Author Topic: DAEMONIC IPv4 Virtual Hosts  (Read 3449 times)

0 Members and 1 Guest are viewing this topic.

May 10, 2008, 08:53:56 pm
Read 3449 times

Orac

  • Special Members
  • Hero Member

  • Offline
  • *

  • 723
    • malwareremoval.com
Found this as a RFI at www.mizunobr.web.terra.com.br/sc.txt

Code: [Select]
DAEMONIC IPv4 Virtual Hosts
------IPv4 System Vanity Hostnames-------
212.143.175.2 shell.daemonic.biz
212.143.175.3 hacking.frenzy.in
212.143.175.4 liquid.hasj.biz
212.143.175.5 virtual.kombat-zone.net
212.143.175.6 il.legalized.info
212.143.175.7 porky.pigz.biz
212.143.175.8 wtf.is.wut.tf
212.143.175.9 happy.scre.am
212.143.175.10 frozen.subze.ro
212.143.175.11 freebsd.shellz.eu
212.143.175.12 rocket.pocket.banan.as
212.143.175.13 webcam.wh0res.biz
212.143.175.14 owns.the-voip.net
212.143.175.15 unix.shellaccount.biz
212.143.175.16 leeches.warez-4-free.net
212.143.175.17 dripping.sexxxybitches.net
212.143.175.18 filthy.richdad.co.il
212.143.175.19 back.gammon4free.com
212.143.175.20 demented.daemonic.eu
212.143.175.21 unlimited.income4free.com
212.143.175.22 net.frenzy.nu
212.143.175.23 lizard.kazil.us
212.143.175.24 free.live-sexxxy-cams.com
212.143.175.25 global.meeting-zone.net
212.143.175.26 3.13.37.int.pl
212.143.175.27 lurks.on.web.id
212.143.175.28 hyper.bot.nu
212.143.175.29 net.bsd.org.ve
212.143.175.30 fe.ro.cio.us.to
212.143.175.31 eth0.bgpd.be
212.143.175.32 clandestine.aoloser.com
212.143.175.33 n0.1.vg
212.143.175.34 shellz.biz.tm
212.143.175.35 lac.ed.co.ve
212.143.175.36 root.canal.cl
212.143.175.37 leechez.0dayz.be
212.143.175.38 liquid.acd.ro
212.143.175.39 drunken.thcgirls.com
212.143.175.40 rush.ftp.sh
212.143.175.41 dumb.chickenkiller.com
212.143.175.42 httpd.secure.la
212.143.175.43 iso.archives.at
212.143.175.44 gov.armed.us
212.143.175.45 undercover.fbi.be
212.143.175.46 hind.us.to
212.143.175.47 eye.cq.hk
212.143.175.48 hydroponic.ganja.nl
212.143.175.49 50cents.wh0res.biz
212.143.175.50 encrypted.intel.st
212.143.175.51 web.warri.or.ro
212.143.175.52 ircd.vipshells.com
212.143.175.53 dis.info.tm
212.143.175.54 abuses.irc.ec
212.143.175.55 regulates.irc.su
212.143.175.56 frequents.stripclubs.nl
212.143.175.57 omfg.brb.dj
212.143.175.58 sweat.shop.tm
212.143.175.59 ts.k.vu
212.143.175.60 drunken.ninja.lt
212.143.175.61 luxury.shellz.info
212.143.175.62 do.it.undo.it
212.143.175.63 mad.nerd.at
212.143.175.64 wifi.network.dj
212.143.175.65 crime.legalized.info
212.143.175.66 md5.rxi.cat
212.143.175.67 certified.frenzy.im 
212.143.175.68 gateway.anarchi.st
212.143.175.69 gbit.wireless.net.ve
212.143.175.70 always.wasted.cn
212.143.175.71 backdoor.shellcode.eu
212.143.175.72 freebsd.shells.ms
212.143.175.73 linux.shellaccount.tc
212.143.175.74 feeding.frenzy.in
212.143.175.75 amsterdam.hasj.biz
212.143.175.76 root.shells.tc
212.143.175.77 more.movoip.us
212.143.175.78 nypd.pigz.biz
212.143.175.79 mortal.kombat-zone.net
212.143.175.80 finished.subze.ro
212.143.175.81 omg.wut.tf
212.143.175.82 pwns.the-voip.biz
212.143.175.83 angelic.daemonic.eu
212.143.175.84 double.aturbocharge.net
212.143.175.85 surfs.live-sexxxy-cams.com
212.143.175.86 pimpin.wh0res.biz
212.143.175.87 hack.mypc4free.com
212.143.175.88 lesbian.meeting-zone.net
212.143.175.89 z.3plans.biz
212.143.175.90 state.police.to
212.143.175.91 preteens.scre.am
212.143.175.92 gangbang.frenzy.name
212.143.175.93 dhcp175-143-212.shells.tc
212.143.175.94 bash.shells.tc
212.143.175.95 flying.pigz.biz
212.143.175.96 global.kombat-zone.com
212.143.175.97 eggable.shellaccount.vg
212.143.175.98 lesbian.sexparadise.nl
212.143.175.99 atomic.banan.as
212.143.175.100 crack.wh0res.biz
212.143.175.101 deranged.wh0res.biz
212.143.175.102 porking.pigz.biz
212.143.175.103 got.DUI.legalized.net
212.143.175.104 must.buywarez.net
212.143.175.105 downloads.backups2go.com
212.143.175.106 dev.daemonic.biz
