Resolved spamtheinter.net to 94.102.51.123 Server: spamtheinter.net Gate file: /pony/gate.php Hosting infos: http://whois.domaintools.com/94.102.51.123 Related md5 (Download sample from Malwr.com) Pony: ab5c96e927c863a773271347a5713486
thepremiumsellers.com (Solar http botnet hosted by Ecatel.net)
Resolved thepremiumsellers.com to 94.102.51.123 Server: thepremiumsellers.com Gate file: /sol/index.php Hosting infos: http://whois.domaintools.com/94.102.51.123 Related md5 (Download sample from Malwr.com) Solar: f8fa95baecf6423c6e44ad701164fdd2
renterlocal.su (betabot http botnet hosted by fastflux botnet)
Server: renterlocal.su Gate file: /be/order.php Alternate domains: municipales.ru wmkdi.su dfntlk.su captioncodes.ru juliussdietz.ru Hosting infos: ; <<>> DiG 9.6.1-P1 <<>> renterlocal.su ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8938 ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 4, ADDITIONAL: 12 ;; QUESTION SECTION: ;renterlocal.su. IN A ;;Read more...
burrito.wut.re (Athena irc botnet hosted by ovh.net)
Resolved to burrito.wut.re to 37.59.53.162 Server: burrito.wut.re Port: 6667 Channel: ##a Hosting infos: http://whois.domaintools.com/37.59.53.162 Related md5 (Download samples from Malwr.com) Athena: ac5b059a66ab7005051e0afa598a7757
24E1tRfQaf31.in (Betabot http botnet hosted by ecatel.net)
Resolved 24e1trfqaf31.in to 94.102.49.76 Server: 24e1trfqaf31.in Gate file: /Kuod_9381a/order.php Alternate domains: 24ttgaezrtawae.in 13893ygh1uvbad.inibfuo2t1g1qdewr3.in (Currently suspended) The WHOIS info for this domain is pretty interesting. Looks like someone copied the WHOIS info of a major hackforums scammer. Hosting infos: http://whois.domaintools.com/94.102.49.76 Related md5s (Download samples from Malwr.com) Betabot: b47a148b57ce6a7e6e57b039315c77d4
sloodam.in (Betabot http botnet proxied by cloudflare.com)
Server: sloodam.in Gate file: /lolserver/james/order.php Yet another scriptkiddie seems to think that cloudflare is the best place to host his botnet. Lets see how fast they shut this down. Related md5s (Search on Malwr.com to download samples) Betabot: faf473886ef8775d6514ab898a550b3e
203.81.204.105(14k Linux bots hosted in Pakistan Karachi South Cmbroadband Noc)
Big heckers big net. Thnx to loadx and Yewnix for the ownage and exposing them. Everything is inside the config file: /* Type of comments */ #Comment type 1 (Shell type) // Comment type 2(C++ style) /* Comment type 3 (C Style) */ #those lines are ignored by the ircd. loadmodule "src/modules/commands.so"; #loadmodule "cloak.dll"; #includeRead more...
fewet.com (Athena http botnet hosted by wrzhost.com)
Resolved fewet.com to 91.218.244.229 Server: fewet.com Gate file: /panel/gate.php Hosting infos: http://whois.domaintools.com/91.218.244.229 Related md5s (Search on malwr.com to download samples) Athena: 00238d56ef41e39b7b1ec7870677efa0
llltd.ru (Betabot http botnet hosted by plusserver.de)
Resolved llltd.ru to 188.138.92.62 Server: llltd.ru Gate file: /order.php Alternate domain: lllink.ru Hosting infos: http://whois.domaintools.com/188.138.92.62 Related md5s (Search on Malwr.com to download samples) Betabot: d1945e16d2430c44c53e907b9a7f94a4
92.48.86.88(Aspergillus mod hosted in United Kingdom Maidenhead Simply Transit Ltd)
Thanx to loadx for finding this botnet. 92.48.86.88:81PASS adobe2.tmp NICK n[USA|XP]339728 USER 3397 “” “win” :3397 JOIN #s jobs Now talking in #s Topic On: [#s ] [ !dl hxxp://www.divshare.com/direct/24632542-a3c.tee ] Topic By: [ x ] hosting infos: http://whois.domaintools.com/92.48.86.88