I_Post_Ur_Info

gki2mpdt3rsokbmv.onion (Irc botnet hosted on a Tor hidden service)

Server:  gki2mpdt3rsokbmv.onion Port:  6667 Channel:  #channel Oper: [wac] (wac@9bedb2.host): ac[wac] #channel[wac] lair.hell.net :Cerberus Server[wac] idle 00:00:18, signon: Tue May 13 18:24:47[wac] End of WHOIS list. The owner must have used very old bot code to create this, as it fails to work properly on windows 7 and higher. Related md5s (Download sample from Malwr.com) Ircbot:

sinsec.net (Betabot http botnet hosted by alibabahost.com)

Resolved sinsec.net to 37.221.170.96 Server:  sinsec.net Gate file:  /turndown/order.php Alternate domains: divinestresser.info radicalpkz.com perp.pw thefox.pw uploadme.pw perp.se Domain info: sinsec.net Domain Name: SINSEC.NET Registry Domain ID: 1814650535_DOMAIN_NET-VRSN Registrar WHOIS Server: whois.enom.com Registrar URL: www.enom.com Updated Date: 2013-07-12 10:27:24Z Creation Date: 2013-07-12 17:27:00Z Registrar Registration Expiration Date: 2014-07-12 17:27:00Z Registrar: ENOM, INC. Registrar IANA ID: 48

api.wifi-update.biz (Betabot http botnet hosted by oneandone.net)

Resolved api.wifi-update.biz to 87.106.241.22 Server:  api.wifi-update.biz Gate file:  /cdn/img.php Alternate domains: api-radio-def.de api.lul.pw api.tba.pw Domain info: wifi-update.biz Domain Name: WIFI-UPDATE.BIZ Domain ID: D58641421-BIZ Sponsoring Registrar: BIZCN.COM, INC. Sponsoring Registrar IANA ID: 471 Registrar URL (registration services): www.bizcn.com Domain Status: clientTransferProhibited Registrant ID: ORGEH90335606834 Registrant Name: Erkki Hagstrom Registrant Organization: ErkkiHagstrom Registrant Address1: Gesterbyntie 51 Registrant

frizzcams.com (Betabot http botnet hosted by Balticservers.com)

Resolved frizzcams.com to 5.199.165.239 Server:  frizzcams.com Gate file:  /beta/order.php Alternate domains: fapncam.com proxypool.info update-silo.com This has the same C&C domains as this betabot, just in a different order. It’s involved with spreading a youtube views boosting bot. Domain info: frizzcams.com Domain Name: FRIZZCAMS.COM Registrar: MONIKER ONLINE SERVICES LLC Registrant [4327848]: Moniker Privacy Services FRIZZCAMS.COM@monikerprivacy.net Moniker

b.mypaintdressk13.com (Betabot http botnet hosted by sprintdatacenter.pl)

Resolved b.mypaintdressk13.com to 188.68.255.207 Server:  b.mypaintdressk13.com Gate file:  /direct/mail/order.php Alternate domains: b.dietmydartk5.com b.pixartzonek4.comb.stop2teasemek3.comb.thegamejuststarted10k12.comb.thegamejuststarted11k7.comb.thegamejuststarted12k11.comb.thegamejuststarted13k8.comb.thegamejuststarted14k9.comb.thegamejuststarted15k10.comb.uandmearevideos1k1.comb.uandmearevideos2k2.com Hosting info: http://whois.domaintools.com/188.68.255.207 Related md5s (Download samples from Malwr.com) Betabot: 9085ab7965bc67c6a8a6f2c83a22fb49

seosaw.pw (betabot http botnet hosted by plusserver.de)

Resolved seosaw.pw to 188.138.125.103 Server:  seosaw.pw Gate file:  /wq782jwoqkQy19qkdh27hqudqj/order.php Alternate domains: microsoftgo.pw updateom.info seosaw.info googlerw.info Downloads what looks like Sefnit from hxxp://now.googlefast.pw/remote/index.php?u=48&istan Hosting info: http://whois.domaintools.com/188.138.125.103 Related md5s (Download sample from Malwr.com Betabot: daee8c5056fbbf1964588e70cb371fae Sefnit: b99ed8704716ab6ff273e3dc66fe3cfb