Resolved : [xsi.hi5fotos.info] To [87.255.51.229] Remote Host Port Number xsi.hi5fotos.info 4042 NICK new[USA|XP|COMPUTERNAME]alzhcjt USER fu “” “lol” :fu JOIN #usakesh hosting infos: http://whois.domaintools.com/87.255.51.229
lilyjadev2.com (Malicious browser extension Hosted in the United States by Endicott H4y Technologies Llc)
After posting the latest browser extension malware, I decided to check up on the first posted on the site, Lilyjade. While all of the reported hosts had been shutdown, I located a new one, which claimed to host Lilyjade version 2 Here’s a look at the new version of the Lilyjade malware The first changeRead more...
Feedbuzz.info (Malicious browser extension Hosted in Canada by Sarah Ryan)
Resolved Feedbuzz.info to 184.107.233.186 The extension comes in both firefox and chrome flavors Initial loading comes from a fake youtube page, http://video8244.uni.me The page is loaded from a dropbox account (/u/95827902/), and the extensions are loaded from epicrewards.net Here is the firefox extension source loadScript_you(); function loadScript_you() { if ('https:' == document.location.protocol) return false; varRead more...
space.legendteam.info(irc botnet hosted in Russian Federation Keyweb Ag)
Resolved : [space.legendteam.info] To [95.169.187.66] Remote Host Port Number space.legendteam.info 1234 NICK zax-CD1A-1A40 USER zaxbot “” “” :zaxbot JOIN #zax MODE #zax +l 3 hosting infos: http://whois.domaintools.com/95.169.187.66
d.theimagebook.com(irc botnet hosted in China Nanchang Chinanet Jiangxi Province Network)
Resolved : [d.theimagebook.com] To [117.21.226.243] Remote Host Port Number d.theimagebook.com 7081 PASS eee Nick ljkng ssrr hvorp “” “chc” :hvorp possible channels: PRIVMSG #dpi :Err0r.. Nick n{US|XPa}pgfvioh Channel #ng pass ng00 channel #us hosting infos: http://whois.domaintools.com/117.21.226.243
brutinhoesilkster.servegame.com(Linux bots hosted in United States Dallas Limestone Networks Inc.)
Resolved : [brutinhoesilkster.servegame.com] To [63.143.41.236] var $config = array(“server”=>”brutinhoesilkster.servegame.com”, “port”=>”443”, “pass”=>””, “prefix”=>”[BET][RLZ]”, “maxrand”=>”4”, “chan”=>”#betorlz”, “chan2″=>””, “key”=>””, “modes”=>”+iB-x”, “password”=>”betinho”, “trigger”=>”.”, “hostauth”=>”*” // Clients: I have 297 clients and 0 servers Local users: Current local users: 297 Max: 607 Global users: Current global users: 297 Max: 607 Now talking in #betorlz ([[BET][RLZ]2706) [UdpFlood Finalizado!]: 1687 MB enviadosRead more...
esta4.info(ngr botnet hosted in United States San Jose Serveryou.com – Oow)
Resolved : [esta4.info] To [216.172.132.123] other domain names used from same guy: jer0002.in Resolved : [jer0002.in] To [216.172.132.123] jer0003.in Resolved : [jer0003.in] To [216.172.132.123] ratk01.com Resolved : [ratk01.com] To [216.172.132.123] Remote Host Port Number 199.15.234.7 80 216.172.132.123 1887 PASS powned NICK n{US|XPa}rqrrlpw USER rqrrlpw 0 0 :rqrrlpw JOIN #sbsb powned JOIN #XP JOIN #US NowRead more...
beast.darkogard.com(irc botnet hosted in Germany Frankfurt Am Main Sedo Domain Parking)
Resolved : [beast.darkogard.com] To [82.98.86.167] Remote Host Port Number beast.darkogard.com 5900 PASS Virus Nick VirUs-nhpkkxlz User VirUs Possible channels: JOIN #B2# Virus JOIN #OgarD3# Virus JOIN #Rana1# Virus JOIN ##RedEm-001## redem JOIN #t JOIN #new JOIN #3new# Virus hosting infos: http://whois.domaintools.com/82.98.86.167
85.95.247.26(Wolk-Panel HTTP Bot hosted in Turkey Izmir Inetmar Internet Hizmetleri San. Tic. Ltd. Sti)
Remote Host Port Number 85.95.247.26 80 Panel: http://85.95.247.26/~estacion/Panel/Web-Panel/priv8/ u can download web panel from here:http://85.95.247.26/~estacion/ if the file is removed go to http://www.secret-zone.net/f124/volk-http-botnet-%5B-%5Dpharming-%5Bver-4-0%5D-4212/ to download server source and web panel hosting infos: http://whois.domaintools.com/85.95.247.26
tv.yaerwal.com(irc botnet hosted in China Guiyang China Telecom)
Resolved : [tv.yaerwal.com] To [111.123.180.3] Resolved : [tv.yaerwal.com] To [124.232.146.32] Remote Host Port Number tv.yaerwal.com 3323 PASS eee Nick ntaxmbs ssrr ataihfj “” “ufa” :ataihfj Chanels:#s,#i,#dpi,#ng,#j hosting infos: http://whois.domaintools.com/111.123.180.3