Remote Host Port Number 178.239.57.79 6567 PASS s1m0n3t4 MODE [SI|USA|00|P|63543] -ix JOIN #tir# c1rc0dusoleil PONG Apple2.Network NICK [SI|USA|00|P|63543] USER XP-8770 * 0 :COMPUTERNAME infos about hosting: http://whois.domaintools.com/178.239.57.79
74.117.174.4(botnet hosted in United States Seattle Kwshells Internet Services)
Remote Host Port Number 74.117.174.4 22322 NICK Zcbgmzubhzg USER pqbmeyzqwu “” “oul” :pqbmeyzqwu JOIN #darkwar w4r PONG :irc.mp48net.com infos about hosting: http://whois.domaintools.com/74.117.174.4
ddddddd.drwhox.com(botnet hosted in China Harbin China Unicom Heilongjiang Province Network)
dddddd.drwhox.com 221.206.88.193 ddddddddddddddddd.idolmovies.com dd.furioshizzle.info 221.206.88.193 ddd.paintballlingco.net ddddddd.drwhox.com 221.206.88.193 Outgoing connection to remote server: dddddd.drwhox.com TCP port 5900 Outgoing connection to remote server: dddddd.drwhox.com TCP port 33333 Outgoing connection to remote server: dddddd.drwhox.com TCP port 3333 Outgoing connection to remote server: dddddd.drwhox.com TCP port 5900 PRIVMSG #d3 :Done.. PRIVMSG #d4 :Err0r.. NICK VirUs-pgnrpl USER VirUs “”Read more...
one.123back.com(botnet hosted in Lithuania Webhosting Collocation Services)
Remote Host Port Number 77.79.7.233 7000 NICK XP|tlzl0l PONG :HTTP.chat.strong.com USER laMer “” “one.123back.com” : You Think i aughty USERHOST XP|tlzl0l MODE #Chats MODE XP|tlzl0l +B MODE XP|tlzl0l +i JOIN #ksa1# kay MODE #ksa1# UPDATE: Remote Host Port Number 77.79.7.233 6667 NICK [XP-7465485] NOTICE [XP-7465485] : PING 1302439724 PRIVMSG [XP-7465485] : PING 1302439754 NICK [XP-7352845]Read more...
1sk.no-ip.info(rat user hosted in United States Western Springs Comcast Cable Communications)
1sk.no-ip.info 24.14.128.117 Outgoing connection to remote server: 1sk.no-ip.info TCP port 5000 exe file: http://0bf6bcc6.theseblogs.com infos about hosting: http://whois.domaintools.com/24.14.128.117
11mb exe samples
11mb exe samples from diferent malwares Download: http://16486133.megaline.co
75.102.22.40(botnet hosted in United States Chicago Hostforweb Inc)
Remote Host Port Number 213.251.170.52 80 75.102.22.40 1866 PASS ngrBot NICK n{US|XPa}yaqhqnb USER yaqhqnb 0 0 :yaqhqnb JOIN #!hot! ngrBot PRIVMSG #!hot! :[HTTP]: Updated HTTP spread interval to “6” PRIVMSG #!hot! :[MSN]: Updated MSN spread interval to “6” PRIVMSG #!hot! :[HTTP]: Updated HTTP spread message to “check this picture out 😛 http://apps.facebook.com/profilespage/photo.php?=340495902102” infos about hosting:Read more...
190.255.36.202(linux bots hosted in Colombia Colombia Telecomunicaciones S.a. Esp)
var $config = array(“server”=>”190.255.36.202”, “port”=>”7000”, “pass”=>””, “prefix”=>”vnc|”, “maxrand”=>”5”, “chan”=>”#vncpriv8”, “chan2″=>”#vnca”, “key”=>”vnc”, “modes”=>”+p”, “password”=>”vnc2011”, “trigger”=>”.”, “hostauth”=>”*” // infos about hosting: http://whois.domaintools.com/190.255.36.202
119.188.7.169(linux bots hosted in China Jinan China Unicom Shandong Province Network)
my $fakeproc = “/usr/sbin/httpd”; my $ircserver = “119.188.7.169”; my $ircport = “6667”; my $nickname = “scaner”; my $ident = “BoT”; my $channel = “#Love”; my $admin = “Mr_Love”; my $fullname = ” 6== 14R 6= 15i 6= 0p 6= 0p 6= 15e 6= 14R 6== “; more here: http://fikretibrahimi.d1s.org/osco.txt?? infos about hosting: http://whois.domaintools.com/119.188.7.169
208.67.252.171(botnet hosted in United States Lewisville Top Inc)
Remote Host Port Number 174.37.200.82 80 204.0.5.41 80 63.135.80.224 80 63.135.80.46 80 66.220.147.33 80 208.67.252.171 1234 PASS xxx JOIN #!nn! test MODE NEW-[USA|00|P|96374] -ix PONG 22 MOTD NICK NEW-[USA|00|P|96374] USER XP-3818 * 0 :COMPUTERNAME infos about hosting: http://whois.domaintools.com/208.67.252.171