myinstalls.info (Andromeda and kbot http botnets hiding behind cloudflare)

Uncategorized

Resolved myinstalls.info to 199.27.134.49, 173.245.60.132 Andromeda Server:  myinstalls.info Gate file:  /neuro/image.php kbot Server:  myinstalls.info Gate file:  /kb/gate.php I’m glad to see Khant has recovered from having some malicious individual run rm -rf / as root on his server. However I’m not sure if having bots connect through cloudflare is such a good idea.

coco.3chp.tk (Andromeda http botnet hosted by United States Asheville Hostinger International Limited)

Uncategorized

Resolved coco.3chp.tk to 31.170.167.159 Server:  coco.3chp.tk Gate file:   /andro/image.php Plugins:  All of the plugins are in /andro/plugins/ This is the first of what I’m sure will be many cracked andromeda nets as every skid who can figure out how to install the panel tests it out. Hosting infos: http://whois.domaintools.com/31.170.167.159

134.255.234.22 (irc botnet hosted by Zap-Hosting.com)

Uncategorized

Server:  134.255.234.22 Port:  6667 Channel:  #HabboParty Nickformat: Three different types DatLykosaSmexy811637 Lykosa10559 LykosaTEST10559 Oper:  zeeeeeeek1 [zeeeeeeek1] (chatzilla@Habbo-B9F45668.pools.arcor-ip.net): New Now Know How [zeeeeeeek1] #HabboParty [zeeeeeeek1] PiotreksHabboServer.net :PiotreksHabboServer [zeeeeeeek1] idle 00:29:17, signon: Mon Nov 19 09:37:31 [zeeeeeeek1] End of WHOIS list. Commands: Only ones I have seen are <zeeeeeeek1> !isoffline <DatLykosaSmexy811637> seems like site is back onlineRead more...

mostvideo2012.no-ip.info (AryaN and Barracuda irc botnets hosted by Russian Federation Beringovskiy Mediaserviceplus Ltd.)

Uncategorized

Resolved mostvideo2012.no-ip.info to 192.162.102.212 Server:  mostvideo2012.no-ip.info Port:  4562 Server password:  leroumain49  Channel          Users   Topic  #plouque         41      [+nt]  #mafia           2       [+nt]  #arisauve        66      [+nt]  #bio             3       [+nt]  AryaN bots Channel:  #arisauve Channel password:  leroumain49 Channel: #bio Barracuda bots Channel:  #plouque Channel: #mafia Command nick is RutE94 RutE94 (~RutE94@User-CD7BBD3D.rev.numericable.fr) has joined #plouque RutE94 !botkill [CATALIN-PC]58632  Startup Cleaned,Read more...

mirror.servehalflife.com (Barracuda http botnet hosted by Netherlands Haarlem Leaseweb B.v.)

Uncategorized

Resolved mirror.servehalflife.com to 95.211.209.178 Server:  mirror.servehalflife.com Gate file:   /barra/bot.php You may remember this no-ip from a previous post Same shit is still in /files/ the only changes being that blackshades now connects on own3d-private.no-ip.org on port 55050, and it uses the no-ip files.serveblog.net to download the other files. More links found by Xylitol: hxxp://mirror.servehalflife.com/torrent/Read more...

178.18.19.105 (Aryan irc botnet hosted by United States United Fibermax Networks Bv)

Uncategorized

Server:  178.18.19.105 Port:  8375 Channel:  #Break#  #Break#          102     [+smnt]  Oper:  * [Break] (Break@pimp): Break * [Break] ~#Break# * [Break] irc.Break.gov :cia.gov * [Break] is a Network Administrator * [Break] is available for help. * [Break] idle 00:08:52, signon: Fri Nov 16 00:22:20 * Break (Break@gov-E1CAB504.nycmny.fios.verizon.net) has joined #Break# Nick format:  Break{VN-XP-x86}2221143 Hosting infos: http://whois.domaintools.com/178.18.19.105