Remote Host Port Number 199.15.234.7 80 83.233.33.6 80 212.7.214.129 1866 PASS ngrBot PRIVMSG #!hot! :[DNS]: Blocked 1310 domain(s) – Redirected 0 domain(s) NICK n{US|XPa}qtivayn USER qtivayn 0 0 :qtivayn JOIN #!hot! ngrBot PRIVMSG #!hot! :[HTTP]: Updated HTTP spread interval to “3” PRIVMSG #!hot! :[MSN]: Updated MSN spread interval to “2” PRIVMSG #!hot! :[HTTP]: Updated HTTPRead more...
219.67.121.174(irc botnet hosted in Japan Tokyo Open Data Network(japan Telecom Co. Ltd.))
Remote Host Port Number 174.121.14.164 80 174.123.175.227 80 174.36.56.185 80 195.210.28.38 80 195.250.147.177 80 209.17.73.32 80 209.17.74.144 80 216.137.43.176 80 216.137.43.215 80 216.137.43.83 80 219.67.121.174 4244 PASS google_cache2.tmp NICK new[iRooT-XP-USA]175415 USER 8307 “” “TsGh” :8307 PRIVMSG #!N!# :http://marijana1x2.bloger.hr Has Been Visited! JOIN #!N!# WTF PRIVMSG #!N!# :http://kajmak1.bloger.hr Has Been Visited! exe file: http://iphone-start.org/FaceSexy.exe hosting infos:Read more...
batebate.info(50k ngrBot hosted in United States Herndon Road Runner Holdco Llc)
Domains used to control bots: bonusrata.info 67.228.81.181 serverdns091.info 64.31.42.106 batebate.info 74.62.155.1 Remote Host Port Number 199.15.234.7 80 74.62.152.164 6969 PASS s3cr3t 68.178.232.100 6161 PASS s3cr3t Remote Host Port Number 199.15.234.7 80 94.231.108.37 80 74.62.155.136 6969 PASS ngrBot 67.228.81.181 6969 PASS ngrBot 64.31.42.106 6969 PASS ngrBot NICK n{US|XPa}wpypkul USER wpypkul 0 0 :wpypkul JOIN #nava s3cr3tRead more...
201.218.0.157(irc botnet hosted in Ecuador Quito Telconet S.a)
Remote Host Port Number 174.121.14.164 80 174.36.4.145 80 195.210.28.38 80 195.250.147.177 80 209.17.74.144 80 64.37.52.189 80 66.115.184.87 80 69.46.36.6 80 74.120.148.2 80 83.139.126.203 80 201.218.0.157 4244 PASS google_cache2.tmp NICK new[iRooT-XP-USA]606170 USER 4514 “” “TsGh” :4514 JOIN #!N!# WTF PRIVMSG #!N!# :http://kajmak1.bloger.hr Has Been Visited! hosting infos: http://whois.domaintools.com/201.218.0.157
216.172.132.132(ngrBot hosted in United States San Jose Serveryou.com – Oow)
Remote Host Port Number 199.101.133.30 80 199.15.234.7 80 70.38.98.238 80 216.172.132.132 1888 PASS ngrBot * The data identified by the following URLs was then requested from the remote web server: o http://dc360.4shared.com/download/A9fXfDif/gdfsdsfd534.exe o http://api.wipmania.com/ o http://img104.herosh.com/2011/10/05/270463603.gif PRIVMSG #XP :[d=”http://dc360.4shared.com/download/A9fXfDif/gdfsdsfd534.exe” s=”167936 bytes”] Updated bot file “C:Documents and SettingsUserNameApplication DataLdxaxl.exe” – Download retries: 0 PRIVMSG #XP :[d=”http://img104.herosh.com/2011/10/05/270463603.gif”Read more...
45mb malware samples
This package contains around 45mb malware samples (banking trojans,irc bots,rootkis etc) Download: http://adf.ly/33Qdi
50.58.99.143(irc botnet hosted in United States Columbus Tw Telecom Holdings Inc)
Remote Host Port Number 46.17.97.83 80 46.17.97.85 80 50.58.99.143 3301 * The data identified by the following URLs was then requested from the remote web server: o http://46.17.97.83/miner/mscoree.dll o http://46.17.97.83/miner/openldap.dll o http://46.17.97.83/miner/phoenix.exe o http://46.17.97.85/miner/filelist.txt o http://46.17.97.85/miner/license.txt o http://46.17.97.85/miner/curllib.dll o http://46.17.97.85/miner/gpl-2.0.txt o http://46.17.97.85/miner/hstart.exe o http://46.17.97.85/miner/libeay32.dll o http://46.17.97.85/miner/libsasl.dll NICK [USA-XP-x86]14651 USER unreal 8 * :unreal JOIN #boatsRead more...
94.23.149.102(Lazer bot hosted in Netherlands Rotterdam Ovh Systems)
Remote Host Port Number 94.23.149.102 8067 NICK [LaZeR|USA|XP|nxdazw] USER pma “” “lol” :pma JOIN #lmao PONG :irc.L0yzArmy.org hosting infos: http://whois.domaintools.com/94.23.149.102
219.99.98.221(irc botnet hosted in Japan Tokyo Freebit Co. Ltd)
Remote Host Port Number 219.99.98.221 4244 PASS google_cache2.tmp NICK new[iRooT-XP-USA]301253 USER 3012 “” “TsGh” :3012 JOIN #!N!# WTF hosting infos: http://whois.domaintools.com/219.99.98.221
173.45.102.45(ngrBot hosted in United States Columbus Xlhost.com Inc)
Remote Host Port Number 173.45.102.45 5794 PASS ngrBot 195.78.76.16 80 199.15.234.7 80 NICK n{US|XPa}krcsxri USER krcsxri 0 0 :krcsxri JOIN #butowski ngrBot PRIVMSG #butowski :[d=”http://www.flashgames-community.com/_server/video/1hoasdfjasdkfja.exe” s=”114698 bytes”] Updated bot file “C:Documents and SettingsUserNameApplication DataTbxaxt.exe” – Download retries: 0 hosting infos: http://whois.domaintools.com/173.45.102.45