205.234.231.194(Parabola botnet)

 That lamer have nick name Parabola lol

DNS Lookup
Host Name     IP Address
0     127.0.0.1
browseusers.myspace.com   
browseusers.myspace.com     216.178.38.168
x.myspacecdn.com   
x.myspacecdn.com     212.201.100.176
myspace.ivwbox.de   
myspace.ivwbox.de     193.46.63.103
www.google-analytics.com   
www.google-analytics.com     74.125.39.113
js.myspacecdn.com   
js.myspacecdn.com     212.201.100.169
cms.myspacecdn.com   
cms.myspacecdn.com     212.201.100.169
qs.ivwbox.de   
qs.ivwbox.de     193.46.63.90
pagead2.googlesyndication.com   
pagead2.googlesyndication.com     74.125.43.166
googleads.g.doubleclick.net   
googleads.g.doubleclick.net     74.125.43.157
b.myspace.com   
c3.ac-images.myspacecdn.com   
c1.ac-images.myspacecdn.com   
c4.ac-images.myspacecdn.com   
c3.ac-images.myspacecdn.com     195.176.255.143
c4.ac-images.myspacecdn.com     195.176.255.145
c1.ac-images.myspacecdn.com     195.176.255.152
c2.ac-images.myspacecdn.com   
c2.ac-images.myspacecdn.com     195.176.255.145
desk.opt.fimserve.com   
delb.opt.fimserve.com   
desk.opt.fimserve.com     63.135.86.21
delb.opt.fimserve.com     63.135.86.25
ad.doubleclick.net   
adserver.adtech.de   
ad.doubleclick.net     74.125.39.149
adserver.adtech.de     194.117.224.90
p.ic.tynt.com   
p.ic.tynt.com     67.202.66.205
s0.2mdn.net   
s0.2mdn.net     74.125.43.148
ad.zanox.com   
ad.zanox.com     217.110.110.231
www.ad4mat.de   
www.ad4mat.de     92.51.186.44
acs.neckermann.de   
acs.neckermann.de     195.189.244.31
UDP Connections
Remote IP Address: 127.0.0.1 Port: 1081
Send Datagram: 140 packet(s) of size 1
Recv Datagram: 140 packet(s) of size 1
Download URLs
http://216.178.38.168/Browse/Browse.aspx (browseusers.myspace.com)
http://216.178.38.168/favicon.ico (browseusers.myspace.com)
http://212.201.100.176/modules/common/static/css/uploadcontrol_ioe1imsn.css (x.myspacecdn.com)
http://212.201.100.176/modules/browse/static/css/browse_qiz4yewv.css (x.myspacecdn.com)
http://212.201.100.176/modules/common/static/img/spacer.gif (x.myspacecdn.com)
http://212.201.100.176/modules/common/static/css/Sprites/globalNavRefreshSprite.png (x.myspacecdn.com)
http://212.201.100.176/modules/splash/static/img/moduleBg.gif (x.myspacecdn.com)
http://212.201.100.176/Modules/Splash/Static/img/bgSheet.png (x.myspacecdn.com)
http://212.201.100.176/modules/common/static/css/global_c4kr8f-5.css (x.myspacecdn.com)
http://212.201.100.176/modules/profilesdirectory/static/css/browsebyname_4vb3esmf.css (x.myspacecdn.com)
http://212.201.100.176/modules/common/static/img/onlinenow2.gif (x.myspacecdn.com)
http://212.201.100.176/modules/splash/static/img/bgSheet.png (x.myspacecdn.com)
http://212.201.100.176/Modules/Common/Static/img/cornersSheet3.png (x.myspacecdn.com)
http://212.201.100.176/modules/browse/static/img/btnicons_tiled.gif (x.myspacecdn.com)
