Remote Host Port Number 72.20.28.204 6667 PASS google_cache2.tmp NICK Slip[Knot-XP-USA]865300 USER 6216 “” “TsGh” :6216 JOIN #EYE eyecu hosting infos: http://whois.domaintools.com/72.20.28.204
158.38.8.251(irc botnet hosted in Norway Trondheim Uninett)
Remote Host Port Number 158.38.8.251 6667 NICK eprfkw421 USER eprfkw421 localhost irc.quakenet.org: eprfkw421 PONG :3023209735 JOIN #jdsun NICK eehjrp476 USER eehjrp476 localhost irc.quakenet.org: eehjrp476 PONG :2512891925 hosting infos: http://whois.domaintools.com/158.38.8.251
91.121.204.203(ngrBot hosted in France Ovh Systems)
Remote Host Port Number 199.15.234.7 80 83.233.33.6 80 91.121.204.203 4242 PASS secret NICK n{US|XPa}riqmriq USER riqmriq 0 0 :riqmriq PONG :446AE763 JOIN ##m secret PRIVMSG ##m :[DNS]: Blocked 1310 domain(s) – Redirected 0 domain(s) hosting infos: http://whois.domaintools.com/91.121.204.203
189.236.84.161(ngrBot hosted in Mexico Uninet S.a. De C.v)
Remote Host Port Number 189.236.84.161 6567 PASS hell16 199.15.234.7 80 NICK n{US|XPa}uoauybk USER uoauybk 0 0 :uoauybk PONG :D9F0B22F JOIN #cont ngrBot PRIVMSG #cont :[DNS]: Redirecting “www.bancofrances.com.ar” to “computo164.laweb.es” hosting infos: http://whois.domaintools.com/189.236.84.161
121.12.125.173(ngrBot hosted in China Shenzhen Shenzhenshiluohuquhepingluyifengguangchangczuo32h)
Remote Host Port Number 121.12.125.173 3800 PASS hax0r 199.15.234.7 80 70.38.98.238 80 channel #ng ng00 PRIVMSG #ng :[DNS]: Blocked 1258 domain(s) – Redirected 0 domain(s) hosting infos: http://whois.domaintools.com/121.12.125.173
irc.putyourpenis.in(irc botnet hosted in France Ovh Systems)
irc.putyourpenis.in DNS_TYPE_A 178.33.80.207 178.33.80.207:6667 Nick: {AUT-XP-7625} Username: 4998 Joined Channel: #lobby hosting infos: http://whois.domaintools.com/178.33.80.207
46.105.241.157(ngrBot hosted in United Kingdom Ovh Systems)
Remote Host Port Number 199.15.234.7 80 46.105.241.157 6999 PASS tomufg NICK n{US|XPa}jzurjwg USER jzurjwg 0 0 :jzurjwg JOIN #spr ngrBot hosting infos: http://whois.domaintools.com/46.105.241.157
g0ds.no-ip.biz(usa hecker from United States Tucson Qwest Communications Company Llc)
g0ds.no-ip.biz DNS_TYPE_A 71.210.115.55 71.210.115.55:3086 Data sent: 2a5c 534e 4557 2a2f 327c 7c2a 7c7c 4d51 *SNEW*/2||*||MQ 3d3d 7c7c 2a7c 7c51 5651 3d7c 7c2a 7c7c ==||*||QVQ=||*|| 4e43 3479 7c7c 2a7c 7c57 4641 6765 4467 NC4y||*||WFAgeDg 327c 7c2a 7c7c 5157 5274 6157 3570 6333 2||*||QWRtaW5pc3 5279 5958 5276 6367 3d3d 7c7c 2a7c 7c51 RyYXRvcg==||*||Q 5656 5553 4578 5051Read more...
212.7.214.59(http malware hosted in Netherlands Dediserv Dedicated Servers Sp. Z O.o)
This malware take commands from web interface here:http://212.7.214.59/web/getcommand.php u can list files here: http://212.7.214.59/web/ The data identified by the following URLs was then requested from the remote web server: http://212.7.214.59/web/getcommand.php?getcmd=1 http://212.7.214.59/web/report.php?p=26319&n=1 exe file here: http://adf.ly/38d3H
69.65.19.116(irc botnet hosted in United States Gigenet)
Remote Host Port Number 69.65.19.116 8888 NICK dsvjrs USER bwwfp “” “lol” :bwwfp hosting infos: http://whois.domaintools.com/69.65.19.116