llltd.ru (Betabot http botnet hosted by plusserver.de)

Resolved llltd.ru to 188.138.92.62 Server:  llltd.ru Gate file:  /order.php Alternate domain:  lllink.ru Hosting infos:  http://whois.domaintools.com/188.138.92.62 Related md5s (Search on Malwr.com to download samples) Betabot: d1945e16d2430c44c53e907b9a7f94a4

dd.sult4n.net(ngrBot hosted in United States Chicago Steadfast Networks)

Thanks to anonymous guy here for finding this botnet. Resolved : [dd.sult4n.net] To [67.202.92.70] Resolved : [www.8rb.su] To [67.202.92.70] Other domains: xx.sult4n.net, x.sult4n.net Thnx to Userbased for this and for server and channel pass Server : dd.sult4n.net:4040 PASS sulxx Channel : #m PASS sul111 Now talking in #m Topic On: [ #m ] [ !mod usbi

cf-fgdgwdvbs.com (Betabot http botnet hosted by server4.pro)

Resolved cf-fgdgwdvbs.com to 37.221.161.200 Server:  cf-fgdgwdvbs.com Gate file:  /content/design/in/images/ads/banner/order.php Alternate domains: (Currently registered) h1gh.to (Currently unregistered) vbt-one.bizchf-dfgsdfgplace.netded-rrwqwzjzjris.comseb-api.netswrgfderthgikhoplk.info greahthrhdse.infosab-rehrgfgdfg.org Hosting infos: http://whois.domaintools.com/37.221.161.200 Related md5s (Search on Malwr.com to download samples) Betabot: 4ecb1746a7a5b54d83f4b34cc23eb9fd

botbox.su (Snk Aspermod irc botnet hosted by scopehosts.com)

Resolved botbox.su to 95.211.187.5 Server:  boxbot.su Port:  5050 Channel:  #spm #spm :.s.a /104/115/120/99/34/45/56/57/52/38/57/20/21/36/21/45/36/56/44/32/50/49/107/97/8/67/102/120/ /104/115/120/99/34/45/56/57/52/38/57/20/21/36/21/45/36/56/44/32/50/49/ 481 408w4wf058939393020384493ds Hosting infos: http://whois.domaintools.com/95.211.187.5 Related md5s (Search on Malwr.com to download samples) Aspermod: a61efce0696000bc4f2ee3791918b02d

alhamad.biz (Solar http botnet hosted by softlayer.com)

Resolved alhamad.biz to 50.23.58.11 Server:  alhamad.biz Gate file:  /web/info.php Alternate domains (not currently registered): gilsoncherylfuelquest.bizburdickdoug-fuel.bizcallawayrickcanadian.bizcano-martintexas.bizcomptondeborah-exxon.bizdavenport-kirktexas.bizdearie-erin-international.bizdixon-christy-oklahoma.bizdonnellan-robert-2global.bizdoughertymichael-fhwa.bizdrewryamy-louisdreyfus.bizdudek-sabrina-nustarenergy.bizengelken-davidtank-management.bizfarishdanmurphy-oil.bizfelettoloucaboard.bizfitzgeraldjulian-sr2.biz  It also tried to connect to a gate file hosted on a hacked site at hxxp://carriesbridalcollection.com/images/1/2/cart.php Hosting infos: http://whois.domaintools.com/50.23.58.11 Related md5s (Search on Malwr.com to download samples) Solar: f83706169037cf6da4bf04469428329a