Another package with diferent malwares like fake antiviruses banking trojans etc Download: http://85a5a935.goneviral.com
jkconstrutora1.com.br(spyeye hosted in Brazil Sao Paulo Comite Gestor Da Internet No Brasil)
Remote Host Port Number 187.17.96.104 80 The data identified by the following URLs was then requested from the remote web server: http://jkconstrutora1.com.br/hjyyy/b1.png http://jkconstrutora1.com.br/hjyyy/b2.png http://jkconstrutora1.com.br/bala/Funcoes.php http://jkconstrutora1.com.br/hjyyy/b3.png http://jkconstrutora1.com.br/hjyyy/b4.png exe file http://890019c0.linkbucks.com infos about hosting http://whois.domaintools.com/187.17.96.104
216.246.15.205(botnet hosted in United States Chicago Hostforweb Inc)
Remote Host Port Number 204.0.5.41 80 216.178.38.224 80 63.135.80.46 80 216.246.15.205 1866 PASS xxx NICK NEW-[USA|00|P|27138] USER XP-4150 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|27138] -ix JOIN #!high! test PONG 22 MOTD infos about hosting: http://whois.domaintools.com/216.246.15.205
maffiaxl.nl(linux bots hosted in Netherlands Amsterdam Interambition.com B.vo
var $config = array(“server”=>”donville.nl”, “port”=>”6667”, “pass”=>””, “prefix”=>”botnet”, “maxrand”=>”8”, “chan”=>”#vendas”, “chan2″=>”#”, “key”=>”1”, “modes”=>”+p”, “password”=>”tibia”, “trigger”=>”.”, “hostauth”=>”*” / * Now talking in #vendas * [I]botnet06877175 (botnet4151471@Donville-40bc2c45.fyi.net) has joined #vendas * [I]botnet71459373 (botnet6754926@Donville-40bc2c45.fyi.net) has joined #vendas * [I]botnet26055411 (botnet7636246@fa912d.7ff894.125b3c.c32e93) has joined #vendas * [I]botnet50285451 (botnet1535464@fa912d.7ff894.125b3c.c32e93) has joined #vendas * [A]botnet98885167 (botnet6937716@58734c.4409b5.d85eb7.b503c1) has joined #vendas * [A]botnet71165626 (botnet6786395@58734c.4409b5.d85eb7.b503c1) hasRead more...
122.155.8.127(linux bots hosted in Thailand Bangkok Cat Telecom Data Comm. Dept Idc Office)
var $config = array(“server”=>”122.155.8.127”, “port”=>”3306”, “pass”=>””, “prefix”=>”[c4]”, “maxrand”=>”4”, “chan”=>”#mathzor”, “chan2″=>””, “key”=>”puto”, “modes”=>”+p”, “password”=>”math”, “trigger”=>”.”, “hostauth”=>”*” // * for any hostname (remember: /setvhost pucorp.org) Current local users: 4 Max: 410 Current global users: 4 Max: 410 * piratox (~piratox@46.102.241.XX) has joined #nogrod .user lol321 .info .udpflood 127.0.0.1 1 1 [ UdpFlood Started! ] [ UdpFlood Started!Read more...
184.106.189.63(linux bots hosted in United States San Antonio Slicehost)
var $config = array(“server”=>”184.106.189.63”, “port”=>”6667”, “pass”=>”manis”, “prefix”=>”virgin|”, “maxrand”=>”5”, “chan”=>”#indoflas”, “chan2″=>”#invio”, “key”=>”nademkra”, “modes”=>”+q”, “password”=>”manis”, “trigger”=>”.”, “hostauth”=>”n.G.G.r.E.m.e.T” // * for any hostname (remember: /setvhost n.G.G.r.E.m.e.T ) infos about hosting: http://whois.domaintools.com/184.106.189.63
ke3.no-ip.org(american rat user from United States Carol Stream AT&T Internet Services)
ke3.no-ip.org 99.135.162.93 Outgoing connection to remote server: ke3.no-ip.org TCP port 4444 Outgoing connection to remote server: 192.168.1.50 TCP port 4444 Outgoing connection to remote server: ke3.no-ip.org TCP port 4444 exe file http://www.multiupload.com/4HDYGAW831 infos about hecker http://whois.domaintools.com/99.135.162.93
big.servegame.com(english rat user from United Kingdom London Holborn Reginal Dynamic)
big.servegame.com 78.105.52.147 Outgoing connection to remote server: big.servegame.com TCP port 81 exe file http://www.multiupload.com/P46MV7F3RU infos about hosting: http://whois.domaintools.com/78.105.52.147
supercarsinfo.net(malware hosted in Russian Federation Antarktida-plus Llc)
supercarsinfo.net Download URLs http://0.0.0.0/l_distrib/knock_test_start.php?ver=1.25&sid=2900468492924 (0.0.0.0) http://0.0.0.0/l_distrib/knock_test_start.php?type=2&step=1&err=®_ver=1%2E25&ver=1%2E25&sid=2900468492924 (0.0.0.0) Outgoing connection to remote server: 0.0.0.0 TCP port 80 Outgoing connection to remote server: 0.0.0.0 TCP port 80DNS Lookup Host Name IP Address drivers-z2012.com 91.220.62.53 free-pac.net 91.220.62.53 r-golos.ru 91.220.62.53 vn-66.ru 91.220.62.53 Download URLs http://91.220.62.53/distrib_serv/ip_list.php (drivers-z2012.com) http://91.220.62.53/distrib_serv/ip_list.php (drivers-z2012.com) http://91.220.62.53/distrib_serv/ip_list.php (drivers-z2012.com) Outgoing connection to remote server: drivers-z2012.com TCP port 80Read more...
sexy.myftp.biz(german hecker using rat Germany Oldenburg Kabel-deutschland-customer-services)
sexy.myftp.biz 91.66.24.39 œ Outgoing connection to remote server: sexy.myftp.biz port 81 Outgoing connection to remote server: sexy.myftp.biz port 81 Outgoing connection to remote server: sexy.myftp.biz TCP port 81 Outgoing connection to remote server: sexy.myftp.biz port 81 exe file: http://www.multiupload.com/0WATGPO3D1 infos about hecker: http://whois.domaintools.com/91.66.24.39