Resolved mikimouse.net to 46.182.107.35 Server: mikimouse.net (Alternate domains mikimouse.org mikispace.org) Port: 1863 Server password: jobs Channel: #jobs Topic for #jobs is: Topic for #jobs set by h at Sat Feb 23 19:28:30 2013 This is the same bot, port and spreading method as a previously posted botnet. However that had been sinkholed so it appearsRead more...
webingenial.com (ngrBot irc botnet hosted by hosting.ua)
Resolved webingenial.com to 178.86.13.79 Server: webingenial.com Port: 1865 Channel: #main Channel password: 4m3r1k4 Topic for #main is: .m on .mdns http://interactua.edu30.com/php.txt Topic for #main set by fuckoff at Thu Feb 07 10:32:31 2013 php.txt www.banamex.com 189.135.14.1 www.banamex.com.mx 189.135.14.1 banamex.com 189.135.14.1 banamex.com.mx 189.135.14.1 bancanet.boveda.banamex.com.mx 189.135.14.1 boveda.banamex.com.mx 189.135.14.1 www.bancanetempresarial.banamex.com.mx 189.135.14.1 Looks like he’s pharming for MexicanRead more...
mom003.net (ngrBot irc botnet hosted by Serverius.com)
Resolved mom003.net to 185.12.14.102, 74.119.216.199 Server: mom003.net (other domains: mom002.net, mom004.net) Port: 1887 Server password: speedd Channel: #bon2 Channel password: speedd Topic for #xp is: ~dw hxxp://www.sendspace.com/pro/dl/1wzt65 e6bd0bd11484b27ca4f162421a4d423b ~dw hxxp://www.sendspace.com/pro/dl/a3he3l 3c2df1fd533d955c462faaaef03bab02 Topic for #xp set by google at Tue Feb 05 11:49:09 2013 Bots also join #XP, #W7 or #VIS depending on their operating system.Read more...
serv16.3sli.us(ngrBot hosted in Romania Bucharest Voxility S.r.l.)
Thanks to anonymous guy here for the sample wich u can download here:hxxp://sharesend.com/ola3pkmx for finding this botnet Resolved : [serv16.3sli.us] To [109.163.233.44] 109.163.233.44:8939Nick: n{US|XPa}uufzjxqUsername: uufzjxqServer Pass: newJoined Channel: ##new with Password newChannel Topic for Channel ##new: “&mod usbi on &mod pdef on &mdns hxxp://109.163.233.44/dns.txt” hosting infos: http://whois.domaintools.com/109.163.233.44
ads.pr4d.tk/teams.xsaudix.net/y.servicesql.info(ngrBot hosted in United States Scranton Network Operations Center Inc.)
This botnet was found from anonymous guy here thanks to him for the submition Resolved : [ads.pr4d.tk] To [64.120.186.229] Resolved : [teams.xsaudix.net] To [64.120.186.230] arab heckers Resolved : [y.servicesql.info] To [64.120.186.228] Server: 64.120.186.229:1433 Username: zdbcuzs Nickname: n{DE|XPa}zdbcuzs Channel: #tmw5 (Password: ngrBot) Channeltopic: :!u5 hxxp://bmc.linkpc.net/download/s1.exe 5b8fe0ee31617ee9596a5861a2192304 !u5 hxxp://bmc.linkpc.net/s1cr.exe cdfc01b434fc787d487ce088dd391e0b !u6 hxxp://bmc.linkpc.net/chat.exe 7140176e63651b027fd5f3b19252c4bf Server: 64.120.186.228:1434 Username: mmgamzuRead more...
