Author: I_Post_Ur_Info

192.211.54.156 (Page view botnet hosted by incero.com)

By I_Post_Ur_Info, March 27, 2013
Uncategorized

Server:  192.211.54.156 Url locations:  /Programs/links/Maki/, /Programs/links/Angelo/ The malware opens all the pages in each folder, and visits any urls that are contained in them. Current urls: <meta HTTP-EQUIV="REFRESH" content="0; url=http://minecraftadminhack.blogspot.com/"> <meta HTTP-EQUIV="REFRESH" content="0; url=http://tf2itemsgenerator.blogspot.com/"> <meta HTTP-EQUIV="REFRESH" content="0; url=http://www.youtube.com/watch?v=UUTZW2AjhFI"> <meta HTTP-EQUIV="REFRESH" content="0; url=http://minecraftadminhack.blogspot.com"> <meta HTTP-EQUIV="REFRESH" content="0; url=http://youtu.be/AhPTX1n_8p8"> <meta HTTP-EQUIV="REFRESH" content="0; url=http://f65a1cad.yyv.co"> <meta HTTP-EQUIV="REFRESH" content="0; url=http://14b3e31e.linkbucks.com"> <METARead more...

turnaroundhot.info (Betabot http botnet hosted by dataclub.biz)

By I_Post_Ur_Info, March 24, 2013
Uncategorized

Resolved turnaroundhot.info to 46.183.217.111 Server:  turnaroundhot.info Gate file:  /hot/order.php Alternate domains:  fivestarintack.ws/live/order.php, tstartedtoearly.info/hot/order.php The owner seems to be using it to direct views towards www.twitch.tv/bowserdubs, where an Estonian-American is currently streaming Runescape. Hosting infos: http://whois.domaintools.com/46.183.217.111

highroller.pxnet.to (Betabot http botnet hosted by server4.pro)

By I_Post_Ur_Info, March 14, 2013
Uncategorized

Resolved highroller.pxnet.to to 176.31.53.143 Domain:  highroller.pxnet.to Port:  666 Gate file:  /sbn-admin/order.php Yes, the moron is hosting his http server on the very spooky port 666 rather than the usual port 80. Backup domains: sbn.pxnet.to cpstw.santros.ws ccc.santros.ws vg.allrounders.cc zp.swissfaking.biz Now he use diferent ip : highroller.pxnet.to    176.31.53.143 http://176.31.53.143/sbn-admin/order.php (highroller.pxnet.to) Remote server: highroller.pxnet.to TCP port 666Read more...

googlesafebrowsing-counter.org (Citadel banking malware hosted by Fastflux botnet)

By I_Post_Ur_Info, March 12, 2013
Uncategorized

Server:  googlesafebrowsing-counter.org Config dropper:  /file.php The server seems to be poorly configured and it never returns a config file. Backup domain:  googlesafebrowsing-cache.org Example fastflux info ;; QUESTION SECTION: ;googlesafebrowsing-counter.org. IN A ;; ANSWER SECTION: googlesafebrowsing-counter.org. 150 IN A 94.158.73.89 googlesafebrowsing-counter.org. 150 IN A 94.230.198.162 googlesafebrowsing-counter.org. 150 IN A 99.231.159.61 googlesafebrowsing-counter.org. 150 IN A 176.8.252.213 googlesafebrowsing-counter.org.Read more...

xjnhtraj.com (Athena irc botnet hosted by tatacommunications.com)

By I_Post_Ur_Info, March 11, 2013
Uncategorized

Server:  xjnhtraj.com Port:  6667 Channel:  #xjnhtraj Channel password:  xjnhtraj Opers: [dwa] (dada@chidaica123): đuawa[dwa] #xjnhtraj [dwa] irc.server.net :IRC server[dwa] is a Bot on IRC server[dwa] idle 00:01:17, signon: Mon Mar 11 15:15:07[dwa] End of WHOIS list. [Troc] (trocdsds@chidaica123): Troc[Troc] #xjnhtraj [Troc] irc.server.net :IRC server[Troc] is a Bot on IRC server[Troc] idle 00:02:11, signon: Mon Mar 11Read more...

x1x4x0.su (snk asper mod irc botnet hosted by oneandone.net)

By I_Post_Ur_Info, March 11, 2013
Uncategorized

Server:  x1x4x0.su (alternate domain phorpiex.su) Port:  5050 Channel:  #b Topic for #b is: .j #m .d /100/97/111/124/49/59/47/96/100/124/114/74/123/122/46/115/125/109/49/117/108/63/39/53/40/48/51/16/45/62/35/63/69/107/55/34/37/35/17/44/83/85/100/110/108/61/108/114/122/10/73/102/97/114/ Topic for #b set by x at Mon Mar 11 12:15:31 2013 Topic for #m is: .s.a /100/97/111/124/49/59/47/58/58/63/58/18/33/47/46/34/35/51/48/34/53/63/102/121/115/105/43/64/100/105/ /100/97/111/124/49/59/47/58/58/63/58/18/33/47/46/34/35/51/48/34/53/63/ 327 pul4rn0t Topic for #m set by x at Mon Mar 11 12:15:41 2013 Channel: #i Sample:hxxp://217.160.213.35/pula.exe Hosting infos:Read more...