Resolved illuminati.sx to 109.236.80.74 Server: illuminati.sx Gate file: /http/gate.php This is the first time I have seen the HTTP version of plasma and it sucks hard. It seems to be a slightly upgraded version of the old barracuda HTTP bot, with few of the problems fixed. Hosting info: http://whois.domaintools.com/109.236.80.74 Bitcoin mining info: miner.start http://109.236.80.74/miner/CPUMiner.files *-aRead more...
boot.sx (Betabot http botnet hosted by worldstream.nl)
Resolved boot.sx to 109.236.80.74 Server: boot.sx Gate file: /g4sg/order.php Alternate domain: illuminati.sx This betabot is quite interesting due to the bizarre crypter it uses. The crypter starts with a Winrar SFX archive. This dumps it’s contents in the users temp folder and starts the next layer, a vbs script. The vbs script runs a AutoITRead more...
fapncam.com (betabot hosted by Digitalocean.com)
Resolved fapncam.com to 192.81.216.12 Server: fapncam.com Gate file: /beta/order.php Alternate domains: update-silo.comproxypool.infofrizzcams.com Hosting infos: http://whois.domaintools.com/192.81.216.12 Related md5 (Download sample from Malwr.com) Betabot: 52435233bd228dfffc2a2c7e001f66c8
shinyhosting.ws.gy(Andromeda Bot hosted in United States Amsterdam Hosting Servers)
URL: hxxp://shinyhosting.ws.gy/loli/image.php Hosting infos: http://whois.domaintools.com/93.188.160.131
gd.derpcity.ru(godscan botnet hosted in France Roubaix Ovh Systems )
Found by AliSs Server: 37.59.53.162:6667 PASS weed >> PASS weed>> NICK [NeW|00|USA|xP|HOME|5035]>> NICK [NeW|00|USA|xP|HOME|5035]>> USER varun * 0 :HOME>> PING :1389B8E6>> PONG 1389B8E6<< PRIVMSG [NeW|00|USA|xP|HOME|5035] :x01VERSIONx01<< 001 [NeW|00|USA|xP|HOME|5035] :<< 002 [NeW|00|USA|xP|HOME|5035] :<< 003 [NeW|00|USA|xP|HOME|5035] :<< 004 [NeW|00|USA|xP|HOME|5035] :<< 005 [NeW|00|USA|xP|HOME|5035] :<< 005 [NeW|00|USA|xP|HOME|5035] :<< 005 [NeW|00|USA|xP|HOME|5035] :<< 375 [NeW|00|USA|xP|HOME|5035] :/MOTD<< 372 [NeW|00|USA|xP|HOME|5035] :- 5/11/2013 17:10<<Read more...
bot.blackunix.us(Linux bots hosted in France Roubaix Ovh Systems)
Found by Yewnix. Resolved : [bot.blackunix.us] To [94.23.89.246]Resolved : [bot.blackunix.us] To [217.29.115.1]Resolved : [bot.blackunix.us] To [91.151.85.31]Resolved : [bot.blackunix.us] To [59.167.240.231]Resolved : [bot.blackunix.us] To [58.180.42.200]Resolved : [bot.blackunix.us] To [64.31.27.18] class pBot { var $config = array("server"=>"bot.blackunix.us", "port"=>"20", "pass"=>"", "prefix"=>"Blood", "maxrand"=>"15", "key"=>"none", "chan"=>"#metri", "modes"=>"+ps", "chan2"=>"#metri", "password"=>"crack", "trigger"=>".", "hostauth"=>"bogel.us" // * for any hostname (remember: /setvhost pasukan.ddos.reload-x.us) HostingRead more...
keshmoney.biz(irc botnet hosted in France Roubaix Ovh Systems)
Found by AliSs Server: keshmoney.biz:6667 Channel: #all,#x00 password 777.#boss Bitcoin Miner: hxxp://knal.wut.re:8332 -u bram226_1 Hosted in this link: hxxp://noinei90.sommadue.it/Built.exe Sample here Hosting infos: http://whois.domaintools.com/37.59.53.162
meziamussucemaqueue.su (Betabot http botnet hosted by sunnyvision.com)
Resolved meziamussucemaqueue.su to 124.248.205.104 Server: meziamussucemaqueue.su Gate file: /phpmiadmin/order.php Alternate domain: umbxd15896.su Bitcoin mining info: -o http://ypool.net:8080 -u Teolous.PTS_1 -p x Hosting info: http://whois.domaintools.com/124.248.205.104 Related md5s (Download sample from malwr.com) betabot: 670fa0a15754e1d67810eea73e890dad Bitcoin miner: e1aed5a5d729d37efca73602d8bc66e9 Bitcoin miner 2: a92403926113dd4b3a4d3e4c48eace66 EDIT: new mining info stratum+tcp://pool.d2.cc:3335 -u Hanito.bot -p 3fcua4
210.205.6.30(irc botnet hosted in Korea, Republic Of Seoul Krnic)
Found by Yewnix. Local users: Current Local Users: 297 Max: 753 Global users: Current Global Users: 884 Max: 1536 Server: 210.205.6.30:6667 Chanel: #testdos Hosting infos: http://whois.domaintools.com/210.205.6.30
frineon.su (Smoke loader hosted by fastflux botnet)
Server: frineon.su Gate file: /forum/index.php Hosting info: ;; QUESTION SECTION: ;frineon.su. IN A ;; ANSWER SECTION: frineon.su. 150 IN A 91.188.52.67 frineon.su. 150 IN A 212.92.228.65 frineon.su. 150 IN A 109.200.244.121 frineon.su. 150 IN A 76.66.174.231 frineon.su. 150 IN A 98.218.49.187 frineon.su. 150 IN A 72.185.70.143 frineon.su. 150 IN A 72.185.199.204 frineon.su. 150 IN ARead more...