Server: 93.174.94.158 Port: 6667 * There are 1 users and 3854 invisible on 1 servers * 24 :unknown connection(s) * 45 :channels formed * I have 3855 clients and 0 servers * 3855 15196 :Current local users 3855, max 15196 * 3855 5212 :Current global users 3855, max 5212 Channel: #X (Perl bots) Bot SourceRead more...
uploadwith.me (Betabot http botnet hosted by datashack.net)
Resolved uploadwith.me to 63.141.233.107 Server: uploadwith.me Gate file: /ashg653/order.php Alternate domain: strike-file-hosting.us Hosting info: http://whois.domaintools.com/63.141.233.107 Notice anything interesting about this IP? CustName: Chris Gravenstein Address: 201 E. 16th st City: North Kansas City StateProv: MO PostalCode: 64116 Country: US RegDate: 2013-10-21 Updated: 2013-10-21 Ref: http://whois.arin.net/rest/customer/C04738525 That’s right, Chris Gravenstein, aka digital has managed to topRead more...
illuminati.sx (Plasma http botnet hosted by worldstream.nl)
Resolved illuminati.sx to 109.236.80.74 Server: illuminati.sx Gate file: /http/gate.php This is the first time I have seen the HTTP version of plasma and it sucks hard. It seems to be a slightly upgraded version of the old barracuda HTTP bot, with few of the problems fixed. Hosting info: http://whois.domaintools.com/109.236.80.74 Bitcoin mining info: miner.start http://109.236.80.74/miner/CPUMiner.files *-aRead more...
boot.sx (Betabot http botnet hosted by worldstream.nl)
Resolved boot.sx to 109.236.80.74 Server: boot.sx Gate file: /g4sg/order.php Alternate domain: illuminati.sx This betabot is quite interesting due to the bizarre crypter it uses. The crypter starts with a Winrar SFX archive. This dumps it’s contents in the users temp folder and starts the next layer, a vbs script. The vbs script runs a AutoITRead more...
fapncam.com (betabot hosted by Digitalocean.com)
Resolved fapncam.com to 192.81.216.12 Server: fapncam.com Gate file: /beta/order.php Alternate domains: update-silo.comproxypool.infofrizzcams.com Hosting infos: http://whois.domaintools.com/192.81.216.12 Related md5 (Download sample from Malwr.com) Betabot: 52435233bd228dfffc2a2c7e001f66c8
shinyhosting.ws.gy(Andromeda Bot hosted in United States Amsterdam Hosting Servers)
URL: hxxp://shinyhosting.ws.gy/loli/image.php Hosting infos: http://whois.domaintools.com/93.188.160.131
gd.derpcity.ru(godscan botnet hosted in France Roubaix Ovh Systems )
Found by AliSs Server: 37.59.53.162:6667 PASS weed >> PASS weed>> NICK [NeW|00|USA|xP|HOME|5035]>> NICK [NeW|00|USA|xP|HOME|5035]>> USER varun * 0 :HOME>> PING :1389B8E6>> PONG 1389B8E6<< PRIVMSG [NeW|00|USA|xP|HOME|5035] :x01VERSIONx01<< 001 [NeW|00|USA|xP|HOME|5035] :<< 002 [NeW|00|USA|xP|HOME|5035] :<< 003 [NeW|00|USA|xP|HOME|5035] :<< 004 [NeW|00|USA|xP|HOME|5035] :<< 005 [NeW|00|USA|xP|HOME|5035] :<< 005 [NeW|00|USA|xP|HOME|5035] :<< 005 [NeW|00|USA|xP|HOME|5035] :<< 375 [NeW|00|USA|xP|HOME|5035] :/MOTD<< 372 [NeW|00|USA|xP|HOME|5035] :- 5/11/2013 17:10<<Read more...
bot.blackunix.us(Linux bots hosted in France Roubaix Ovh Systems)
Found by Yewnix. Resolved : [bot.blackunix.us] To [94.23.89.246]Resolved : [bot.blackunix.us] To [217.29.115.1]Resolved : [bot.blackunix.us] To [91.151.85.31]Resolved : [bot.blackunix.us] To [59.167.240.231]Resolved : [bot.blackunix.us] To [58.180.42.200]Resolved : [bot.blackunix.us] To [64.31.27.18] class pBot { var $config = array("server"=>"bot.blackunix.us", "port"=>"20", "pass"=>"", "prefix"=>"Blood", "maxrand"=>"15", "key"=>"none", "chan"=>"#metri", "modes"=>"+ps", "chan2"=>"#metri", "password"=>"crack", "trigger"=>".", "hostauth"=>"bogel.us" // * for any hostname (remember: /setvhost pasukan.ddos.reload-x.us) HostingRead more...
keshmoney.biz(irc botnet hosted in France Roubaix Ovh Systems)
Found by AliSs Server: keshmoney.biz:6667 Channel: #all,#x00 password 777.#boss Bitcoin Miner: hxxp://knal.wut.re:8332 -u bram226_1 Hosted in this link: hxxp://noinei90.sommadue.it/Built.exe Sample here Hosting infos: http://whois.domaintools.com/37.59.53.162
meziamussucemaqueue.su (Betabot http botnet hosted by sunnyvision.com)
Resolved meziamussucemaqueue.su to 124.248.205.104 Server: meziamussucemaqueue.su Gate file: /phpmiadmin/order.php Alternate domain: umbxd15896.su Bitcoin mining info: -o http://ypool.net:8080 -u Teolous.PTS_1 -p x Hosting info: http://whois.domaintools.com/124.248.205.104 Related md5s (Download sample from malwr.com) betabot: 670fa0a15754e1d67810eea73e890dad Bitcoin miner: e1aed5a5d729d37efca73602d8bc66e9 Bitcoin miner 2: a92403926113dd4b3a4d3e4c48eace66 EDIT: new mining info stratum+tcp://pool.d2.cc:3335 -u Hanito.bot -p 3fcua4