Informational botnet security report – spot in the wild

1 point

7 years ago

Pehaps anyone is interested in a report about a spot botnet=

This is a wide spread link relaying/spam/phishing sending botnet which makes use of a generic start-bootstrap design (with a Laptop)

Example screencap= https://urlscan.io/result/93ada930-f663-4574-874f-f929047ba6cc

And Namecheap domains! Nodes are either used for spam link sharing or abuse sending. Link relaying function works over scripting (r.php + parameters).

Example parameter - as that extensions are only valid a short time and expire when clicked as it seems, the only forward which can be seen afterwards is towards Google=

r.php?t=c&d=20107&l=264&c=39072 r.php?t=o&d=20102&l=264&c=65216

Screencap which provides details of possible redirects= https://urlscan.io/result/6c434201-26e1-42cf-9adb-633188825ae9/ botnet node - remove spaces= atlasain .xyz

Some of the spot nodes - remove spaces to check= 159.89.152.201 monpet .xyz

128.199.220.4 smartilone .party

178.128.23.54 karminia .club

68.183.204.13 bombali .science

67.205.149.19 sendlimits .xyz

178.128.38.103 dadnenchoo .xyz

178.62.229.177 masroufaaz .club

178.62.51.207 moneypocket .club

67.207.87.35 accuratelghylmkina .club

67.205.130.76 classscience .club

192.241.140.142 contactii .science

104.248.11.231 healtbeautymale .xyz

157.230.105.44 wannego .club

23.95.71.89 runguerinz .xyz

103.252.41.10 goodnews5 .icu

Hope this report is of interest!

Rick Crown Team-member non-profit White-Hat anti-abuse investigations (online) collective