Resolved to irc.anzima.eu to 208.115.240.120 This server requires ssl and for you to accept invalid/self generated certificates to connect. Server: irc.anzima.eu Port: 7007 Server password: unocomein Channel: #I #I 38 [+sntu] Oper: [anz] (anzima@I.B.ROOT): Anzii[anz] ~#I [anz] irc.anzima.eu :Net[anz] is a Network Administrator[anz] is available for help.[anz] is using a Secure Connection[anz] idleRead more...
sixdollarads.com(SpyEye hosted in United States Dallas Theplanet.com Internet Services Inc.)
Resolved : [sixdollarads.com] To [174.132.190.220] SpyEye Panel:http://sixdollarads.com/vc/cp/maincp/ Bins: hxxp://sixdollarads.com/vc/cp/maincp/bin/0.1.exe hxxp://sixdollarads.com/vc/cp/maincp/bin/1.0.exe hxxp://sixdollarads.com/vc/cp/maincp/bin/config.bin hxxp://sixdollarads.com/vc/cp/maincp/bin/sys.exe hxxp://sixdollarads.com/vc/cp/maincp/bin/upload/sys.exe hxxp://sixdollarads.com/vc/cp/maincp/bin/upload/Photo345.jpg.scr hosting infos: http://whois.domaintools.com/174.132.190.220
updates211.zapto.org(Pony hosted in United States Port Richey Private Customer – Verizon Internet Services Inc.)
Pony Gate :updates211.zapto.org/pony/gate.php Pony Admin:http://updates211.zapto.org/pony/admin.php Setup file is inside:http://updates211.zapto.org/pony/setup.php Here u can see Pony files and folders:http://updates211.zapto.org/pony/ Pony sample:hxxp://updates211.zapto.org/update211.exe hosting infos: http://whois.domaintools.com/96.254.171.6
d1d4f5s.no-ip.org (ngrbot irc botnet hosted by Zap-Hosting.com)
Resolved d1d4f5s.no-ip.org to 109.230.238.65 Server: d1d4f5s.no-ip.org Port: 6669 Channel: #ngr * Topic for #ngr is: –!msn.int # !msn.set that’s pretty cool hxxp://canbolugiray.com/yenisite/* Topic for #ngr set by null at Thu Jan 03 14:31:19 2013 MSN spread message is a java “driveby” http://urlquery.net/report.php?id=596405 I don’t think these guys quite get how ngrbot works. alex: !pdef onalex:Read more...
hackersdream.info (Andromeda http botnet hosted by Seychelles Victoria Business Dialogue Ltd)
Resolved hackersdream.info to 91.217.178.32 Server: hackersdream.info Gate file: /lol/image.php Plugins Rootkit: http://hackersdream.info/lol/r.pack Socks: http://hackersdream.info/lol/s.pack Formgrabber: http://hackersdream.info/lol/f.pack Gate file: /lol/fg.php Hosting infos: http://whois.domaintools.com/91.217.178.32
irc.unixon.net (PHP and perl botnets hosted by Poland Kalisz Static Ip)
Resolved irc.unixon.net to 211.60.155.5, 69.46.16.67, 76.74.236.70, 95.48.19.74, 88.208.211.135, 79.188.136.138, 83.17.0.148 PHP bot Server: irc.unixon.net Port: 7100 Channel: #dor Channel password: dor #dor 171 [+p] Bot code: http://pastebin.com/ZGa0MLAq Perl bot Server: irc.unixon.net Port: 7100 Channel: #bot #bot 101 [+smnt] Bot code: http://pastebin.com/scyHzVcS
apoctechnology.com (Andromeda http botnet hosted by Seychelles Victoria Business Dialogue Ltd)
Resolved apoctechnology.com to 91.217.178.32 I think this is the same guy from here. What is it with him and having his nick in the domain? Server: apoctechnology.com Gate file: /Grind/Boom/Lancer/Panel/image.php He’s trying out a survey winlocker annoyance program. It ‘s a really shitty one though. See it in action: http://malwr.com/analysis/4ceff448b85855dbb824a1098cdeea39/ Hosting infos: http://whois.domaintools.com/91.217.178.32
ad.amneplay.com (Upas http botnet hosted by cheaphosts.ru)
Resolved ad.amneplay.com to 146.185.246.36, 146.185.246.131 Server: ad.amneplay.com Gate file: /ad/pops/gate.php Alternate domains (same gate path) ad.tool2ago.com ad.sobhanik.com ad.kbirbsghir.com ad.masisyarb.com ad.kosifikon.com Hosting infos: http://whois.domaintools.com/146.185.246.36 http://whois.domaintools.com/146.185.246.131
oneproxifier.com (Reverse proxy malware hosted by ecatel.net)
Resolved w7bren.oneproxifier.com to 93.174.93.39, 89.248.174.42, 89.248.172.58, 93.174.93.204 Resolved extradq.oneproxifier.com to 94.102.49.207, 80.82.70.232 Here are two samples of what appears to be reverse proxy malware. It connects back to the indicated servers and maintains a connection, waiting to relay connections through the infected computer. It appears to only use windows servers for the back connect software.Read more...
in.thegamejuststarted10.com (Insomnia irc botnet hosted by China Dongguan Shenzhenshiluohuquhepingluyifengguangchangczuo32h)
Resolved in.thegamejuststarted10.com to 121.12.123.139 SSL is required to connect to this server. You will also need to accept invalid/self generated certificates. Server: in.thegamejuststarted10.com Port: 2020 Server password: hax0r Channel: #in * Topic for #in is: eEtqRXBzV2l4S2pFcThTNXhLVEVxOFM2eEtURXE4Uzd4S1RFcThTOHhLVEVxOFM5eEtURXE4Uyt4YlE9fDIyMjkzMjY0 * Topic for #in set by smart93 at Sun Dec 25 13:30:39 2011 All bots are also autojoinedRead more...