jkdef8.ws (Betabot http botnet hosted by ecatel.net)

By I_Post_Ur_Info, May 4, 2013
Uncategorized

Resolved jkdef8.ws to 94.102.51.117 Server:  jkdef8.ws Gate file:  /papka/order.php Alternate domains (currently unregistered): jkdef6.ws jkdef7.ws jkdef10.ws jkdef11.ws jkdef12.ws jkdef13.ws jkdef14.ws jkdef15.ws jkdef16.ws jkdef17.ws jkdef18.ws jkdef19.ws jkdef20.ws jkdef21.ws jkdef22.ws Bitcoin mining info:  http://pooledbits.com:8337 -u nigfinity.1 -p x Hosting infos: http://whois.domaintools.com/94.102.51.117

msn.3utilities.com (Betabot http botnet hosted by ecatel.net)

By I_Post_Ur_Info, May 4, 2013
Uncategorized

Resolved  msn.3utilities.com to 80.82.66.43 Server:  msn.3utilities.com Port:  81 Gate file:  /help/order.php Alternate domains: videoparadise.biz kittybook.biz        msn1981.3utilities.com dates4you.tk Three out of the five domains are free and easy to get suspended. Pro botherder here. Bitcoin mining info:  stratum+tcp://eu-stratum.btcguild.com:3333 -u m4tr1x_neo -p 123 -t 0 -I -3 Litecoin mining info:  -a scrypt -o http://kittybook.no-ip.biz:8332 -u m4tr1x_0Read more...

fahfasd.pw (Andromeda http botnet hosted by xeneurope.com)

By I_Post_Ur_Info, April 30, 2013
Uncategorized

Resolved fahfasd.pw to 109.235.51.249 Server:  fahfasd.pw Gate file:  /Panel/image.php Plugins Rootkit:  hxxp://fahfasd.pw/Panel/plugins/r.pack Socks:  hxxp://fahfasd.pw/Panel/plugins/s.pack Formgrabber:  hxxp://fahfasd.pw/Panel/plugins/f.pack   Gate file:  /Panel/fg.php Hosting infos: http://whois.domaintools.com/109.235.51.249

f.eastmoon.pl(ngrBot hosted in Germany Karlsruhe 1&1 Internet Ag)

By Pig, April 29, 2013
Uncategorized

Resolved : [f.eastmoon.pl] To [217.160.173.154]Resolved : [f.eastmoon.pl] To [74.208.230.53] Resolved : [f.eastmoon.pl] To [188.138.89.106]Resolved : [f.eastmoon.pl] To [85.25.86.198]Resolved : [f.eastmoon.pl] To [213.165.71.238] Server: 213.165.71.238:9000Server Password:Username: cemomcbNickname: n{DEU-XPx86a}rxibehmdChannel: #sp (Password: yap)Channeltopic: :!wBHv0JQ4frCCAfQ1ausiPUf+8V+7lwXPGIyAUdmor0CO5CSlmlrNT0sLhs1byIa5Qf+YnMhtBmCBtEOb6hI= Server: 188.138.89.106:9000Server Password:Username: pqellooNickname: {DEU-XPx86a}pqelloovChannel: #sp (Password: yap)Channeltopic: :!wBHv0JQ4frCCAfQ1ausiPUf+8V+7lwXPGIyAUdmor0CO5CSlmlrNT0sLhs1byIa5Qf+YnMhtBmCBtEOb6hI= Samples: hxxp://hotfile.com/dl/206650590/b80e8ea/spieoaiuasf.html hxxp://199.7.177.236/dl/206565430/6f9ee70/we71fw1fe6320.html Thanx to aLiSs for samples and for finding this net hosting infos:Read more...

solutionswiki.com (Betabot http botnet hosted by alibabahost.com)

By I_Post_Ur_Info, April 29, 2013
Uncategorized

Resolved solutionswiki.com to 109.163.233.107 Server:  solutionswiki.com Port:  4137 Gate file:  /system/order.php I don’t know why betabot owners keep putting their http servers on ports other than 80. Seems pretty dumb. I guess you can only expect so much from a HF bot and it’s owners. Hosting infos: http://whois.domaintools.com/109.163.233.107

Power Loader(http malware hosted in Luxembourg Steinsel Root Sa)

By Pig, April 29, 2013
Uncategorized

HTTP Requests: hxxp://94.242.250.178/daol/asidfk11.dat?wv=51&bt=32 hxxp://94.242.250.178/daol/oadl.php hxxp://wickedreport.com/images/2009/05/naughty-elephant.jpg Sample: hxxp://tbsnpd.best.volyn.ua/dlimage11.php hxxp://94.242.250.178/daol/asidfk11.dat Hosting infos: http://whois.domaintools.com/94.242.250.178