188.40.15.22 (Andromeda http botnet hosted by Up2vps.com)

By I_Post_Ur_Info, January 29, 2013

This was loaded from snk’s latest irc net.
The bot is pretty strange, as it tries to connect to five unregistered domains before connecting to the ip.
Here they are: amnsreiuojy.ru amnsreiuojy.in amnsreiuojy.biz amnsreiuojy.com amnsreiuojy.nl

Server: 188.40.15.22
Gate file: /sg.php

Plugin: http://188.40.15.22/uploads/is.s
It appears to be some sort of Facebook spreader.

hosting infos: http://whois.domaintools.com/188.40.15.22

Categories: Uncategorized

Tags: Andromeda Botsnk

Previous postsrv5050.co (snk asper mod hosted by oneandone.net)

Next postandrohosting.info (Athena irc botnet hosted by voxility.net)

3 Comments

Anonymous - January 30, 2013 at 3:28 pm

also :
POST http://amnsreiuojy.biz/sg.php – DIRECT/184.168.221.46 text/html

Pig - January 30, 2013 at 4:03 pm

thank you for this
please next time replace http with hxxp in your links

Anonymous - February 2, 2013 at 4:35 am

Do you have the exe for this?

220.181.87.80( Trik v2.5 bot By snk Hosted in China Beijing Chinanet Beijing Province Network)

trik.su (Snk aspermod irc botnet hosted by midphase.com)

shinyhosting.ws.gy(Andromeda Bot hosted in United States Amsterdam Hosting Servers)

3 Comments

Anonymous - January 30, 2013 at 3:28 pm

Pig - January 30, 2013 at 4:03 pm

Anonymous - February 2, 2013 at 4:35 am

Comments are closed