Remote Host Port Number 213.155.29.56 6667 PASS (SelamS234) NICK {NEW}[USA][XP-SP2]981503 USER 7657 “” “lol” :7657 JOIN #1111 Registry Modifications * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + Windows Firewall = “%Temp%lsass.exe” so that lsass.exe runs every time Windows starts o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun] + Windows Firewall = “%Temp%lsass.exe” so that lsass.exe runs every time WindowsRead more...
server2.net2streams.com(botnet hosted with United States Miami Fdcservers.net)
Remote Host Port Number 112.78.112.208 80 218.85.133.201 80 76.73.99.66 6682 PASS laorosr MODE #! -ix MODE #Ma -ix USER SP2-866 * 0 :COMPUTERNAME MODE [N00_USA_XP_6447899] @ -ix MODE #dpi -ix Other details * The following ports were open in the system: Port Protocol Process 1052 TCP cwdrive32.exe (%Windir%cwdrive32.exe) 1054 TCP cwdrive32.exe (%Windir%cwdrive32.exe) 2058 TCP cwdrive32.exeRead more...
host1.fltaxappealtoday.com(botnet hosted with United States Woodstock Fdcservers.net)
Remote Host Port Number 112.78.112.208 80 218.85.133.201 80 204.45.74.106 6682 PASS laorosr MODE #! -ix MODE #Ma -ix USER SP2-650 * 0 :COMPUTERNAME MODE [N00_USA_XP_3831042] @ -ix MODE #dpi -ix Other details * The following ports were open in the system: Port Protocol Process 1054 TCP cwdrive32.exe (%Windir%cwdrive32.exe) 1056 TCP cwdrive32.exe (%Windir%cwdrive32.exe) 1782 TCP cwdrive32.exeRead more...
bleedmachine.dyndns.org(undernet heckers)
DNS Lookup Host Name IP Address bleedmachine.dyndns.org 82.113.145.98 Lelystad.NL.EU.UnderNet.Org 195.47.220.2 Helsinki.FI.EU.Undernet.Org 195.197.175.21 mue-88-130-0-202.dsl.tropolys.de 88.130.0.202 Opened listening TCP connection on port: 113 C&C Server: 82.113.145.98:6667 Server Password: Username: bleed Nickname: catd Channel: (Password: ) Channeltopic: Outgoing connection to remote server: Lelystad.NL.EU.UnderNet.Org TCP port 6667 Outgoing connection to remote server: Lelystad.NL.EU.UnderNet.Org TCP port 6667 C&C Server: 195.197.175.21:6667Read more...
server1.beetrootmusic.com(botnet hosted with United States Chicago Hostforweb Inc)
Remote Host Port Number 216.178.38.224 80 216.178.39.11 80 64.208.241.41 80 66.225.241.182 2345 PASS xxx JOIN #!gf! test MODE NEW-[USA|00|P|39547] -ix PONG 22 MOTD NICK NEW-[USA|00|P|39547] USER XP-2882 * 0 :COMPUTERNAME * The data identified by the following URLs was then requested from the remote web server: o http://browseusers.myspace.com/Browse/Browse.aspx o http://www.myspace.com/browse/people o http://www.myspace.com/help/browserunsupported o http://x.myspacecdn.com/modules/splash/static/img/cornersSheet.png oRead more...
unknown.hostforweb.com(botnet hosted with United States Chicago Hostforweb Inc)
Remote Host Port Number 174.37.200.82 80 63.135.80.224 80 63.135.80.46 80 64.208.241.27 80 66.220.149.25 80 64.202.107.109 1234 PASS xxx JOIN #!nn! test MODE NEW-[USA|00|P|82252] -ix PONG 22 MOTD NICK NEW-[USA|00|P|82252] USER XP-0038 * 0 :COMPUTERNAME * The data identified by the following URLs was then requested from the remote web server: o http://174.37.200.82/index.php o http://browseusers.myspace.com/Browse/Browse.aspx oRead more...
leaf.15781.com(botnet hosted with United States Lancaster Comcast Business Communications Inc)
Resolved : [leaf.15781.com] To [174.137.125.78] Remote Host Port Number 173.163.15.116 9595 PASS prison 204.13.248.70 80 72.233.89.199 80 NICK {00-USA-XP-COMP-7851} PONG leaf.15781.com NICK {iNF-00-USA-XP-COMP-3925} USER MEAT * 0 :COMP JOIN ###mini Now talking in ###mini Topic By: [ pe[ro ] Modes On: [ ###mini ] [ +smntu ] Now talking in ###USA Topic On: [ ###USARead more...
nice.niceshot.in(botnet hosted with United States Atlanta Global Net Access Llc)
DNS Lookup Host Name IP Address dell-d3e62f7e26 10.1.9.2 nice.niceshot.in 207.210.96.152 C&C Server: 207.210.96.152:6567 Server Password: Username: XP-9009 Nickname: [SI|DEU|00|P|70534] Channel: #cuchi# (Password: c1rc0dus0leil) Channeltopic: C&C Server: 207.210.96.152:6567 Server Password: Username: XP-4274 Nickname: [SI|DEU|00|P|34816] Channel: #cuchi# (Password: c1rc0dus0leil) Channeltopic: Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “Service ares” = conmysys.exe HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTerminal ServerInstallSoftwareMicrosoftWindowsCurrentVersionRunRead more...
nvps.michelle.com(Burimi big hecker ddosing SnK also hecker)
Remote Host Port Number 209.236.69.47 81 NOTICE IRC : V3RS10N 15D3v1Lz Sp 14yB0t M0d3d A nd C0d3d By 14sNo0p_Do0g For 15D3v1Lz T34m PRIVMSG #spy : winhostmanager.net P: 22 D: 150 T:1500. L3ts Th3 D3v1Lz W0rk! T1ll H3 G3t D1sc0nn3ct3d. JOIN #Spy Spy MODE UserName85 +i MODE #spy +ntusMm x1x4x0.net P: 5500 D: 150 T:1500. L3tsRead more...
img1.alyoy.in(malware hosted with United States Missoula Sharktech Internet Services)
DNS Lookup Host Name IP Address img1.alyoy.in 70.39.100.4 70.39.100.4 70.39.100.4 0 127.0.0.1 UDP Connections Remote IP Address: 127.0.0.1 Port: 1037 Send Datagram: 113 packet(s) of size 1 Recv Datagram: 113 packet(s) of size 1 Download URLs http://70.39.100.4/img/img.txt (img1.alyoy.in) http://70.39.100.4/img/YdtaOeu0lfMm1.exe (img1.alyoy.in) Outgoing connection to remote server: img1.alyoy.in TCP port 61688 Outgoing connection to remote server: img1.alyoy.inRead more...