http://193.46.63.103/cgi-bin/ivw/CP/600000;?r=&d=94167 (myspace.ivwbox.de)
http://193.46.63.103/blank.gif (myspace.ivwbox.de)
http://74.125.39.113/ga.js (www.google-analytics.com)
http://74.125.39.113/__utm.gif?utmwv=4.7.2&utmn=724959448&utmhn=browseusers.myspace.com&utmcs=utf-8&utmsr=1280×1024&utmsc=32-bit&utmul=de&utmje=1&utmfl=6.0%20r88&utmdt=MySpace&utmhid=1369404211&utmr=-&utmp=%2FBrowse%2FBrowse.aspx&utmac=UA-5355241-1&utmcc=__utma%3D144631658.1090366612.1283554038.1283554038.1283554038.1%3B%2B__utmz%3D144631658.1283554038.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B (www.google-analytics.com)
http://212.201.100.169/modules/common/static/js/atlas/msglobal_anyw2j9a.js (js.myspacecdn.com)
http://212.201.100.169/modules/browse/static/js/browsebundle_kwg2eboy.js (js.myspacecdn.com)
http://212.201.100.169/cms/js/ad_wrapper0155.js (js.myspacecdn.com)
http://193.46.63.103/2004/01/survey.js (myspace.ivwbox.de)
http://193.46.63.90/?myspace//CP//600000 (qs.ivwbox.de)
http://74.125.43.166/pagead/show_ads.js (pagead2.googlesyndication.com)
http://74.125.43.166/pagead/render_ads.js (pagead2.googlesyndication.com)
http://74.125.43.157/pagead/test_domain.js (googleads.g.doubleclick.net)
http://195.176.255.143/images02/121/s_5fcc04623a5a45e6a5726f85eed18426.jpg (c3.ac-images.myspacecdn.com)
http://195.176.255.143/images01/25/s_2d54d2a7ac24b37b9e1fcf2d58889306.jpg (c3.ac-images.myspacecdn.com)
http://195.176.255.143/images02/121/s_1b5cbd7bd8a44d57a91c27ebd085cefa.jpg (c3.ac-images.myspacecdn.com)
http://195.176.255.143/images02/149/s_612fcdd2b7cf4abdaca6d7840ca8fcc6.gif (c3.ac-images.myspacecdn.com)
http://195.176.255.145/images02/96/s_dd26bb7b4fc64044b8f0f9a7d27fa857.jpg (c4.ac-images.myspacecdn.com)
http://195.176.255.145/images02/136/s_b9966465c0384b77820cb6db4a8e122b.jpg (c4.ac-images.myspacecdn.com)
http://195.176.255.145/images02/129/s_260d1a2d717b4b46afda23d88302d91f.jpg (c4.ac-images.myspacecdn.com)
http://195.176.255.145/images01/54/s_26da8a0bdc5eba718e11df7a32e6a807.jpg (c4.ac-images.myspacecdn.com)
http://195.176.255.145/images02/93/s_e47d9b5f469f4027bd2c4fbfd9e54bc7.jpg (c4.ac-images.myspacecdn.com)
http://195.176.255.145/images02/133/s_0ea516341bcc4607ae6089e3fac262a7.jpg (c4.ac-images.myspacecdn.com)
http://195.176.255.145/images02/151/s_980095eacd48447d894898abdca7f5df.jpg (c4.ac-images.myspacecdn.com)
http://195.176.255.145/images02/5/s_3bd88698a14d4234a1ec047127712477.jpg (c4.ac-images.myspacecdn.com)
http://195.176.255.145/images02/73/s_4a2dcce7f36e4642afe3afc7de5c9eff.jpg (c4.ac-images.myspacecdn.com)
http://195.176.255.152/images02/121/s_ef835192052c4821a7f62de74ee06a90.jpg (c1.ac-images.myspacecdn.com)
http://195.176.255.152/images02/73/s_9e6dd8da5fb84a5b92873f033d6b18fc.jpg (c1.ac-images.myspacecdn.com)
