Remote Host Port Number 178.63.104.185 6667 72.20.56.35 6667 NICK ASLican USER acelya13 “SohbetCeLL” “178.63.104.185” :petek JOIN #Dos BoTisTaN MODE Babygirl_izmir +i MODE #Dos PRIVMSG #Dos :”CACA EHZEHBUGKERK, JA’DOF” R’AK JADL PRIVMSG #Dos :Coded By : tr0j3n PRIVMSG #Dos :Mode : mIRC USER isil “SohbetCeLL” “178.63.104.185” :^Perikizi^ MODE ASLican +i PRIVMSG #Dos : unning kca.exe NICKRead more...
178.63.104.185 (botnet hosted in Germany Hetzner Online Ag)
Remote Host Port Number 178.63.104.185 6667 NICK meral USER Bahar-ankara “SohbetCeLL” “178.63.104.185” :Begum23 JOIN #Dos BoTisTaN MODE meral +i MODE #Dos PRIVMSG #Dos :”CACA EHZEHBUGKERK, JA’DOF” R’AK JADL (tr0j3n) !q kapat (tr0j3n) !identclone kapat (tr0j3n) !identclone kapat Other details * The following ports were open in the system: Port Protocol Process 1053 TCP KCA.exe (%Windir%systemKCA.exe)Read more...
zg-17-12-a8.bta.net.cn(botnet hosted in China Beijing China Unicom Beijing Province Network)
Remote Host Port Number 202.108.17.12 5321 NICK n[USA][XP]966956 USER 7014 “” “lol” :7014 JOIN #faggotfuck PONG 422 Now talking in #faggotfuck Topic On: [ #faggotfuck ] [] Topic By: [ jsidfojdsiof ] Registry Modifications * The following Registry Keys were created: o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServicesOnce o HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun o HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce o HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunServices o HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunServicesOnce o HKEY_CURRENT_USERSoftwareMicrosoftWindowsRead more...
94.194.248.17(botnet hosted in United Kingdom Burnley Bolton Residential Dynamic)
Remote Host Port Number 94.194.248.17 4562 PASS zeroblinder NICK [NWO]_91339 USER utwalu 0 0 :[NWO]_91339 USERHOST [NWO]_91339 MODE [NWO]_91339 -x+B JOIN #skyv-network zeroblinder PRIVMSG #skyv-network :[SCAN]: Failed to start scan, port is invalid. Other details * The following ports were open in the system: Port Protocol Process 113 TCP nyjxif.exe (%System%nyjxif.exe) 1052 TCP nyjxif.exe (%System%nyjxif.exe)Read more...
picard.ebdgroup.com(botnet hosted in Germany Hetzner Online Ag)
Remote Host Port Number 64.62.181.43 80 69.89.31.75 80 78.46.81.231 1866 NICK n[USA|XP|COMPUTERNAME]splmgpb USER hh “” “lol” :hh JOIN #!h! PONG 422 * The data identified by the following URLs was then requested from the remote web server: o http://64.62.181.43/dehe16/sysnt32.exe o http://kissfendi.com/wp-content/uploads/karissa.jpg Registry Modifications * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion] + Start PageRead more...
al0r.net(botnet hosted in Germany Hetzner Online Ag)
Remote Host Port Number 178.63.104.143 6667 NICK XP-97862026 USER 65162170 “” “sohbet.az” :00693017 JOIN #Dos! MODE #Dos! USER 78139397 “” “sohbet.az” :35822378 NICK XP-42563252 USER 29409822 “” “sohbet.az” :93325375 NICK XP-18370044 Now talking in #Dos! Topic On: [ #Dos! ] [ .open http://www.google.com.tr/url?sa=t&source=web&cd=12&ved=0CG4QFjAL&url=http%3A%2F%2Fwww.onlinediziizleme.com%2F&rct=j&q=online%20dizi%20izle&ei=ddUcTYKfKsnCswarsIn6DA&usg=AFQjCNHLc6A8OMCjWpeOhCyWwAUBIQj4Og&cad=rja ] Topic By: [ Drox ] Modes On: [ #Dos! ] [Read more...
irc.mafia-mexicana.org.mx(botnet hosted in Viet Nam Ip Range For Xdsl Iptv Fixed Phone Service At Hcmc)
Remote Host Port Number 118.69.220.81 6667 NICK MP3-MD-l[8236]l NICK MP3-MD-l[8236]l 2 NICK MP3-MD-l[8236]l 3 NICK MP3-MD-l[8236]l 4 NICK MP3-MD-l[8236]l 5 PING irc.mafia-mexicana.org.mx NICK MP3-MD-l[8236]l 6 USER MM 32 . ::: Mafia-Mexicana :: MODE MP3-MD-l[8236]l +ipx NICK MP3-MD-l[8236]l 0 NICK MP3-MD-l[8236]l 1 Registry Modifications * The following Registry Keys were created: o HKEY_LOCAL_MACHINESOFTWARECygnus Solutions o HKEY_LOCAL_MACHINESOFTWARECygnusRead more...
penguin.unixbsd.info(Zeus Trojan hosted in PSYCHZ.NET USA)
Remote Host Port Number 208.87.242.18 80 * The data identified by the following URLs was then requested from the remote web server: o http://208.87.242.18/~remngor/files/depp/web/config.bin o http://208.87.242.18/~remngor/files/depp/web/gate.php o http://208.87.242.18/~remngor/files/depp/web/system/ip.php Registry Modifications * The following Registry Keys were created: o HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionExplorer{19127AD2-394B-70F5-C650-B97867BAA1F7} o HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionExplorer{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} o HKEY_USERS.DEFAULTSoftwareMicrosoftProtected Storage System Provider * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsRead more...
mrssimonquispe.enladisco.com(botnet hosted in United States Forney Networld Internet Services)
Remote Host Port Number 206.123.89.191 6567 PASS s1m0n3t4 MODE [SI|USA|00|P|61978] -ix JOIN #iausto# c1rc0dus0leil PONG Coupe2.Network NICK [SI|USA|00|P|61978] USER XP-6042 * 0 :COMPUTERNAME * The following port was open in the system: Port Protocol Process 1053 TCP tanga.exe (%Windir%tanga.exe) Registry Modifications * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + Service ares = “tanga.exe”Read more...
unknown.ord.scnet.net( botnet hosted in United States Chicago Hostforweb Inc)
Remote Host Port Number 64.202.102.234 50500 NICK {New}[USA-1244024-XP] USER 6950797 “” “lol” :6950797 JOIN #LED PONG 422 Topic On: [ #LED ] [ light emitting diode ] Topic By: [ Switch ] Registry Modifications * The newly created Registry Value is: o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun] + rgservs = “%Temp%rgservs.exe” so that rgservs.exe runs every time Windows startsRead more...