Resolved llltd.ru to 188.138.92.62 Server: llltd.ru Gate file: /order.php Alternate domain: lllink.ru Hosting infos: http://whois.domaintools.com/188.138.92.62 Related md5s (Search on Malwr.com to download samples) Betabot: d1945e16d2430c44c53e907b9a7f94a4
92.48.86.88(Aspergillus mod hosted in United Kingdom Maidenhead Simply Transit Ltd)
Thanx to loadx for finding this botnet. 92.48.86.88:81PASS adobe2.tmp NICK n[USA|XP]339728 USER 3397 “” “win” :3397 JOIN #s jobs Now talking in #s Topic On: [#s ] [ !dl hxxp://www.divshare.com/direct/24632542-a3c.tee ] Topic By: [ x ] hosting infos: http://whois.domaintools.com/92.48.86.88
www.pen-t-house.com (Smoke loader hosted by leaseweb.com)
Resolved www.pen-t-house.com to 85.17.139.16 Server: www.pen-t-house.com Gate file: /baby/index.php Hosting infos: http://whois.domaintools.com/85.17.139.16 Related md5s (Search on Malwr.com to find samples) Smoke: d24b40d1c7d410e6069fc3eaf101b171
dd.sult4n.net(ngrBot hosted in United States Chicago Steadfast Networks)
Thanks to anonymous guy here for finding this botnet. Resolved : [dd.sult4n.net] To [67.202.92.70] Resolved : [www.8rb.su] To [67.202.92.70] Other domains: xx.sult4n.net, x.sult4n.net Thnx to Userbased for this and for server and channel pass Server : dd.sult4n.net:4040 PASS sulxx Channel : #m PASS sul111 Now talking in #m Topic On: [ #m ] [ !mod usbiRead more...
cf-fgdgwdvbs.com (Betabot http botnet hosted by server4.pro)
Resolved cf-fgdgwdvbs.com to 37.221.161.200 Server: cf-fgdgwdvbs.com Gate file: /content/design/in/images/ads/banner/order.php Alternate domains: (Currently registered) h1gh.to (Currently unregistered) vbt-one.bizchf-dfgsdfgplace.netded-rrwqwzjzjris.comseb-api.netswrgfderthgikhoplk.info greahthrhdse.infosab-rehrgfgdfg.org Hosting infos: http://whois.domaintools.com/37.221.161.200 Related md5s (Search on Malwr.com to download samples) Betabot: 4ecb1746a7a5b54d83f4b34cc23eb9fd
botbox.su (Snk Aspermod irc botnet hosted by scopehosts.com)
Resolved botbox.su to 95.211.187.5 Server: boxbot.su Port: 5050 Channel: #spm #spm :.s.a /104/115/120/99/34/45/56/57/52/38/57/20/21/36/21/45/36/56/44/32/50/49/107/97/8/67/102/120/ /104/115/120/99/34/45/56/57/52/38/57/20/21/36/21/45/36/56/44/32/50/49/ 481 408w4wf058939393020384493ds Hosting infos: http://whois.domaintools.com/95.211.187.5 Related md5s (Search on Malwr.com to download samples) Aspermod: a61efce0696000bc4f2ee3791918b02d
alhamad.biz (Solar http botnet hosted by softlayer.com)
Resolved alhamad.biz to 50.23.58.11 Server: alhamad.biz Gate file: /web/info.php Alternate domains (not currently registered): gilsoncherylfuelquest.bizburdickdoug-fuel.bizcallawayrickcanadian.bizcano-martintexas.bizcomptondeborah-exxon.bizdavenport-kirktexas.bizdearie-erin-international.bizdixon-christy-oklahoma.bizdonnellan-robert-2global.bizdoughertymichael-fhwa.bizdrewryamy-louisdreyfus.bizdudek-sabrina-nustarenergy.bizengelken-davidtank-management.bizfarishdanmurphy-oil.bizfelettoloucaboard.bizfitzgeraldjulian-sr2.biz It also tried to connect to a gate file hosted on a hacked site at hxxp://carriesbridalcollection.com/images/1/2/cart.php Hosting infos: http://whois.domaintools.com/50.23.58.11 Related md5s (Search on Malwr.com to download samples) Solar: f83706169037cf6da4bf04469428329a
updating-flash.cloudapp.net (Citadel banking malware hosted by Microsoft.com)
Resolved updating-flash.cloudapp.net to 137.116.247.7 Server: updating-flash.cloudapp.net Config file: /bleh/file.php Gate file: /bleh/gate.php Hosting infos: http://whois.domaintools.com/137.116.247.7 Related md5s (Search on Malwr.com to download samples) Citadel: b8010a8cce28c36dfb0cc1bcd87a5575