http://195.176.255.152/images02/128/s_2a9b159f44b844e6a9ca7f681f3a62dc.jpg (c1.ac-images.myspacecdn.com)
http://195.176.255.152/images02/101/s_fb4adb5961a94565a73d7f93878a15b8.jpg (c1.ac-images.myspacecdn.com)
http://195.176.255.152/images01/21/s_058bd92d8002c5e223520538d0c9fb14.jpg (c1.ac-images.myspacecdn.com)
http://195.176.255.152/images02/127/s_af5b7483e8ac4bb6893746a270ee0bf0.jpg (c1.ac-images.myspacecdn.com)
http://195.176.255.143/images02/20/s_35065c2cc3744e958ffaab7ac9d20c42.jpg (c3.ac-images.myspacecdn.com)
http://195.176.255.143/images02/138/s_10efa1def4204259a5f90c19ae61945e.jpg (c3.ac-images.myspacecdn.com)
http://195.176.255.143/images02/90/s_2281068d0091441abab345c8196727fe.jpg (c3.ac-images.myspacecdn.com)
http://195.176.255.143/images02/152/s_4530853d640148a3885528c98f78cd6a.jpg (c3.ac-images.myspacecdn.com)
http://195.176.255.143/images02/69/s_e5a7e62c20a744b6ad5779bdcf8c690a.jpg (c3.ac-images.myspacecdn.com)
http://195.176.255.143/images02/132/s_0e93c8e0649644dea09d3cdb218dd686.jpg (c3.ac-images.myspacecdn.com)
http://195.176.255.143/images02/64/s_0a904876f3b9434eb4d7306295645236.jpg (c3.ac-images.myspacecdn.com)
http://195.176.255.152/images02/139/s_58e46a30d2454540a0025b284cf66cc8.jpg (c1.ac-images.myspacecdn.com)
http://195.176.255.152/images02/68/s_fd5eaefb8c824667bb2cd507e8781040.jpg (c1.ac-images.myspacecdn.com)
http://195.176.255.152/images02/54/s_37a652449d0f468daa70346cd00b7fe0.jpg (c1.ac-images.myspacecdn.com)
http://195.176.255.152/images02/111/s_51e97ec5e4bb4724aedf659a9e4b28f0.jpg (c1.ac-images.myspacecdn.com)
http://195.176.255.152/images02/150/s_136b004f3b4243b7a4453acecbb8ec04.png (c1.ac-images.myspacecdn.com)
http://195.176.255.152/images02/82/s_fee1485b04844572b2480bae56e1b508.jpg (c1.ac-images.myspacecdn.com)
http://195.176.255.145/images02/15/s_ff0fde3fec1f4e7ba9acf7acf0f52e4d.jpg (c4.ac-images.myspacecdn.com)
http://195.176.255.145/images02/149/s_6bb3dfe14ef84191a14b3387176dc819.jpg (c4.ac-images.myspacecdn.com)
http://195.176.255.145/images02/91/s_be133d837cf44c58a41e51cb1f726a81.jpg (c4.ac-images.myspacecdn.com)
http://195.176.255.145/images01/75/s_bc9ab76bee83e370d12c4cf64251d5a1.jpg (c4.ac-images.myspacecdn.com)
http://195.176.255.145/images02/151/s_885bb7f400754499b0518f011a039611.jpg (c4.ac-images.myspacecdn.com)
http://195.176.255.145/images02/150/s_cfd4beaaa8ad4de885c43a1326001139.jpg (c4.ac-images.myspacecdn.com)
http://195.176.255.145/images02/143/s_ad30e175c919445eb860bdb6a25bf91d.jpg (c4.ac-images.myspacecdn.com)
http://195.176.255.145/images02/121/s_d4cef859f73c444bb49667eb2ede32d9.jpg (c4.ac-images.myspacecdn.com)
http://63.135.86.21/adopt/?r=h&l=24000000&pos=skyscraper&rnd=621041280 (desk.opt.fimserve.com)
http://63.135.86.25/adopt/?r=h&l=24000000&pos=leaderboard&rnd=621041280 (delb.opt.fimserve.com)
