Remote Host Port Number 208.115.198.37 6668 NICK [NEW][USA]65327 USER [NEW][USA]65327 [NEW][USA]65327 [NEW][USA]65327 [NEW][USA]65327 JOIN #dream hosting infos: http://whois.domaintools.com/208.115.198.37
rtrforums.com(P2P-Worm.Win32.BlackControl hosted in Germany Frankfurt Netdirect)
Also iStealer,Blackshades Bot,Fake Facebook message hosted inside exe file: http://2ca25ee4.whackyvidz.com hosting infos: http://whois.domaintools.com/188.72.205.35
45mb malware samples
45 malware samples in this package have fun reversing Download: http://0b0b84f6.tubeviral.com
70.34.196.90(ngrBot hosted in United States Hollywood Exclusive Proxy Llc)
Remote Host Port Number 199.15.234.7 80 70.34.196.90 1888 PASS strike NICK n{US|XPa}vihzehv USER vihzehv 0 0 :vihzehv JOIN #asdf strike JOIN #XP JOIN #US hosting infos: http://whois.domaintools.com/70.34.196.90
nooip.no-ip.org (rat hosted in United States Gigenet)
Resolved : [nooip.no-ip.org] To [69.65.19.116] Resolved : [nooip.no-ip.org] To [69.65.19.117] – TCP Connection Attempts: 69.65.19.116:81 69.65.19.117:81 exe file: http://b809236e.whackyvidz.com hosting infos: http://whois.domaintools.com/69.65.19.116
82.114.82.60(linux bots hosted in Serbia Kujtesa Net Sh.p.k)
var $config = array(“server”=>”82.114.82.60”, “port”=>”5454”, “pass”=>””, “prefix”=>”chk-“, “maxrand”=>”4”, “chan”=>”#fuck”, “chan2″=>”#fuck”, “key”=>”ok”, “modes”=>”+p”, “password”=>”ok”, “trigger”=>”.”, “hostauth”=>”*” hosting infos: http://whois.domaintools.com/82.114.82.60
174.127.115.9(linuxbots hosted in United States Providence Hosting Services Inc)
var $config = array(“server”=>”174.127.115.9”, “port”=>”2525”, “pass”=>””, “prefix”=>”RR|”, “maxrand”=>”8”, “chan”=>”#RR”, “chan2″=>””, “key”=>””, “modes”=>”+p”, “password”=>”pass”, “trigger”=>”.”, “hostauth”=>”*” Now talking in #RR Topic On: [ #RR ] [ 174.36.56.72 Room ! ] Topic By: [ DnsZ ] Modes On: [ #RR ] [ +nts ] hosting infos: http://whois.domaintools.com/174.127.115.9
109.68.191.160(ngrBot hosted in Russian Federation Moscow Jsc Tel Company)
Remote Host Port Number 109.68.191.160 1863 PRIVMSG #IrcPeru :[DNS]: Blocked 0 domain(s) – Redirected 40 domain(s) NICK n{US|XPa}civmqel USER civmqel 0 0 :civmqel JOIN #IrcPeru PeruRulz!! JOIN #US PRIVMSG #IrcPeru :[d=”http://magicforkidsparty.com/images/Thumbs.db.exe” s=”159744 bytes”] Updated bot file “C:Documents and SettingsUserNameApplication DataQcxaxq.exe” – Download retries: 0 174.120.234.158 80 199.15.234.7 80 200.63.96.41 80 PRIVMSG #IrcPeru :[DNS]: Blocked 0Read more...
119.59.99.235(ngrBot hosted in Thailand Bangkok 453 Ladplacout Jorakhaebua)
Remote Host Port Number 119.59.99.235 1234 PASS priv9 199.15.234.7 80 NICK n{US|XP}xqtebyy USER xqtebyy 0 0 :xqtebyy JOIN #ngr HELO Now talking in #ngr Topic On: [ #ngr ] [ .stop right there ] Topic By: [ bob ] * Home.Town sets mode: +o ru (ru) .udp 82.8.195.242 8080 120 (ru) .udp 82.8.195.242 8080 120Read more...
cyba.sytes.net(irc botnet hosted in Seychelles Ideal Solution Ltd)
Resolved : [cyba.sytes.net] To [193.107.16.150] Remote Host Port Number 193.107.16.150 20 NICK NEW[XX][XP]6615537921 USER 6615 “” “TsGh” :6615 MODE NEW[XX][XP]6615537921 JOIN #yup JOIN #ys PONG :irc.kittynet.com Remote Host Port Number 193.107.16.47 20 96.9.162.23 80 NICK NEW[XX][XP]4288113806 JOIN #galla PRIVMSG #galla :Down & Exc…OK PONG :irc.kittynet.com USER 4288 “” “TsGh” :4288 MODE NEW[XX][XP]4288113806 JOIN #ys PRIVMSGRead more...