Category: Uncategorized

rockets.dynalias.com(botnet hosted with Thailand Bangkok Truehisp)

Uncategorized

DNS Lookup Host Name IP Address rockets.dynalias.com 210.213.57.189 Lelystad.NL.EU.UnderNet.Org 195.47.220.2 mue-88-130-45-099.dsl.tropolys.de 88.130.45.99 Helsinki.FI.EU.Undernet.Org 195.197.175.21 Opened listening TCP connection on port: 113 C&C Server: 210.213.57.189:6667 Server Password: Username: love Nickname: :tigerk Channel: #spam (Password: ) Channeltopic: Outgoing connection to remote server: Lelystad.NL.EU.UnderNet.Org TCP port 6667 C&C Server: 195.197.175.21:6667 Server Password: Username: bad Nickname: fuckeru Channel: (Password:Read more...

durrhurrhurr.no-ip.info(RAT hosted on his own home lol United States Alexandria Cox Communications)

Uncategorized

DNS Lookup Host Name IP Address durrhurrhurr.no-ip.info 98.169.249.22 Outgoing connection to remote server: durrhurrhurr.no-ip.info TCP port 3083 Outgoing connection to remote server: durrhurrhurr.no-ip.info TCP port 3083 Outgoing connection to remote server: durrhurrhurr.no-ip.info TCP port 3083 Outgoing connection to remote server: durrhurrhurr.no-ip.info TCP port 308 Registry Changes by all processes Create or Open Changes HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “AudioService.exe”Read more...

yourfree.servebeer.com(botnet hosted with Russian Federation Iqhost Ltd)

Uncategorized

DNS Lookup Host Name IP Address yourfree.servebeer.com 193.106.173.129 www.ip2location.com 70.86.96.219 Download URLs http://70.86.96.219/ (www.ip2location.com) http://70.86.96.219/ (www.ip2location.com) http://70.86.96.219/ (www.ip2location.com) C&C Server: 193.106.173.129:1338 Server Password: Username: DIX Nickname: [New|XP|x86|DE|3283] Channel: #AdminsLOL# (Password: ) Channeltopic: Outgoing connection to remote server: www.ip2location.com TCP port 80 Outgoing connection to remote server: www.ip2location.com TCP port 80 Outgoing connection to remote server:Read more...

server-178.211.56.105.as42926.net(botnet hosted with Turkey Radore Hosting Telekomunikasyon Hizmetleri San. Ve Tic. Ltd. Sti)

Uncategorized

Remote Host Port Number 178.211.56.105 81 NICK [N00_USA_XP_8963745] USER SP2-381 * 0 :COMPUTERNAME MODE [N00_USA_XP_8963745] @ -ix JOIN #w MODE #w -ix PONG log.in.sys Other details * The following port was open in the system: Port Protocol Process 1052 TCP BSwBT.exe (%System%driversBSwBT.exe) Registry Modifications * The following Registry Keys were created: o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerRunRead more...

unknown.hostforweb.com(hosted with United States Chicago Hostforweb Inc)

Uncategorized

Remote Host Port Number 174.37.200.82 80 216.178.39.11 80 63.135.80.224 80 64.211.162.72 80 66.220.158.11 80 64.202.107.109 1234 PASS xxx NICK NEW-[USA|00|P|50950] USER XP-8403 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|50950] -ix JOIN #!nn! test PONG 22 MOTD Other details The following ports were open in the system: Port Protocol Process 1061 TCP nvsvc32.exe (%Windir%nvsvc32.exe) 1062 TCP nvsvc32.exe (%Windir%nvsvc32.exe)Read more...

205.234.174.55(botnet hosted with United States Chicago Hostforweb Inc)

Uncategorized

Remote Host Port Number 174.37.200.82 80 63.135.80.224 80 63.135.80.46 80 64.208.241.41 80 66.220.149.11 80 205.234.174.55 1234 PASS xxx NICK NEW-[USA|00|P|00910] USER XP-2112 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|00910] -ix JOIN #!nn! test PONG 22 MOTD Other details The following ports were open in the system: Port Protocol Process 1058 TCP nvsvc32.exe (%Windir%nvsvc32.exe) 1059 TCP nvsvc32.exe (%Windir%nvsvc32.exe)Read more...

www.floressencechehuan.com.br(Spy Eye hosted with Brazil Comite Gestor Da Internet No Brasil)

Uncategorized

DNS Lookup Host Name IP Address www.floressencechehuan.com.br www.floressencechehuan.com.br 201.33.17.118 Download URLs http://201.33.17.118/topo.jpg (www.floressencechehuan.com.br) Outgoing connection to remote server: www.floressencechehuan.com.br TCP port 80 Registry Changes by all processes Create or Open Changes Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionFontSubstitutes “MS Shell Dlg 2” HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS” HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey” HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey” HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext” HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIMM “Ime File” HKEY_CURRENT_USERSoftwareMicrosoftCTFRead more...

rtopotr.com(SecurityEssentialFraud hosted with Ukraine Hosting Service tirexhost.com)

Uncategorized

DNS Lookup Host Name IP Address 0 127.0.0.1 rtopotr.com rtopotr.com 91.217.162.174 UDP Connections Remote IP Address: 127.0.0.1 Port: 1053 Send Datagram: 2 packet(s) of size 1 Recv Datagram: 2 packet(s) of size 1 Download URLs http://91.217.162.174/inst.php?id=minor_38 (rtopotr.com) Outgoing connection to remote server: rtopotr.com TCP port 80 Registry Changes by all processes Create or Open ChangesRead more...

giuetuhje.com(Spy Eye hosted with China Daqing Daqing Software Center)

Uncategorized

giuetuhje.com giuetuhje.com 122.156.219.126 www.google.com www.google.com 209.85.148.106 Opened listening TCP connection on port: 17527Download URLs http://122.156.219.126/best/gwgw.img (giuetuhje.com) http://122.156.219.126/best/gwgw.img (giuetuhje.com) http://209.85.148.106/webhp (www.google.com) Outgoing connection to remote server: giuetuhje.com TCP port 80 Outgoing connection to remote server: giuetuhje.com TCP port 80 Outgoing connection to remote server: 122.227.108.26 TCP port 80 Outgoing connection to remote server: giuetuhje.com TCP portRead more...

79.103.31.60(botnet hostet with Greece Adsl Llu Pools)

Uncategorized

Remote Host Port Number 79.103.31.60 7000 NICK USA|98366 USER pmlaix 0 0 :USA|98366 NICK USA|65758 USER aarzwbc 0 0 :USA|65758 PONG :8D08D6EC JOIN #rz# rZr NICK USA|77249 USER cfmgjxv 0 0 :USA|77249 PONG :844AC46E NICK USA|78515 USER fixrl 0 0 :USA|78515 PONG :74E4C1F6 NICK USA|16716 USER yqwsb 0 0 :USA|16716 PONG :7A44D0C1 NICK USA|99792 USERRead more...