http://74.125.39.149/adj/N5295.6393.3955993006621/B4724181.2;sz=160×600;click=http://desk.opt.fimserve.com/lnk/?ek=AFGmG1zHKhSkvDMmHQhPHolhwo1jmt9x7Gn8k_jkwScAJnThDexr5v-GlD0l1EP45dvQfJcVveFkL9MJ59iLCCl55omVsY4QrxjqXKwlNtMAUB7b_pcZQWxpi2Lj2XLoiz2EmzducNDMJFvV3051KRrRzPdftnymj8pr-N-R7f5qMxnI6YDuZZigfb0bpIHUaovZq3fUrQAViyYFsedbVqHIv1sYDWuwjQYKNI8yGGY6cPvdC6zCBXnNFlt5ytlTab7-NjOtSeqlQp8hvyGESqAhref=;ord=1283554049218? (ad.doubleclick.net)
http://194.117.224.90/addyn%7C3.0%7C1009%7C2320049%7C0%7C225%7CADTECH;loc=100;target=_blank;AdId=5234743;BnId=-1;;misc=1283554049386;rdclick=http://delb.opt.fimserve.com/lnk/?ek=ANr9UEW-hdPn31GmAUGMB1QZC72es1V4L9LexXMCTna1PssvIJR9Lzk0E1ZMQugjNB5KPaVccMUlK6s2xdZCxgq4dh10YyRq6S4VfHyVDZuKy8MGzGktz71YS5EavEvIgSmyprLXHmRQmCQwG16Spf4vgq-QzIve24ZRvD2mCXerSCk8LqKaSJ4wEzwHb3HzayJcnKFqvQ4zGrWAfhs4pW1qqeKuTUUdNwzMtPIoaQWEaJG3FsTBwjKAtNzUT3uEcTPrgwmt-SaI5yPqHq_WUgYhref= (adserver.adtech.de)
http://194.117.224.90/addyn%7C3.0%7C1009%7C2320049%7C0%7C225%7CADTECH;cfp=1;rndc=128355404;loc=100;target=_blank;AdId=5234743;BnId=-1;;misc=1283554049386;rdclick=http://delb.opt.fimserve.com/lnk/?ek=ANr9UEW-hdPn31GmAUGMB1QZC72es1V4L9LexXMCTna1PssvIJR9Lzk0E1ZMQugjNB5KPaVccMUlK6s2xdZCxgq4dh10YyRq6S4VfHyVDZuKy8MGzGktz71YS5EavEvIgSmyprLXHmRQmCQwG16Spf4vgq-QzIve24ZRvD2mCXerSCk8LqKaSJ4wEzwHb3HzayJcnKFqvQ4zGrWAfhs4pW1qqeKuTUUdNwzMtPIoaQWEaJG3FsTBwjKAtNzUT3uEcTPrgwmt-SaI5yPqHq_WUgYhref= (adserver.adtech.de)
http://212.201.100.169/modules/common/static/js/jquery/tracking/tynt_zcvgeagv.js?user=bjNOt4bfyr35kFadbiUt4I&lang=de (js.myspacecdn.com)
http://212.201.100.169/modules/common/static/js/atlas/quickpost_ujzxjul0.js (js.myspacecdn.com)
http://67.202.66.205/b/p?id=bjNOt4bfyr35kFadbiUt4I&ts=1283554051625&t=MySpace (p.ic.tynt.com)
http://74.125.43.148/879366/flashwrite_1_2.js (s0.2mdn.net)
http://74.125.43.148/2845482/ChromeLaunch_GeneralA_Button1_160x600.gif (s0.2mdn.net)
http://217.110.110.231/ppv/?15488103C2042543199 (ad.zanox.com)
http://92.51.186.44/ads/conbanner_bild1.php?cat=bild_bildbanner&w=728&h=90&zanox_tracking_host=http://ad.zanox.com/ppc/&zanox_tracking_param=15488103C2042543199%26ULP (www.ad4mat.de)
http://92.51.186.44/ads/admin/img_ad4mat/NAVI_ex_12x90_li.gif (www.ad4mat.de)
http://92.51.186.44/ads/img/bg_728x90_bild1.png (www.ad4mat.de)
http://92.51.186.44/ads/banner_data.php?size=728_90&new=true&gparam=15488103C2042543199&ULP&ghost=http://ad.zanox.com/ppc/&zid=738&pos=normal&zpar4=728_90&spez=&anz=680&son=false (www.ad4mat.de)
http://92.51.186.44/ads/admin/bg_trans_kl.png (www.ad4mat.de)
http://92.51.186.44/ads/admin/img_formate/pic_120x120/neckermann-50euro-wohnen_120x120.jpg (www.ad4mat.de)
http://92.51.186.44/ads/admin/img_ad4mat/NAVI_int_17x12_normal_li.gif (www.ad4mat.de)
http://92.51.186.44/ads/redir.php?nurl=aHR0cDovL2FkLnphbm94LmNvbS90cHYvPzE1NDg4MTAzQzIwNDI1NDMxOTkmVUxQPWh0dHA6Ly9hZC56YW5veC5jb20vdHB2Lz8xMzcwNTkyM0M4ODExMTQzMjhTMTU0ODgxMDNUJnpwYXIwPTczOF8xXzcyOHg5MF8zNjBfcHZjX215c3BhY2UtanVuaS03Mjh4OTAtMg== (www.ad4mat.de)
