Resolved genhagroup.com to 74.220.199.26 When this site first got posted I though it was hacked, but now that I’ve taken a closer look it’s actually a lame spreading attempt. Zeus Server: genhagroup.com Gate file: /data/gate.php Config file: /data/cf.bin The zeus binary was hosted at utmeg.com, as a “resume creator” The download page warns that itRead more...
208.98.52.179 (Multiple irc bots hosted by United States Independence Sharktech)
Server: 208.98.52.179 Port: 6969 Channel: #KaRmA## #KaRmA## 24 [+smntu] Nick format: [USA|XP|kikwxww] Channel: #AryaN# #AryaN# 6 [+smntu] Nick format: AryaN{US-XP-x86}1352555 Channel: #pBot# #pBot# 8 [+smntMu] Nick format: KaRmA{VN-XP-x86}0123624 Channel: ##Nix## ##Nix## 4 [+smntMu] Nick format: Linux||296703 Channel: ##ngr ##ngr 6 [+smntu] Nick format: {VN|XPa}sqgblol Weed motd * - With Great Power, Comes Great Responsibility. *Read more...
techmanagement.info (Aryan irc botnet hosted by vpzzo.com)
Resolved techmanagement.info to 176.31.208.105 Server: techmanagement.info Port: 6969 Channel: #carb# Topic for #carb# is: no botkilling!Topic for #carb# set by Yoshi at Mon Dec 03 23:46:42 2012 Hmm same domain as a previously posted andromeda net Googling the ip also brings up insomnia.incorporatedhosting.info, a domain that has graced this blog before Hosting infos: http://whois.domaintools.com/176.31.208.105
painadiction.biz (Andromeda http botnet hosted by Ukraine Ukrainian Internet Names Center Ltd)
Resolved painadiction.biz to 91.231.85.228 I found this bot running as an update on a few of the barracuda http nets that I had already posted. I would imagine someone has found a vulnerability in the panel. Server: painadiction.biz Gate file: /moneymaker/image.php There are a few other domains with the same registration email (soyperlman@live.com) on theRead more...
genhagroup.com (Andromeda http botnet hosted by United States Provo Unified Layer)
Resolved genhagroup.com to 74.220.199.26 This looks like it’s hosted on a hacked server Server: genhagroup.com Gate file: /andro/image.php Plugins Rootkit: genhagroup.com/andro/r.pack Socks: genhagroup.com/andro/s.pack Formgrabber: genhagroup.com/andro/f.pack Gate file: genhagroup.com/andro/fg.php Hosting infos: http://whois.domaintools.com/74.220.199.26
i.greenleafyplants.info (Athena irc botnet hosted by Germany Frankfurt Am Main Voxility S.r.l.)
Resolved i.greenleafyplants.info to 37.221.170.211 Server: i.greenleafyplants.info Port: 15001 Server password: 69 Channel: #A Channel password: t Nick format: _[USA|U|L|WIN7|x64|4c]alcaiwfs Oper: _ [_] (u@v.Host): … [_] @#A [_] irc.server.net :IRC server [_] is a Bot on IRC server [_] idle 01:22:14, signon: Sun Dec 02 05:45:11 [_] End of WHOIS list. His debug bot: n[USA|U|D|WIN7|x64|4c]xqftcbqiRead more...
w4hw5wg3488h.net (snk asper mod irc botnet hosted by Germany Karlsruhe 1&1 Internet Ag)
Resolved w4hw5wg3488h.net to 213.165.89.117 Server: w4hw5wg3488h.net Port: 5050 Channel: #oh Topic for #oh is: .d /100/97/111/124/120/46/47/39/99/103/96/69/126/115/101/62/113/111/115/62/100/124/57/61/39/57/60/23/40/61/47/33/12/63/52/35/42/41/17/103/8/85/63/104/127/118/39/98/107/73/77/ Topic for #oh set by s at Sat Dec 01 18:36:05 2012 Oper: s!x@x Talking with snk <Userbased> hey <s> sup <Userbased> cool ircd mod <s> yea <Userbased> I like the link encryption as well <Userbased> is this anRead more...