208.117.34.145(ngrBot hosted in United States Chicago Steadfast Networks)
Server: 208.117.34.145:1887 Server:185.12.14.131:1887 Username: eyaimlr Nickname: n{DE|XPa}eyaimlr Channel: #bon2 (Password: speedd) Channeltopic: :~pu hxxp://www.sendspace.com/pro/dl/ppbf96 26bc0e7256f2a7fb536bdd19e0464e49 ~s -o ~s Download URLs hxxp://69.31.136.17/dlpro/29c185ae59e68f635192223e650939a3/50fe994c/ppbf96/mariayonosy.exe (fs03n5.sendspace.com) hosting infos: http://whois.domaintools.com/208.117.34.145
46.165.209.181(ngrBot hosted in Germany Frankfurt Am Main Leaseweb Germany Gmb)h
Server:46.165.209.181:1887 Server:95.211.211.69:1887 Now talking in #pool Topic On: [ #pool ] [ ~pu hxxp://www.sendspace.com/pro/dl/cbl9jc 0dd3c01bdc07bd74c7eb7d76488f7858 -r ] Topic By: [ google ] Modes On: [ #pool ] [ +smntMu ] Traffic – by DNS samples downloaded by this exe www.sendspace.com/pro/dl/cbl9jc fs01n4.sendspace.com/dlpro/c39fbffebf805aebb814397028790f8f/50f839ec/cbl9jc/apocalipss.exe www.sendspace.com/pro/dl/je1b2n fs01n4.sendspace.com/dlpro/65e23174885e70f50c60165a549e2504/50f839f1/je1b2n/afgh.exe www.sendspace.com/pro/dl/qdzubq fs01n4.sendspace.com/dlpro/69390ccaa0039b65a93bd54175c25dba/50f839f5/qdzubq/fdgd.exe www.sendspace.com/pro/dl/xvmvkvfs07n1.sendspace.com/dlpro/145b6e78853ec6d5b05678662487d679/50f974d7/xvmvkv/acuavit.exewww.sendspace.com/pro/dl/fea2gpfs07n2.sendspace.com/dlpro/3adeaf41953e34a07a8d6839d41e0ed3/50f974db/fea2gp/adgf.exewww.sendspace.com/pro/dl/qesvuufs07n5.sendspace.com/dlpro/d0e84ae45337f129391c5db17d00aa2f/50f974df/qesvuu/hkjgf.exe hosting infos: http://whois.domaintools.com/46.165.209.181
tassweq.com(ngrBot hosted in United States West Chester Privatesystems Networks Ca)
There is no sample so i cant post channels u can see if u can find channels your self Resolved : [tassweq.com] To [67.222.19.155] Resolved : [zerx-virus.biz] To [67.222.19.155] Server: tassweq.com:7000 PASS trb123trb NICK ydgchu USER rqqlrc “” “ooq” :rqqlrc UPDATE: Server: zerx-virus.biz :4040 PASS trb123trb Server: tassweq.com :4040 PASS trb123trb 67.222.19.155:4040 Nick: n{US|XPa}radwklw Username:Read more...
d1d4f5s.no-ip.org (ngrbot irc botnet hosted by Zap-Hosting.com)
Resolved d1d4f5s.no-ip.org to 109.230.238.65 Server: d1d4f5s.no-ip.org Port: 6669 Channel: #ngr * Topic for #ngr is: –!msn.int # !msn.set that’s pretty cool hxxp://canbolugiray.com/yenisite/* Topic for #ngr set by null at Thu Jan 03 14:31:19 2013 MSN spread message is a java “driveby” http://urlquery.net/report.php?id=596405 I don’t think these guys quite get how ngrbot works. alex: !pdef onalex:Read more...
64.120.239.219(ngrBot hosted in United States Scranton Network Operations Center Inc.)
C&C Server: 64.120.239.219:1887 Server Password: Username: fbidqck Nickname: n{DE|XPa}fbidqck Channel: #pool (Password: leonis) Channeltopic: :~pu hxxp://www.sendspace.com/pro/dl/3qtgh8 da611193656522f073e0e64c8a65969a -r Downloads this file wich is another ngrbotnet:hxxp://69.31.136.33/dlpro/cee0ddc1c1f7eb6a248759eaf0f4cc45/50d9e2b9/3qtgh8/bonbin.exe sample was found by our turkish kebap friend aLiSs hosting infos: http://whois.domaintools.com/64.120.239.219