Author: I_Post_Ur_Info

37.221.160.132 (Kaiten irc botnet hosted by voxility.net)

Uncategorized

Server:  37.221.160.132 Port:  443 Channel:  #yodawg Channel password:  lol.WH #yodawg          58      [+smnu] yo dawg i herd u like backdoors so we put a backdoor in ur backdoor so u can get owned while u own  Check his server usage here: hxxp://fkn.ddos.cat/p.php Another one from x00 http://pastebin.com/fgjJGFxt Hosting infos:  http://whois.domaintools.com/37.221.160.132

irc.byroe.net (Lightaidra Router botnet hosted by fdcservers.net)

Uncategorized

Resolved irc.byroe.net to 204.45.97.42, 103.13.240.2, 109.123.112.25, 91.121.73.41 Server:  irc.byroe.net Port:  6667 Channel:  #priv8 #priv8           728     [+pmntr] CAUTION P.R.I.V.A.T.E CAUTION AuthHost:  @csops.byroe.net Oper: [SuPrem0] (~BaGol0@csops.byroe.net): BaGol0[SuPrem0] is a registered nick[SuPrem0] ~#priv8 [SuPrem0] is away (Not Here !!!)[SuPrem0] is a Staff Byroe[SuPrem0] idle 08:04:23, signon: Mon Apr 15 07:04:56[SuPrem0] End of WHOIS list. Payload: hxxp://50.116.7.213/mymail/skins/larry/images/googiespell/.a/getbinaries.sh Hosting infos:Read more...

x.e1b2.org (ngrBot irc botnet hosted by namecheap.com)

Uncategorized

Resolved x.e1b2.org to 192.64.114.16, 192.64.114.184 Server:  x.e1b2.org Port:  80 Server password:  666666 Channel:  ##Rox-x01## Topic for ##Rox-x01## is: !m on !s -n !mod usbi on !NAZEL hxxp://www8.0zz0.com/2013/05/25/23/865519528.gif !NAZEL hxxp://www12.0zz0.com/2013/05/24/15/675195622.gif !NAZEL hxxp://www12.0zz0.com/2013/05/21/06/487587018.gif Topic for ##Rox-x01## set by xXx at Mon May 27 14:47:02 2013 The server requires SSL to connect Alternate domains: x.e2b3.org x.c1d2.org x.x1ua.org x.x1x2.suRead more...

www.istanbulnakliyecileri.com (Andromeda http botnet hosted by ozkula.com.tr)

Uncategorized

Resolved www.istanbulnakliyecileri.com to 37.247.108.48 Server:  www.istanbulnakliyecileri.com Gate file:  /firmalar/and/image.php Plugins Rootkit:  hxxp://www.istanbulnakliyecileri.com/firmalar/and/r.pack Socks:  hxxp://www.istanbulnakliyecileri.com/firmalar/and/s.pack Formgrabber:  hxxp://www.istanbulnakliyecileri.com/firmalar/and/f.pack   Gate file:  hxxp://www.istanbulnakliyecileri.com/firmalar/and/fg.php This appears to be hosted on a hacked site. Hosting infos: http://whois.domaintools.com/37.247.108.48 Related md5s (search on malwr.com to download the samples): 8709c21be7d72c8ec8aaaa55ccc64b84

xogogo.org (Paradise ddos botnet hosted by adman.com)

Uncategorized

Resolved xogogo.org to 93.170.131.114 Server:  xogogo.org Gate file:  /par/bfg.php Hosting infos: http://whois.domaintools.com/93.170.131.114 Related md5s (search on malwr.com to download the samples): Paradise bot: 5724c61a33708b5fdefa3125ea32b2d0 EDIT: The botnet is currently attacking a site POST /par/bfg.php HTTP/1.1 Host: xogogo.org User-Agent: PARADISE Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 10 status=get HTTP/1.1 200 OK Date: Tue, 28 May 2013 13:31:16Read more...