Server: nomoguz.su Gate file: /SDF9his/yefgvrtu.php Alternate domain: cooncatcher245.com The same fastflux setup is also hosting this betabot. Hosting infos: ;; QUESTION SECTION: ;nomoguz.su. IN A ;; ANSWER SECTION: nomoguz.su. 131 IN A 5.165.17.205 nomoguz.su. 131 IN A 176.194.193.47 nomoguz.su. 131 IN A 66.231.16.101 nomoguz.su. 131 IN A 145.255.33.9 nomoguz.su. 131 IN A 188.0.98.100 nomoguz.su. 131Read more...
top-glenyx.com (betabot http botnet hosted by Fastflux)
Server: top-glenyx.com Gate file: /forum/userline.php Alternate domains: svl-trusted.com marinzer-3.com amerillia.net matterix-net.net Hosting infos: ;; QUESTION SECTION: ;top-glenyx.com. IN A ;; ANSWER SECTION: top-glenyx.com. 150 IN A 46.211.201.46 top-glenyx.com. 150 IN A 68.190.213.192 top-glenyx.com. 150 IN A 74.141.113.20 top-glenyx.com. 150 IN A 76.118.32.199 top-glenyx.com. 150 IN A 77.120.152.66 top-glenyx.com. 150 IN A 77.122.245.155 top-glenyx.com. 150 INRead more...
renterlocal.su (betabot http botnet hosted by fastflux botnet)
Server: renterlocal.su Gate file: /be/order.php Alternate domains: municipales.ru wmkdi.su dfntlk.su captioncodes.ru juliussdietz.ru Hosting infos: ; <<>> DiG 9.6.1-P1 <<>> renterlocal.su ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8938 ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 4, ADDITIONAL: 12 ;; QUESTION SECTION: ;renterlocal.su. IN A ;;Read more...
hackattaksuceuse.biz (Betabot http botnet hosted by Fastflux)
Server: hackattaksuceuse.biz Gate file: /~.homo/analytics.php Alternate domains: lavidalocapd.biz allahwouakbaaahhh.co.in amemeuch.biz betazbraxxx.co.in hacktipucov2.org jesaispastropkoimettre.org laradimcrelou.co.in thebossinfly.org tktlamifa.co.in whatdaaafuckinyourhead.biz x42v72.biz zbraaadanstfesse.org suxme.itsprosolutions.org This is the source of the citadel and pony just posted. I’m not sure why the owner would set up his betabot for fastflux and not his citadel though. Hosting infos: ;; QUESTION SECTION: ;hackattaksuceuse.biz.Read more...
imgay.ddos.es (betabot http botnet hosted by Fastflux)
Server: imgay.ddos.es Gate file: /h/order.php Alternate domains: imgay.ddos.cat imgay.theswat.net ddos.cat has been linked to botnets before Hosting infos: ;; QUESTION SECTION: ;imgay.ddos.es. IN A ;; ANSWER SECTION: imgay.ddos.es. 149 IN A 94.27.87.58 imgay.ddos.es. 149 IN A 98.195.89.225 imgay.ddos.es. 149 IN A 174.112.126.155 imgay.ddos.es. 149 IN A 176.40.77.176 imgay.ddos.es. 149 IN A 178.150.207.252 imgay.ddos.es. 149 INRead more...
googlesafebrowsing-counter.org (Citadel banking malware hosted by Fastflux botnet)
Server: googlesafebrowsing-counter.org Config dropper: /file.php The server seems to be poorly configured and it never returns a config file. Backup domain: googlesafebrowsing-cache.org Example fastflux info ;; QUESTION SECTION: ;googlesafebrowsing-counter.org. IN A ;; ANSWER SECTION: googlesafebrowsing-counter.org. 150 IN A 94.158.73.89 googlesafebrowsing-counter.org. 150 IN A 94.230.198.162 googlesafebrowsing-counter.org. 150 IN A 99.231.159.61 googlesafebrowsing-counter.org. 150 IN A 176.8.252.213 googlesafebrowsing-counter.org.Read more...