Month: August 2010

75.102.25.96(deccode 30 k botnet)

Uncategorized

Remote Host Port Number 204.0.5.41 80 204.0.5.48 80 204.0.5.58 80 204.0.5.59 80 216.178.38.168 80 63.135.80.58 80 63.135.86.21 80 64.208.138.215 80 64.211.162.72 80 64.211.162.75 80 75.102.25.96 2345 PASS xxx NICK NEW-[USA|00|P|44284] USER XP-0195 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|44284] -ix JOIN #!gf! test PONG 22 MOTD * The data identified by the following URLs was then requestedRead more...

193.105.174.58

Uncategorized

Network Activity Connections DNS Lookup Host Name IP Address 113.11.194.175 113.11.194.175 www.google.com www.google.com 74.125.39.106 193.105.174.58 193.105.174.58 Opened listening TCP connection on port: 24787Download URLs http://113.11.194.175/uk2070/times.doc (113.11.194.175) http://74.125.39.106/webhp (www.google.com) Outgoing connection to remote server: 113.11.194.175 TCP port 80 Outgoing connection to remote server: www.google.com TCP port 80 Outgoing connection to remote server: 193.105.174.58 TCP port 80Read more...

200.241.5.131(deccode 30k botnet)

Uncategorized

Network Activity Connections DNS Lookup Host Name IP Address 0 127.0.0.1 browseusers.myspace.com browseusers.myspace.com 216.178.38.168 x.myspacecdn.com x.myspacecdn.com 212.201.100.176 myspace.ivwbox.de myspace.ivwbox.de 193.46.63.103 www.google-analytics.com www.google-analytics.com 74.125.43.113 js.myspacecdn.com js.myspacecdn.com 212.201.100.169 cms.myspacecdn.com cms.myspacecdn.com 212.201.100.169 qs.ivwbox.de qs.ivwbox.de 193.46.63.90 pagead2.googlesyndication.com pagead2.googlesyndication.com 74.125.39.166 googleads.g.doubleclick.net googleads.g.doubleclick.net 74.125.39.154 b.myspace.com b.myspace.com 63.135.80.58 c1.ac-images.myspacecdn.com c4.ac-images.myspacecdn.com c1.ac-images.myspacecdn.com 195.176.255.152 c2.ac-images.myspacecdn.com c4.ac-images.myspacecdn.com 195.176.255.145 c3.ac-images.myspacecdn.com c3.ac-images.myspacecdn.com 195.176.255.143 c2.ac-images.myspacecdn.com 195.176.255.145 desk.opt.fimserve.com desk.opt.fimserve.comRead more...

212.25.51.125(deccode 30k botnet)

Uncategorized

Network Activity Connections DNS Lookup Host Name IP Address 0 127.0.0.1 browseusers.myspace.com browseusers.myspace.com 216.178.38.168 x.myspacecdn.com x.myspacecdn.com 212.201.100.176 myspace.ivwbox.de myspace.ivwbox.de 193.46.63.103 www.google-analytics.com www.google-analytics.com 209.85.135.102 js.myspacecdn.com js.myspacecdn.com 212.201.100.169 cms.myspacecdn.com cms.myspacecdn.com 212.201.100.176 qs.ivwbox.de qs.ivwbox.de 193.46.63.90 pagead2.googlesyndication.com pagead2.googlesyndication.com 209.85.135.164 googleads.g.doubleclick.net googleads.g.doubleclick.net 209.85.135.155 b.myspace.com b.myspace.com 63.135.80.58 c2.ac-images.myspacecdn.com c4.ac-images.myspacecdn.com c2.ac-images.myspacecdn.com 195.176.255.145 c3.ac-images.myspacecdn.com c4.ac-images.myspacecdn.com 195.176.255.145 c1.ac-images.myspacecdn.com c1.ac-images.myspacecdn.com 195.176.255.152 c3.ac-images.myspacecdn.com 195.176.255.138 desk.opt.fimserve.com desk.opt.fimserve.comRead more...

httpsstarss.in

Uncategorized

DNS Lookup Host Name IP Address 0 127.0.0.1 httpsstarss.in httpsstarss.in 188.72.226.154 windowsupdate.microsoft.com windowsupdate.microsoft.com 207.46.18.94 httpstatsconfig.com httpstatsconfig.com 204.12.226.173 UDP Connections Remote IP Address: 10.1.1.1 Port: 53 Send Datagram: packet(s) of size 45 Recv Datagram: packet(s) of size 300 Remote IP Address: 127.0.0.1 Port: 1043 Send Datagram: 2 packet(s) of size 1 Recv Datagram: 2 packet(s) ofRead more...

