HTTP Requests: hxxp://TelevisionHunter.com/new/gate.php Downloads this file: vkdsfh9ifiuhi.info/mojo/art.jpg Plugins: hxxp://cardpalooza.su/rk.mod hxxp://dijitalledtabela.com/bd3.mod Other domains: lnx-games.su rk.mod here http://cur.lv/14hlg bd3.mod http://cur.lv/14hlx Hosting infos: http://whois.domaintools.com/87.255.51.229
localmw.org (Andromeda http botnet hosted by ovh.net)
Resolved localmw.org to 198.50.158.222 Server: localmw.org Gate file: /gate.php Hosting infos: http://whois.domaintools.com/198.50.158.222 Related md5s (search on malwr.com to download the samples): e5ded5eca6ff72dbf2d5f39f0b801181
skyline2050.net (Andromeda http botnet hosted by infiumhost.com)
Resolved skyline2050.net to 188.190.127.160 Server: skyline2050.net Gate file: /761994/gate.php This is andromeda 2.07, not the cracked 2.06. You can tell by the admin page located at /adm.php, not on the index page. The owner of this betabot is updating with this, abandoning the betabot. Mining infos: dum:dum@s5.6d6f6e65797072696e746572.com:3333 Hosting infos: http://whois.domaintools.com/188.190.127.160 Related md5s (search on malwr.comRead more...
www.mydowncenter.me (Andromeda http botnet hosted by pw-service.com)
Resolved www.mydowncenter.me to 37.0.122.132 Server: www.mydowncenter.me Gate file: /andro/image.php Plugins Rootkit: hxxp://www.mydowncenter.me/andro/r.pack Socks: hxxp://www.mydowncenter.me/andro/s.pack Formgrabber: hxxp://www.mydowncenter.me/andro/f.pack Gate file: /andro/fg.php Hosting infos: http://whois.domaintools.com/37.0.122.132 Related md5s (search on malwr.com to download the samples): Andromeda: a26ffa2c7bd0e7899b04768f9e76a938
www.welovegiveaways.net (Andromeda http botnet hosted by enzu.com)
Resolved www.welovegiveaways.net to 199.229.235.250 Server: www.welovegiveaways.net Gate file: /justricewithwater/image.php Plugins: Rootkit: hxxp://www.welovegiveaways.net/justricewithwater/r.pack Bitcoin mining info: Shell.exe” -o stratum+tcp://stratum.bitcoin.cz:3333 -u vovler.split1 -p none -t 0 -I 10macromedia.exe” -o stratum+tcp://stratum.bitcoin.cz:3333 -u vovler.split1 -p none -g no Hosting infos: http://whois.domaintools.com/199.229.235.250
www.istanbulnakliyecileri.com (Andromeda http botnet hosted by ozkula.com.tr)
Resolved www.istanbulnakliyecileri.com to 37.247.108.48 Server: www.istanbulnakliyecileri.com Gate file: /firmalar/and/image.php Plugins Rootkit: hxxp://www.istanbulnakliyecileri.com/firmalar/and/r.pack Socks: hxxp://www.istanbulnakliyecileri.com/firmalar/and/s.pack Formgrabber: hxxp://www.istanbulnakliyecileri.com/firmalar/and/f.pack Gate file: hxxp://www.istanbulnakliyecileri.com/firmalar/and/fg.php This appears to be hosted on a hacked site. Hosting infos: http://whois.domaintools.com/37.247.108.48 Related md5s (search on malwr.com to download the samples): 8709c21be7d72c8ec8aaaa55ccc64b84
host0r.net (Andromeda http botnet hosted by instantdedicated.com)
Resolved host0r.net to 188.95.48.213 Server: host0r.net Gate file: /anz/l0ad.php Hosting infos: http://whois.domaintools.com/188.95.48.213 Related md5s (search on malwr.com to download the samples): 4a2fa3e509fd8b048f1b03eb319dfdf9
solutionswiki.com (Andromeda http botnet hosted by alibabahost.com)
Resolved solutionswiki.com to 109.163.233.107 Server: solutionswiki.com Gate file: /pages/image.php There is also a betabot hosted on the same domain. Mining infos: dasHosts.exe -a scrypt-jane -o http://37.221.170.226:8344 -O YFicRwX9HpMkVovPPWG3NAJ9Tpom3YeXqC:x Hosting infos: http://whois.domaintools.com/109.163.233.107
www.panel-gc.co.uk (Andromeda http botnet hosted by staminus.net)
Resolved www.panel-gc.co.uk to 69.197.35.109 Server: www.panel-gc.co.uk Gate file: /panel/gate.php Plugins: hxxp://www.panel-gc.co.uk/panel/fg_00eaffaa.mod hxxp://www.panel-gc.co.uk/panel/rk_242fc383.mod hxxp://www.panel-gc.co.uk/panel/s4_1829dbd8.mod This is andromeda 2.7, not the older cracked version. Bitcoin mining info: -o http://us1.eclipsemc.com:8337 -u Jackpont_1 -p gizmooclad971 -k diablo Hosting infos: http://whois.domaintools.com/69.197.35.109
betabros.in (Several http botnets hosted by hostkey.ru)
Resolved betabros.in to 146.0.78.4 Server: betabros.in Gate file: /beta/order.php The owner should keep a closer eye on the fake forum he setup for cover. 1071 pages of pharmacy spam and counting. Hosting infos: http://whois.domaintools.com/146.0.78.4 EDIT: Bitcoin and litecoin mining. macromedia.exe -a scrypt -o http://us.litecoinpool.org:9332 -u marvid.disfig -p x shell.exe -o stratum+tcp://stratum.btcguild.com:3333 -u vapor_3 -p xRead more...