Resolved animalrights.co.in to 85.25.97.204 Server: animalrights.co.in Gate file: /netwolf/wolf.php Config file: /netwolf/file.php Additional locations of interest: /backup/ /cmd/images/ /cmd/cp.php Hosting infos: http://whois.domaintools.com/85.25.97.204
vg-update.ru (Andromeda http botnet hosted by voxility.net)
Resolved vg-update.ru to 37.221.170.75 Server: vg-update.ru Gate file: /gi8i/hTcP/dy0v/header.php Hosting infos: http://whois.domaintools.com/37.221.170.75
winterprofit.com (Gbot http botnet hosted by metrabyte.co.th)
Resolved winterprofit.com to 119.59.99.200 Server: winterprofit.com Gate file: /exm/getcmd.php The idiot who owns this setup the bot so that it has http:// in the dns request. Good luck getting any bots to connect. Hosting infos: http://whois.domaintools.com/119.59.99.200
gwassnet.com (Andromeda http botnet hosted by voxility.net)
Resolved gwassnet.com to 37.221.170.240 Server: gwassnet.com Gate file: /gwas/Panel/image.php I’m going to guess this is the same guy as the other gwass domain. Also, bitcoin mining info: http://Hung:28787@pool.bitclockers.com:8332 Hosting info: http://whois.domaintools.com/37.221.170.240
qwer.be (Multilocker winlocker hosted by metrabyte.co.th)
Resolved qwer.be to 119.59.99.200 This domain was previously feature hosting YZF. Server: qwer.be Gate file: /lock/lending/tds.php Admin page is as /lock/index.php with credentials admin:admin Hosting infos: http://whois.domaintools.com/119.59.99.200
mystresser.net (Andromeda http botnet hosted by vHostLayer.com)
Resolved mystresser.net to 37.221.163.131 Server: mystresser.net Gate file: /image.php Hosting infos: http://whois.domaintools.com/37.221.163.131
irc.anzima.eu (Insomnia irc botnet hosted by limestonenetworks.com)
Resolved to irc.anzima.eu to 208.115.240.120 This server requires ssl and for you to accept invalid/self generated certificates to connect. Server: irc.anzima.eu Port: 7007 Server password: unocomein Channel: #I #I 38 [+sntu] Oper: [anz] (anzima@I.B.ROOT): Anzii[anz] ~#I [anz] irc.anzima.eu :Net[anz] is a Network Administrator[anz] is available for help.[anz] is using a Secure Connection[anz] idleRead more...
d1d4f5s.no-ip.org (ngrbot irc botnet hosted by Zap-Hosting.com)
Resolved d1d4f5s.no-ip.org to 109.230.238.65 Server: d1d4f5s.no-ip.org Port: 6669 Channel: #ngr * Topic for #ngr is: –!msn.int # !msn.set that’s pretty cool hxxp://canbolugiray.com/yenisite/* Topic for #ngr set by null at Thu Jan 03 14:31:19 2013 MSN spread message is a java “driveby” http://urlquery.net/report.php?id=596405 I don’t think these guys quite get how ngrbot works. alex: !pdef onalex:Read more...
hackersdream.info (Andromeda http botnet hosted by Seychelles Victoria Business Dialogue Ltd)
Resolved hackersdream.info to 91.217.178.32 Server: hackersdream.info Gate file: /lol/image.php Plugins Rootkit: http://hackersdream.info/lol/r.pack Socks: http://hackersdream.info/lol/s.pack Formgrabber: http://hackersdream.info/lol/f.pack Gate file: /lol/fg.php Hosting infos: http://whois.domaintools.com/91.217.178.32
irc.unixon.net (PHP and perl botnets hosted by Poland Kalisz Static Ip)
Resolved irc.unixon.net to 211.60.155.5, 69.46.16.67, 76.74.236.70, 95.48.19.74, 88.208.211.135, 79.188.136.138, 83.17.0.148 PHP bot Server: irc.unixon.net Port: 7100 Channel: #dor Channel password: dor #dor 171 [+p] Bot code: http://pastebin.com/ZGa0MLAq Perl bot Server: irc.unixon.net Port: 7100 Channel: #bot #bot 101 [+smnt] Bot code: http://pastebin.com/scyHzVcS