois.domaintools.com/46.166.173.11
1rb4hiu.name (Betabot http botnet hosted by liquid-solutions.biz)
Resolved 1rb4hiu.name to 198.23.250.163 Server: 1rb4hiu.name Gate file: /path/order.php Alternate domains: 2snrgk3.nameekyn6w.nameylen5d87.bizy4d5g1v.biz8y14gf5s.biz Hosting infos: http://whois.domaintools.com/198.23.250.163