http://92.51.186.44/ads/admin/img_ad4mat/NAVI_int_17x12_normal_re.gif (www.ad4mat.de)
http://92.51.186.44/ads/admin/img_formate/pic_120x120/neckermann-kids_120x120.jpg (www.ad4mat.de)
http://217.110.110.231/ppv/images/onepixel.gif (ad.zanox.com)
http://217.110.110.231/tpv/?15488103C2042543199&ULP=http://ad.zanox.com/tpv/?13705923C881114328S15488103T&zpar0=738_1_728x90_360_pvc_myspace-juni-728×90-2 (ad.zanox.com)
http://217.110.110.231/tpv/?13705923C881114328S15488103T&zpar0=738_1_728x90_360_pvc_myspace-juni-728×90-2&zanpid=15488103C2042543199T1412932067175584768 (ad.zanox.com)
http://92.51.186.44/ads/admin/img_ad4mat/NAVI_ex_12x90_re.gif (www.ad4mat.de)
http://92.51.186.44/ads/banner_data.php?size=728_90&new=true&gparam=15488103C2042543199&ULP&ghost=http://ad.zanox.com/ppc/&zid=738&pos=normal&zpar4=728_90&spez=&anz=543&son=true (www.ad4mat.de)
http://92.51.186.44/ads/banner_data.php?size=728_90&new=true&gparam=15488103C2042543199&ULP&ghost=http://ad.zanox.com/ppc/&zid=738&pos=normal&zpar4=728_90&spez=&anz=580&son=false (www.ad4mat.de)
http://92.51.186.44/ads/admin/img_formate/pic_80x80/neckermann-iconct-80×80.gif (www.ad4mat.de)
http://212.201.100.169/modules/common/static/js/atlas/richtexteditor_uvm5sqtf.js (js.myspacecdn.com)
http://195.189.244.31/acs/public/zanox/pixel.mb1?bfinfo=13705923C881114328S15488103T1412932068031222784&subsite=13705923C881114328S15488103T1412932068031222784 (acs.neckermann.de)

Outgoing connection to remote server: browseusers.myspace.com TCP port 80
Outgoing connection to remote server: browseusers.myspace.com TCP port 80
Outgoing connection to remote server: x.myspacecdn.com TCP port 80
Outgoing connection to remote server: x.myspacecdn.com TCP port 80
Outgoing connection to remote server: myspace.ivwbox.de TCP port 80
Outgoing connection to remote server: myspace.ivwbox.de TCP port 80
Outgoing connection to remote server: www.google-analytics.com TCP port 80
Outgoing connection to remote server: js.myspacecdn.com TCP port 80
Outgoing connection to remote server: js.myspacecdn.com TCP port 80
Outgoing connection to remote server: myspace.ivwbox.de TCP port 80
Outgoing connection to remote server: qs.ivwbox.de TCP port 80
Outgoing connection to remote server: pagead2.googlesyndication.com TCP port 80
Outgoing connection to remote server: 74.125.43.164 TCP port 80
Outgoing connection to remote server: googleads.g.doubleclick.net TCP port 80
Outgoing connection to remote server: pagead2.googlesyndication.com TCP port 80
Outgoing connection to remote server: 74.125.43.165 TCP port 80
Outgoing connection to remote server: 74.125.43.167 TCP port 80
Outgoing connection to remote server: c3.ac-images.myspacecdn.com TCP port 80
