Server:46.165.209.181:1887 Server:95.211.211.69:1887 Now talking in #pool Topic On: [ #pool ] [ ~pu hxxp://www.sendspace.com/pro/dl/cbl9jc 0dd3c01bdc07bd74c7eb7d76488f7858 -r ] Topic By: [ google ] Modes On: [ #pool ] [ +smntMu ] Traffic – by DNS samples downloaded by this exe www.sendspace.com/pro/dl/cbl9jc fs01n4.sendspace.com/dlpro/c39fbffebf805aebb814397028790f8f/50f839ec/cbl9jc/apocalipss.exe www.sendspace.com/pro/dl/je1b2n fs01n4.sendspace.com/dlpro/65e23174885e70f50c60165a549e2504/50f839f1/je1b2n/afgh.exe www.sendspace.com/pro/dl/qdzubq fs01n4.sendspace.com/dlpro/69390ccaa0039b65a93bd54175c25dba/50f839f5/qdzubq/fdgd.exe www.sendspace.com/pro/dl/xvmvkvfs07n1.sendspace.com/dlpro/145b6e78853ec6d5b05678662487d679/50f974d7/xvmvkv/acuavit.exewww.sendspace.com/pro/dl/fea2gpfs07n2.sendspace.com/dlpro/3adeaf41953e34a07a8d6839d41e0ed3/50f974db/fea2gp/adgf.exewww.sendspace.com/pro/dl/qesvuufs07n5.sendspace.com/dlpro/d0e84ae45337f129391c5db17d00aa2f/50f974df/qesvuu/hkjgf.exe hosting infos: http://whois.domaintools.com/46.165.209.181
musicdisk.net(Zeus hosted in Germany Frankfurt Am Main Intergenia Ag)
Resolved : [musicdisk.net] To [85.25.2.9] Panel:http://www.musicdisk.net/zeus/ config.bin:www.musicdisk.net/zeus/cfg.bin bot.exe:hxxp://www.musicdisk.net/zeus/bot.exe hosting infos: http://whois.domaintools.com/85.25.2.9
tassweq.com(ngrBot hosted in United States West Chester Privatesystems Networks Ca)
There is no sample so i cant post channels u can see if u can find channels your self Resolved : [tassweq.com] To [67.222.19.155] Resolved : [zerx-virus.biz] To [67.222.19.155] Server: tassweq.com:7000 PASS trb123trb NICK ydgchu USER rqqlrc “” “ooq” :rqqlrc UPDATE: Server: zerx-virus.biz :4040 PASS trb123trb Server: tassweq.com :4040 PASS trb123trb 67.222.19.155:4040 Nick: n{US|XPa}radwklw Username:Read more...
animalrights.co.in (Citadel banking malware hosted by MegaHoster.Net)
Resolved animalrights.co.in to 85.25.97.204 Server: animalrights.co.in Gate file: /netwolf/wolf.php Config file: /netwolf/file.php Additional locations of interest: /backup/ /cmd/images/ /cmd/cp.php Hosting infos: http://whois.domaintools.com/85.25.97.204
vg-update.ru (Andromeda http botnet hosted by voxility.net)
Resolved vg-update.ru to 37.221.170.75 Server: vg-update.ru Gate file: /gi8i/hTcP/dy0v/header.php Hosting infos: http://whois.domaintools.com/37.221.170.75
winterprofit.com (Gbot http botnet hosted by metrabyte.co.th)
Resolved winterprofit.com to 119.59.99.200 Server: winterprofit.com Gate file: /exm/getcmd.php The idiot who owns this setup the bot so that it has http:// in the dns request. Good luck getting any bots to connect. Hosting infos: http://whois.domaintools.com/119.59.99.200
gwassnet.com (Andromeda http botnet hosted by voxility.net)
Resolved gwassnet.com to 37.221.170.240 Server: gwassnet.com Gate file: /gwas/Panel/image.php I’m going to guess this is the same guy as the other gwass domain. Also, bitcoin mining info: http://Hung:28787@pool.bitclockers.com:8332 Hosting info: http://whois.domaintools.com/37.221.170.240
216.244.83.194(Zeus variant hosted in United States Hilliard Private Customer)
Unprotected directories: Panel:hxxp://216.244.83.194/bold/z1/ Config Bin:hxxp://216.244.83.194/bold/z1/config.bin Bot:hxxp://216.244.83.194/bold/z1/bot.exe hosting infos: http://whois.domaintools.com/216.244.83.194
qwer.be (Multilocker winlocker hosted by metrabyte.co.th)
Resolved qwer.be to 119.59.99.200 This domain was previously feature hosting YZF. Server: qwer.be Gate file: /lock/lending/tds.php Admin page is as /lock/index.php with credentials admin:admin Hosting infos: http://whois.domaintools.com/119.59.99.200
mystresser.net (Andromeda http botnet hosted by vHostLayer.com)
Resolved mystresser.net to 37.221.163.131 Server: mystresser.net Gate file: /image.php Hosting infos: http://whois.domaintools.com/37.221.163.131