Resolved vvv.exp1oit.in to 178.33.241.61 This is the new andromeda of the french guy. It is the full version with all of the plugins. Server: vvv.exp1oit.in Gate file: /google/image.php Plugins: Formgrabber: beautyoftheworld.ca/xs/f.pack Gate file: /google/fg.php Socks: beautyoftheworld.ca/xs/s.pack Rootkit: beautyoftheworld.ca/xs/r.pack Downloads files from hxxp://jamboproducciones.com/xs/ and hxxp://ez-cs.net/dk/ He also has a new smoke loader up Server: smk.cheatgame.org GateRead more...
ultimatecore.info (Andromeda http bot hosted by Ukraine Ukrainian Internet Names Center Ltd)
Resolved ultimatecore.info to 91.231.84.114 New andromeda from this guy. Server: ultimatecore.info Gate file: /mario/root.php This is the full version of andromeda, with all of the plugins. Plugins: Formgrabber plugin: ultimatecore.info/test/f.pack Gate file: /mario/fg.php Socks plugin: ultimatecore.info/test/s.pack Rootkit plugin: ultimatecore.info/test/r.pack Hosting infos: http://whois.domaintools.com/91.231.84.114 Edit: Plugins are now at ultimatecore.info/samuelkaptioalpha1/ I think you can guess what eachRead more...
paradoxunirc.no-ip.biz (Barracuda irc bot hosted by Turkey Istanbul Radore Hosting Telekomunikasyon Hizmetleri San. Ve Tic. Ltd. Sti.)
Resolved paradoxunirc.no-ip.biz to 176.53.119.14 Server: paradoxunirc.no-ip.biz Port: 4667 Channel: #yoloswag Owner: Paradoxun This is the latest irc of the barracuda .net irc bot. After trolling around for a bit, it’s time for this one to be posted. The Authost on the bot only checks for the nick, so just wait for Paradoxun to leave, /nickRead more...
boris and hf hecker
boris a guy who idle into our irc channel irc.trolled.tv #security had a conversation with a botnet owner we had alot of fun reading now is your turn lol <boris> If you want to keep this ircd to yourself, I suggest you listen very carefully. <boris> firstly, a whois will not give you my realRead more...
supervids.net (Lilyjade script hiding behind/proxied by cloudflare)
I was looking at some of the files being installed from a recent posting, when I found something interesting. It looks like someone else is trying out lilyjade. The extensions are held in a self extracting archive and installed via a batch file. @echo off //Kill Proccess TASKKILL /F /IM firefox.exe TASKKILL /F /IM chrome.exeRead more...
204.188.227.106(dbot hosted in United States Missoula Sharktech)
IRC Server: 204.188.227.106:6667 Server Pass: m3ga2012Nick: L2-[hfqUsername: tdviyflbb Joined Channel: #ghostChannel Topic for Channel #ghost: “.scan 75 1 189.x.x.x 2 1 189.x.x.x”Private Message to Channel #ghost: “Scanning: 189.x.x.x, 75 threads. Using CFTP.” Hosting Infos: http://whois.domaintools.com/204.188.227.106
amazinghost.lt, yahgodz.com (Smoke and Andromeda loaders hosted by Netherlands Maasdijk Worldstream)
I happened to notice some people taking about one of mysticals old domains, indicating that it had been sold. I decided to check out the domains I had listed in the blog post to see what was on them. I found something new on 307dice.com Smoke loader Server: 307dice.com Gate file: /cp/index.php Check out 307dice.com/cp/guest.phpRead more...
cheatmodernwarfare.com (Multiple http bots hosted by Romania Torben Diehr)
Posting some french heckers stuff Andromeda loader Server: cheatmodernwarfare.com Gate file: /xbox/image.php Rootkit plugin: hxxp://magnatesmobileapps.com/sym/r.pack Socks plugin: hxxp://magnatesmobileapps.com/sym/s.pack Backup domains: down4life.hopto.org explosiontaracesavatoutdechirer.chickenkiller.com fckd330.mooo.com kbot Server: h4r3.hopto.org redirects to: kb.itprosolutions.org Gate file: /joomla/gate.php Server: purenet.hopto.org Redirects to: 91.234.105.14 Gate file: /kb/gate.php Server: smk.cheatgame.org Gate file: /kb/gate.php Smoke loader (Currently down) Server: smk.cheatmodernwarfare.com Gate file: /s2/control.php HostbooterRead more...
versx.net(Bitcoin-Miner hosted in Netherlands Dediserv Dedicated Servers Sp. Z O.o.)
Resolved : [versx.net] To [212.7.195.134] Here is the folder with XYZ Bitcoin-Miner passworded rar archive and executable files Here u can find all the rest into passworded rar archives This is the Control Panel he’s selling his produtcs here: hxxp://versx.net/ Hosting infos: http://whois.domaintools.com/212.7.195.134
rickroll.kodingen.com(Bitcoin-Miner hosted in United States Dallas Softlayer Technologies Inc.)
Resolved : [rickroll.kodingen.com] To [173.192.206.162] Gate.php: hxxp://rickroll.kodingen.com/btc/gate.php Login panel: [flags]url=hxxp://pool.itzod.ru:8080/login=acidexence_552pass=tagevuvug hosting infos: http://whois.domaintools.com/173.192.206.162