Resolved lolwutirc.crabdance.com to 176.53.26.205 Server: lolwutirc.crabdance.com Port: 6667 Channel: #bot123 Oper: [KyleFYI] (KyleFYI@Kyle123irc): …[KyleFYI] #bot123 [KyleFYI] irc.localhost.com :bytestyle symmetry[KyleFYI] is a Network Administrator[KyleFYI] is available for help. Hosting infos: http://whois.domaintools.com/176.53.26.205
filehelp.us (Various irc bots hosted by securedservers.com)
Resolved filehelp.us to 184.95.37.155 Athena Server: filehelp.us Port: 7200 Channel: #Athena Insomnia Server: filehelp.us Port: 4242 Channel: #insomnia Channel password: k6geyzs Dixie bot Server: filehelp.us Port: 4242 Channel: #DDoS# hxxp://filehelp.us/Panel/gate.php aryan bot 184.95.37.155:5557 Server Password: Username: 5644413 Nickname: New{DE-XP-x86}5644413 Channel: #aryan (Password: k6geyzs) Channeltopic: :.dl hxxp://filehelp.us/upload/files/bin.exe 1 Other samples here hxxp://filehelp.us/upload/ Opers are Vapor andRead more...
webingenial.com (ngrBot irc botnet hosted by hosting.ua)
Resolved webingenial.com to 178.86.13.79 Server: webingenial.com Port: 1865 Channel: #main Channel password: 4m3r1k4 Topic for #main is: .m on .mdns http://interactua.edu30.com/php.txt Topic for #main set by fuckoff at Thu Feb 07 10:32:31 2013 php.txt www.banamex.com 189.135.14.1 www.banamex.com.mx 189.135.14.1 banamex.com 189.135.14.1 banamex.com.mx 189.135.14.1 bancanet.boveda.banamex.com.mx 189.135.14.1 boveda.banamex.com.mx 189.135.14.1 www.bancanetempresarial.banamex.com.mx 189.135.14.1 Looks like he’s pharming for MexicanRead more...
fbicomputerservices.com (Multilocker 3 winlocker hosted by altushost.com)
Resolved fbicomputerservices.com to 37.46.125.111 Server: fbicomputerservices.com Gate file: /panel/mplock/lending/tds.php I’ve posted a winlocker on this ip before. Looks like he got a new domain and switched the directories up a bit. http://whois.domaintools.com/37.46.125.111
mom003.net (ngrBot irc botnet hosted by Serverius.com)
Resolved mom003.net to 185.12.14.102, 74.119.216.199 Server: mom003.net (other domains: mom002.net, mom004.net) Port: 1887 Server password: speedd Channel: #bon2 Channel password: speedd Topic for #xp is: ~dw hxxp://www.sendspace.com/pro/dl/1wzt65 e6bd0bd11484b27ca4f162421a4d423b ~dw hxxp://www.sendspace.com/pro/dl/a3he3l 3c2df1fd533d955c462faaaef03bab02 Topic for #xp set by google at Tue Feb 05 11:49:09 2013 Bots also join #XP, #W7 or #VIS depending on their operating system.Read more...
filestorage.ws (37.221.170.221) (Athena irc botnet hosted by voxility.net)
Resolved filestorage.ws to 157.101.50.101 => Athena l33t ip decryption => 37.221.170.221 Athena now comes with a tool to crypt the server ip so that the address the domain points to is not the correct one. A disgruntled customer has already released the crypting program so anyone who doesn’t have access to a binary can tryRead more...
olikdfg12.net (Paradise ddos botnet hosted by webtropia.com)
Resolved olikdfg12.net to 5.104.106.181 Server: olikdfg12.net Gate file: /poloki/bfg.php This is another ddos bot that has been attacking from the virustotal sandbox. Hosting infos: http://whois.domaintools.com/5.104.106.181
oppnetspeed.co.ua (Andromeda http botnet hosted by Panamaserver.com)
C&C Discovered by Malekal Morte Resolved oppnetspeed.co.ua to 181.191.255.181 Server: oppnetspeed.co.ua Gate file: /forum/images/image.php Plugins Rootkit: /forum/r.pack All the info you would ever need to know about his server can be found on these handy pages. Hosting infos: http://whois.domaintools.com/181.191.255.181
paradisetest.ru (Paradise ddos botnet hosted by hostnoc.net)
Resolved paradisetest.ru to 184.22.118.71 Server: paradisetest.ru Gate file: /par/bfg.php The installation directory is still up and includes an EULA. Someone should ask iserdo how well using a EULA worked out for him Hosting infos: http://whois.domaintools.com/184.22.118.71
armadva.ru (Amageddon ddos botnet hosted by hostnoc.net)
Resolved armadva.ru to 184.22.118.71 Server: armadva.ru Gate file: /arm/gs.php Other domains it tries to connect to if this one is down: armab.ru armatri.ru You can see a record of a previous attack in the virustotal sandbox records. Hosting infos: http://whois.domaintools.com/184.22.118.71