Month: January 2011

c.bravepath3.com(bfbotnet hosted in Russian Federation Vline Ltd)

– DNS Queries: Name Query Type Query Result Successful Protocol c.bravepath3.com DNS_TYPE_A 109.196.142.58 109.196.142.66 YES udp hubz.imfatguy.info DNS_TYPE_A 127.0.0.1 YES udp b.bravepath3.com DNS_TYPE_A 109.196.142.66 109.196.142.58 YES udp hubz.lebanonbot.com DNS_TYPE_A NO udp a.bravepath3.com DNS_TYPE_A 109.196.142.66 109.196.142.58 YES udp – TCP Connection Attempts: 109.196.142.58:1110 109.196.142.66:1110 109.196.142.66:1110 infos about hosting: http://whois.domaintools.com/109.196.142.58

61.100.9.220(botnet posted in Korea, Republic Of Krnic)

Remote Host Port Number 61.100.9.220 7000 NICK tnlxlcb USER utwalu 0 0 :tnlxlcb JOIN ##aa## b! USERHOST tnlxlcb MODE tnlxlcb -x PONG :irc.priv8net.com infos about hosting: http://whois.domaintools.com/61.100.9.220

15 mb exe files from diferent malwares

Here another link with 15 mb exe files from diferent malwares like (bots,banking trojans,passwords stealers etc) Download: http://13109f1c.theseblogs.com

dns.aswend.com(botnet hosted in Japan Kyoei Co. Ltd)

Remote Host Port Number dns.aswend.com 7000 NICK FL835823620348 USER esiuexzgqlzptu 0 0 :FL835823620348 USERHOST FL835823620348 MODE FL835823620348 +i JOIN #GL .x. NICK FL539494212430 USER uadfqtgvbtfj 0 0 :FL539494212430 USERHOST FL539494212430 MODE FL539494212430 +i NICK FL170074885810 USER cpfvdbtnvtbczk 0 0 :FL170074885810 USERHOST FL170074885810 MODE FL170074885810 +i NICK FL462091484949 USER dqvrrmetrdzqix 0 0 :FL462091484949 USERHOST FL462091484949 MODE

205.234.223.186(botnet hosted in United States Chicago Hostforweb Inc)

chickenkiller.com DNS_TYPE_A 67.19.72.202 YES udp us.to DNS_TYPE_A 213.171.192.129 YES udp 205.234.223.186:2345 Nick: New[AUT|00|P|96393] Username: XP-2587 Joined Channel: #!loco! Channel Topic for Channel #!loco!: “D http://gol.ly/images333?=” Private Message to Channel #!loco!: “[M]: Thread Activated: Sending Message With Email.” Private Message to Channel #!loco!: “[M]: Thread Disabled.” Private Message to User New[AUT|00|P|96393]: “.hp http://domredi.com/1/” infos about hosting: