Resolved www.w0000t.com to 80.82.64.25 Server: www.w0000t.com Gate file: /000003/order.php Alternate domains: www.modmarkgoldshop.com www.mogians.com Hosting infos: http://whois.domaintools.com/80.82.64.25 Related md5s (search on malwr.com to download the samples): a1286fd94984fd2de857f7b846062b5e
host0r.net (Andromeda http botnet hosted by instantdedicated.com)
Resolved host0r.net to 188.95.48.213 Server: host0r.net Gate file: /anz/l0ad.php Hosting infos: http://whois.domaintools.com/188.95.48.213 Related md5s (search on malwr.com to download the samples): 4a2fa3e509fd8b048f1b03eb319dfdf9
xogogo.org (Paradise ddos botnet hosted by adman.com)
Resolved xogogo.org to 93.170.131.114 Server: xogogo.org Gate file: /par/bfg.php Hosting infos: http://whois.domaintools.com/93.170.131.114 Related md5s (search on malwr.com to download the samples): Paradise bot: 5724c61a33708b5fdefa3125ea32b2d0 EDIT: The botnet is currently attacking a site POST /par/bfg.php HTTP/1.1 Host: xogogo.org User-Agent: PARADISE Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 10 status=get HTTP/1.1 200 OK Date: Tue, 28 May 2013 13:31:16Read more...
sweet1sfl.com (Paradise ddos botnet hosted by intermedia.md)
Resolved sweet1sfl.com to 89.45.14.99 Server: sweet1sfl.com Gate file: /par/bfg.php Altnerate domain: meetinets.com Hosting infos: http://whois.domaintools.com/89.45.14.99
gamingplanet.us (Betabot http botnet hosted by worldstream.nl)
Resolved gamingplanet.us to 109.236.82.200 Server: gamingplanet.us Gate file: /codeserver/order.php Alternative domain: freegamebox.us Hosting infos: http://whois.domaintools.com/109.236.82.200 Related md5s (search on malwr.com to download the samples): Betabot: ebf466da7b5f7ed3390f4c68f880bb68
www.vbvx.com (Betabot http botnet hosted by ovh.net)
Resolved www.vbvx.com to 94.23.56.186 Server: www.vbvx.com Gate file: /remote/order.php Bitcoin mining info: Shell.exe” -o http://vbvx.com:8344 -u shubhank008_work -p plawasthi -t 0 -I 10 macromedia.exe” -o http://vbvx.com:8344 -u shubhank008_work -p plawasthi -g no -t 2 Looks like he’s running a mining proxy on his vps. Hosting infos: http://whois.domaintools.com/94.23.56.186 Related md5s (search on malwr.com to download theRead more...
mena012.no-ip.biz (Athena and Betabot http botnets hosted by santrex.net)
Resolved mena012.no-ip.biz to 46.166.173.11 Athena http Server: mena012.no-ip.biz Gate file: /gate.php Betabot Server: mena012.no-ip.biz Gate file: /beta/order.php Hosting infos: http://whois.domaintools.com/46.166.173.11
1rb4hiu.name (Betabot http botnet hosted by liquid-solutions.biz)
Resolved 1rb4hiu.name to 198.23.250.163 Server: 1rb4hiu.name Gate file: /path/order.php Alternate domains: 2snrgk3.nameekyn6w.nameylen5d87.bizy4d5g1v.biz8y14gf5s.biz Hosting infos: http://whois.domaintools.com/198.23.250.163
securityspecialiastinc.in(Pony hosted in Japan Tokyo Linode Llc)
Resolved : [securityspecialiastinc.in] To [106.187.88.52] Gate: securityspecialiastinc.in/p/gate.php Admin:securityspecialiastinc.in/p/admin.php sample: hxxp://106.187.88.52/p/p.exe Online Crypter: hxxp://securityspecialiastinc.in/crypt.php hosting infos: http://whois.domaintools.com/106.187.88.52
hackattaksuceuse.biz (Betabot http botnet hosted by Fastflux)
Server: hackattaksuceuse.biz Gate file: /~.homo/analytics.php Alternate domains: lavidalocapd.biz allahwouakbaaahhh.co.in amemeuch.biz betazbraxxx.co.in hacktipucov2.org jesaispastropkoimettre.org laradimcrelou.co.in thebossinfly.org tktlamifa.co.in whatdaaafuckinyourhead.biz x42v72.biz zbraaadanstfesse.org suxme.itsprosolutions.org This is the source of the citadel and pony just posted. I’m not sure why the owner would set up his betabot for fastflux and not his citadel though. Hosting infos: ;; QUESTION SECTION: ;hackattaksuceuse.biz.Read more...