Resolved paradoxunirc.no-ip.biz to 176.53.119.14 Server: paradoxunirc.no-ip.biz Port: 4667 Channel: #yoloswag Owner: Paradoxun This is the latest irc of the barracuda .net irc bot. After trolling around for a bit, it’s time for this one to be posted. The Authost on the bot only checks for the nick, so just wait for Paradoxun to leave, /nickRead more...
boris and hf hecker
boris a guy who idle into our irc channel irc.trolled.tv #security had a conversation with a botnet owner we had alot of fun reading now is your turn lol <boris> If you want to keep this ircd to yourself, I suggest you listen very carefully. <boris> firstly, a whois will not give you my realRead more...
supervids.net (Lilyjade script hiding behind/proxied by cloudflare)
I was looking at some of the files being installed from a recent posting, when I found something interesting. It looks like someone else is trying out lilyjade. The extensions are held in a self extracting archive and installed via a batch file. @echo off //Kill Proccess TASKKILL /F /IM firefox.exe TASKKILL /F /IM chrome.exeRead more...
204.188.227.106(dbot hosted in United States Missoula Sharktech)
IRC Server: 204.188.227.106:6667 Server Pass: m3ga2012Nick: L2-[hfqUsername: tdviyflbb Joined Channel: #ghostChannel Topic for Channel #ghost: “.scan 75 1 189.x.x.x 2 1 189.x.x.x”Private Message to Channel #ghost: “Scanning: 189.x.x.x, 75 threads. Using CFTP.” Hosting Infos: http://whois.domaintools.com/204.188.227.106
amazinghost.lt, yahgodz.com (Smoke and Andromeda loaders hosted by Netherlands Maasdijk Worldstream)
I happened to notice some people taking about one of mysticals old domains, indicating that it had been sold. I decided to check out the domains I had listed in the blog post to see what was on them. I found something new on 307dice.com Smoke loader Server: 307dice.com Gate file: /cp/index.php Check out 307dice.com/cp/guest.phpRead more...
cheatmodernwarfare.com (Multiple http bots hosted by Romania Torben Diehr)
Posting some french heckers stuff Andromeda loader Server: cheatmodernwarfare.com Gate file: /xbox/image.php Rootkit plugin: hxxp://magnatesmobileapps.com/sym/r.pack Socks plugin: hxxp://magnatesmobileapps.com/sym/s.pack Backup domains: down4life.hopto.org explosiontaracesavatoutdechirer.chickenkiller.com fckd330.mooo.com kbot Server: h4r3.hopto.org redirects to: kb.itprosolutions.org Gate file: /joomla/gate.php Server: purenet.hopto.org Redirects to: 91.234.105.14 Gate file: /kb/gate.php Server: smk.cheatgame.org Gate file: /kb/gate.php Smoke loader (Currently down) Server: smk.cheatmodernwarfare.com Gate file: /s2/control.php HostbooterRead more...
versx.net(Bitcoin-Miner hosted in Netherlands Dediserv Dedicated Servers Sp. Z O.o.)
Resolved : [versx.net] To [212.7.195.134] Here is the folder with XYZ Bitcoin-Miner passworded rar archive and executable files Here u can find all the rest into passworded rar archives This is the Control Panel he’s selling his produtcs here: hxxp://versx.net/ Hosting infos: http://whois.domaintools.com/212.7.195.134
rickroll.kodingen.com(Bitcoin-Miner hosted in United States Dallas Softlayer Technologies Inc.)
Resolved : [rickroll.kodingen.com] To [173.192.206.162] Gate.php: hxxp://rickroll.kodingen.com/btc/gate.php Login panel: [flags]url=hxxp://pool.itzod.ru:8080/login=acidexence_552pass=tagevuvug hosting infos: http://whois.domaintools.com/173.192.206.162
chat.barracudasec.com (Barracuda ircbotnet hosted by Luxembourg Luxembourg Root Sa)
Resolved chat.barracudasec.com to 94.242.204.181 Server: chat.barracudasec.com Ports: 1337,4667 (bots connect on 4667) Channel: #xxploasion Channel passoword: Rebels2012 Channel: #hflove Channel passoword: inspiron Connects using the no-ip hflove.no-ip.org Channel: #gavin0hanson Channel password: hanson911 Channel Users Topic #xxploasion 4 [+sntu] #hflove 45 [+s] #gavin0hanson 53 [+sntu] This irc server is similar to cmjc.whhcd.info in that is itRead more...
planetstat2324.su (smoke loader http bot hosted by Poland Artnet Spolka Z Ograniczona Odpowiedzialnoscia)
This is the http loader for the gold installs ppi program. Resolved planetstat2324.su to 178.255.43.67 Server: planetstat2324.su Gate file: /gamenew/index.php Downloads files from ap2producoes.com/images/ minsabdedf.exe bitcoin miner pool info: http://hernyoooo@ymail.com:Bazdmeg1@pool.50btc.com:8332 ginamdasm.exe The file botnet owners are given installs smoke from hxxp://oroihfdbbnennm.in/update/0pdat3.exe Install statistics are then recorded by oroihfdbbnennm.in/activation.php Using the format activation.php?productid=(userid)&serial=(long string) Hosting infos:Read more...