Remote Host Port Number 189.236.84.161 6567 PASS hell16 199.15.234.7 80 NICK n{US|XPa}uoauybk USER uoauybk 0 0 :uoauybk PONG :D9F0B22F JOIN #cont ngrBot PRIVMSG #cont :[DNS]: Redirecting “www.bancofrances.com.ar” to “computo164.laweb.es” hosting infos: http://whois.domaintools.com/189.236.84.161
121.12.125.173(ngrBot hosted in China Shenzhen Shenzhenshiluohuquhepingluyifengguangchangczuo32h)
Remote Host Port Number 121.12.125.173 3800 PASS hax0r 199.15.234.7 80 70.38.98.238 80 channel #ng ng00 PRIVMSG #ng :[DNS]: Blocked 1258 domain(s) – Redirected 0 domain(s) hosting infos: http://whois.domaintools.com/121.12.125.173
irc.putyourpenis.in(irc botnet hosted in France Ovh Systems)
irc.putyourpenis.in DNS_TYPE_A 178.33.80.207 178.33.80.207:6667 Nick: {AUT-XP-7625} Username: 4998 Joined Channel: #lobby hosting infos: http://whois.domaintools.com/178.33.80.207
46.105.241.157(ngrBot hosted in United Kingdom Ovh Systems)
Remote Host Port Number 199.15.234.7 80 46.105.241.157 6999 PASS tomufg NICK n{US|XPa}jzurjwg USER jzurjwg 0 0 :jzurjwg JOIN #spr ngrBot hosting infos: http://whois.domaintools.com/46.105.241.157
g0ds.no-ip.biz(usa hecker from United States Tucson Qwest Communications Company Llc)
g0ds.no-ip.biz DNS_TYPE_A 71.210.115.55 71.210.115.55:3086 Data sent: 2a5c 534e 4557 2a2f 327c 7c2a 7c7c 4d51 *SNEW*/2||*||MQ 3d3d 7c7c 2a7c 7c51 5651 3d7c 7c2a 7c7c ==||*||QVQ=||*|| 4e43 3479 7c7c 2a7c 7c57 4641 6765 4467 NC4y||*||WFAgeDg 327c 7c2a 7c7c 5157 5274 6157 3570 6333 2||*||QWRtaW5pc3 5279 5958 5276 6367 3d3d 7c7c 2a7c 7c51 RyYXRvcg==||*||Q 5656 5553 4578 5051Read more...
212.7.214.59(http malware hosted in Netherlands Dediserv Dedicated Servers Sp. Z O.o)
This malware take commands from web interface here:http://212.7.214.59/web/getcommand.php u can list files here: http://212.7.214.59/web/ The data identified by the following URLs was then requested from the remote web server: http://212.7.214.59/web/getcommand.php?getcmd=1 http://212.7.214.59/web/report.php?p=26319&n=1 exe file here: http://adf.ly/38d3H
69.65.19.116(irc botnet hosted in United States Gigenet)
Remote Host Port Number 69.65.19.116 8888 NICK dsvjrs USER bwwfp “” “lol” :bwwfp hosting infos: http://whois.domaintools.com/69.65.19.116
212.7.214.129(ngrBot hosted in Netherlands Dediserv Dedicated Servers Sp. Z O.o)
Remote Host Port Number 199.15.234.7 80 83.233.33.6 80 212.7.214.129 1866 PASS ngrBot PRIVMSG #!hot! :[DNS]: Blocked 1310 domain(s) – Redirected 0 domain(s) NICK n{US|XPa}qtivayn USER qtivayn 0 0 :qtivayn JOIN #!hot! ngrBot PRIVMSG #!hot! :[HTTP]: Updated HTTP spread interval to “3” PRIVMSG #!hot! :[MSN]: Updated MSN spread interval to “2” PRIVMSG #!hot! :[HTTP]: Updated HTTPRead more...
219.67.121.174(irc botnet hosted in Japan Tokyo Open Data Network(japan Telecom Co. Ltd.))
Remote Host Port Number 174.121.14.164 80 174.123.175.227 80 174.36.56.185 80 195.210.28.38 80 195.250.147.177 80 209.17.73.32 80 209.17.74.144 80 216.137.43.176 80 216.137.43.215 80 216.137.43.83 80 219.67.121.174 4244 PASS google_cache2.tmp NICK new[iRooT-XP-USA]175415 USER 8307 “” “TsGh” :8307 PRIVMSG #!N!# :http://marijana1x2.bloger.hr Has Been Visited! JOIN #!N!# WTF PRIVMSG #!N!# :http://kajmak1.bloger.hr Has Been Visited! exe file: http://iphone-start.org/FaceSexy.exe hosting infos:Read more...
batebate.info(50k ngrBot hosted in United States Herndon Road Runner Holdco Llc)
Domains used to control bots: bonusrata.info 67.228.81.181 serverdns091.info 64.31.42.106 batebate.info 74.62.155.1 Remote Host Port Number 199.15.234.7 80 74.62.152.164 6969 PASS s3cr3t 68.178.232.100 6161 PASS s3cr3t Remote Host Port Number 199.15.234.7 80 94.231.108.37 80 74.62.155.136 6969 PASS ngrBot 67.228.81.181 6969 PASS ngrBot 64.31.42.106 6969 PASS ngrBot NICK n{US|XPa}wpypkul USER wpypkul 0 0 :wpypkul JOIN #nava s3cr3tRead more...