Remote Host Port Number 178.211.56.105 81 NICK [N00_USA_XP_8963745] USER SP2-381 * 0 :COMPUTERNAME MODE [N00_USA_XP_8963745] @ -ix JOIN #w MODE #w -ix PONG log.in.sys Other details * The following port was open in the system: Port Protocol Process 1052 TCP BSwBT.exe (%System%driversBSwBT.exe) Registry Modifications * The following Registry Keys were created: o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerRunRead more...
unknown.hostforweb.com(hosted with United States Chicago Hostforweb Inc)
Remote Host Port Number 174.37.200.82 80 216.178.39.11 80 63.135.80.224 80 64.211.162.72 80 66.220.158.11 80 64.202.107.109 1234 PASS xxx NICK NEW-[USA|00|P|50950] USER XP-8403 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|50950] -ix JOIN #!nn! test PONG 22 MOTD Other details The following ports were open in the system: Port Protocol Process 1061 TCP nvsvc32.exe (%Windir%nvsvc32.exe) 1062 TCP nvsvc32.exe (%Windir%nvsvc32.exe)Read more...
205.234.174.55(botnet hosted with United States Chicago Hostforweb Inc)
Remote Host Port Number 174.37.200.82 80 63.135.80.224 80 63.135.80.46 80 64.208.241.41 80 66.220.149.11 80 205.234.174.55 1234 PASS xxx NICK NEW-[USA|00|P|00910] USER XP-2112 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|00910] -ix JOIN #!nn! test PONG 22 MOTD Other details The following ports were open in the system: Port Protocol Process 1058 TCP nvsvc32.exe (%Windir%nvsvc32.exe) 1059 TCP nvsvc32.exe (%Windir%nvsvc32.exe)Read more...
www.floressencechehuan.com.br(Spy Eye hosted with Brazil Comite Gestor Da Internet No Brasil)
DNS Lookup Host Name IP Address www.floressencechehuan.com.br www.floressencechehuan.com.br 201.33.17.118 Download URLs http://201.33.17.118/topo.jpg (www.floressencechehuan.com.br) Outgoing connection to remote server: www.floressencechehuan.com.br TCP port 80 Registry Changes by all processes Create or Open Changes Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionFontSubstitutes “MS Shell Dlg 2” HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS” HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey” HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey” HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext” HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIMM “Ime File” HKEY_CURRENT_USERSoftwareMicrosoftCTFRead more...
rtopotr.com(SecurityEssentialFraud hosted with Ukraine Hosting Service tirexhost.com)
DNS Lookup Host Name IP Address 0 127.0.0.1 rtopotr.com rtopotr.com 91.217.162.174 UDP Connections Remote IP Address: 127.0.0.1 Port: 1053 Send Datagram: 2 packet(s) of size 1 Recv Datagram: 2 packet(s) of size 1 Download URLs http://91.217.162.174/inst.php?id=minor_38 (rtopotr.com) Outgoing connection to remote server: rtopotr.com TCP port 80 Registry Changes by all processes Create or Open ChangesRead more...
giuetuhje.com(Spy Eye hosted with China Daqing Daqing Software Center)
giuetuhje.com giuetuhje.com 122.156.219.126 www.google.com www.google.com 209.85.148.106 Opened listening TCP connection on port: 17527Download URLs http://122.156.219.126/best/gwgw.img (giuetuhje.com) http://122.156.219.126/best/gwgw.img (giuetuhje.com) http://209.85.148.106/webhp (www.google.com) Outgoing connection to remote server: giuetuhje.com TCP port 80 Outgoing connection to remote server: giuetuhje.com TCP port 80 Outgoing connection to remote server: 122.227.108.26 TCP port 80 Outgoing connection to remote server: giuetuhje.com TCP portRead more...
79.103.31.60(botnet hostet with Greece Adsl Llu Pools)
Remote Host Port Number 79.103.31.60 7000 NICK USA|98366 USER pmlaix 0 0 :USA|98366 NICK USA|65758 USER aarzwbc 0 0 :USA|65758 PONG :8D08D6EC JOIN #rz# rZr NICK USA|77249 USER cfmgjxv 0 0 :USA|77249 PONG :844AC46E NICK USA|78515 USER fixrl 0 0 :USA|78515 PONG :74E4C1F6 NICK USA|16716 USER yqwsb 0 0 :USA|16716 PONG :7A44D0C1 NICK USA|99792 USERRead more...
java.KUTLUFAMILY.COM(botnet hosted with Turkey Radore Hosting Telekomunikasyon Hizmetleri San. Ve Tic. Ltd. Sti)
– DNS Queries: Name Query Type Query Result Successful Protocol java.kutlufamily.com DNS_TYPE_A 178.211.56.105 178.211.56.104 www.pr0.net DNS_TYPE_A 74.206.242.164 YES udp Resolved : [java.KUTLUFAMILY.COM] To [178.211.56.104] Resolved : [java.KUTLUFAMILY.COM] To [178.211.56.105] Remote Host Port Number 178.211.56.104 81 74.206.242.164 80 NICK [N00_USA_XP_2259315]( PRIVMSG [N00_USA_XP_2259 @ :scan; Sequential Port Scan started on 174.133.89.0:445 with a delay of 5 secondsRead more...
www.myrouji.com(malware hosted with United States Pasadena Cnlink Networks Inc)
– DNS Queries: Name Query Type Query Result Successful Protocol www.myrouji.com DNS_TYPE_A 74.126.183.34 1 – Unknown TCP Traffic: 74.126.183.34:8883 State: Connection established, not terminated – Transferred outbound Bytes: 160 – Transferred inbound Bytes: 22 Data sent: 4768 3073 74a0 0000 00e0 0000 0078 9c4b Gh0st……..x.K 8bf6 669e c3c0 c0c0 0ac4 8c40 acc1 c5c0 ..f……..@…. c004Read more...
update2.helohmar.com(buterfly bot hosted with United Kingdom Didjief Internation Kulinari Koncept Llc)
DNS Lookup Host Name IP Address ms.allnewdots.com 208.53.131.135 ircd here PASS laorosr NCIK [N00_USA_XP_2598789].ç@ USER SP3-191 * 0 :EXPERIEN-9DF758 :hub.us.com 001 [N00_USA_XP_2598789]___ :us, [N00_USA_XP_2598789]___!SP3-191@host81-141-83-239.wlms-broadband.com : :hub.us.com 005 [N00_USA_XP_2598789]___ :[N00_USA_XP_2598789]___!SP3-191@host81-141-83-239.wlms-broadband.com JOIN :#dpi :hub.us.com 332 [N00_USA_XP_2598789]___ #dpi :finito :hub.us.com 333 [N00_USA_XP_2598789]___ #dpi la 1291139776 :hub.us.com 353 [N00_USA_XP_2598789]___ @ #dpi :[N00_USA_XP_2598789]___ :hub.us.com 366 [N00_USA_XP_2598789]___ #dpi :End of /NAMESRead more...