Remote Host Port Number 64.62.181.43 80 72.20.30.22 6667 PASS Virus NICK VirUs-cmsfogxb USER VirUs “” “gdz” : 8Coded 8Ahmed.Ramzey@Hotmail.Com.. JOIN #OgarD# Virus PONG :TESTING.STUFF.HERE infos about hosting: http://whois.domaintools.com/72.20.30.22
z3k4nt2.cdmon.org(irc botnet hosted in United States Phoenix Ipower Inc)
Remote Host Port Number 184.73.170.26 80 72.22.88.171 6464 NICK {XPUSA564335} PRIVMSG #canal3 :.::[Update]::. File download: 172.0KB to: C:DOCUME~1UserNameLOCALS~1Temperaseme_01435.exe @ 172.0KB/sec. QUIT Brb, Updating to new Binary. NICK {XPUSA75801} USER COMPUTERNAME * 0 :COMPUTERNAME MODE {XPUSA75801} -ix JOIN #canal4 MODE #canal4 -ix MODE {XPUSA564335} -ix JOIN #canal3 MODE #canal3 -ix infos about hosting: http://whois.domaintools.com/72.22.88.171
188.165.191.17(irc botnet hosted in France Xeon Host)
Remote Host Port Number 188.165.191.17 1234 PASS xxx 204.0.5.41 80 63.135.80.224 80 63.135.80.46 80 69.171.224.11 80 MODE NEW-[USA|00|P|72247] -ix JOIN #!nw! test PONG 22 MOTD NICK NEW-[USA|00|P|72247] USER XP-0778 * 0 :COMPUTERNAME UPDATE: NICK NEW-[USA|00|P|29503] USER XP-0159 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|29503] -ix JOIN #!nn! test PONG 22 MOTD infos about hosting: http://whois.domaintools.com/188.165.191.17
46.17.100.229(irc botnet hosted in Russian Federation Mir Telematiki Ltd)
Remote Host Port Number 46.17.100.229 4443 NICK N[USA|XP][kqrogxv] USER kqro “” “lol” :kqro JOIN #b0ts PONG 422 PRIVMSG #b0ts :[Download]: Succeeded using primary method [WinInet: 231 KB] * The data identified by the following URLs was then requested from the remote web server: o http://quantummechanic.cc/cp/gate_billing.php?guid=UserName!COMPUTERNAME!00CD1A40 o http://quantummechanic.cc/cp/gate.php?guid=UserName!COMPUTERNAME!00CD1A40&ver=10299&stat=ONLINE&ie=6.0.2900.2180&os=5.1.2600&ut=Admin&plg=billinghammer;ccgrabber;creditgrab;webfakes&cpu=100&ccrc=3696A42A&md5=963fc26a9538c289359b7c5bbd597838 o http://zer0day.co.cc/win32.exe infos about hosting: http://whois.domaintools.com/46.17.100.229
91.211.116.169(irc botnet hosted in Ukraine Zharkov Mukola Mukolayovuch)
Remote Host Port Number 91.211.116.169 7777 PASS pissh0nk NICK [NEW][USA]59979 USER [NEW][USA]59979 [NEW][USA]59979 [NEW][USA]59979 [NEW][USA]59979 JOIN #h h4rb0ur infos about hosting: http://whois.domaintools.com/91.211.116.169
77.79.11.239(irc botnet hosted in Lithuania Vilnius Webhosting Collocation Services)
Remote Host Port Number 213.251.170.52 80 77.79.11.239 1234 PASS ngrBot NICK n{US|XPa}enjukze USER enjukze 0 0 :enjukze JOIN #!nigro! ngrBot infos about hosting: http://whois.domaintools.com/77.79.11.239
50.22.127.157(irc botnet hosted in United States Dallas Softlayer Technologies Inc)
Remote Host Port Number 50.22.127.157 1812 PASS none NICK [5973|USA|XP|Z3R0x] USER 5973 “” “lol” :5973 PONG :F20D71F5 JOIN #re0x none USER :whatisthis JOIN #devbot NICK [mBot|COMPUTERNAME|75476] PONG :CC19243C infos about hosting: http://whois.domaintools.com/50.22.127.157
chaos.tano.mobi(irc botnet hosted in United States Ontario Media Temple Inc)
Resolved : [chaos.tano.mobi] To [72.47.197.62] Resolved : [chaos.tano.mobi] To [70.32.80.37] Clients: I have 30 clients and 0 servers Local users: Current Local Users: 30 Max: 34 Global users: Current Global Users: 190 Max: 257 70.32.80.37:6667 Nick: :toyonz Username: apicu Joined Channel: #ZiaD infos about hosting: http://whois.domaintools.com/70.32.80.3
213.155.21.112(irc botnet hosted in Ukraine Carramba – Andrej Valerevich)
Remote Host Port Number 213.155.21.112 1863 PASS ngrBot 213.251.170.52 80 217.175.246.74 80 NICK n{US|XPa}sgbezlv USER sgbezlv 0 0 :sgbezlv JOIN #main 4m3r1k4 QUIT :rebooting infos about hosting: http://whois.domaintools.com/213.155.21.112
46.243.8.215(irc botnet hosted in Cyprus C & C Advanced Online Services Ltd)
Remote Host Port Number 46.243.8.215 1337 NICK new[iRooT-XP-USA]254683 USER 0109 “” “TsGh” :0109 JOIN #slagle96 butcher1 infos about hosting: http://whois.domaintools.com/46.243.8.215