My estimation for this botnet size is 30-50k aproximatly Domains used to control bots: xxlaa.com active Sabukenke.com not active Alufina.com not activ xxlss.com not active xxlcc.com not active Resolved : [xxlaa.com] To [31.186.102.170] C&C Server: 222.187.221.243:7777 PASS laekin0505x Server Password: Username: ynuvlog Nickname: n{DE|XPa}ynuvlog Channel: (Password: ) Channeltopic: C&C Server: 31.186.102.170:7777 PASS laekin0505x Server Password:Read more...
188.138.84.90(ngrBot hosted in Germany Intergenia Ag)
Remote Host Port Number 188.138.84.90 9996 PASS .. 199.15.234.7 80 NICK n{US|XPa}ehftjhj USER ehftjhj 0 0 :ehftjhj PONG :34405528 JOIN #Bots ngrBot PRIVMSG #Bots :[HTTP]: Updated HTTP spread message to “http://www.twom-pc.com” Now talking in #Bots Topic On: [ #Bots ] [ !http.set http://www.twom-pc.com ] Topic By: [ Juicers2 ] Modes On: [ #Bots ] [Read more...
elperro23.net(ngrBot hosted in United States Seattle Dme Hosting Llc)
Domains used to control bots: elperro23.net elperro3.net Resolved : [elperro23.net] To [74.221.210.169] Remote Host Port Number 199.15.234.7 80 217.160.124.219 80 74.221.210.169 5236 PASS ROCKR PRIVMSG #rockspread :[HTTP]: Updated HTTP spread message to “Mira esta postal de amor q me enviaron http://www.anrodphoto.com/entretenimiento.terra.com/postaldeamor esta muy linda :)” PRIVMSG #ROCK :[DNS]: Blocked 0 domain(s) – Redirected 20 domain(s)Read more...
BlackIce Server(http Bot hosted in Germany Gunzenhausen Hetzner Online Ag)
Bot Panel exe file Download Download exe connects here keto.w2c.ru 92.241.169.250 http://92.241.169.250/index.php?action=add&a=7&u=———&l=&p=———&c=DELL-D3E62F7E26 (keto.w2c.ru) hosting infos: http://whois.domaintools.com/92.241.169.250
paradoxnet.ru(SpyEye v1.3 hosted in Ukraine Lugansk Fop Opria Ruslan Dmitrievich)
Now alot of idiots are using spyeye here is the example SpyEye Panels http://sna.paradoxnet.ru/spy/gate.php http://paradoxnet.ru/spy/gate.php SpyEye Directory Back-connect server SpyEye Collector v0.3.9 SpyEye Collector v0.3.9 configuration file SpyEye Collector v0.3.9 sql tables Formgraber panel SpyEye Gate Installer Picture1 Picture2 SpyEye Control Panel u can also have the full SpyEye installer from this panel the problemRead more...
lookshit.info(irc botnet hosted in Netherlands Amsterdam Ecatel Ltd)
Resolved : [lookshit.info] To [80.82.65.96] Remote Host Port Number 80.82.65.96 65485 PASS biology Local users: Current Local Users: 390 Max: 418 Global users: Current Global Users: 390 Max: 418 USER bot 0 * : Merqy[UserName@COMPUTERNAME] NICK [wXP|EN|53124|M] JOIN #Merqy s3xy 89 bots inside JOIN #Merqy.EN s3xy 37 bots inside hosting infos: http://whois.domaintools.com/80.82.65.96
94mb malware samples
This package have alot of irc bots,bankers,spreaders etc Download
208.77.223.114(irc botnet hosted in United States Arlington Texas Pulmonary & Critical Care Consultants Pa )
Remote Host Port Number 208.77.223.114 2345 NICK New[USA|00|P|46702] PRIVMSG #!loco! :[M]: Thread Disabled. PRIVMSG #!loco! :[M]: Thread Activated: Sending Message With Email. USER XP-1537 * 0 :COMPUTERNAME MODE New[USA|00|P|46702] -ix JOIN #!loco! PONG 22 MOTD hosting infos: http://whois.domaintools.com/208.77.223.114
69.64.79.210(irc botnet hosted in United States Codero)
Remote Host Port Number 69.64.79.210 6667 PASS google_cache2.tmp NICK New[custom-XP-USA]763897 USER 7638 “” “TsGh” :7638 PONG :974C3BFC JOIN #icry 9977 PONG :irc.foonet.com hosting infos: http://whois.domaintools.com/69.64.79.210
77.79.13.207(irc botnet hosted in Lithuania Siauliai Splius Uab)
Remote Host Port Number 62.219.11.91 80 72.32.8.40 80 77.79.13.207 1337 PASS aa NOTICE [CAN][XP][66567] :STAYALIVE NICK [CAN][XP][66567] USER Surreal 8 * :Endless JOIN #modz aa hosting infos: http://whois.domaintools.com/77.79.13.207