Here is the elation bot from PhobiiA big hecker https://pastee.org/65fqw irc infos: 216.120.248.193:6667 PhobiiA use moded roxnet unrealircd he’s big hecker Hosting infos: http://whois.domaintools.com/216.120.248.193
nkford.dlankford.com(irc botnet hosted in United States Los Angeles Coreexpress)
Remote Host Port Number 64.69.44.51 4042 NICK new[USA|XP|COMPUTERNAME]kuffavh USER hh “” “lol” :hh JOIN #biznew# PONG 422 hosting infos: http://whois.domaintools.com/64.69.44.51
111.90.148.204(irc botnet hosted in Malaysia Johor Bahru Piradius Net)
Remote Host Port Number 111.90.148.204 4042 PASS google_cache2.tmp NICK n[USA|XP]430406 USER 4304 “” “TsGh” :4304 JOIN #cash# abc PONG 422 PONG :irc.priv8net7.com hosting infos: http://whois.domaintools.com/111.90.148.204
Trojan-Downloader.Win32.Banload(malware hosted in India Delhi Lala_madhoram_bhagwan_dass_chritable_society)
– DNS Queries: envc.machcar.kr DNS_TYPE_A 222.24.94.15 vhosts.packmanbd.com DNS_TYPE_A 222.24.94.19 222.24.94.19 – HTTP Conversations: 222.24.94.15:80 – [envc.machcar.kr] Request: POST /envc.php Response: 200 “OK” 222.24.94.19:80 – [vhosts.packmanbd.com] Request: GET /manual/vhosts.txt Response: 200 “OK” Url used to infect people: http://pedofilia.warbe.org/id/noticias/g1.globo.com/pedofilia/2011/0-19384pastor-e-filmado-fazendo-sexo-oral-com-adolescente.php?0.82545 Direct download: http://pedofilia.warbe.org/id/noticias/g1.globo.com/pedofilia/2011/videos-pedofilia-1039-pastor-fazendo-sexo-oral-com-adolescente-AVI.exe Hosting infos: http://whois.domaintools.com/122.160.131.225
ssh.mytijn.org(irc botnet hosted in India Bangalore O/o Dgm Bb Noc Bsnl Bangalore)
Remote Host Port Number ssh.mytijn.org 8782 PASS weed NICK {iNF-00-USA-XP-COMP-1493} USER blaze * 0 :COMP NICK {00-USA-XP-COMP-6216} hosting infos: http://whois.domaintools.com/117.211.84.155
area.myarena.ru(Destination Darkness Outcast System & Optima)
HTTP Malware from Russia used to ddos Admin Panel: http://area.myarena.ru/ex/adm/auth.php – DNS Queries: area.myarena.ru DNS_TYPE_A 62.122.213.10 http://palmary73.net DNS_TYPE_A – HTTP Conversations: 62.122.213.10:80 – [area.myarena.ru] Request: GET /ex/?uid=035409&ver=9aXPA Response: 200 “OK” Request: GET /ex/adm/?uid=035409&ver=9aXPA Response: 302 “Found” Request: GET /ex/adm/auth.php Response: 200 “OK” Request: GET /ex/adm/index.php?uid=035409&ver=9aXPA Response: 302 “Found” Request: GET /ex/adm/auth.php Response: 200 “OK” ExeRead more...
178.211.58.11(irc botnet hosted in Turkey Radore Hosting Telekomunikasyon Hizmetleri San. Ve Tic. Ltd. Sti)
Remote Host Port Number 178.211.58.11 2525 NICK {ORG-XP-USA}756551 USER 7565 “” “TsGh” :7565 JOIN ##Kuzen bla PONG :irc.clupversai.com Now talking in ##Kuzen Topic On: [ ##Kuzen ] [ ] Topic By: [ OrgeneraL ] hosting infos: http://whois.domaintools.com/178.211.58.11
safetysamvps.info(irc botnet hosted in United States Nashville Psychz Networks)
safetysamvps.info:6667 Resolved : [safetysamvps.info] To [216.24.203.254] EXE FILE: http://fanaras.gr/up/catroot.exe if someone find more infos about this botnet post them here hosting infos: http://whois.domaintools.com/216.24.203.254
91.211.117.155(ngrBot hosted in Ukraine Zharkov Mukola Mukolayovuch)
Remote Host Port Number 213.251.170.52 80 91.211.117.153 80 91.211.117.155 1865 PASS ngrBot NICK n{US|XPa}rwslldg USER rwslldg 0 0 :rwslldg JOIN #main 4m3r1k4 QUIT :rebooting * The data identified by the following URLs was then requested from the remote web server: o http://api.wipmania.com/ o http://91.211.117.153/070711.exe hosting infos: http://whois.domaintools.com/91.211.117.155
92.241.164.229(ngrBot hosted in Russian Federation Oao Webalta)
Remote Host Port Number 199.15.234.7 80 92.241.164.229 7654 PASS ngrBot NICK n{US|XPa}iyhylyn USER iyhylyn 0 0 :iyhylyn JOIN #oldgold noKIDs JOIN #US hosting infos: http://whois.domaintools.com/92.241.164.229