This botnet was found from anonymous guy here thanks to him for the submition Resolved : [ads.pr4d.tk] To [64.120.186.229] Resolved : [teams.xsaudix.net] To [64.120.186.230] arab heckers Resolved : [y.servicesql.info] To [64.120.186.228] Server: 64.120.186.229:1433 Username: zdbcuzs Nickname: n{DE|XPa}zdbcuzs Channel: #tmw5 (Password: ngrBot) Channeltopic: :!u5 hxxp://bmc.linkpc.net/download/s1.exe 5b8fe0ee31617ee9596a5861a2192304 !u5 hxxp://bmc.linkpc.net/s1cr.exe cdfc01b434fc787d487ce088dd391e0b !u6 hxxp://bmc.linkpc.net/chat.exe 7140176e63651b027fd5f3b19252c4bf Server: 64.120.186.228:1434 Username: mmgamzuRead more...
demoralize.biz(Andromeda hosted in Germany Frankfurt Am Main Voxility S.r.l.)
Resolved :[demoralize.biz] To [37.221.170.194] Panel:hxxp://37.221.170.194/panel/image.php Module:hxxp://37.221.170.194/panel/r.pack DirtJumper:demoralize.biz/dj/index.php Other files:hxxp://demoralize.biz/f/ hosting infos: http://whois.domaintools.com/37.221.170.194
androhosting.info (Athena irc botnet hosted by voxility.net)
Resolved androhosting.info to 37.221.170.211 Mystical is right back into the irc game, with a different server and domain. This is on the same ip as _Stoner’s Athena test server which was previously posted. Google indicates that the domain once hosted a blackhole exploit kit panel Server: androhosting.info Port: 44 Current global users 119, max 910Read more...
188.40.15.22 (Andromeda http botnet hosted by Up2vps.com)
This was loaded from snk’s latest irc net. The bot is pretty strange, as it tries to connect to five unregistered domains before connecting to the ip. Here they are: amnsreiuojy.ru amnsreiuojy.in amnsreiuojy.biz amnsreiuojy.com amnsreiuojy.nl Server: 188.40.15.22 Gate file: /sg.php Plugin: http://188.40.15.22/uploads/is.s It appears to be some sort of Facebook spreader. hosting infos: http://whois.domaintools.com/188.40.15.22
srv5050.co (snk asper mod hosted by oneandone.net)
Resolved srv5050.co to 213.165.85.114, 212.227.141.241 snk is at it again Server: srv5050.co (alternate domains srv5050.su r83g9dhwuabce.net) Port: 5050 Channel: #u * Topic for #u is: .j #s .d x /100/97/111/124/49/59/47/127/124/127/58/78/114/123/105/113/116/105/108/116/46/115/121/97/48/55/55/18/43/58/44/121/85/110/127/122/107/127/30/111/81/* Topic for #u set by x at Tue Jan 29 13:46:37 2013 * Topic for #s is: .d x /100/97/111/124/49/59/47/127/124/127/58/78/114/123/105/113/116/105/108/116/46/115/121/97/48/55/96/78/112/58/117/124/16/60/118/97/101/119/21/104/74/* Topic for #s set byRead more...
webhostingprotection.info (Betabot http botnet hosted by Santrex.net)
Resolved webhostingprotection.info to 46.166.163.131 Server: webhostingprotection.info Gate file: /icool/order.php This was from the closed beta of the betabot http bot. The server files have been taken down now so not much point visiting the site. There wasn’t much to see except evidence of the coder’s man crush on the steely gaze of Brian Krebs. ForRead more...
xtremehosting.info, sexwithme.info (Athena irc botnet hosted by voxility.net)
Resolved xtremehosting.info, sexwithme.info to 37.221.170.221 Server: xtremehosting.info Port: 6667 Channel: #boss Channel password: mystical Topic for #boss is: !stop Topic for #boss set by samiam at Fri Jan 25 10:31:21 2013 Nick format: [U|WIN7|x64|L]txzrks Server: sexwithme.info Port: 6667 Channel: #210 Nick format: _[USA|U|L|WIN7|x32|4c]rflbxwws Current Local Users: 823 Max: 1585 #boss 243 [+sntVCTk] !stop #210 402 Read more...
irc.stressing.info (Multiple irc bots hosted by blacklotus.net)
Resolved irc.stressing.info, unknownkind.no-ip.org, 123456788.no-ip.info to 199.59.163.135 Aryan bot Server: irc.stressing.info Port: 6667 Current Global Users: 599 Max: 5456 Channel: #bonez #bonez 126 [+smntMu] @j #quiet Topic for #bonez is: @j #quiet Topic for #bonez set by Mixtape at Tue Jan 22 03:00:44 2013 Topic for #quiet is: @dl hxxp://jelly.stressing.info/swagbonez/bot.exe 1 Topic for #quiet set byRead more...
zeonyx.info (Andromeda http botnet hosted by voxility.net)
Resolved zeonyx.info to 37.221.170.240 Server: zeonyx.info Gate file: /Balls/Panel/Panel/image.php Some bitcoin mining infos: http://Slinky:abc123@pool.bitclockers.com:8332 http://Zeroexe7_Zero8:nigger1@eu.triplemining.com:8344 http://Zeroexe7_Indian:nigger1@us2.eclipsemc.com:8337 Hosting infos: http://whois.domaintools.com/37.221.170.240
index.myftp.org (Andromeda http botnet hosted by hostkey.com)
Note: Be careful if you visit this site, the index page redirects to a shitty java exploit. http://urlquery.net/report.php?id=814566 Resolved index.myftp.org to 141.105.67.83 Server: index.myftp.org Gate file: /andy/image.php Hosting infos: http://whois.domaintools.com/141.105.67.83