Outgoing connection to remote server: c4.ac-images.myspacecdn.com TCP port 80
Outgoing connection to remote server: c4.ac-images.myspacecdn.com TCP port 80
Outgoing connection to remote server: c1.ac-images.myspacecdn.com TCP port 80
Outgoing connection to remote server: c3.ac-images.myspacecdn.com TCP port 80
Outgoing connection to remote server: c1.ac-images.myspacecdn.com TCP port 80
Outgoing connection to remote server: c4.ac-images.myspacecdn.com TCP port 80
Outgoing connection to remote server: c4.ac-images.myspacecdn.com TCP port 80
Outgoing connection to remote server: desk.opt.fimserve.com TCP port 80
Outgoing connection to remote server: delb.opt.fimserve.com TCP port 80
Outgoing connection to remote server: ad.doubleclick.net TCP port 80
Outgoing connection to remote server: adserver.adtech.de TCP port 80
Outgoing connection to remote server: js.myspacecdn.com TCP port 80
Outgoing connection to remote server: p.ic.tynt.com TCP port 80
Outgoing connection to remote server: s0.2mdn.net TCP port 80
Outgoing connection to remote server: s0.2mdn.net TCP port 80
Outgoing connection to remote server: ad.zanox.com TCP port 80
Outgoing connection to remote server: www.ad4mat.de TCP port 80
Outgoing connection to remote server: ad.zanox.com TCP port 80
Outgoing connection to remote server: ad.zanox.com TCP port 80
Outgoing connection to remote server: www.ad4mat.de TCP port 80
Outgoing connection to remote server: js.myspacecdn.com TCP port 80
Outgoing connection to remote server: acs.neckermann.de TCP port 80DNS Lookup
Host Name     IP Address
dell-d3e62f7e26     10.1.6.2
astro.ic.ac.uk     155.198.204.78
ale.pakibili.com   
ds.phoenix-cc.net     73.189.49.211
versatek.com     74.86.204.212
205.234.231.194     205.234.231.194
journalofaccountancy.com     64.154.62.195
transnationale.org     85.31.209.210
mas.0730ip.com     98.131.244.109
stayontime.info     42.247.18.99
www.shearman.com     167.68.29.184
insidehighered.com     69.20.66.11
ate.lacoctelera.net     89.17.206.141
websitetrafficspy.com     80.237.246.184
qun.51.com     114.80.89.36
summer-uni-sw.eesp.ch     193.134.218.137
shopstyle.com     74.201.151.180
xxx.stopklatka.pl   
unclefed.com     209.50.238.18
mcsp.lvengine.com     82.102.28.113
deirdremccloskey.org     208.97.185.176
journals.lww.com     160.109.108.154
174.37.200.82     174.37.200.82

Download URLs
http://174.37.200.82/index.php (174.37.200.82)

C&C Server: 205.234.231.194:1234
Server Password:
Username: XP-5361
Nickname: NEW-[DEU|00|P|02370]
Channel: #!nn! (Password: test)
Channeltopic: :.m.s|.m.e Foto 😀 http://www.msn-images.com/image_id.php?=
C&C Server: 205.234.231.194:1234
Server Password:
Username: XP-0269
Nickname: [DEU|00|P|60681]
Channel: #!nn! (Password: test)
Channeltopic: :.m.s|.m.e Foto 😀 http://www.msn-images.com/image_id.php?=

Categories: Uncategorized