Author: Pig

Infos are from our anonymous friend http://www.exposedbotnets.com/2012/05/insomniaincorporatedhostinginfoinsomnia.html C&C Server: 46.166.162.130:1993 Server Password: Username: lvkkqub Nickname: n{DE|XPa}lvkkqub Channel: #ngrs (Password: scrt) Channeltopic: : Now talking in #ngrs Topic On: [ #ngrs ] [ ] Topic By: [ null ] Resolved : [dk1.zapto.org] To [109.169.61.117] dk1.zapto.org:6667 channel #bots owner of this is iDDoS@pie69 he’s using no-ip forRead more...

Resolved : [vps33.max-vps.net] To 13[178.33.88.93] Clients: I have 570 clients and 0 servers Local users: Current Local Users: 570 Max: 1666 Global users: Current Global Users: 570 Max: 1345 IRC Server HOST, PORT: vps33.max-vps.net 8745 channel: #insomnia Insomnia exe: http://uppit.com/oovmmjteut38/irc.rar this is another contribution from anonymous guy all credits go to him Pass: infected hostingRead more...

Resolved : [x0r.xxxisniperixxx.cn] To [69.55.55.149] Remote Host Port Number x0r.xxxisniperixxx.cn 51987 PASS Virus NICK VirUs-qkrcdlij. USER VirUs “” “vxs” : .8,1..8Coded .4By .8AhmedRamzey@Hotmail.Com Clients: I have 576 clients and 0 servers Local users: Current Local Users: 576 Max: 691 Global users: Current Global Users: 576 Max: 691 Join #Aryan hosting infos: http://whois.domaintools.com/69.55.55.149

Resolved : [q520qq.3322.org] To [58.215.133.238] Traffic – by TCP/IP Connections Country IP Port CN 58.215.133.238 7000 sample hosting infos: http://whois.domaintools.com/58.215.133.238

Resolved : [aaa1adasadasda444.net] To [217.11.251.173] Traffic – by DNS 4 domain found Country Domain IP CZ aaa1adasadasda444.net 217.11.251.173 CZ aaa1kjsadhasiodo.com 217.11.251.173 CZ aaa1lilililili.com 217.11.251.173 CZ aaa1skjadsdaskld.net 217.11.251.173 Traffic – by URL 4 outbound URL connection found URL aaa1adasadasda444.net/admin/image.php aaa1kjsadhasiodo.com/admin/image.php aaa1lilililili.com/admin/image.php aaa1skjadsdaskld.net/admin/image.php Strings from executable: Processes: PID ParentPID User Path -------------------------------------------------- 3324 3144 xxxx-xxx:xxx C:WINDOWSsystem32wuauclt.exe Ports:Read more...

3 domains are used to control bots: j.rania-style.com active j.symtec.us not active j.idolmovies.com not active Resolved : [j.rania-style.com] To [175.6.1.159] Resolved : [j.rania-style.com] To [122.226.202.221] Resolved : [j.rania-style.com] To [117.21.224.29] Resolved : [j.rania-style.com] To [121.61.118.106] C&C server: j.rania-style.com:1888 j.rania-style.com:6971 Traffic – by DNS 14 domain found Country Domain IP US 113890url.displayadfeed.com 66.45.56.124 US myvideos.stream-free-movies-online.com 66.45.56.124Read more...

Another post from our anonymous friend Resolved : [4thdemo.com] To [199.19.105.123] server port password channel 4thdemo.com:3344 785chelsea #Insomnia 4thdemo.com:5443 alexandre69 #Channel Password 4thdemo.com:6667 r3m0hdemoni #Insomnia r3de07, #Jamie 4thdemo.com:9891 modrica1x1 #MasterBl4ster modricha1x1, #lolba, #Cro4t, #fric All are seperate irc servers, but hosted on the same server. Some HF hecker selling to skids. Oh, its DeMoNi *Read more...

This botnet is found by our anonymous friend here all credits go to him for this Server Port insomnia.incorporatedhosting.info:5656 Channel: #insomnia k6geyzs Botnet owner: Digital from HF and friends Here Lilyjade extension named Ad Killer Pro (found from our anonymous friend) //New Lilyjade extension //Named: Ad Killer Pro //CrosRider #:4995 //Panel: http://nemsmedia.cloudapp.net //Extension appAPI.ready(function($) {Read more...