212.143.175.107 lucid.dreamnovia.net
212.143.175.108 kill.frenzy.bz
212.143.175.109 admin.frenzyhost.com
212.143.175.110 pwns.y0u.to
212.143.175.111 frenzy.shellaccount.ms
212.143.175.112 plays.backgammon4free.com
212.143.175.113 drink.or.do.or.ro
212.143.175.114 sweaty.ballz.bz
212.143.175.115 hydra.centa.or.ro
212.143.175.116 puffs.co.co.ro
212.143.175.117 auto.mot.or.ro
212.143.175.118 corrupted.gov.co.ro
212.143.175.119 preteen.virgi.ne.ro
212.143.175.120 neocon.rasi.st
212.143.175.121 vibrating.bana.ne.ro
212.143.175.122 high.core.co.ro
212.143.175.123 masters.of.delusion.co.ro
212.143.175.124 vista.exploit.ne.ro
212.143.175.125 lost.na.sa.ro
212.143.175.126 co.ma.sa.ro
212.143.175.127 li.ra.sa.ro
212.143.175.128 rocketpocket.vibrat.or.ro
212.143.175.129 gone.banan.as
212.143.175.130 dot.slash.dotshells.com
212.143.175.131 plur.pula.ne.ro
212.143.175.132 bz2.zb.or.ro
212.143.175.133 fear.frenzyfx.us
212.143.175.134 wallop.b-i-t-c-h-x.com
212.143.175.135 dio.ciordit.or.ro
212.143.175.136 crystal.co.co.ro
212.143.175.137 eye.cusut.or.ro
212.143.175.138 quioa.iubirea.sa.ro
212.143.175.139 blue.ballz.bz
212.143.175.140 lsd.delusion.co.ro
212.143.175.141 just.do.or.ro
212.143.175.142 lotto.mot.or.ro
212.143.175.143 aryan.rasi.st
212.143.175.144 pimpin.virgi.ne.ro
212.143.175.145 exploding.vibrat.or.ro
212.143.175.146 fifty.centa.or.ro
212.143.175.147 psychotic.richdads.net
212.143.175.148 rat.zb.or.ro
212.143.175.149 auro.ra.sa.ro
212.143.175.150 vagi.na.sa.ro
212.143.175.151 enig.ma.sa.ro
212.143.175.152 low.core.co.ro
212.143.175.153 tcpip.exploit.ne.ro
212.143.175.154 rouge.gov.co.ro
212.143.175.155 co.pula.ne.ro
212.143.175.156 ghey.muthafuqer.net
212.143.175.157 ra.pi.ne.ro
212.143.175.158 mar.mot.or.co
212.143.175.159 spammers.are.co0ol.net
212.143.175.160 uncut.cusut.or.ro
212.143.175.161 vortex.frenzy.in
212.143.175.162 paradigm.frenzy.in
212.143.175.163 freebsd.frenzy.in
212.143.175.164 linux.frenzy.in
212.143.175.165 ddos.frenzy.in
212.143.175.166 packeting.frenzy.in
212.143.175.167 fucking.frenzy.in
212.143.175.168 fear.frenzy.in
212.143.175.169 bgp.frenzy.in
212.143.175.170 pimping.frenzy.in
212.143.175.171 warbot.frenzy.in
212.143.175.172 openbsd.frenzy.in
212.143.175.173 root.shells.ms
212.143.175.174 linux.shells.ms
212.143.175.176 psybnc.shells.ms
212.143.175.177 eggdrop.shells.ms
212.143.175.178 vpn.shells.ms
212.143.175.179 secured.shells.ms
212.143.175.180 encrypted.shells.ms
212.143.175.181 ssh.shells.ms
212.143.175.182 bash.shells.ms
212.143.175.183 csh.shells.ms
212.143.175.184 x.shells.ms
212.143.175.185 gps.shellaccount.mobi
212.143.175.186 wifi.shellaccount.mobi
212.143.175.187 wap.shellaccount.mobi
212.143.175.188 bluetooth.shellaccount.mobi
212.143.175.189 fear.daemonic.mobi
212.143.175.190 frag.frenzy.vc
212.143.175.191 frenzy.shells.ms
212.143.175.192 ircd.shellaccount.mobi
212.143.175.193 vps.shellaccount.mobi
212.143.175.194 noc.shellaccount.mobi
212.143.175.195 ipv4.shellaccount.mobi
212.143.175.196 ipv6.shellaccount.mobi
212.143.175.197 stable.shells.tc
212.143.175.198 rewt.shells.tc
212.143.175.199 xeon.shells.tc 
212.143.175.200 matrix.shells.tc
212.143.175.201 outcast.shells.tc
212.143.175.202 prism.shells.tc
212.143.175.204 bad.dogz.co.il
 
 

Theirs an iframe link
Code: [Select]
iframe src="http://searchportal.information.com/?a_id=48873&domainname=referer_detect" frameborder="0" height="600" scrolling="auto" width="100%"
In all their are 189 IP/hostname combinations.

Google has produced the following sites of intrest. Looks like its a dos tool

http://64.233.183.104/search?q=cache:r74LNu8JZHIJ:packetstormsecurity.org/0008-exploits/daemonic.c+%22DAEMONIC%22&hl=en&ct=clnk&cd=8&gl=uk

http://daemonic.sourceforge.net/
Malware analysised using clarified analyzer to record and document how malware behaves in a networking environment