Category: Uncategorized

d0x.me(botnet hosted in United States Crystal River Ispsystem At Nac)

Uncategorized

Remote Host Port Number 82.146.51.22 1338 PONG :BEBD508C NICK qvdzl JOIN #foxes USER oivWsEmBCEZmpoAn0d2mosEhevNqtbdYEaV7QsQFjlGN8ZB * * :Q5RyK NICK GUqSpR66 PONG :7B532196 USER pyN4tVLUw705CTxc2BAJuV * * :d3WvenjZK9mrMR1P Registry Modifications * The newly created Registry Value is: o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun] + System = “C:Ppbn.exe” so that pbn.exe runs every time Windows starts Memory Modifications * There was aRead more...

204.15.252.199.icertified.net(botnet hosted in United States Henderson Trashy Media)

Uncategorized

keshmoney.biz api.wipmania.com usakesh.biz heytherebitch.com these dns come from ngrbot exe to Remote Host Port Number 204.15.252.199 4042 NICK new[USA|XP|COMPUTERNAME]nrrkpsz USER hh “” “lol” :hh JOIN #chronic PONG 422 NICK new[USA|XP|COMPUTERNAME]hpfclbk USER y0 “” “lol” :y0 JOIN #usakesh PONG 422 UPDATE: PRIVMSG #boss :[HTTP]: Updated HTTP spread message to “haha, facebook photos? :p http://tinyurl.com/Pic-15-04-2011” JOIN #USRead more...

irc.chattir.com(botnet hosted in United States Fullerton Staminus Communications)

Uncategorized

Remote Host Port Number 178.63.104.185 6667 72.20.56.35 6667 NICK ASLican USER acelya13 “SohbetCeLL” “178.63.104.185” :petek JOIN #Dos BoTisTaN MODE Babygirl_izmir +i MODE #Dos PRIVMSG #Dos :”CACA EHZEHBUGKERK, JA’DOF” R’AK JADL PRIVMSG #Dos :Coded By : tr0j3n PRIVMSG #Dos :Mode : mIRC USER isil “SohbetCeLL” “178.63.104.185” :^Perikizi^ MODE ASLican +i PRIVMSG #Dos : unning kca.exe NICKRead more...

178.63.104.185 (botnet hosted in Germany Hetzner Online Ag)

Uncategorized

Remote Host Port Number 178.63.104.185 6667 NICK meral USER Bahar-ankara “SohbetCeLL” “178.63.104.185” :Begum23 JOIN #Dos BoTisTaN MODE meral +i MODE #Dos PRIVMSG #Dos :”CACA EHZEHBUGKERK, JA’DOF” R’AK JADL (tr0j3n) !q kapat (tr0j3n) !identclone kapat (tr0j3n) !identclone kapat Other details * The following ports were open in the system: Port Protocol Process 1053 TCP KCA.exe (%Windir%systemKCA.exe)Read more...

zg-17-12-a8.bta.net.cn(botnet hosted in China Beijing China Unicom Beijing Province Network)

Uncategorized

Remote Host Port Number 202.108.17.12 5321 NICK n[USA][XP]966956 USER 7014 “” “lol” :7014 JOIN #faggotfuck PONG 422 Now talking in #faggotfuck Topic On: [ #faggotfuck ] [] Topic By: [ jsidfojdsiof ] Registry Modifications * The following Registry Keys were created: o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServicesOnce o HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun o HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce o HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunServices o HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunServicesOnce o HKEY_CURRENT_USERSoftwareMicrosoftWindowsRead more...

94.194.248.17(botnet hosted in United Kingdom Burnley Bolton Residential Dynamic)

Uncategorized

Remote Host Port Number 94.194.248.17 4562 PASS zeroblinder NICK [NWO]_91339 USER utwalu 0 0 :[NWO]_91339 USERHOST [NWO]_91339 MODE [NWO]_91339 -x+B JOIN #skyv-network zeroblinder PRIVMSG #skyv-network :[SCAN]: Failed to start scan, port is invalid. Other details * The following ports were open in the system: Port Protocol Process 113 TCP nyjxif.exe (%System%nyjxif.exe) 1052 TCP nyjxif.exe (%System%nyjxif.exe)Read more...

picard.ebdgroup.com(botnet hosted in Germany Hetzner Online Ag)

Uncategorized

Remote Host Port Number 64.62.181.43 80 69.89.31.75 80 78.46.81.231 1866 NICK n[USA|XP|COMPUTERNAME]splmgpb USER hh “” “lol” :hh JOIN #!h! PONG 422 * The data identified by the following URLs was then requested from the remote web server: o http://64.62.181.43/dehe16/sysnt32.exe o http://kissfendi.com/wp-content/uploads/karissa.jpg Registry Modifications * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion] + Start PageRead more...

al0r.net(botnet hosted in Germany Hetzner Online Ag)

Uncategorized

Remote Host Port Number 178.63.104.143 6667 NICK XP-97862026 USER 65162170 “” “sohbet.az” :00693017 JOIN #Dos! MODE #Dos! USER 78139397 “” “sohbet.az” :35822378 NICK XP-42563252 USER 29409822 “” “sohbet.az” :93325375 NICK XP-18370044 Now talking in #Dos! Topic On: [ #Dos! ] [ .open http://www.google.com.tr/url?sa=t&source=web&cd=12&ved=0CG4QFjAL&url=http%3A%2F%2Fwww.onlinediziizleme.com%2F&rct=j&q=online%20dizi%20izle&ei=ddUcTYKfKsnCswarsIn6DA&usg=AFQjCNHLc6A8OMCjWpeOhCyWwAUBIQj4Og&cad=rja ] Topic By: [ Drox ] Modes On: [ #Dos! ] [Read more...

irc.mafia-mexicana.org.mx(botnet hosted in Viet Nam Ip Range For Xdsl Iptv Fixed Phone Service At Hcmc)

Uncategorized

Remote Host Port Number 118.69.220.81 6667 NICK MP3-MD-l[8236]l NICK MP3-MD-l[8236]l 2 NICK MP3-MD-l[8236]l 3 NICK MP3-MD-l[8236]l 4 NICK MP3-MD-l[8236]l 5 PING irc.mafia-mexicana.org.mx NICK MP3-MD-l[8236]l 6 USER MM 32 . ::: Mafia-Mexicana :: MODE MP3-MD-l[8236]l +ipx NICK MP3-MD-l[8236]l 0 NICK MP3-MD-l[8236]l 1 Registry Modifications * The following Registry Keys were created: o HKEY_LOCAL_MACHINESOFTWARECygnus Solutions o HKEY_LOCAL_MACHINESOFTWARECygnusRead more...