Resolved frizzcams.com to 5.199.165.239 Server: frizzcams.com Gate file: /beta/order.php Alternate domains: fapncam.com proxypool.info update-silo.com This has the same C&C domains as this betabot, just in a different order. It’s involved with spreading a youtube views boosting bot. Domain info: frizzcams.com Domain Name: FRIZZCAMS.COM Registrar: MONIKER ONLINE SERVICES LLC Registrant [4327848]: Moniker Privacy Services FRIZZCAMS.COM@monikerprivacy.net MonikerRead more...
b.mypaintdressk13.com (Betabot http botnet hosted by sprintdatacenter.pl)
Resolved b.mypaintdressk13.com to 188.68.255.207 Server: b.mypaintdressk13.com Gate file: /direct/mail/order.php Alternate domains: b.dietmydartk5.com b.pixartzonek4.comb.stop2teasemek3.comb.thegamejuststarted10k12.comb.thegamejuststarted11k7.comb.thegamejuststarted12k11.comb.thegamejuststarted13k8.comb.thegamejuststarted14k9.comb.thegamejuststarted15k10.comb.uandmearevideos1k1.comb.uandmearevideos2k2.com Hosting info: http://whois.domaintools.com/188.68.255.207 Related md5s (Download samples from Malwr.com) Betabot: 9085ab7965bc67c6a8a6f2c83a22fb49
btctycoon.net(Betabot hosted in Canada Montreal Ovh Hosting Inc.)
Thanks to Xylitol for infos. Resolved : [btctycoon.net] To [192.99.21.12] Other : hxxp://www.btctycoon.net/info/blah.php Sample: hxxp://www.btctycoon.net/webapps/BTCclient.exe Hosting Infos : http://whois.domaintools.com/192.99.21.12
static.onlineapplicationsdownloads.com(Trojan downloader spreading via Facebook hosted in United States Ashburn Amazon.com Inc. )
Our friend aLiSs found this file via facebook. These links are spreading on facebook. hxxp://goo.gl/TUqGzM hxxp://goo.gl/PVUW3S hxxp://goo.gl/uJvgqv When u click u go to the page and then u are asked to install FlvPlayer if u click install u are downloading FlvPlayerSetup.exe wich download and installs FlvPlayerSilent0.exe. These are domains used by this shit os.greatonlineapplications.com static.onlineapplicationsdownloads.comRead more...
informed.su(Paypal Phishing Page)
I was looking into spam area in my gmail account and i saw this mesage: Update Personal Information Dear Valued Customer, It has come to our attention that your PayPal account information needs to be updated as part of our continuing commitment to protect your account and to reduce the instance of fraud onRead more...
ddos.do-dear.com(Linux bots hosted in China Tianjin China Unicom Tianjin Province Network)
dns: ddos.do-dear.com nick: addr: ddos.do-dear.com ip: 125.39.22.154 Longip: 2099713690 ## my @nickname = ("mIRc-KinG"); ## my $nick =$nickname[rand scalar @nickname]; my $nick =$rircname[rand scalar @rircname]; $server = 'ddos.do-dear.com' unless $server; my $port = '6668'; my $linas_max='8'; my $sleep='5'; my $homedir = "var/tmp"; my $version = ' 1,11D 11,1DoS Bot Powerd ByRead more...
ircd.freenetwork.com.ar (Linux botnet hosted in Korea, Republic Of Seoul Korea Internet Data Center)
Botnet found by X. ircd.freenetwork.com.ar nick: addr: ircd.freenetwork.com.ar ip: 222.231.10.81 Longip: 3739683409 Server: ircd.freenetwork.com.ar:6667 Channels: #org,#rpl,#root,#viar Now 15 talking in #org Topic On : [ #org ] [ Don’t flood fuck || Register your nick… !!! [ SCAN ON ] || if you want to donate server,,please pm admin.. ] Hosting infos: http://whois.domaintools.com/222.231.10.81
freegamebox.ru (Betabot http botnet proxied by cloudflare.com)
Server: freegamebox.ru Gate file: /hunter/123/order.php The same gate directory has shown up before. Related md5s (Download samples from Malwr.com) Betabot: e6e0b46fbb5741b058e3c9b84f601a7f
tripwire.rr.nu(Kaiten botnet hosted in France Roubaix Ovh Systems )
Found by Yewnix. Resolved : [tripwire.rr.nu] To [37.59.53.162] Server: tripwire.rr.nu:6667 Channel: #x00 Hosting infos: http://whois.domaintools.com/37.59.53.162
seosaw.pw (betabot http botnet hosted by plusserver.de)
Resolved seosaw.pw to 188.138.125.103 Server: seosaw.pw Gate file: /wq782jwoqkQy19qkdh27hqudqj/order.php Alternate domains: microsoftgo.pw updateom.info seosaw.info googlerw.info Downloads what looks like Sefnit from hxxp://now.googlefast.pw/remote/index.php?u=48&istan Hosting info: http://whois.domaintools.com/188.138.125.103 Related md5s (Download sample from Malwr.com Betabot: daee8c5056fbbf1964588e70cb371fae Sefnit: b99ed8704716ab6ff273e3dc66fe3cfb