Resolved api.wifi-update.biz to 87.106.241.22 Server: api.wifi-update.biz Gate file: /cdn/img.php Alternate domains: api-radio-def.de api.lul.pw api.tba.pw Domain info: wifi-update.biz Domain Name: WIFI-UPDATE.BIZ Domain ID: D58641421-BIZ Sponsoring Registrar: BIZCN.COM, INC. Sponsoring Registrar IANA ID: 471 Registrar URL (registration services): www.bizcn.com Domain Status: clientTransferProhibited Registrant ID: ORGEH90335606834 Registrant Name: Erkki Hagstrom Registrant Organization: ErkkiHagstrom Registrant Address1: Gesterbyntie 51 RegistrantRead more...
r.gigaionjumbie.biz (Power loader http botnet hosted by digital-forex.net)
Resolved r.gigaionjumbie.biz to 5.199.171.131, 5.199.171.132, 5.199.171.133 Server: r.gigaionjumbie.biz Gate file: /images/gx.php Alternate domains: x.dailyradio.su x.kei.su Hosting infos: http://whois.domaintools.com/5.199.171.131 http://whois.domaintools.com/5.199.171.132 http://whois.domaintools.com/5.199.171.133
h.opennews.su (irc botnet hosted by qhoster.com)
Resolved h.opennews.su to 5.45.181.254 Server: h.opennews.su Port: 9000 Channel: #sp Channel password: yop Topic for #sp is: !wB/smZJsKbDADvo5ab8sIF/r5RP7kkXfEsreBMH+9hiVs3ilngzFHh0Ph9sbgtC/EeqYw5x0Vj2IqRyb/knFS+LUzo6bf3cW/A1SyUXkVxz8ERDPS2K/qHObIS3TFyR2JAiWdnWc82S3KnAwUHQFMEb6h/kQqB9TcZElsKS4BnyDiGp1B19crjVgBes7+ilkHVmFLRRgoSPyUBx71ioiUporVdeOIEUhA547CIbp0odHxRQ41LK9wPz13N8KYZx6/QE//rZhBqCorPJqg3w= Topic for #sp set by SNK at Thu Apr 04 06:16:09 2013 Example bot nick: n{USA-XPx86u}gjekbowg Alternate domains: f.eastmoon.pl gigasbh.org gigasphere.su o.dailyradio.su photobeat.su s.richlab.pl uranus.kei.su xixbh.com xixbh.net You may recognize some of the domains from previous postsRead more...
keep.hustling4life.biz (Bitcoin mining pool for botnet)
Resolved keep.hustling4life.biz to 195.190.13.138, 46.17.92.158, 213.165.85.165 Someone is trying to get some mining done before the mining reward drops I guess. The file is from an already posted botnet. * Topic for #mr is: !dl hxxp://213.165.85.165:8081/udhsdfka.png * Topic for #mr set by test at Mon Nov 26 04:52:40 2012 Server: keep.hustling4life.biz Port: 2142 Mining information:Read more...
venus.timeinfo.pl (ngrbot irc botnet hosted by 1&1 Internet Ag)
Note: New domains are at the bottom of the post This is the skype “worm” that is in the news right now Articles: http://www.techspot.com/news/50443-dorkbot-worm-spreading-via-skype-installs-nasty-ransomware.html http://news.cnet.com/8301-1009_3-57528353-83/worm-spreading-on-skype-im-installs-ransomware/ http://techcrunch.com/2012/10/08/ransomware-worm-now-spreading-on-skype/ http://www.forbes.com/sites/adriankingsleyhughes/2012/10/08/ransomware-worm-spreading-via-skype/ http://countermeasures.trendmicro.eu/skype-worm-spreading-fast/ Resolved venus.timeinfo.pl to 63.223.107.62, 176.9.192.131, 213.165.71.142, 217.160.108.147, 213.165.71.153, 87.106.98.157, 74.208.112.178 Server: venus.timeinfo.pl Port: 1863 Password: 24r34t SSL is needed to connect, accept the invalid certificate Authhost: bossmanRead more...