Resolved kankarmz.ru to 37.221.170.35 Server: kankarmz.ru Gate file: /Duf67/H8938_827.php Alternate domains (both are currently unregistered): u023sjasj.netiodijsakj.net This is one of only three or so betabots that I have seen rename the gate file from order.php to something less obvious. I guess that might be a bit too advanced for the average HF skid. Hosting infos:Read more...
bitcoinglobalbanking.com (Betabot http botnet hosted by leaseweb.com)
Resolved bitcoinglobalbanking.com to 82.192.92.5 Server: bitcoinglobalbanking.com Gate file: /b/order.php Alternate domain: bitcointradingdepot.com This botnet wasn’t actually mining bitcoins when I checked it. I’m very surprised. Hosting infos: http://whois.domaintools.com/82.192.92.5 Related md5s (search on malwr.com to download the samples): Beta bot bbfdbd53810751401b720641687a6116 EDIT: It finally started bitcoin mining Mining infos: macromedia.exe” -a scrypt -o http://mine.pool-x.eu:8080 -u jc2244.crRead more...
smokelessbooter.tk (Betabot http botnet hosted by ecatel.net)
Resolved smokelessbooter.tk to 94.102.51.123 Server: smokelessbooter.tk Gate file: /bronk/order.php Alternate domains: watchonlinecams.comssh-products.comfudfiles.comtheprofitnet.com1337hackers.comcash-networks.com We have a real HF hecker here folks. I can see a Java “driveby” site, shitty crypter site, shitty CPA network site and a shitty hackforums clone site just from the domain names. Looks like he’s running a shitty hosting company as well:Read more...
bigtoys.pw (Betabot http botnet hosted by namecheap.com)
Resolved bigtoys.pw to 198.187.28.72 Server: bigtoys.pw Gate file: /b/order.php Alternative domain: smalltoys.pw I wonder who this could belong to? Name Server:NS2.HOSTING-MARVID.ME Name Server:NS1.HOSTING-MARVID.ME An idiot, obviously Related md5s (search on malwr.com to download the samples): Betabot: 2662af32e5d58d471bd16dc3202db284 Hosting infos: http://whois.domaintools.com/198.187.28.72
srv1.su (Betabot http botnet hosted by softronics.ch)
Resolved srv1.su to 94.242.198.65 Server: srv1.su Gate file: /b/order.php Everyone should congratulate snk, who has taken his first baby steps into the 21st century by using a http bot. Unfortunately for him he chose to use the l33t Hackforums bot Betabot with a 1mb stub Autoit crypter, but I guess he can only manage toRead more...
cthulhuhf.net (Betabot http botnet hosted by warez-host.com)
Resolved cthulhuhf.net to 91.223.82.43 Server: cthulhuhf.net Gate file: /misc/order.php Alternate domains: cthulhuhf.eu cthulhuhf.org.uk cthulhuhf.co.uk cthulhuhf.xxx Hosting infos: http://whois.domaintools.com/91.223.82.43 Related md5s (search on malwr.com to download the samples): Beta bot: aa07b845981ba53b6100dba745ba5c1a
s5.6d6f6e65797072696e746572.com (Betabot http botnet hosted by infiumhost.com)
Resolved s5.6d6f6e65797072696e746572.com to 188.190.127.160 Server: s5.6d6f6e65797072696e746572.com Gate file: /wp-admin/order.php Alternate domains: ripraktec147.com youdbeproud228.com wyomiriding928.com Mining info: svchost.exe’ -I 100 -T 200 -t 2 -o stratum+tcp://s2.6d6f6e65797072696e746572.com:3333 -u mp187.her -p lex Hosting infos: http://whois.domaintools.com/188.190.127.160 Related md5s (search on malwr.com to download the samples): Betabot: db9a816d58899f1ba92bc338e89f856a
blackhats.su (Betabot http botnet proxied by cloudflare)
Server: blackhats.su Gate file: /bb/order.php Alternate domains: aeonhf.net aeonhf.me You may recognize one of the domains, as it has appeared on the blog before. They used cloudflare that time as well. Lets see if we can get cloudflare to block access to it again. Related md5s (search on malwr.com to download the samples): Beta bot:Read more...
knwns.de (Betabot http botnet hosted by balticservers.com)
Resolved knwns.de to 5.199.166.226 Server: knwns.de Gate file: /bst/order.php Hosting infos: http://whois.domaintools.com/5.199.166.226
humlaburd.org (Betabot http botnet hosted by balticservers.com)
Resolved humlaburd.org to 5.199.164.92 Server: humlaburd.org Gate file: /spidey/order.php Hosting infos: http://whois.domaintools.com/5.199.164.92 Related md5s (search on malwr.com to download the samples): Betabot: 80ac8731fa69e1480719982bd527042e