Resolved truthaboutcannella.net to 200.74.242.103 Server: truthaboutcannella.net Gate file: /andro/image.php Yet another cracked andromeda. Hosting infos: http://whois.domaintools.com/200.74.242.103
myinstalls.info (Andromeda and kbot http botnets hiding behind cloudflare)
Resolved myinstalls.info to 199.27.134.49, 173.245.60.132 Andromeda Server: myinstalls.info Gate file: /neuro/image.php kbot Server: myinstalls.info Gate file: /kb/gate.php I’m glad to see Khant has recovered from having some malicious individual run rm -rf / as root on his server. However I’m not sure if having bots connect through cloudflare is such a good idea.
devbug.su (Andromeda http botnet hosted by United Kingdom Pintwire)
Resolved devbug.su to 176.31.208.106 Server: devbug.su Gate file: /a/index.php Another cracked andro. No plugins from it yet. Hosting infos: http://whois.domaintools.com/176.31.208.106
coco.3chp.tk (Andromeda http botnet hosted by United States Asheville Hostinger International Limited)
Resolved coco.3chp.tk to 31.170.167.159 Server: coco.3chp.tk Gate file: /andro/image.php Plugins: All of the plugins are in /andro/plugins/ This is the first of what I’m sure will be many cracked andromeda nets as every skid who can figure out how to install the panel tests it out. Hosting infos: http://whois.domaintools.com/31.170.167.159
needlifechange.com (Andromeda http botnet hosted by Netherlands International Widespread Services Limited)
Resolved needlifechange.com to 91.223.82.153 Server: needlifechange.com Gate file: image.php Plugins: Formgrabber: needlifechange.com/formgrabber.pack Gate file: fg.php Rootkit: needlifechange.com/rootkit.pack Hosting info: http://whois.domaintools.com/91.223.82.153
techmanagement.info (Andromeda http botnet hosted by United Kingdom Pintwire)
Resolved techmanagement.info to 174.36.138.26 Andromeda Server: techmanagement.info Gate file: /image.php Plugins: Socks dl.dropbox.com/u/37821967/s.pack Hosting infos: http://whois.domaintools.com/176.31.208.106
vvv.exp1oit.in (Andromeda http hosted by France Roubaix Ovh Sas)
Resolved vvv.exp1oit.in to 178.33.241.61 This is the new andromeda of the french guy. It is the full version with all of the plugins. Server: vvv.exp1oit.in Gate file: /google/image.php Plugins: Formgrabber: beautyoftheworld.ca/xs/f.pack Gate file: /google/fg.php Socks: beautyoftheworld.ca/xs/s.pack Rootkit: beautyoftheworld.ca/xs/r.pack Downloads files from hxxp://jamboproducciones.com/xs/ and hxxp://ez-cs.net/dk/ He also has a new smoke loader up Server: smk.cheatgame.org GateRead more...
ultimatecore.info (Andromeda http bot hosted by Ukraine Ukrainian Internet Names Center Ltd)
Resolved ultimatecore.info to 91.231.84.114 New andromeda from this guy. Server: ultimatecore.info Gate file: /mario/root.php This is the full version of andromeda, with all of the plugins. Plugins: Formgrabber plugin: ultimatecore.info/test/f.pack Gate file: /mario/fg.php Socks plugin: ultimatecore.info/test/s.pack Rootkit plugin: ultimatecore.info/test/r.pack Hosting infos: http://whois.domaintools.com/91.231.84.114 Edit: Plugins are now at ultimatecore.info/samuelkaptioalpha1/ I think you can guess what eachRead more...
amazinghost.lt, yahgodz.com (Smoke and Andromeda loaders hosted by Netherlands Maasdijk Worldstream)
I happened to notice some people taking about one of mysticals old domains, indicating that it had been sold. I decided to check out the domains I had listed in the blog post to see what was on them. I found something new on 307dice.com Smoke loader Server: 307dice.com Gate file: /cp/index.php Check out 307dice.com/cp/guest.phpRead more...
cheatmodernwarfare.com (Multiple http bots hosted by Romania Torben Diehr)
Posting some french heckers stuff Andromeda loader Server: cheatmodernwarfare.com Gate file: /xbox/image.php Rootkit plugin: hxxp://magnatesmobileapps.com/sym/r.pack Socks plugin: hxxp://magnatesmobileapps.com/sym/s.pack Backup domains: down4life.hopto.org explosiontaracesavatoutdechirer.chickenkiller.com fckd330.mooo.com kbot Server: h4r3.hopto.org redirects to: kb.itprosolutions.org Gate file: /joomla/gate.php Server: purenet.hopto.org Redirects to: 91.234.105.14 Gate file: /kb/gate.php Server: smk.cheatgame.org Gate file: /kb/gate.php Smoke loader (Currently down) Server: smk.cheatmodernwarfare.com Gate file: /s2/control.php HostbooterRead more...