Resolved zxz.consulting-info.eu to 5.39.71.80 This is the french hecker known as h4r3 who has been posted before Andromeda This is the same andromeda net that was posted before, just with the rest of the domains. Previous/disabled domains vvv.exp1oit.in xxx.be-shopping.net Current domain: zxz.consulting-info.eu Gate file: /service/image.php Plugins: Rootkit: tbontepaard.nl/gllr/r.pack Socks: tbontepaard.nl/gllr/s.pack kbot Server: zxz.consulting-info.eu GateRead more...
myinstalls.info (Andromeda and kbot http botnets hiding behind cloudflare)
Resolved myinstalls.info to 199.27.134.49, 173.245.60.132 Andromeda Server: myinstalls.info Gate file: /neuro/image.php kbot Server: myinstalls.info Gate file: /kb/gate.php I’m glad to see Khant has recovered from having some malicious individual run rm -rf / as root on his server. However I’m not sure if having bots connect through cloudflare is such a good idea.
cheatmodernwarfare.com (Multiple http bots hosted by Romania Torben Diehr)
Posting some french heckers stuff Andromeda loader Server: cheatmodernwarfare.com Gate file: /xbox/image.php Rootkit plugin: hxxp://magnatesmobileapps.com/sym/r.pack Socks plugin: hxxp://magnatesmobileapps.com/sym/s.pack Backup domains: down4life.hopto.org explosiontaracesavatoutdechirer.chickenkiller.com fckd330.mooo.com kbot Server: h4r3.hopto.org redirects to: kb.itprosolutions.org Gate file: /joomla/gate.php Server: purenet.hopto.org Redirects to: 91.234.105.14 Gate file: /kb/gate.php Server: smk.cheatgame.org Gate file: /kb/gate.php Smoke loader (Currently down) Server: smk.cheatmodernwarfare.com Gate file: /s2/control.php HostbooterRead more...