Resolved : [tux.shannen.cc] To [92.242.140.30] tux.shannen.cc 92.243.24.240 0 127.0.0.1 onlinewebdll.com onlinewebdll.com 66.197.218.184 mkm-libya.com mkm-libya.com 41.254.33.54 UDP Connections Remote IP Address: 127.0.0.1 Port: 1034 Send Datagram: 131 packet(s) of size 1 Recv Datagram: 131 packet(s) of size 1 Download URLs http://66.197.218.184/install.48691.exe (onlinewebdll.com) http://41.254.33.54/install.48755.exe (mkm-libya.com) C&C Server: 92.243.24.240:5900 Server Password: Username: VirUs Nickname: {NOVA}[DEU][XP-SP3]715708 JOIN ##Turb0-37## Channel:Read more...
ms.mobilerequests.com(Buterfly Bot very big server)
First domain: Resolved : [ms.mobilerequests.com] To [208.53.131.47] Resolved : [ms.mobilerequests.com] To [212.117.163.35] Resolved : [ms.mobilerequests.com To [89.149.223.140] Resolved : [ms.mobilerequests.com] To [208.53.131.135] Resolved : [ms.mobilerequests.com] To [188.72.230.153] Resolved : [ms.mobilerequests.com] To [208.53.131.50] Resolved : [ms.mobilerequests.com] To [89.149.223.136] Resolved : [ms.mobilerequests.com] To [212.95.32.187] Resolved : [ms.mobilerequests.com] To [188.72.230.154] Resolved : [ms.mobilerequests.com] To [188.72.230.89] Second domain: ResolvedRead more...
updateserver.net(Burimi big hecker)
updateserver.net:81 Nickname: n[USA|XP|HANS]dxxvarn User: n Joins channel: #zib# Now talking in #zib# Topic On: [ #zib# ] [ just abit more l0ve … 😀 ] Topic By: [ abc ] (rdp) .s /99/106/112/81/55/59/40/108/121/110/104/104/111/115/124/45/101/124/105/113/108/121/110/82/87/54/124/117/103/56/105/98/111/119/110/18/49/50/57/15/43/49/46/54/59/116/45/98/102/111/62/105/76/86/ Resolved : [updateserver.net] To [77.68.52.6]
rereportport.com(Fraud malware)
DNS Lookup Host Name IP Address 0 127.0.0.1 rereportport.com rereportport.com 91.217.162.174 UDP Connections Remote IP Address: 127.0.0.1 Port: 1040 Send Datagram: 2 packet(s) of size 1 Recv Datagram: 2 packet(s) of size 1 Download URLs http://91.217.162.174/inst.php?id=skytraf01 (rereportport.com) Outgoing connection to remote server: rereportport.com TCP port 80 Registry Changes by all processes Create or Open ChangesRead more...
delaciudadfm.com.ar(Spy Eye Panel)
http://delaciudadfm.com.ar/components/com_newsfeeds/Main/ Panel another panel here: http://kingstonn.fallensecurity.org/Main/ http://delaciudadfm.com.ar/components/com_newsfeeds/Main/bin/winLog.exe exe file
txxf.info(Passwd Stealer)
DNS Lookup Host Name IP Address 0 127.0.0.1 txxf.info txxf.info 74.126.180.84 UDP Connections Remote IP Address: 127.0.0.1 Port: 1061 Send Datagram: 240 packet(s) of size 1 Recv Datagram: 240 packet(s) of size 1 Download URLs http://74.126.180.84/5.exe (txxf.info) Outgoing connection to remote server: txxf.info TCP port 80 DNS Lookup Host Name IP Address 0 127.0.0.1 txxf.infoRead more...
www.database-upgrade.net(SpyEye Money Stealer Malware)
Panel here : http://92.241.190.128/coder/main/main/ DNS Lookup Host Name IP Address 92.241.190.128 92.241.190.128 www.database-upgrade.net www.database-upgrade.net 92.241.190.128 Download URLs http://92.241.190.128/coder/main/main/gate.php?guid=Administrator!DELL-D3E62F7E26!ACE1A30C&ver=10280&stat=ONLINE&ie=7.0.5730.13&os=5.1.2600&ut=Admin&plg=socks5&cpu=59&ccrc=C29B5CAA&md5=f672ad03ad2c5a83878fa59055edaa98 (92.241.190.128) http://92.241.190.128/coder/main/main/bin/crypted.exe (92.241.190.128) http://92.241.190.128/coder/main/main/gate.php?guid=Administrator!DELL-D3E62F7E26!ACE1A30C&ver=10280&stat=ONLINE&ie=7.0.5730.13&os=5.1.2600&ut=Admin&plg=socks5&cpu=69&ccrc=C29B5CAA&md5=deb097c6dee4df1b6ee1b6874d0bc676 (92.241.190.128) http://92.241.190.128/coder/main/main/bin/upload/crypted.exe (92.241.190.128) Outgoing connection to remote server: 92.241.190.128 TCP port 80 Outgoing connection to remote server: 92.241.190.128 TCP port 80 Outgoing connection to remote server: 92.241.190.128 TCP port 80 Outgoing connection toRead more...
Around 130mb malwares package
inside this package u have diferent types of malwares irc bots,http,worms,rats etc have fun searching for more http://napster.pastebin.com/raw.php?i=5ZGvAfiQ Scan Results http://napster.pastebin.com/raw.php?i=Tysk9Y9P Download Counts http://napster.pastebin.com/raw.php?i=VYrd4EwG Download vs IP http://napster.pastebin.com/raw.php?i=wUVkeYcj SMB connection 445 from 109.105.162.188 http://napster.pastebin.com/raw.php?i=9zJ4Jmyp Download: http://ce1de67d.urlpulse.net 17mb size Download: http://063771f7.thosegalleries.com 110mb size Credits to napster for the bigest package
ush.nerashti.net(Burimi big hecker)
ush.nerashti.net ip: 109.123.108.61 ush.nerashti.net ip: 88.208.209.166 ush.nerashti.net ip: 174.127.127.137 Remote Host Port Number 109.123.108.61 81 NICK n[USA|XP|COMPUTERNAME]pgsnyzk USER n “” “lol” :n JOIN #zib# PONG 422 PONG :hub.not.found Now talking in #zib# Topic On: [ #zib# ] [ msn is dead … :(( ] Topic By: [ abc ] (rdp) .s /99/106/112/81/55/59/40/108/121/110/104/104/111/115/124/45/101/124/105/113/108/121/110/82/87/54/124/117/103/56/105/98/111/119/110/18/49/50/57/15/43/49/46/54/58/116/45/98/102/111/62/105/76/86/ Registry Modifications *Read more...
lkkjlkjlkjlk.zapto.org
DNS Lookup Host Name IP Address lkkjlkjlkjlk.zapto.org 77.10.181.225 Outgoing connection to remote server: lkkjlkjlkjlk.zapto.org TCP port 190 Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerRun “Policies” = [REG_EXPAND_SZ, value: C:Programmeinstallserver.exe] HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun “Policies” = [REG_EXPAND_SZ, value: C:Programmeinstallserver.exe] HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “HKLM” = [REG_EXPAND_SZ, value: C:Programmeinstallserver.exe] HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “HKCU” = [REG_EXPAND_SZ, value: C:Programmeinstallserver.exe] HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{5T3CP8P8-D7S1-4JAV-173D-E7BVK3K17P84} “StubPath” =Read more...