174.34.187.45(linux bots)

Uncategorized

(“server”=>”174.34.187.45”, “port”=>”6661”, “pass”=>””, “prefix”=>”[root]”, “maxrand”=>”8”, “chan”=>”#navyseals”, “chan2″=>”#trimox#”, “key”=>”1j2k3h45h”, “modes”=>”+p”, “password”=>”seals”, “trigger”=>”.”, “hostauth”=>”*” // * for any hostname (remember: /setvhost xdevil.org)

92.241.164.101

Uncategorized

Remote Host Port Number 92.241.164.101 47221 NICK [N00_USA_XP_3095115] USER SP2-861 * 0 :COMPUTERNAME MODE [N00_USA_XP_3095115] A -ix JOIN #nbot-poly MODE #nbot-poly -ix Details of 92.241.164.101 IP Address : 92.241.164.101 Location : Unknown Host Name : vps3401_VZw2k3.2×4.ru Other details * The following port was open in the system: Port Protocol Process 1052 TCP WindowsUpdate.exe (%Windir%WindowsUpdate.exe) RegistryRead more...

core3019.aquashoolonline.com

Uncategorized

DNS Lookup Host Name IP Address 0 127.0.0.1 core3019.aquashoolonline.com core3019.aquashoolonline.com 66.197.155.197 UDP Connections Remote IP Address: 127.0.0.1 Port: 1070 Send Datagram: 542 packet(s) of size 1 Recv Datagram: 542 packet(s) of size 1 Download URLs http://66.197.155.197/stat/action3.cgi?p=1&a=3019&system=7.0.5730|5.1.3|1031&id=A590474043D749CFCDB2 (core3019.aquashoolonline.com) http://66.197.155.197/stget2.cgi?host=host&id=3019 (core3019.aquashoolonline.com) Outgoing connection to remote server: core3019.aquashoolonline.com TCP port 80 Outgoing connection to remote server: core3019.aquashoolonline.com TCPRead more...

bbb.the88888.com

Uncategorized

DNS Lookup Host Name IP Address 0 127.0.0.1 bbb.the88888.com tj19.x9wdns.com tj19.x9wdns.com 121.14.156.129 bbb.the88888.com 222.186.38.175 xxx.free88888.com xxx.free88888.com 60.190.90.107 UDP Connections Remote IP Address: 127.0.0.1 Port: 1118 Send Datagram: 100 packet(s) of size 1 Recv Datagram: 100 packet(s) of size 1 Download URLs http://121.14.156.129/bang1/tj.asp?mac=00c0f185907a&ver=10728&os=&dtime=2010-7-2 (tj19.x9wdns.com) http://222.186.38.175/c/host.txt (bbb.the88888.com) http://222.186.38.175/c/ff.txt (bbb.the88888.com) http://60.190.90.107/C01.exe (xxx.free88888.com) http://60.190.90.107/C10.exe (xxx.free88888.com) http://60.190.90.107/C/C02.exe (xxx.free88888.com) http://60.190.90.107/C/C03.exe (xxx.free88888.com)Read more...

codienviet.com(autoit bot)

Uncategorized

codienviet.com codienviet.com 74.50.13.8 irc.abjects.net 74.3.165.66 Download URLs http://74.50.13.8/bot/data.php (codienviet.com) Outgoing connection to remote server: codienviet.com TCP port 80 C&C Server: 74.3.165.66:6667 Server Password: Username: XYZ-AEMPILWXUC Nickname: XYZ-AEMPILWXUC Channel: #xyz (Password: 3939) Channeltopic: :_CHAR(0x02)__CHAR(0x03)_0,8|_CHAR(0x03)_7,8|_CHAR(0x03)_8,7|_CHAR(0x03)_4,7|_CHAR(0x03)_7,4|_CHAR(0x03)_5,4|_CHAR(0x03)_4,5|_CHAR(0x03)_1,5|_CHAR(0x03)_5,1| _CHAR(0x03)_9,1Welcome to mylove channel #XYZ…. enjoy and fun….. keep your smile…._CHAR(0x03)_5,1 |_CHAR(0x03)_1,5|_CHAR(0x03)_4,5|_CHAR(0x03)_5,4|_CHAR(0x03)_7,4|_CHAR(0x03)_4,7|_CHAR(0x03)_8,7|_CHAR(0x0F)_ Registry Changes by all processes Create or Open Changes HKEY_CURRENT_USERSoftwarePoliciesMicrosoftInternetRead more...