Author: I_Post_Ur_Info

jackhammermusic.com (Andromeda http botnet hosted by justhost.com)

Uncategorized

Resolved jackhammermusic.com to 173.254.28.39 Server:  jackhammermusic.com Gate file:  /images/id/image.php There’s also a shell booter located at jackhammermusic.com/test/ Looks like it’s out of shells though. jackhammermusic.com/test/shells.php Hosting infos: http://whois.domaintools.com/173.254.28.39 EDIT:  Now with 100% more bitcoin mining. Mining infos: http://Juan:Johnxd32ssS@pool.bitclockers.com:8332

76.191.97.100 (Multiple http botnets hosted by sentris.com)

Uncategorized

Andromeda Server:   76.191.97.100 Gate file:  /andro/image.php Plugins Rootkit:  http://76.191.97.100/andro/r.pack Socks:  http://76.191.97.100/andro/s.pack Formgrabber:  http://76.191.97.100/andro/f.pack   Gate file:  /andro/fg.php Smoke loader Server:   76.191.97.100 Gate file:  /smoke/index.php Pony Server:  76.191.97.100 Gate file:  /p/gate.php POE stealer Server:  76.191.97.100 Gate file /poe/index.php Login details are admin:admin Hosting infos: http://whois.domaintools.com/76.191.97.100 EDIT: I see he’s trying bitcoin mining Mining infos:Read more...

google-analystic-356.org (Carperb banking malware hosted by fartingghost.com)

Uncategorized

Resolved google-analystic-356.org to 91.231.156.125 Server:   google-analystic-356.org Gate file:  Not sure how carperb works for this, it seems to just post to random strings with random filetypes. You can see those here Backup domains: google-analystic-594.org google-analystic-462.pro  Neither of these has been registered yet, register them, ddos the others and steal some bots today. (won’t actuallyRead more...

srv5050.asia/pro/in (snk asper mod hosted by United Kingdom Birmingham Compuweb Communications Services Limited)

Uncategorized

Resolved srv5050.asia to 62.255.175.157 Resolved srv5050.pro to 62.255.175.157 This is snk’s new set of domains for his bot. Server:  srv5050.asia (backup domains are srv5050.pro and srv5050.in) Port:  5050 Channel:  #new * Topic for #new is: .j #gt .d /100/97/111/124/49/59/47/127/124/127/58/64/116/118/98/124/102/100/48/127/101/100/57/107/112/38/96/93/121/ * Topic for #new set by x at Sun Dec 23 16:33:45 2012 Channel:  #gt *Read more...

afkm.in (snk asper mod hosted by United Kingdom Birmingham Compuweb Communications Services Limited)

Uncategorized

Resolved afkm.in to 62.255.175.157 snk is cycling through his old domains, trying to move the bots onto his new ones. Server:   62.255.175.157 Port:  5050 Channel:  #$ * Topic for #$ is: .d /100/97/111/124/49/59/47/107/104/97/118/79/99/123/46/126/119/116/49/115/46/117/110/105/* Topic for #$ set by x at Sun Dec 23 14:19:00 2012 Channel:  #l * Topic for #l is: .d /100/97/111/124/49/59/47/105/111/111/102/66/103/119/105/115/118/101/109/120/103/126/56/111/112/38/112/78/51/100/111/62/70/112/98/*Read more...

a.loader.ws (andromeda http botnet and multi lock winlocker hosted by koddos.net)

Uncategorized

Resolved a.loader.ws to 198.144.121.130 Andromeda Server:  a.loader.ws Gate file:  /ad/image.php Plugins Rootkit:  http://a.loader.ws/ad/r.pack Socks:  http://a.loader.ws/ad/s.pack Formgrabber:  http://a.loader.ws/ad/f.pack   Gate file:  /ad/fg.php Multilocker Server:  a.loader.ws Gate file:  /l/lending/tds.php UPDATE: New domain used from the hecker: Resolved : [j87gyuh7uh.org] To [37.143.12.145] the rest is same files paths etc from same guy 2 domains not activated yet j87gyuh7uh.orgRead more...

gwassss.com (Insomnia irc botnet hosted by volumedrive.com)

Uncategorized

Resolved gwassss.com to 199.115.230.235 Server:  199.115.230.235 Port:   8527 Channel:  #Insomnia * Topic for #Insomnia is: /b/ * Topic for #Insomnia set by lucky at Sat Dec 22 10:24:28 2012 Oper: [{AR|XP-32a}yknranh] (lucky@Vandernet): … [{AR|XP-32a}yknranh] @#Insomnia [{AR|XP-32a}yknranh] www.Privatenet.gov :im an orphan [{AR|XP-32a}yknranh] idle 00:01:45, signon: Sun Dec 23 16:54:16[{AR|XP-32a}yknranh] End of WHOIS list. Hosting infos:Read more...

w4hw5wg3488h.net (snk asper mod botnet hosted by United Kingdom Birmingham Compuweb Communications Services Limited)

Uncategorized

Resolved w4hw5wg3488h.net to 62.255.175.157 snk is back, using an old domain and buying bots from Heckforums skids. Server:   w4hw5wg3488h.net Port:  5050 Channel:  #$ * Topic for #$ is: , * Topic for #$ set by x at Sat Dec 22 16:42:47 2012 Channel:  #lol * Topic for #lol is: .d /100/97/111/124/49/59/47/105/111/111/102/66/103/119/105/115/118/101/109/120/103/126/56/111/112/38/112/78/51/100/111/62/70/112/98/ * Topic forRead more...