American hecker here khant14.sytes.net 75.134.34.140 Outgoing connection to remote server: khant14.sytes.net TCP port 71 Outgoing connection to remote server: khant14.sytes.net TCP port 71 exe file http://www.multiupload.com/9T08BMWN6C infos about hecker http://whois.domaintools.com/75.134.34.140
client.vpn8.info(chinese malware hosted in China Guangdong Chinanet Guangdong Province Network)
client.vpn8.info DNS_TYPE_A 119.145.115.77 YES udp – HTTP Conversations: From ANUBIS:1029 to 119.145.115.77:8000 – [client.vpn8.info:8000] Request: GET /vpnclient/vpnlist.txt Response: 200 “OK” From ANUBIS:1030 to 119.145.115.77:8000 – [client.vpn8.info:8000] Request: GET /vpnclient/top.htm Response: 200 “OK” From ANUBIS:1031 to 119.145.115.77:8000 – [client.vpn8.info:8000] Request: GET /vpnclient/gonggao.htm Response: 200 “OK” From ANUBIS:1032 to 119.145.115.77:8000 – [client.vpn8.info:8000] Request: GET /vpnclient/vpn.jpg Response: 200Read more...
Around 14mb malware samples
Here u go for another malware package mostly bankers,rats Download: http://018a2ff9.whackyvidz.com
aaaaaaaa.ishtiben.com(botnet hosted in China Beijing Ninbo Lanzhong Network Ltd)
Remote Host Port Number aaaaaaaa.ishtiben.com 7196 PASS laorosr 00000000 | 5041 5353 206C 616F 726F 7372 0D0A 4B43 | PASS laorosr..KC 00000010 | 494B 205B 4E30 305F 5553 415F 5850 5F38 | IK [N00_USA_XP_8 00000020 | 3936 3337 3435 5D18 E740 0D0A 7273 7372 | 963745]..@..rssr 00000030 | 2053 5032 2D33 3831 202A 2030 203ARead more...
94.23.13.163(botnet hosted in France Ovh Sas)
Remote Host Port Number 213.251.170.52 80 94.23.13.163 1063 PASS ngrBot NICK n{US|XPa}hlkzdyr USER hlkzdyr 0 0 :hlkzdyr JOIN #rootcrazy rambomarica infos about hosting: http://whois.domaintools.com/94.23.13.163
188.138.112.132(botnet hosted in Germany Intergenia Ag)
Remote Host Port Number 188.138.112.132 6666 NICK [NEW-XP-USA]551394 USER 5513 “” “TsGh” :5513 JOIN #b klo NICK [NEW-XP-USA]900275 JOIN #apple Br0 PRIVMSG #apple : 11..:: DDoS v2.0 ::.. USER 7375 “” “TsGh” :7375 UPDATE: Remote Host Port Number 188.138.112.132 5000 NICK [NEW-XP-USA]058504 USER 0585 “” “TsGh” :0585 JOIN #lawl Br0 infos about hosting: http://whois.domaintools.com/188.138.112.132
189.81.29.82(rat hosted in Brazil Recife Comite Gestor Da Internet No Brasil)
here we have brasilian hecker using rat to infect people Remote Host Port Number 189.81.29.82 81 url used to infect: http://h1.ripway.com/dayhwebcam/ when u open this page u will be asked to run java aplet wich downloads and run this url and file: http://h1.ripway.com/Kell/test.exe here full package from that big hecker: http://d7f97b17.goneviral.com
hubs.ishtiben.com(bfbot hosted in China Guangzhou Guangzhoushizhujiangxinchenghuaminglu9hao Huapuguangchangxita1411shi)
Remote Host Port Number hubs.ishtiben.com 1110 PASS eee KCIK ajwfhjvawl rssr ymcanyufop “” “cyq” :ymcanyufop infos about hosting: http://whois.domaintools.com/218.16.118.189
213.229.107.27(botnet hosted in United Kingdom Canonical Range For Bs2-hp1-le)
Remote Host Port Number 213.229.107.27 2345 NICK [USA|00|P|92371] PRIVMSG #!loco! :[M]: Thread Disabled. PRIVMSG #!loco! :[M]: Thread Activated: Sending Message With Email. USER XP-5816 * 0 :COMPUTERNAME MODE [USA|00|P|92371] -ix JOIN #!loco! PONG 22 MOTD infos about hosting: http://whois.domaintools.com/213.229.107.27
69.65.55.24(botnet hosted in United States Arlington Heights Ecomdevel Llc)
Remote Host Port Number 174.37.200.82 80 216.178.38.224 80 216.178.39.11 80 64.208.241.41 80 69.63.189.16 80 69.65.55.24 1234 PASS xxx MODE NEW-[USA|00|P|86888] -ix JOIN #!nn! test PONG 22 MOTD NICK NEW-[USA|00|P|86888] USER XP-7430 * 0 :COMPUTERNAME infos about hosting: http://whois.domaintools.com/69.65.55.24