top-glenyx.com (betabot http botnet hosted by Fastflux)

By I_Post_Ur_Info, November 7, 2013
Uncategorized

Server:  top-glenyx.com Gate file:  /forum/userline.php Alternate domains: svl-trusted.com marinzer-3.com amerillia.net matterix-net.net Hosting infos: ;; QUESTION SECTION: ;top-glenyx.com. IN A ;; ANSWER SECTION: top-glenyx.com. 150 IN A 46.211.201.46 top-glenyx.com. 150 IN A 68.190.213.192 top-glenyx.com. 150 IN A 74.141.113.20 top-glenyx.com. 150 IN A 76.118.32.199 top-glenyx.com. 150 IN A 77.120.152.66 top-glenyx.com. 150 IN A 77.122.245.155 top-glenyx.com. 150 INRead more...

spaceshuttle.co.ua (betabot http botnet hosted by Panamaserver.com)

By I_Post_Ur_Info, November 7, 2013
Uncategorized

Resolved spaceshuttle.co.ua to 190.123.47.66 Server:  spaceshuttle.co.ua Gate file:  /joomla/images/order.php Alternate domains: orbiter.biz.ua ringostars.info digues.info Hosting infos: http://whois.domaintools.com/190.123.47.66 Related md5s (Download sample from Malwr.com) Betabot: d4d7b5553bce35569f816cb66d5cb838 Edit: Blocked domains from dns.dat *antivirus* 127.0.0.1 bitdefender.com 127.0.0.1 download.bitdefender.com 127.0.0.1 update.bitdefender.com 127.0.0.1 wfbs51-p.activeupdate.trendmicro.com 127.0.0.1 wfbs60-p.activeupdate.trendmicro.com 127.0.0.1 iau.trendmicro.com 127.0.0.1 licenseupdate.trendmicro.com 127.0.0.1 csm-as.activeupdate.trendmicro.com 127.0.0.1 wfbs6-icss-p.activeupdate.trendmicro.com 127.0.0.1 oc.activeupdate.trendmicro.com 127.0.0.1 update.avg.com 127.0.0.1 update.grisoft.comRead more...

norton360america.biz (betabot http botnet hosted by psychz.net)

By I_Post_Ur_Info, November 4, 2013
Uncategorized

Resolved norton360america.biz to 199.71.215.3 Server:  norton360america.biz Gate file:  /joomla/order.php Alternate domains: fuckencio.comnoticiasmerica.biznoticiasmerica.inhomelad.meallape.meallape.org One of the backup domains was used in a previous botnet. Hosting infos: http://whois.domaintools.com/199.71.215.3 Related md5s (Download sample from Malwr.com) Betabot: cc546493b759600dda8dae44da0f1000

tri57jv3.biz (Betabot http botnet hosted by glesys.se)

By I_Post_Ur_Info, November 4, 2013
Uncategorized

Resolved tri57jv3.biz to 94.247.168.151 Server:  tri57jv3.biz Gate file:  /path/order.php Alternate domains: ykf33ork.biz 5gkd690.bizufrtk67i.biz7gkmir75.biz87fguyh4.biz Hosting infos: http://whois.domaintools.com/94.247.168.151 Related md5s (Download samples from Malwr.com) Betabot: aacce65d6339496a14c86d21d81d37bb

javatube.net (Betabot http botnet hosted by ecatel.net)

By I_Post_Ur_Info, November 2, 2013
Uncategorized

Resolved javatube.net to 94.102.51.123 Server:  javatube.net Gate file:  /singers/song/singles.php Alternate domains: menbbs.netthepremiumsellers.comjuxtaposewhereami.no-ip.biz Hosting infos: http://whois.domaintools.com/94.102.51.123 Related md5s (Download samples from Malwr.com Betabot: 319fe02b18bd75e529bccc317712ad10

redwine.hopewill-imm.com (Betabot http botnet hosted by contabo.com)

By I_Post_Ur_Info, October 31, 2013
Uncategorized

Resolved redwine.hopewill-imm.com to 80.241.218.79 Server:  redwine.hopewill-imm.com Gate file:  /papernews/paperboard.php Alternate domains: artgallery.keramikart.ro jetplane.yangon-airways.com flight.yangon-airways.com abroad.laos-airlines.net plates.ceramic1.com Hosting infos: http://whois.domaintools.com/80.241.218.79 Related md5s (Download sample from Malwr.com) Betabot: 3d250757e1b306b899652ef3c5ef93a7

mklist.myjino.ru (Madness DDOS bot hosted by avguro.com)

By I_Post_Ur_Info, October 31, 2013
Uncategorized

Resolved mklist.myjino.ru to 81.177.141.202 Server:  mklist.myjino.ru Gate file:  /mad/index.php Info about this malware can be found in this blogpost by Kafeine. Hosting infos: http://whois.domaintools.com/81.177.141.202 Related md5s (Download sample from Malwr.com) Madness: e0b9c947735ee8da2ea1eb7de664b13c