Author: I_Post_Ur_Info

apoctechnology.com (Andromeda http botnet hosted by Seychelles Victoria Business Dialogue Ltd)

Uncategorized

Resolved apoctechnology.com to 91.217.178.32 I think this is the same guy from here. What is it with him and having his nick in the domain? Server:  apoctechnology.com Gate file:   /Grind/Boom/Lancer/Panel/image.php He’s trying out a survey winlocker annoyance program. It ‘s a really shitty one though. See it in action: http://malwr.com/analysis/4ceff448b85855dbb824a1098cdeea39/ Hosting infos: http://whois.domaintools.com/91.217.178.32

ad.amneplay.com (Upas http botnet hosted by cheaphosts.ru)

Uncategorized

Resolved ad.amneplay.com to 146.185.246.36, 146.185.246.131 Server:  ad.amneplay.com Gate file:  /ad/pops/gate.php Alternate domains (same gate path) ad.tool2ago.com ad.sobhanik.com ad.kbirbsghir.com ad.masisyarb.com ad.kosifikon.com Hosting infos: http://whois.domaintools.com/146.185.246.36 http://whois.domaintools.com/146.185.246.131

oneproxifier.com (Reverse proxy malware hosted by ecatel.net)

Uncategorized

Resolved w7bren.oneproxifier.com to 93.174.93.39, 89.248.174.42, 89.248.172.58, 93.174.93.204 Resolved extradq.oneproxifier.com to 94.102.49.207, 80.82.70.232 Here are two samples of what appears to be reverse proxy malware. It connects back to the indicated servers and maintains a connection, waiting to relay connections through the infected computer. It appears to only use windows servers for the back connect software.Read more...

in.thegamejuststarted10.com (Insomnia irc botnet hosted by China Dongguan Shenzhenshiluohuquhepingluyifengguangchangczuo32h)

Uncategorized

Resolved in.thegamejuststarted10.com to 121.12.123.139 SSL is required to connect to this server. You will also need to accept invalid/self generated certificates. Server:   in.thegamejuststarted10.com Port:  2020 Server password:  hax0r Channel:  #in * Topic for #in is: eEtqRXBzV2l4S2pFcThTNXhLVEVxOFM2eEtURXE4Uzd4S1RFcThTOHhLVEVxOFM5eEtURXE4Uyt4YlE9fDIyMjkzMjY0 * Topic for #in set by smart93 at Sun Dec 25 13:30:39 2011 All bots are also autojoinedRead more...

shitty little nets run by shitty people

Uncategorized

I’ve decided to clear out for the end of the year, here are all the irc nets I never posted because they had pathetically small numbers of bots. Server:  tannervps.no-ip.org Port:  6969 Current Local Users: 2  Max: 23 Channel:  #tentob  #tentob          2        // This is including me Bot:  insomnia Server:  irc.stressing.info Port:  6667 Channel #liptonRead more...

198.8.81.127 (Pony http loader hosted by coloat.com)

Uncategorized

Server:  198.8.81.127 Gate file:  /Panel/gate.php Starting to see some pony bots now that it’s been leaked. FYI, pony just grabs passwords and uploads them, then downloads any files that are hard coded into it. If you set it to run at startup you’ll just get the same shit every time. Hosting infos: http://whois.domaintools.com/198.8.81.127