Resolved trakd.ws to 89.45.14.72 Server: trakd.ws Gate file: /bb/order.php Alternate domains: trakd.biz trakd.ru Hosting infos: http://whois.domaintools.com/89.45.14.72 Related md5s (search on malwr.com to download the samples): Betabot: a0a66dfbdf1ce76782ba20a07a052976
www.w0000t.com (Betabot http botnet hosted by ecatel.net)
Resolved www.w0000t.com to 80.82.64.25 Server: www.w0000t.com Gate file: /000003/order.php Alternate domains: www.modmarkgoldshop.com www.mogians.com Hosting infos: http://whois.domaintools.com/80.82.64.25 Related md5s (search on malwr.com to download the samples): a1286fd94984fd2de857f7b846062b5e
gamingplanet.us (Betabot http botnet hosted by worldstream.nl)
Resolved gamingplanet.us to 109.236.82.200 Server: gamingplanet.us Gate file: /codeserver/order.php Alternative domain: freegamebox.us Hosting infos: http://whois.domaintools.com/109.236.82.200 Related md5s (search on malwr.com to download the samples): Betabot: ebf466da7b5f7ed3390f4c68f880bb68
www.vbvx.com (Betabot http botnet hosted by ovh.net)
Resolved www.vbvx.com to 94.23.56.186 Server: www.vbvx.com Gate file: /remote/order.php Bitcoin mining info: Shell.exe” -o http://vbvx.com:8344 -u shubhank008_work -p plawasthi -t 0 -I 10 macromedia.exe” -o http://vbvx.com:8344 -u shubhank008_work -p plawasthi -g no -t 2 Looks like he’s running a mining proxy on his vps. Hosting infos: http://whois.domaintools.com/94.23.56.186 Related md5s (search on malwr.com to download theRead more...
mena012.no-ip.biz (Athena and Betabot http botnets hosted by santrex.net)
Resolved mena012.no-ip.biz to 46.166.173.11 Athena http Server: mena012.no-ip.biz Gate file: /gate.php Betabot Server: mena012.no-ip.biz Gate file: /beta/order.php Hosting infos: http://whois.domaintools.com/46.166.173.11
1rb4hiu.name (Betabot http botnet hosted by liquid-solutions.biz)
Resolved 1rb4hiu.name to 198.23.250.163 Server: 1rb4hiu.name Gate file: /path/order.php Alternate domains: 2snrgk3.nameekyn6w.nameylen5d87.bizy4d5g1v.biz8y14gf5s.biz Hosting infos: http://whois.domaintools.com/198.23.250.163
hackattaksuceuse.biz (Betabot http botnet hosted by Fastflux)
Server: hackattaksuceuse.biz Gate file: /~.homo/analytics.php Alternate domains: lavidalocapd.biz allahwouakbaaahhh.co.in amemeuch.biz betazbraxxx.co.in hacktipucov2.org jesaispastropkoimettre.org laradimcrelou.co.in thebossinfly.org tktlamifa.co.in whatdaaafuckinyourhead.biz x42v72.biz zbraaadanstfesse.org suxme.itsprosolutions.org This is the source of the citadel and pony just posted. I’m not sure why the owner would set up his betabot for fastflux and not his citadel though. Hosting infos: ;; QUESTION SECTION: ;hackattaksuceuse.biz.Read more...
imgay.ddos.es (betabot http botnet hosted by Fastflux)
Server: imgay.ddos.es Gate file: /h/order.php Alternate domains: imgay.ddos.cat imgay.theswat.net ddos.cat has been linked to botnets before Hosting infos: ;; QUESTION SECTION: ;imgay.ddos.es. IN A ;; ANSWER SECTION: imgay.ddos.es. 149 IN A 94.27.87.58 imgay.ddos.es. 149 IN A 98.195.89.225 imgay.ddos.es. 149 IN A 174.112.126.155 imgay.ddos.es. 149 IN A 176.40.77.176 imgay.ddos.es. 149 IN A 178.150.207.252 imgay.ddos.es. 149 INRead more...
wrightfeldhusen.info (Betabot http botnet hosted by staminus.net)
Resolved wrightfeldhusen.info to 69.197.35.109 Server: wrightfeldhusen.info Gate file: /beta/order.php Alternate domains: akwebdesigner.info websachee.info tincorporated.info thetwenty.info swedishseasons.info lommebags.info andywilsonfs.info ghostgames1.info futureofwebdesign.info vdezignstudio.info waterworks2.info waterworks2.com nordkupp1.info circusbum.info novflex.info This is hosted on the same server as this andromeda bot. Hosting infos: http://whois.domaintools.com/69.197.35.109
fuckencio.com (Betabot http botnet hosted by offshoreracks.com)
Resolved fuckencio.com to 190.14.38.133 Server: fuckencio.com Gate file: /wordpress/order.php Alternate domains: clarocontigosiempre.mobi clarocontigosiempre.us Hosting infos: http://whois.domaintools.com/190.14.38.133