Resolved : [thinkgreensupply.com] To [174.140.168.239] Admin Panel: hxxp://thinkgreensupply.com/ponyb/admin.php Gate: hxxp://thinkgreensupply.com/ponyb/gate.php hosting infos: http://whois.domaintools.com/174.140.168.239
vkdsfh9ifiuhi.info(Andromeda HTTP Botnet hosted in Netherlands Haarlem Fiberring B.v.)
HTTP Requests: hxxp://TelevisionHunter.com/new/gate.php Downloads this file: vkdsfh9ifiuhi.info/mojo/art.jpg Plugins: hxxp://cardpalooza.su/rk.mod hxxp://dijitalledtabela.com/bd3.mod Other domains: lnx-games.su rk.mod here http://cur.lv/14hlg bd3.mod http://cur.lv/14hlx Hosting infos: http://whois.domaintools.com/87.255.51.229
sisisu.su (Citadel banking malware hosted by he.net)
Resolved sisisu.su to 64.62.210.103 Server: sisisu.su Config file: /wheelbarrow/file.php Gate file: /wheelbarrow/prism.php Currently being downloaded by this betabot. This is his second attempt at a citadel net, the first one can be found here. Hosting infos: http://whois.domaintools.com/64.62.210.103 Related md5s (search on malwr.com to download the samples): Citadel: 5707e28e79f6b6d469874f8b87ecb3b9 Edit: The moron forgot to remove theRead more...
localmw.org (Andromeda http botnet hosted by ovh.net)
Resolved localmw.org to 198.50.158.222 Server: localmw.org Gate file: /gate.php Hosting infos: http://whois.domaintools.com/198.50.158.222 Related md5s (search on malwr.com to download the samples): e5ded5eca6ff72dbf2d5f39f0b801181
kalurjaq.ru(Kelihos hosted in Kazakhstan Almaty Jsc Almatv)
Kelihos (also know as Hlux) is a Spambot with the capability to steal credentials from the victims computer and drop additional malware. While the old version used the second level domain cz.cc for it’s distribution and to control the botnet, the new version takes advantage of TLD .eu in combination with Fast Flux techniques. HTTPRead more...
z.joerv02.com(irc botnet hosted in China Nanjing Chinanet Jiangsu Province Network)
Name Query Type Query Result Successful Protocol api.wipmania.com DNS_TYPE_A 69.197.137.58 YES udp z.baerr02.com DNS_TYPE_A NO udp z.joerv02.com DNS_TYPE_A 58.221.60.87 YES udp Server: z.joerv02.com:6513 PASS smart Channels: #dpi,#suk.#sar PASS smartRead more...
insane.pirate-the.net (Athena http botnet hosted by free-h.org)
Resolved insane.pirate-the.net to 91.234.104.150 Server: insane.pirate-the.net Gate file: /here/gate.php Thanks to whoever uploaded this on malwr Hosting infos: http://whois.domaintools.com/91.234.104.150 Related md5s (search on malwr.com to download the samples): Athena http: e0046f2d10c7c790cf07d258cdafe299
skyline2050.net (Andromeda http botnet hosted by infiumhost.com)
Resolved skyline2050.net to 188.190.127.160 Server: skyline2050.net Gate file: /761994/gate.php This is andromeda 2.07, not the cracked 2.06. You can tell by the admin page located at /adm.php, not on the index page. The owner of this betabot is updating with this, abandoning the betabot. Mining infos: dum:dum@s5.6d6f6e65797072696e746572.com:3333 Hosting infos: http://whois.domaintools.com/188.190.127.160 Related md5s (search on malwr.comRead more...
64.85.233.8 (Citadel banking malware hosted by home ip?)
Server: 64.85.233.8 Config file: /hide/1355/file.php Gate file: /hide/1355/enter.php According to whois, this is a home cable internet ip (United States Concord Astound Broadband). Also on the server, smoke loader and pony Smoke Server: 64.85.233.8 Gate file: /smokeldr/index.php Pony Server: 64.85.233.8 Gate file: /js/gate.php The moron running this has Pony downloading itself, creating a continuousRead more...
94.242.198.64(irc botnet hosted in Luxembourg Steinsel Root Sa)
Another botnet found by aLiSs Server: 94.242.198.64:5050 channel: #work Now talking in #workTopic On: [ #work ] [ , ]Topic By: [ x ] hosting infos: http://whois.domaintools.com/94.242.198.64