Author: I_Post_Ur_Info

fpsfreedom.net (Betabot http botnet hosted by alibabahost.com)

By I_Post_Ur_Info, November 24, 2013
Uncategorized

Resolved fpsfreedom.net to 37.221.170.65 Server:  fpsfreedom.net Gate file:  /order.php This seems to be used for increasing website and video stream views, opening up the page hxxp://www.fpsguides.com/hidden in three hidden internet explorer windows. Hosting infos: http://whois.domaintools.com/37.221.170.65 Related md5s (Download sample from Malwr.com) Betabot: 8cc7c93530430201871f07f1be3a26e6

goodfluxetcwow1.com (Fastflux hosting botnet hosted by mnogobyte.ru)

By I_Post_Ur_Info, November 21, 2013
Uncategorized

Resolved goodfluxetcwow1.com to 146.255.195.104 Server:  goodfluxetcwow1.com Gate file:  /forum/7f4765027f274bbc95328d79fa668b75.php Alternate domains: goodfluxetcwow2.com b437571f9061b10e5d33c66c83df359e.ru This is the malware component of a fastflux hosting setup. Once installed on a computer it opens a web server on port 80 and a DNS server on port 53. Current IPs used by the setup hxxp://goodfluxetcwow1.com/system/http.php Page showing example forwarding hxxp://goodfluxetcwow1.com/system/test.phpRead more...

sagagame.me (Betabot http botnet hosted by digitalocean.com)

By I_Post_Ur_Info, November 21, 2013
Uncategorized

Resolved sagagame.me to 162.243.107.99 Server:  sagagame.me Gate file:  /game/order.php Additonal IP: 69.172.212.16 The domain was only registered on the 20th. Not very good at hiding their botnet. Hosting info: http://whois.domaintools.com/162.243.107.99 Related md5s (Download sample from Malwr.com) Betabot: 48c1b1adda95b72577fda15642db20fd

62.76.179.167 (Betabot http botnet hosted by clodo.ru)

By I_Post_Ur_Info, November 12, 2013
Uncategorized

Server:  62.76.179.167 Gate file:  /ateb/order.php backup IP/Domains:  85.143.166.167 nns4fgc284dcnaz.us (Sinkholed by Anubis networks) nn3dv00gsvdaqv.us Downloads gameover zeus and necurs rootkit from the same IP. Hosting infos:  http://whois.domaintools.com/62.76.179.167 Related md5s (Download samples from Malwr.com) Betabot: af43ea0fc92ef858f0d86836c851df08 Gameover Zeus: 97496e1e10a0242ab78651a3cb2fce42 Necurs: 6e66daf2457fc549905d89549b1ed3b3

ircd.port0.org (pbot irc botnet hosted by datahouse.ru)

By I_Post_Ur_Info, November 10, 2013
Uncategorized

Sample obtained from http://www.malekal.com/2013/11/09/attaque-web-bitcoin-et-php-shell/ Resolved ircd.port0.org to 89.188.108.30 Server:  ircd.port0.org Port:  3303 There are 1 users and 3897 invisible on 1 servers 1 :operator(s) online 157 :unknown connection(s) 7 :channels formed I have 3898 clients and 0 servers 3898 4515 :Current local users 3898, max 4515 Channel:  #q Channel Users Topic #q 602 [+smu] Oper:Read more...

mp3items.com (betabot http botnet hosted by netvision.net.il)

By I_Post_Ur_Info, November 9, 2013
Uncategorized

Resolved mp3items.com to 212.235.107.195 Server:  mp3items.com Gate file:  /N_883s/order.php Alternate domains: australia.ddns.netbetabot.ddns.netconnect.ddns.netdriver.ddns.neteuropetraffic.ddns.netmixtraffic.ddns.netsecure.ddns.netsecurity.ddns.netsocial.ddns.netsouthamerica.ddns.netstatus.ddns.netusa.ddns.netusatraffic.ddns.netvenezuela.ddns.netwinguard.servehttp.com Hosting infos:  http://whois.domaintools.com/212.235.107.195 Related md5s (Download sample from Malwr.com) Betabot: 09d4bacf54a26053e046af2469c66a15