– DNS Queries: Name Query Type Query Result Successful Protocol x1x4x0.net DNS_TYPE_A 216.246.124.50 YES udp winhostmanager.net DNS_TYPE_A 127.0.0.1 YES udp winupdatecontrol.net DNS_TYPE_A 216.246.124.50 YES udp Remote Host Port Number 216.246.124.50 5500 NICK |US|INF|12|6|55|737| USER 55768 |US|.com 216.246.124.50 :55768 |US| PONG :422 JOIN #win# PONG :leaf1.not.found Now talking in #win# Topic On: [ #win# ] [Read more...
cdnews2010.com(malware hosted with Brazil Comite Gestor Da Internet No Brasil)
DNS Lookup Host Name IP Address cdnews2010.com 187.17.98.13 Download URLs http://187.17.98.13/cpic1.jpg (cdnews2010.com) http://187.17.98.13/cpic2.jpg (cdnews2010.com) http://187.17.98.13/cpic3.jpg (cdnews2010.com) http://187.17.98.13/cpic4.jpg (cdnews2010.com) Outgoing connection to remote server: cdnews2010.com TCP port 80 Outgoing connection to remote server: cdnews2010.com TCP port 80 Outgoing connection to remote server: cdnews2010.com TCP port 80 Outgoing connection to remote server: cdnews2010.com TCP port 80 RegistryRead more...
rockets.dynalias.com(botnet hosted with Thailand Bangkok Truehisp)
DNS Lookup Host Name IP Address rockets.dynalias.com 210.213.57.189 Lelystad.NL.EU.UnderNet.Org 195.47.220.2 mue-88-130-45-099.dsl.tropolys.de 88.130.45.99 Helsinki.FI.EU.Undernet.Org 195.197.175.21 Opened listening TCP connection on port: 113 C&C Server: 210.213.57.189:6667 Server Password: Username: love Nickname: :tigerk Channel: #spam (Password: ) Channeltopic: Outgoing connection to remote server: Lelystad.NL.EU.UnderNet.Org TCP port 6667 C&C Server: 195.197.175.21:6667 Server Password: Username: bad Nickname: fuckeru Channel: (Password:Read more...
durrhurrhurr.no-ip.info(RAT hosted on his own home lol United States Alexandria Cox Communications)
DNS Lookup Host Name IP Address durrhurrhurr.no-ip.info 98.169.249.22 Outgoing connection to remote server: durrhurrhurr.no-ip.info TCP port 3083 Outgoing connection to remote server: durrhurrhurr.no-ip.info TCP port 3083 Outgoing connection to remote server: durrhurrhurr.no-ip.info TCP port 3083 Outgoing connection to remote server: durrhurrhurr.no-ip.info TCP port 308 Registry Changes by all processes Create or Open Changes HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “AudioService.exe”Read more...
yourfree.servebeer.com(botnet hosted with Russian Federation Iqhost Ltd)
DNS Lookup Host Name IP Address yourfree.servebeer.com 193.106.173.129 www.ip2location.com 70.86.96.219 Download URLs http://70.86.96.219/ (www.ip2location.com) http://70.86.96.219/ (www.ip2location.com) http://70.86.96.219/ (www.ip2location.com) C&C Server: 193.106.173.129:1338 Server Password: Username: DIX Nickname: [New|XP|x86|DE|3283] Channel: #AdminsLOL# (Password: ) Channeltopic: Outgoing connection to remote server: www.ip2location.com TCP port 80 Outgoing connection to remote server: www.ip2location.com TCP port 80 Outgoing connection to remote server:Read more...
server-178.211.56.105.as42926.net(botnet hosted with Turkey Radore Hosting Telekomunikasyon Hizmetleri San. Ve Tic. Ltd. Sti)
Remote Host Port Number 178.211.56.105 81 NICK [N00_USA_XP_8963745] USER SP2-381 * 0 :COMPUTERNAME MODE [N00_USA_XP_8963745] @ -ix JOIN #w MODE #w -ix PONG log.in.sys Other details * The following port was open in the system: Port Protocol Process 1052 TCP BSwBT.exe (%System%driversBSwBT.exe) Registry Modifications * The following Registry Keys were created: o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerRunRead more...
unknown.hostforweb.com(hosted with United States Chicago Hostforweb Inc)
Remote Host Port Number 174.37.200.82 80 216.178.39.11 80 63.135.80.224 80 64.211.162.72 80 66.220.158.11 80 64.202.107.109 1234 PASS xxx NICK NEW-[USA|00|P|50950] USER XP-8403 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|50950] -ix JOIN #!nn! test PONG 22 MOTD Other details The following ports were open in the system: Port Protocol Process 1061 TCP nvsvc32.exe (%Windir%nvsvc32.exe) 1062 TCP nvsvc32.exe (%Windir%nvsvc32.exe)Read more...
205.234.174.55(botnet hosted with United States Chicago Hostforweb Inc)
Remote Host Port Number 174.37.200.82 80 63.135.80.224 80 63.135.80.46 80 64.208.241.41 80 66.220.149.11 80 205.234.174.55 1234 PASS xxx NICK NEW-[USA|00|P|00910] USER XP-2112 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|00910] -ix JOIN #!nn! test PONG 22 MOTD Other details The following ports were open in the system: Port Protocol Process 1058 TCP nvsvc32.exe (%Windir%nvsvc32.exe) 1059 TCP nvsvc32.exe (%Windir%nvsvc32.exe)Read more...
www.floressencechehuan.com.br(Spy Eye hosted with Brazil Comite Gestor Da Internet No Brasil)
DNS Lookup Host Name IP Address www.floressencechehuan.com.br www.floressencechehuan.com.br 201.33.17.118 Download URLs http://201.33.17.118/topo.jpg (www.floressencechehuan.com.br) Outgoing connection to remote server: www.floressencechehuan.com.br TCP port 80 Registry Changes by all processes Create or Open Changes Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionFontSubstitutes “MS Shell Dlg 2” HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS” HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey” HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey” HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext” HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIMM “Ime File” HKEY_CURRENT_USERSoftwareMicrosoftCTFRead more...
rtopotr.com(SecurityEssentialFraud hosted with Ukraine Hosting Service tirexhost.com)
DNS Lookup Host Name IP Address 0 127.0.0.1 rtopotr.com rtopotr.com 91.217.162.174 UDP Connections Remote IP Address: 127.0.0.1 Port: 1053 Send Datagram: 2 packet(s) of size 1 Recv Datagram: 2 packet(s) of size 1 Download URLs http://91.217.162.174/inst.php?id=minor_38 (rtopotr.com) Outgoing connection to remote server: rtopotr.com TCP port 80 Registry Changes by all processes Create or Open ChangesRead more...