Month: January 2013 hosted in United States Scranton Network Operations Center Inc.)

This botnet was found from anonymous guy here thanks to him for the submition Resolved : [] To [] Resolved : [] To [] arab heckers Resolved : [] To [] Server: Username: zdbcuzs Nickname: n{DE|XPa}zdbcuzs Channel: #tmw5 (Password: ngrBot) Channeltopic: :!u5 hxxp:// 5b8fe0ee31617ee9596a5861a2192304 !u5 hxxp:// cdfc01b434fc787d487ce088dd391e0b !u6 hxxp:// 7140176e63651b027fd5f3b19252c4bf Server: Username: mmgamzu (Athena irc botnet hosted by

Resolved to Mystical is right back into the irc game, with a different server and domain. This is on the same ip as _Stoner’s Athena test server which was previously posted. Google indicates that the domain once hosted a blackhole exploit kit panel Server: Port:  44 Current global users 119, max 910 (Andromeda http botnet hosted by

This was loaded from snk’s latest irc net. The bot is pretty strange, as it tries to connect to five unregistered domains before connecting to the ip. Here they are:  Server: Gate file:  /sg.php  Plugin: It appears to be some sort of Facebook spreader.   hosting infos: (snk asper mod hosted by

Resolved to, snk is at it again Server: (alternate domains Port:  5050 Channel:  #u * Topic for #u is: .j #s .d x /100/97/111/124/49/59/47/127/124/127/58/78/114/123/105/113/116/105/108/116/46/115/121/97/48/55/55/18/43/58/44/121/85/110/127/122/107/127/30/111/81/* Topic for #u set by x at Tue Jan 29 13:46:37 2013 * Topic for #s is: .d x /100/97/111/124/49/59/47/127/124/127/58/78/114/123/105/113/116/105/108/116/46/115/121/97/48/55/96/78/112/58/117/124/16/60/118/97/101/119/21/104/74/* Topic for #s set by (Betabot http botnet hosted by

Resolved to Server: Gate file:  /icool/order.php This was from the closed beta of the betabot http bot. The server files have been taken down now so not much point visiting the site. There wasn’t much to see except evidence of the coder’s man crush on the steely gaze of Brian Krebs. For, (Athena irc botnet hosted by

 Resolved, to Server: Port:  6667 Channel:  #boss Channel password:  mystical Topic for #boss is: !stop Topic for #boss set by samiam at Fri Jan 25 10:31:21 2013 Nick format:  [U|WIN7|x64|L]txzrks Server: Port:  6667 Channel:  #210 Nick format:  _[USA|U|L|WIN7|x32|4c]rflbxwws Current Local Users: 823  Max: 1585 #boss            243     [+sntVCTk] !stop #210             402 (Multiple irc bots hosted by

Resolved,, to Aryan bot Server: Port:  6667 Current Global Users: 599  Max: 5456 Channel:  #bonez  #bonez           126     [+smntMu] @j #quiet Topic for #bonez is: @j #quiet Topic for #bonez set by Mixtape at Tue Jan 22 03:00:44 2013 Topic for #quiet is: @dl hxxp:// 1 Topic for #quiet set by (Andromeda http botnet hosted by

Resolved to Server: Gate file:  /Balls/Panel/Panel/image.php Some bitcoin mining infos: Hosting infos: (Andromeda http botnet hosted by

Note: Be careful if you visit this site, the index page redirects to a shitty java exploit. Resolved to Server: Gate file:  /andy/image.php Hosting infos: