 |
The BotHunter Community
Repository
Malware Attack Sources Found by BotHunter Users Visit: Botnet C&C Servers Found by BotHunter Users |
 |
|
When you run BotHunter
with its
auto-update service enabled, you are
not just receiving our latest malware threat intelligence to protect
your network. You are also contributing to our world-wide
knowledge
of where Botnet Command and Control (C&C) servers and bot-infected
clients live.
The data on
this website is supplied as is, without warranty of any kind. You may
NOT redistribute this data. Use or reliance on this data is at your own
risk.
|
||
90 Day View: Last Update: Mon Jun 17 12:02:29 2013
|
Attacker IP, City, Region, Country |
Domain/NetSpeed Servicer Provider |
Forensics |
Evindence Summary: Performed by the Botclient Victim (Attacker IP is the source of inbound exploits and egg downloads reported here) |
|
78.X.X.170 (SA)
RIYADH AR RIYAD SAUDI ARABIA |
- / DSL SEVEN EYES FOR MARKETING LTD |
High Details (1.5) 1 BotHunter Users 2 Infection Report 2013-05-02 to 2013-05-02 |
° 22009201(12): Inbound Attack - ET CURRENT_EVENTS Conficker.b Shellcode ° 2001685(10): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 3810008(5): Russian Business Network - ET Known Russian Business Network Monitored Domain ° 9920020(2): not found |
|
203.X.X.211 (TH)
BANGKOK KRUNG THEP THAILAND |
TOTBB.NET / COMP TOT PUBLIC COMPANY LIMITED |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-04-09 to 2013-04-09 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
37.X.X.112 (-)
- - - |
- / - - |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-04-09 to 2013-04-09 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
88.X.X.253 (RU)
- - RUSSIAN FEDERATION |
- / COMP INTERNET CENTER & CYBERCAFE |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-05-30 to 2013-05-30 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
80.X.X.190 (RO)
BUCHAREST BUCURESTI ROMANIA |
ARTELECOM.NET / DSL SC ARTELECOM SA |
High Details (1.9) 1 BotHunter Users 3 Infection Report 2013-04-14 to 2013-04-14 |
° 22514(3): not found ° 3300004(3): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777008(2): Malware Scan - Detected intense malware port scanning ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 22000032(1): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(1): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) |
|
94.X.X.104 (HU)
- - HUNGARY |
KABELNET.HU / DSL VIDANET CABLE TELEVISION PROVIDER LTD |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-06-02 to 2013-06-02 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
37.X.X.185 (-)
- - - |
- / - - |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-04-12 to 2013-04-12 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
222.X.X.194 (CN)
SHANGHAI SHANGHAI CHINA |
ONLINE.SH.CN / COMP CHINANET SHANGHAI PROVINCE NETWORK |
Moderate Details (1.3) 2 BotHunter Users 4 Infection Report 2013-04-22 to 2013-06-11 |
° 22514(2): not found ° 2000047(2): Egg Download - ET WORM Sasser Transfer _up.exe ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner |
|
46.X.X.111 (-)
- - - |
- / - - |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-04-06 to 2013-04-06 |
° 22514(1): not found ° 3300004(1): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port |
|
125.X.X.86 (ID)
- - INDONESIA |
TELKOM.NET.ID / DSL PT TELKOM INDONESIA |
Moderate Details (1.3) 1 BotHunter Users 2 Infection Report 2013-04-30 to 2013-04-30 |
° 22514(2): not found ° 2000047(2): Egg Download - ET WORM Sasser Transfer _up.exe ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner |
|
201.X.X.89 (VE)
CARACAS DISTRITO FEDERAL VENEZUELA, BOLIVARIAN REPUBLIC OF |
CANTV.NET / DSL CANTV SERVICIOS VENEZUELA |
High Details (1.4) 1 BotHunter Users 2 Infection Report 2013-04-28 to 2013-04-28 |
° 2001685(2): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009201(2): Inbound Attack - ET CURRENT_EVENTS Conficker.b Shellcode ° 9920020(1): not found |
|
220.X.X.178 (AU)
SYDNEY NEW SOUTH WALES AUSTRALIA |
OPTUSNET.COM.AU / DSL OPTUS INTERNET - RETAIL |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-06-09 to 2013-06-09 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
202.X.X.27 (BD)
DHAKA DHAKA BANGLADESH |
BDMAIL.NET / DSL BBN-BD |
Moderate Details (0.8) 2 BotHunter Users 2 Infection Report 2013-06-10 to 2013-06-12 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
81.X.X.244 (PL)
LUBLIN LUBELSKIE POLAND |
MM.PL / DSL MULTIMEDIA POLSKA S. A |
Maximum Details (2.5) 3 BotHunter Users 6 Infection Report 2013-06-10 to 2013-06-16 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
120.X.X.128 (-)
- - - |
- / - - |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-04-24 to 2013-04-24 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
92.X.X.223 (RO)
BUCHAREST BUCURESTI ROMANIA |
TELELINK-RO.COM / DSL ARTELECOM |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-05-18 to 2013-05-18 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
202.X.X.112 (JP)
OKAYAMA OKAYAMA JAPAN |
ONINET.NE.JP / DSL OKAYAMA NETWORK INC |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-04-25 to 2013-04-25 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
37.X.X.231 (-)
- - - |
- / - - |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-05-11 to 2013-05-11 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
82.X.X.219 (BG)
SOFIA GRAD SOFIYA BULGARIA |
- / DSL MULTI-SPEED |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-05-06 to 2013-05-06 |
° 22514(1): not found ° 3300004(1): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(1): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(1): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) |
|
46.X.X.14 (-)
- - - |
- / - - |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-06-01 to 2013-06-01 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
202.X.X.32 (JP)
OKAYAMA OKAYAMA JAPAN |
ONINET.NE.JP / DSL OKAYAMA NETWORK INC |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-05-25 to 2013-05-25 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
37.X.X.200 (-)
- - - |
- / - - |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-04-07 to 2013-04-07 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
24.X.X.190 (US)
CORPUS CHRISTI TEXAS UNITED STATES |
GRANDENETWORKS.NET / COMP GRANDE COMMUNICATIONS CORPUS CHRISTI HUB |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-05-15 to 2013-05-15 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
109.X.X.3 (UK)
- - UNITED KINGDOM |
JWS.COM / DSL EU-ZZ |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-04-13 to 2013-04-13 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
93.X.X.173 (PT)
- - PORTUGAL |
REV.OPTIMUS.PT / DSL OPTIMUS PORTUGAL |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-04-21 to 2013-04-21 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
92.X.X.207 (BG)
- - BULGARIA |
- / DSL BG-SPNET |
High Details (1.6) 1 BotHunter Users 6 Infection Report 2013-05-05 to 2013-05-05 |
° 2001685(10): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009201(10): Inbound Attack - ET CURRENT_EVENTS Conficker.b Shellcode ° 9910002(1): Bot Space Access - BOTHUNTER CURRENT_EVENTS Excessive NXDOMAIN responses by internal host |
|
109.X.X.33 (UK)
- - UNITED KINGDOM |
JWS.COM / DSL EU-ZZ |
Maximum Details (3.0) 1 BotHunter Users 4 Infection Report 2013-04-22 to 2013-04-22 |
° 22514(4): not found ° 3300004(4): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(4): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(4): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(2): Outbound Scan - Detected intense non-malware port scanning ° 7777008(2): Malware Scan - Detected intense malware port scanning ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 9920003(1): not found |
|
95.X.X.30 (TR)
ANKARA ANKARA TURKEY |
- / DSL TR-TELEKOM |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-04-23 to 2013-04-23 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
93.X.X.181 (PL)
WARSAW WARSZAWA POLAND |
MIKOLOW.NET / DSL MICONET |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-05-24 to 2013-05-24 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
70.X.X.174 (US)
COLUMBUS OHIO UNITED STATES |
RR.COM / DSL ROAD RUNNER HOLDCO LLC |
Moderate Details (1.3) 8 BotHunter Users 8 Infection Report 2013-04-09 to 2013-06-07 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
46.X.X.111 (-)
- - - |
- / - - |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-05-05 to 2013-05-05 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
200.X.X.58 (SV)
SAN SALVADOR SAN SALVADOR EL SALVADOR |
SALNET.NET / DSL EL SALVADOR NETWORK S. A |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-06-02 to 2013-06-02 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
37.X.X.211 (-)
- - - |
- / - - |
Maximum Details (3.0) 1 BotHunter Users 1 Infection Report 2013-04-30 to 2013-04-30 |
° 22514(1): not found ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 3300004(1): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
60.X.X.171 (JP)
SAPPORO HOKKAIDO JAPAN |
PLALA.OR.JP / DSL NTT PLALA INC |
Moderate Details (1.3) 1 BotHunter Users 2 Infection Report 2013-04-19 to 2013-04-19 |
° 22514(2): not found ° 2000047(2): Egg Download - ET WORM Sasser Transfer _up.exe ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner |
|
96.X.X.157 (US)
NEW BRAUNFELS TEXAS UNITED STATES |
GVTC.COM / DSL GUADALUPE VALLEY TELEPHONE COOPERATIVE INC |
Moderate Details (1.3) 7 BotHunter Users 7 Infection Report 2013-04-11 to 2013-06-15 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
178.X.X.23 (UK)
- - UNITED KINGDOM |
FINEBLANK.COM / DSL EU-ZZ |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-05-11 to 2013-05-11 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
37.X.X.176 (-)
- - - |
- / - - |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-06-03 to 2013-06-03 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
46.X.X.10 (-)
- - - |
- / - - |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-04-28 to 2013-04-28 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
69.X.X.20 (US)
TRACYS LANDING MARYLAND UNITED STATES |
CORETEL.NET / DIAL ONLINE GATEWAY INC. - OLG.COM |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-05-25 to 2013-05-25 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
67.X.X.225 (US)
VILLA PARK ILLINOIS UNITED STATES |
CIMCOISP.NET / DSL CIMCO COMMUNICATIONS INC |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-05-13 to 2013-05-13 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
5.X.X.66 (-)
- - - |
- / - - |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-02-17 to 2013-02-17 |
° 22514(1): not found ° 3300004(1): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port |
|
177.X.X.177 (-)
- - - |
- / - - |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-06-04 to 2013-06-04 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
204.X.X.0 (US)
PHOENIX ARIZONA UNITED STATES |
QWEST.NET / DSL QWEST BROADBAND SERVICES INC |
Maximum Details (3.2) 1 BotHunter Users 2 Infection Report 2013-06-16 to 2013-06-16 |
° 22466(2): not found ° 299913(2): Inbound Attack - ET SHELLCODE x86 0x90 unicode NOOP ° 3000003(2): not found ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 292000032(2): not found ° 2001683(1): Egg Download - ET MALWARE Windows executable sent when remote host claims to send an image ° 2003603(1): CandC Communication - ET TROJAN W32.Virut.A joining an IRC Channel ° 3000000(1): not found ° 3000014(1): not found |
|
24.X.X.71 (US)
WOODWAY TEXAS UNITED STATES |
GRANDENETWORKS.NET / DSL GRANDE COMMUNICATIONS WACO |
Moderate Details (1.3) 2 BotHunter Users 2 Infection Report 2013-04-17 to 2013-05-04 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
92.X.X.33 (RU)
- - RUSSIAN FEDERATION |
SKYLINK.RU / DSL MOSCOW CELLULAR COMMUNICATIONS |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-05-01 to 2013-05-01 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
46.X.X.77 (-)
- - - |
- / - - |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-04-06 to 2013-04-06 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
64.X.X.74 (-)
- - - |
- / - - |
High Details (1.4) 1 BotHunter Users 3 Infection Report 2013-05-02 to 2013-05-02 |
° 2001685(3): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009201(3): Inbound Attack - ET CURRENT_EVENTS Conficker.b Shellcode ° 3810008(1): Russian Business Network - ET Known Russian Business Network Monitored Domain ° 9920020(1): not found |
|
212.X.X.109 (AM)
- - ARMENIA |
- / DSL UCOM |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-04-09 to 2013-04-09 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
117.X.X.227 (IN)
NEW DELHI DELHI INDIA |
10/24.BSNL.IN / DSL NIB (NATIONAL INTERNET BACKBONE) |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-02-23 to 2013-02-23 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
85.X.X.21 (SK)
BRATISLAVA BRATISLAVA SLOVAKIA |
ORANGE.SK / DSL ORANGE-DETRONICS |
Moderate Details (0.8) 2 BotHunter Users 2 Infection Report 2013-04-16 to 2013-04-17 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
113.X.X.126 (HK)
HONG KONG HONG KONG (SAR) HONG KONG |
HUTCHCITY.COM / DSL HUTCHISON GLOBAL COMMUNICATIONS |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-05-08 to 2013-05-08 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
41.X.X.141 (DZ)
ALGIERS ALGER ALGERIA |
196-46-248-WIMAX.SLC.DZ / DSL AFRINIC |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-05-05 to 2013-05-05 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
130.X.X.194 (US)
PHOENIX ARIZONA UNITED STATES |
QWEST.NET / COMP QWEST BROADBAND SERVICES INC |
Very High Details (2.1) 1 BotHunter Users 2 Infection Report 2013-06-16 to 2013-06-16 |
° 3000006(2): not found ° 22001944(2): Inbound Attack - ET EXPLOIT MS04-007 Kill-Bill ASN1 exploit attempt ° 21390(1): not found ° 299998(1): Inbound Attack - SHELLCODE x86 inc ebx NOOP ° 2000355(1): not found ° 2000356(1): ET POLICY IRC connection ° 2001683(1): Egg Download - ET MALWARE Windows executable sent when remote host claims to send an image ° 2007726(1): Egg Download - ET ATTACK RESPONSE Unusual FTP Server Banner on High Port (StnyFtpd) ° 3000014(1): not found ° 5001684(1): not found |
|
4.X.X.39 (US)
TALLAHASSEE FLORIDA UNITED STATES |
LEVEL3.NET / DSL LEVEL 3 COMMUNICATIONS INC |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-04-25 to 2013-04-25 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
200.X.X.33 (HN)
TEGUCIGALPA FRANCISCO MORAZAN HONDURAS |
- / DSL SERCOM DE HONDURAS |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-05-07 to 2013-05-07 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
46.X.X.138 (-)
- - - |
- / - - |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-06-14 to 2013-06-14 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
91.X.X.70 (HU)
- - HUNGARY |
- / DSL MOBILNET - TEST |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-04-14 to 2013-04-14 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
141.X.X.173 (UK)
- - UNITED KINGDOM |
TERMBILLING.COM / DSL VARIOUS REGISTRIES |
High Details (1.9) 1 BotHunter Users 1 Infection Report 2013-04-21 to 2013-04-21 |
° 22514(1): not found ° 3300004(1): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
5.X.X.243 (-)
- - - |
- / - - |
High Details (1.4) 1 BotHunter Users 2 Infection Report 2013-05-23 to 2013-05-23 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 9920009(1): not found |
|
70.X.X.59 (PR)
SAN JUAN PUERTO RICO PUERTO RICO |
ONELINKPR.NET / DSL SAN JUAN CABLE LLC |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-05-30 to 2013-05-30 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
187.X.X.99 (-)
- - - |
- / - - |
Moderate Details (1.3) 1 BotHunter Users 2 Infection Report 2013-04-11 to 2013-04-11 |
° 22514(2): not found ° 2000047(2): Egg Download - ET WORM Sasser Transfer _up.exe ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner |
|
118.X.X.143 (JP)
TOKYO TOKYO JAPAN |
HTOJ.J-CNET.JP / DSL JCN-HTMNET |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-05-31 to 2013-05-31 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
199.X.X.3 (US)
HONOLULU HAWAII UNITED STATES |
TRANQUILITY.NET / DSL CORAL WIRELESS LLC |
High Details (1.9) 1 BotHunter Users 1 Infection Report 2013-05-17 to 2013-05-17 |
° 22514(1): not found ° 3300004(1): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 22000032(1): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(1): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) |
|
78.X.X.159 (PL)
WROCLAW DOLNOSLASKIE POLAND |
NET.PL / DIAL DYNAMIC BROADBAND SERVICES |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-05-02 to 2013-05-02 |
° 22514(1): not found ° 3300004(1): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(1): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(1): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) |
|
113.X.X.206 (HK)
HONG KONG HONG KONG (SAR) HONG KONG |
HUTCHCITY.COM / DSL HUTCHISON GLOBAL COMMUNICATIONS |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-05-29 to 2013-05-29 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
5.X.X.82 (-)
- - - |
- / - - |
High Details (1.4) 1 BotHunter Users 2 Infection Report 2013-05-30 to 2013-05-30 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 9920009(1): not found |
|
1.X.X.172 (-)
- - - |
- / - - |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-05-19 to 2013-05-19 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
79.X.X.150 (PL)
WARSAW WARSZAWA POLAND |
CENTERTEL.PL / DSL PTK CENTERTEL BROADBAND SERVICES |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-06-16 to 2013-06-16 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
141.X.X.99 (UK)
- - UNITED KINGDOM |
TERMBILLING.COM / DSL VARIOUS REGISTRIES |
Maximum Details (2.4) 1 BotHunter Users 2 Infection Report 2013-04-18 to 2013-04-18 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 2001569(1): Outbound Attack - ET SCAN Behavioral Unusual Port NETBIOS traffic, Potential Scan or Infection (60 in 60 secs) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
223.X.X.23 (-)
- - - |
- / - - |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-04-25 to 2013-04-25 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
89.X.X.32 (RU)
- - RUSSIAN FEDERATION |
- / DSL HOME ETHERNET NETWORK |
Maximum Details (3.0) 8 BotHunter Users 17 Infection Report 2013-04-06 to 2013-06-16 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
122.X.X.51 (TW)
TAIPEI T'AI-PEI TAIWAN |
SPARQNET.NET / DSL NEW CENTRY INFOCOM TECH. CO. LTD |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-04-22 to 2013-04-22 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
37.X.X.134 (-)
- - - |
- / - - |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-04-05 to 2013-04-05 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
212.X.X.48 (TR)
ISTANBUL ISTANBUL TURKEY |
- / DSL TURK TELEKOM TTNET NATIONAL BACKBONE |
Moderate Details (0.8) 2 BotHunter Users 2 Infection Report 2013-05-01 to 2013-05-23 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
109.X.X.210 (UK)
- - UNITED KINGDOM |
JWS.COM / DSL EU-ZZ |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-04-13 to 2013-04-13 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
203.X.X.4 (CN)
BEIJING BEIJING CHINA |
ZJNETCOM.COM / DSL CHINA UNICOM IP NETWORK |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-03-09 to 2013-03-09 |
° 2001569(12): Outbound Attack - ET SCAN Behavioral Unusual Port NETBIOS traffic, Potential Scan or Infection (60 in 60 secs) ° 3300001(11): Egg Download - BotHunter Scrip-based Windows egg download .exe ° 2123(9): Inbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2000040(3): Egg Download - ET WORM Sasser FTP Traffic ° 2000047(3): Egg Download - ET WORM Sasser Transfer _up.exe ° 52000032(2): Outbound Attack - ET EXPLOIT LSA exploit ° 52000046(2): Outbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (Win2k) |
|
114.X.X.242 (TW)
TAIPEI T'AI-PEI TAIWAN |
HINET.NET / DSL CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP |
High Details (1.5) 1 BotHunter Users 3 Infection Report 2013-05-02 to 2013-05-02 |
° 2001685(4): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009201(4): Inbound Attack - ET CURRENT_EVENTS Conficker.b Shellcode ° 3810008(2): Russian Business Network - ET Known Russian Business Network Monitored Domain ° 9920020(1): not found |
|
91.X.X.76 (HU)
- - HUNGARY |
SULINET.HU / DSL INVITEL TAVKOZLESI SZOLGALTATO RT |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-04-10 to 2013-04-10 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
119.X.X.46 (TW)
TAIPEI T'AI-PEI TAIWAN |
TCOL.COM.TW / DSL E-MAX NETWORK CORP |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-04-09 to 2013-04-09 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
103.X.X.7 (-)
- - - |
- / - - |
Moderate Details (0.8) 1 BotHunter Users 2 Infection Report 2013-04-16 to 2013-04-16 |
° 2001685(2): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(2): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
37.X.X.23 (-)
- - - |
- / - - |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-04-29 to 2013-04-29 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
178.X.X.133 (UK)
- - UNITED KINGDOM |
FINEBLANK.COM / DSL EU-ZZ |
Moderate Details (1.3) 2 BotHunter Users 3 Infection Report 2013-04-23 to 2013-06-02 |
° 22514(1): not found ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2000047(1): Egg Download - ET WORM Sasser Transfer _up.exe |
|
111.X.X.60 (PK)
- - PAKISTAN |
10.PERN.PK / DSL PERN-PAKISTAN EDUCATION & RESEARCH NETWORK IS AN |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-06-11 to 2013-06-11 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
212.X.X.159 (AM)
- - ARMENIA |
- / DSL UCOM |
Maximum Details (3.0) 1 BotHunter Users 1 Infection Report 2013-05-26 to 2013-05-26 |
° 22514(1): not found ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 3300004(1): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
42.X.X.12 (-)
- - - |
- / - - |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-04-21 to 2013-04-21 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
182.X.X.246 (-)
- - - |
- / - - |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-05-01 to 2013-05-01 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
37.X.X.123 (-)
- - - |
- / - - |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-04-14 to 2013-04-14 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
5.X.X.17 (-)
- - - |
- / - - |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-04-16 to 2013-04-16 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
116.X.X.234 (-)
- - - |
- / - - |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-04-13 to 2013-04-13 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
94.X.X.71 (RO)
BUCHAREST BUCURESTI ROMANIA |
ROSITEHOST101.COM / DSL S.C. ROSITE EQUIPMENT SRL |
Moderate Details (1.3) 1 BotHunter Users 409 Infection Report 2013-05-19 to 2013-05-19 |
° 22009201(445): Inbound Attack - ET CURRENT_EVENTS Conficker.b Shellcode ° 2001685(443): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22475(14): not found ° 22469(12): not found ° 22472(12): not found ° 22465(6): not found ° 22008705(3): not found ° 2008578(1): not found ° 3810008(1): Russian Business Network - ET Known Russian Business Network Monitored Domain ° 22008715(1): not found |
|
223.X.X.233 (-)
- - - |
- / - - |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-04-13 to 2013-04-13 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
91.X.X.235 (PL)
WARSAW WARSZAWA POLAND |
MIKOLOW.NET / DSL MICONET |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-05-16 to 2013-05-16 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
173.X.X.31 (US)
STREAMWOOD ILLINOIS UNITED STATES |
MCHSI.COM / DSL MEDIACOM COMMUNICATIONS CORP |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-04-22 to 2013-04-22 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
46.X.X.42 (-)
- - - |
- / - - |
Very High Details (2.0) 1 BotHunter Users 2 Infection Report 2013-05-29 to 2013-05-29 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 3810007(1): Russian Business Network - ET Known Russian Business Network Monitored Domain ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
179.X.X.40 (-)
- - - |
- / - - |
High Details (1.5) 1 BotHunter Users 2 Infection Report 2013-05-02 to 2013-05-02 |
° 22009201(6): Inbound Attack - ET CURRENT_EVENTS Conficker.b Shellcode ° 2001685(5): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 3810008(3): Russian Business Network - ET Known Russian Business Network Monitored Domain ° 22465(1): not found ° 9920020(1): not found |
|
84.X.X.125 (DE)
LEINFELDEN-ECHTERDINGEN BADEN-WÜRTTEMBERG GERMANY |
T-DIALIN.NET / DSL DEUTSCHE TELEKOM AG |
Moderate Details (1.3) 1 BotHunter Users 2 Infection Report 2013-05-07 to 2013-05-07 |
° 22514(2): not found ° 2000047(2): Egg Download - ET WORM Sasser Transfer _up.exe ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner |
|
202.X.X.82 (PK)
KARACHI SINDH PAKISTAN |
MULTI.NET.PK / DSL MULTINETBROADBAND |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-05-12 to 2013-05-12 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
27.X.X.182 (-)
- - - |
- / - - |
High Details (1.9) 1 BotHunter Users 1 Infection Report 2013-04-22 to 2013-04-22 |
° 22514(1): not found ° 3300004(1): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 22000032(1): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(1): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) |
|
119.X.X.32 (TW)
TAIPEI T'AI-PEI TAIWAN |
TCOL.COM.TW / DSL E-MAX NETWORK CORP |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-05-09 to 2013-05-09 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
147.X.X.52 (CZ)
PLZEN PLZENSKY KRAJ CZECH REPUBLIC |
- / DSL UNIVERSITY OF WEST BOHEMIA |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-03-09 to 2013-03-09 |
° 2001569(12): Outbound Attack - ET SCAN Behavioral Unusual Port NETBIOS traffic, Potential Scan or Infection (60 in 60 secs) ° 3300001(11): Egg Download - BotHunter Scrip-based Windows egg download .exe ° 2123(9): Inbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2000040(3): Egg Download - ET WORM Sasser FTP Traffic ° 2000047(3): Egg Download - ET WORM Sasser Transfer _up.exe ° 52000032(2): Outbound Attack - ET EXPLOIT LSA exploit ° 52000046(2): Outbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (Win2k) |
|
14.X.X.26 (-)
- - - |
- / - - |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-04-15 to 2013-04-15 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
189.X.X.223 (BR)
SãO PAULO SAO PAULO BRAZIL |
MASTERCABO.COM.BR / DSL COMITE GESTOR DA INTERNET NO BRASIL |
Maximum Details (3.0) 1 BotHunter Users 3 Infection Report 2013-05-24 to 2013-05-24 |
° 22514(3): not found ° 3300004(3): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(3): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(3): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(2): Outbound Scan - Detected intense non-malware port scanning ° 7777008(2): Malware Scan - Detected intense malware port scanning ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 9920003(1): not found |
|
125.X.X.154 (JP)
NAGOYA TOKYO JAPAN |
STARCAT.NE.JP / DSL KMN CORPORATION |
Moderate Details (1.3) 7 BotHunter Users 7 Infection Report 2013-04-12 to 2013-05-27 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
46.X.X.28 (-)
- - - |
- / - - |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-04-08 to 2013-04-08 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
222.X.X.125 (VN)
- - VIET NAM |
LOCALHOST / DSL VIETNAM DATA COMMUNICATION COMPANY |
Moderate Details (0.8) 3 BotHunter Users 3 Infection Report 2013-02-26 to 2013-06-12 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
119.X.X.172 (JP)
TOKYO TOKYO JAPAN |
MESH.AD.JP / DSL NEC BIGLOBE LTD |
Moderate Details (1.3) 1 BotHunter Users 2 Infection Report 2013-04-25 to 2013-04-25 |
° 22514(2): not found ° 2000047(2): Egg Download - ET WORM Sasser Transfer _up.exe ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner |
|
188.X.X.117 (SK)
- - SLOVAKIA |
- / DSL E-MAX INTERNET & IT |
High Details (1.5) 1 BotHunter Users 3 Infection Report 2013-05-02 to 2013-05-02 |
° 22009201(5): Inbound Attack - ET CURRENT_EVENTS Conficker.b Shellcode ° 2001685(4): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 3810008(2): Russian Business Network - ET Known Russian Business Network Monitored Domain ° 9920020(1): not found |
|
113.X.X.14 (HK)
HONG KONG HONG KONG (SAR) HONG KONG |
HUTCHCITY.COM / DSL HUTCHISON GLOBAL COMMUNICATIONS |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-04-10 to 2013-04-10 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
37.X.X.159 (-)
- - - |
- / - - |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-04-27 to 2013-04-27 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
176.X.X.140 (-)
- - - |
- / - - |
Maximum Details (3.0) 1 BotHunter Users 4 Infection Report 2013-05-31 to 2013-05-31 |
° 22514(4): not found ° 3300004(4): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(2): Outbound Scan - Detected intense non-malware port scanning ° 7777008(2): Malware Scan - Detected intense malware port scanning ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 9920003(1): not found |
|
42.X.X.125 (-)
- - - |
- / - - |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-04-17 to 2013-04-17 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
118.X.X.47 (JP)
TOKYO TOKYO JAPAN |
HTOJ.J-CNET.JP / DSL JCN-HTMNET |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-05-01 to 2013-05-01 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
46.X.X.183 (-)
- - - |
- / - - |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-05-09 to 2013-05-09 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
190.X.X.87 (AR)
BUENOS AIRES BUENOS AIRES ARGENTINA |
COM.AR / DSL TELEFONICA DE ARGENTINA |
Moderate Details (0.8) 1 BotHunter Users 2 Infection Report 2013-04-23 to 2013-04-23 |
° 2001685(2): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(2): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
187.X.X.146 (-)
- - - |
- / - - |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-05-21 to 2013-05-21 |
° 22514(2): not found ° 2000047(2): Egg Download - ET WORM Sasser Transfer _up.exe ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 22001056(1): Inbound Attack - ET WORM W32/Sasser.worm.b |
|
69.X.X.53 (US)
TRACYS LANDING MARYLAND UNITED STATES |
CORETEL.NET / DIAL ONLINE GATEWAY INC. - OLG.COM |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-05-28 to 2013-05-28 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
187.X.X.201 (BR)
SãO PAULO SAO PAULO BRAZIL |
TELESP.NET.BR / DSL COMITE GESTOR DA INTERNET NO BRASIL |
High Details (1.5) 1 BotHunter Users 2 Infection Report 2013-05-02 to 2013-05-02 |
° 22009201(8): Inbound Attack - ET CURRENT_EVENTS Conficker.b Shellcode ° 2001685(7): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 3810008(2): Russian Business Network - ET Known Russian Business Network Monitored Domain ° 9920020(1): not found |
|
109.X.X.27 (UK)
- - UNITED KINGDOM |
JWS.COM / DSL EU-ZZ |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-04-12 to 2013-04-12 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
202.X.X.24 (JP)
OKAYAMA OKAYAMA JAPAN |
ONINET.NE.JP / DSL OKAYAMA NETWORK INC |
Maximum Details (3.5) 1 BotHunter Users 2 Infection Report 2013-02-17 to 2013-02-17 |
° 22514(2): not found ° 3300003(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 2001569(1): Outbound Attack - ET SCAN Behavioral Unusual Port NETBIOS traffic, Potential Scan or Infection (60 in 60 secs) ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 3300004(1): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
94.X.X.13 (HU)
- - HUNGARY |
KABELNET.HU / DSL VIDANET CABLE TELEVISION PROVIDER LTD |
Maximum Details (3.0) 3 BotHunter Users 5 Infection Report 2013-04-10 to 2013-04-15 |
° 22514(1): not found ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 3300004(1): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found ° 22000032(1): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(1): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) |
|
46.X.X.233 (-)
- - - |
- / - - |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-04-05 to 2013-04-05 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
37.X.X.113 (-)
- - - |
- / - - |
Maximum Details (3.0) 2 BotHunter Users 6 Infection Report 2013-06-09 to 2013-06-10 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
151.X.X.210 (IT)
ROME LAZIO ITALY |
37-151.NET24.IT / DSL IUNET-BNET |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-05-21 to 2013-05-21 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
78.X.X.231 (FR)
- - FRANCE |
PROXAD.NET / DSL PROXAD INTERNET SERVICE PROVIDER IN FRANCE |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-06-06 to 2013-06-06 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
92.X.X.133 (FR)
PARIS ILE-DE-FRANCE FRANCE |
COMPLETEL.NET / DSL COMPLETEL FRANCE |
Moderate Details (1.3) 2 BotHunter Users 4 Infection Report 2013-05-07 to 2013-05-26 |
° 22514(2): not found ° 2000047(2): Egg Download - ET WORM Sasser Transfer _up.exe ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner |
|
188.X.X.88 (TR)
ISTANBUL ISTANBUL TURKEY |
SADECEHOSTING.NET / DSL HOSTING INTERNET HIZMETLERI LTD STI |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-06-16 to 2013-06-16 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
70.X.X.230 (US)
INDIANAPOLIS INDIANA UNITED STATES |
RR.COM / DSL ROAD RUNNER HOLDCO LLC |
Moderate Details (1.3) 2 BotHunter Users 2 Infection Report 2013-05-12 to 2013-06-10 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
173.X.X.24 (-)
- - - |
- / - - |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-04-22 to 2013-04-22 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
182.X.X.88 (-)
- - - |
- / - - |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-05-31 to 2013-05-31 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
118.X.X.50 (JP)
- - JAPAN |
NKNO.J-CNET.JP / DSL CITY TV NAKANO LIMITED |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-04-10 to 2013-04-10 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
61.X.X.66 (CN)
XIAN SHAANXI CHINA |
163DATA.COM.CN / DSL XI'AN DATA BRANCH XIAN CITY SHAANXI PROVINCE |
Moderate Details (0.8) 1 BotHunter Users 2 Infection Report 2013-04-18 to 2013-04-18 |
° 2001685(2): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(2): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
46.X.X.180 (-)
- - - |
- / - - |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-04-12 to 2013-04-12 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
92.X.X.235 (RO)
BUCHAREST BUCURESTI ROMANIA |
TELELINK-RO.COM / DSL ARTELECOM |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-04-18 to 2013-04-18 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
222.X.X.20 (ID)
JAKARTA JAKARTA RAYA INDONESIA |
TELKOM.NET.ID / COMP PT TELKOM INDONESIA'S CUSTOMER |
Moderate Details (0.8) 1 BotHunter Users 2 Infection Report 2013-06-10 to 2013-06-10 |
° 2001685(2): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(2): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
80.X.X.108 (DE)
OLDENBURG NIEDERSACHSEN GERMANY |
SALTUS.DE / DSL TELEKOM |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-03-09 to 2013-03-09 |
° 2001569(12): Outbound Attack - ET SCAN Behavioral Unusual Port NETBIOS traffic, Potential Scan or Infection (60 in 60 secs) ° 3300001(11): Egg Download - BotHunter Scrip-based Windows egg download .exe ° 2123(9): Inbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2000040(3): Egg Download - ET WORM Sasser FTP Traffic ° 2000047(3): Egg Download - ET WORM Sasser Transfer _up.exe ° 52000032(2): Outbound Attack - ET EXPLOIT LSA exploit ° 52000046(2): Outbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (Win2k) |
|
117.X.X.147 (IN)
NEW DELHI DELHI INDIA |
STERLINGSTUDENTS.NET / DSL NIB (NATIONAL INTERNET BACKBONE) |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-05-31 to 2013-05-31 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
141.X.X.193 (UK)
- - UNITED KINGDOM |
TERMBILLING.COM / DSL VARIOUS REGISTRIES |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-05-30 to 2013-05-30 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
190.X.X.224 (CL)
SANTIAGO REGION METROPOLITANA CHILE |
CHILESAT.NET / DSL TELMEX SERVICIOS EMPRESARIALES S.A |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-05-03 to 2013-05-03 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
120.X.X.127 (JP)
TOKYO TOKYO JAPAN |
STARCAT.NE.JP / DSL KMN CORPORATION |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-06-16 to 2013-06-16 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
94.X.X.113 (RU)
- - RUSSIAN FEDERATION |
IS74.RU / DSL INTERSVYAZ-2 JSC |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-05-30 to 2013-05-30 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
190.X.X.156 (AR)
BUENOS AIRES BUENOS AIRES ARGENTINA |
COM.AR / DSL POWER VT S.A |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-04-13 to 2013-04-13 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
4.X.X.79 (US)
MARYSVILLE OHIO UNITED STATES |
LEVEL3.NET / DIAL LEVEL 3 COMMUNICATIONS INC |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-05-07 to 2013-05-07 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
109.X.X.121 (UK)
- - UNITED KINGDOM |
JWS.COM / DSL EU-ZZ |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-04-21 to 2013-04-21 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
211.X.X.168 (TW)
TAIPEI T'AI-PEI TAIWAN |
HINET.NET / DSL CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP |
Moderate Details (0.8) 2 BotHunter Users 2 Infection Report 2013-04-11 to 2013-05-14 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
223.X.X.204 (-)
- - - |
- / - - |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-05-08 to 2013-05-08 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
118.X.X.82 (JP)
ODAWARA KANAGAWA JAPAN |
ODWR.J-CNET.JP / DSL ODAWARA CABLETV INTERNET SERVICE |
Moderate Details (1.3) 2 BotHunter Users 2 Infection Report 2013-05-24 to 2013-06-01 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
94.X.X.147 (HU)
- - HUNGARY |
KABELNET.HU / DSL VIDANET CABLE TELEVISION PROVIDER LTD |
Maximum Details (3.0) 2 BotHunter Users 7 Infection Report 2013-04-28 to 2013-05-08 |
° 22514(4): not found ° 3300004(4): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(4): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(4): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(2): Outbound Scan - Detected intense non-malware port scanning ° 7777008(2): Malware Scan - Detected intense malware port scanning ° 9920003(2): not found ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting |
|
211.X.X.6 (CN)
GUANGZHOU GUANGDONG CHINA |
SRT.COM.CN / DSL GUANGZHOU CSTEL COMPANY |
Moderate Details (1.3) 3 BotHunter Users 5 Infection Report 2013-04-18 to 2013-05-30 |
° 22514(2): not found ° 2000047(2): Egg Download - ET WORM Sasser Transfer _up.exe ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner |
|
202.X.X.149 (JP)
OKAYAMA OKAYAMA JAPAN |
ONINET.NE.JP / DSL OKAYAMA NETWORK INC |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-04-21 to 2013-04-21 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
79.X.X.201 (RU)
MOSCOW MOSCOW CITY RUSSIAN FEDERATION |
NETBYNET.RU / DIAL CUSTOMERS BROADBAND AGGREGATION |
Maximum Details (2.5) 1 BotHunter Users 1 Infection Report 2013-05-05 to 2013-05-05 |
° 22514(1): not found ° 3300004(1): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
159.X.X.248 (UK)
- - UNITED KINGDOM |
TERMBILLING.COM / DSL VARIOUS REGISTRIES |
Maximum Details (2.4) 1 BotHunter Users 2 Infection Report 2013-02-17 to 2013-02-17 |
° 22514(2): not found ° 3300003(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 2001569(1): Outbound Attack - ET SCAN Behavioral Unusual Port NETBIOS traffic, Potential Scan or Infection (60 in 60 secs) ° 3300004(1): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
122.X.X.163 (-)
- - - |
- / - - |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-04-17 to 2013-04-17 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
93.X.X.60 (PL)
WARSAW WARSZAWA POLAND |
MIKOLOW.NET / DSL MICONET |
High Details (1.9) 1 BotHunter Users 1 Infection Report 2013-05-29 to 2013-05-29 |
° 22514(1): not found ° 3300004(1): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
88.X.X.26 (RU)
- - RUSSIAN FEDERATION |
- / DSL SDH NX64KBPS LEASED LINES |
Maximum Details (2.5) 1 BotHunter Users 3 Infection Report 2013-05-27 to 2013-05-27 |
° 22514(3): not found ° 3300004(3): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(2): Outbound Scan - Detected intense non-malware port scanning ° 7777008(2): Malware Scan - Detected intense malware port scanning ° 9920003(2): not found |
|
37.X.X.255 (-)
- - - |
- / - - |
Maximum Details (3.0) 1 BotHunter Users 4 Infection Report 2013-06-09 to 2013-06-09 |
° 22514(4): not found ° 3300004(4): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(2): Outbound Scan - Detected intense non-malware port scanning ° 7777008(2): Malware Scan - Detected intense malware port scanning ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 9920003(1): not found |
|
180.X.X.66 (-)
- - - |
- / - - |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-05-18 to 2013-05-18 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
108.X.X.27 (-)
- - - |
- / - - |
Moderate Details (1.3) 1 BotHunter Users 2 Infection Report 2013-02-17 to 2013-02-17 |
° 22514(2): not found ° 2000047(2): Egg Download - ET WORM Sasser Transfer _up.exe ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner |
|
46.X.X.115 (-)
- - - |
- / - - |
Maximum Details (2.5) 1 BotHunter Users 4 Infection Report 2013-05-02 to 2013-05-02 |
° 22514(4): not found ° 3300004(4): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(2): Outbound Scan - Detected intense non-malware port scanning ° 7777008(2): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
46.X.X.32 (-)
- - - |
- / - - |
Maximum Details (3.0) 3 BotHunter Users 8 Infection Report 2013-04-10 to 2013-06-09 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
109.X.X.200 (UK)
- - UNITED KINGDOM |
JWS.COM / DSL EU-ZZ |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-04-12 to 2013-04-12 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
92.X.X.141 (RO)
BUCHAREST BUCURESTI ROMANIA |
TELELINK-RO.COM / DSL ARTELECOM |
High Details (1.9) 1 BotHunter Users 4 Infection Report 2013-06-16 to 2013-06-16 |
° 22514(4): not found ° 3300004(4): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(2): Outbound Scan - Detected intense non-malware port scanning ° 7777008(2): Malware Scan - Detected intense malware port scanning ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) |
|
46.X.X.201 (-)
- - - |
- / - - |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-06-05 to 2013-06-05 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
37.X.X.121 (-)
- - - |
- / - - |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-05-28 to 2013-05-28 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
128.X.X.65 (UK)
- - UNITED KINGDOM |
TERMBILLING.COM / DSL VARIOUS REGISTRIES |
Moderate Details (1.3) 1 BotHunter Users 8 Infection Report 2013-05-17 to 2013-05-17 |
° 22009201(13): Inbound Attack - ET CURRENT_EVENTS Conficker.b Shellcode ° 2001685(12): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22465(1): not found ° 2012204(1): not found |
|
122.X.X.182 (PH)
MANILA MANILA PHILIPPINES |
PLDT.NET / DSL IPG |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-05-27 to 2013-05-27 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
190.X.X.185 (UY)
- - URUGUAY |
ANTELDATA.NET.UY / DIAL ANCEL |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-04-16 to 2013-04-16 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
72.X.X.227 (US)
CORPUS CHRISTI TEXAS UNITED STATES |
USAWIDE.NET / DSL FITCH AFFORDABLE TELECOM CO |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-04-10 to 2013-04-10 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
41.X.X.81 (DZ)
- - ALGERIA |
196-46-248-WIMAX.SLC.DZ / DSL AFRINIC |
Maximum Details (3.0) 1 BotHunter Users 4 Infection Report 2013-04-15 to 2013-04-15 |
° 22514(4): not found ° 3300004(4): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(4): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(4): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(2): Outbound Scan - Detected intense non-malware port scanning ° 7777008(2): Malware Scan - Detected intense malware port scanning ° 9920003(2): not found ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting |
|
109.X.X.124 (UK)
- - UNITED KINGDOM |
JWS.COM / DSL EU-ZZ |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-04-17 to 2013-04-17 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
219.X.X.202 (JP)
TOKYO TOKYO JAPAN |
CATV02.ITSCOM.JP / DSL ITS COMMUNICATIONS INC |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-05-12 to 2013-05-12 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
88.X.X.40 (RU)
- - RUSSIAN FEDERATION |
- / DSL SERIAL/OPTICAL LEASED LINES |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-06-02 to 2013-06-02 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
88.X.X.59 (TR)
IZMIR IZMIR TURKEY |
TTNET.NET.TR / DSL TT ADSL-ALCATEL DYNAMIC_ACI |
Moderate Details (1.3) 1 BotHunter Users 2 Infection Report 2013-04-28 to 2013-04-28 |
° 22514(2): not found ° 2000047(2): Egg Download - ET WORM Sasser Transfer _up.exe ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner |
|
46.X.X.37 (-)
- - - |
- / - - |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-04-13 to 2013-04-13 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
101.X.X.193 (-)
- - - |
- / - - |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-05-06 to 2013-05-06 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
177.X.X.207 (-)
- - - |
- / - - |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-06-09 to 2013-06-09 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
190.X.X.195 (VE)
CARACAS DISTRITO FEDERAL VENEZUELA, BOLIVARIAN REPUBLIC OF |
CANTV.NET / DSL CANTV SERVICIOS VENEZUELA |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-05-29 to 2013-05-29 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
202.X.X.207 (JP)
OKAYAMA OKAYAMA JAPAN |
ONINET.NE.JP / DSL OKAYAMA NETWORK INC |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-04-13 to 2013-04-13 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
100.X.X.108 (-)
- - - |
- / - - |
High Details (1.9) 3 BotHunter Users 6 Infection Report 2013-04-15 to 2013-05-27 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 2001569(1): Outbound Attack - ET SCAN Behavioral Unusual Port NETBIOS traffic, Potential Scan or Infection (60 in 60 secs) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
189.X.X.245 (BR)
SãO PAULO SAO PAULO BRAZIL |
VIRTUA.COM.BR / DSL COMITE GESTOR DA INTERNET NO BRASIL |
High Details (1.4) 1 BotHunter Users 2 Infection Report 2013-04-28 to 2013-04-28 |
° 2001685(2): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009201(2): Inbound Attack - ET CURRENT_EVENTS Conficker.b Shellcode ° 9920020(1): not found |
|
201.X.X.34 (BO)
- - BOLIVIA, PLURINATIONAL STATE OF |
COTAS.COM.BO / DSL COTAS LTDA |
Moderate Details (0.8) 2 BotHunter Users 2 Infection Report 2013-05-22 to 2013-06-06 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
2.X.X.112 (-)
- - - |
- / - - |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-04-26 to 2013-04-26 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
217.X.X.17 (IT)
ROME LAZIO ITALY |
- / DSL TELECOM ITALIA MOBILE |
Maximum Details (3.0) 1 BotHunter Users 1 Infection Report 2013-05-21 to 2013-05-21 |
° 22514(1): not found ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 3300004(1): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found ° 22000032(1): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(1): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) |
|
61.X.X.140 (JP)
SHIZUOKA SHIZUOKA JAPAN |
THN.NE.JP / DSL TOKAI CORPORATION |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-06-05 to 2013-06-05 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
95.X.X.108 (IT)
- - ITALY |
- / DSL TELECOM ITALIA MOBILE |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-04-30 to 2013-04-30 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
84.X.X.67 (KZ)
- - KAZAKHSTAN |
MAIL.CBC-GROUP.KZ / DSL PROVIDER LOCAL REGISTRY |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-06-04 to 2013-06-04 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
2.X.X.60 (-)
- - - |
- / - - |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-06-07 to 2013-06-07 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
141.X.X.9 (UK)
- - UNITED KINGDOM |
TERMBILLING.COM / DSL VARIOUS REGISTRIES |
High Details (1.9) 1 BotHunter Users 4 Infection Report 2013-06-03 to 2013-06-03 |
° 22514(4): not found ° 3300004(4): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(2): Outbound Scan - Detected intense non-malware port scanning ° 7777008(2): Malware Scan - Detected intense malware port scanning |
|
65.X.X.164 (US)
HONOLULU HAWAII UNITED STATES |
TRANQUILITY.NET / DSL CORAL WIRELESS LLC |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-05-31 to 2013-05-31 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
70.X.X.62 (US)
CHARLOTTE NORTH CAROLINA UNITED STATES |
RR.COM / COMP ROAD RUNNER HOLDCO LLC |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-06-13 to 2013-06-13 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
46.X.X.20 (-)
- - - |
- / - - |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-04-30 to 2013-04-30 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
37.X.X.101 (-)
- - - |
- / - - |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-06-16 to 2013-06-16 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
120.X.X.215 (VN)
- - VIET NAM |
- / DSL QUANG TRUNG SOFTWARE CITY DEVELOPMENT COMPANY |
High Details (1.5) 1 BotHunter Users 2 Infection Report 2013-05-02 to 2013-05-02 |
° 22009201(8): Inbound Attack - ET CURRENT_EVENTS Conficker.b Shellcode ° 2001685(7): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 3810008(2): Russian Business Network - ET Known Russian Business Network Monitored Domain ° 9920020(1): not found |
|
118.X.X.85 (JP)
- - JAPAN |
HTOJ.J-CNET.JP / DSL JCN-HTMNET |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-05-08 to 2013-05-08 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
66.X.X.162 (US)
COLUMBUS OHIO UNITED STATES |
MCLEODUSA.NET / DSL PAETEC COMMUNICATIONS INC |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-05-18 to 2013-05-18 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
178.X.X.22 (UK)
- - UNITED KINGDOM |
FINEBLANK.COM / DSL EU-ZZ |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-06-11 to 2013-06-11 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
117.X.X.33 (IN)
NEW DELHI DELHI INDIA |
STERLINGSTUDENTS.NET / DSL NIB (NATIONAL INTERNET BACKBONE) |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-06-10 to 2013-06-10 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
118.X.X.44 (JP)
TOKYO TOKYO JAPAN |
HTOJ.J-CNET.JP / DSL JCN-HTMNET |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-05-03 to 2013-05-03 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
5.X.X.214 (-)
- - - |
- / - - |
High Details (1.4) 1 BotHunter Users 2 Infection Report 2013-04-18 to 2013-04-18 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 9920009(1): not found |
|
223.X.X.71 (-)
- - - |
- / - - |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-05-07 to 2013-05-07 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
210.X.X.66 (VN)
- - VIET NAM |
FPT-CUSTOMERS.FPT.VN / DSL DAI IP CHO HOSTING GAME |
Moderate Details (0.8) 2 BotHunter Users 2 Infection Report 2013-04-29 to 2013-05-18 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
80.X.X.42 (CH)
ZURICH ZURICH SWITZERLAND |
GLATTNET.CH / DSL GLATTWERK AG DUEBENDORF |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-04-06 to 2013-04-06 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
46.X.X.190 (-)
- - - |
- / - - |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-05-13 to 2013-05-13 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
117.X.X.177 (IN)
NEW DELHI DELHI INDIA |
STERLINGSTUDENTS.NET / DSL NIB (NATIONAL INTERNET BACKBONE) |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-06-01 to 2013-06-01 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
62.X.X.125 (IR)
- - IRAN, ISLAMIC REPUBLIC OF |
- / DSL IRANSCIENCE NETWORK DATA CENTER & STORAGE NETWORK |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-06-08 to 2013-06-08 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
36.X.X.38 (-)
- - - |
- / - - |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-05-30 to 2013-05-30 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
119.X.X.128 (TW)
TAIPEI T'AI-PEI TAIWAN |
TCOL.COM.TW / DSL E-MAX NETWORK CORP |
High Details (1.9) 2 BotHunter Users 4 Infection Report 2013-04-07 to 2013-04-28 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
46.X.X.105 (-)
- - - |
- / - - |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-06-06 to 2013-06-06 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
95.X.X.105 (DE)
- - GERMANY |
- / DSL 1AND |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-06-15 to 2013-06-15 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
46.X.X.42 (-)
- - - |
- / - - |
Maximum Details (2.5) 1 BotHunter Users 4 Infection Report 2013-05-28 to 2013-05-28 |
° 22514(4): not found ° 3300004(4): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(3): Outbound Scan - Detected intense non-malware port scanning ° 7777008(3): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
91.X.X.83 (PL)
WARSAW WARSZAWA POLAND |
MIKOLOW.NET / DSL MICONET |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-04-22 to 2013-04-22 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
122.X.X.15 (PH)
CEBU CEBU CITY PHILIPPINES |
PLDT.NET / COMP IPG |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-06-16 to 2013-06-16 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
5.X.X.240 (-)
- - - |
- / - - |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-04-23 to 2013-04-23 |
° 22514(1): not found ° 3300004(1): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port |
|
180.X.X.76 (-)
- - - |
- / - - |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-05-27 to 2013-05-27 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
94.X.X.87 (RO)
BUCHAREST BUCURESTI ROMANIA |
- / DSL NEW COM TELECOMUNICATII SA |
High Details (1.9) 2 BotHunter Users 4 Infection Report 2013-04-21 to 2013-05-13 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
5.X.X.180 (-)
- - - |
- / - - |
High Details (1.4) 1 BotHunter Users 2 Infection Report 2013-04-16 to 2013-04-16 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 9920009(1): not found |
|
209.X.X.98 (US)
DALLAS TEXAS UNITED STATES |
THEPLANET.COM / DSL THEPLANET.COM INTERNET SERVICES INC |
Moderate Details (0.8) 2 BotHunter Users 3 Infection Report 2013-04-07 to 2013-05-12 |
° 2001685(2): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(2): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
94.X.X.61 (RU)
- - RUSSIAN FEDERATION |
IS74.RU / DSL INTERSVYAZ-2 JSC |
Moderate Details (0.8) 1 BotHunter Users 2 Infection Report 2013-04-29 to 2013-04-29 |
° 2001685(2): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(2): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
68.X.X.205 (US)
CHARLESTON SOUTH CAROLINA UNITED STATES |
BELLSOUTH.NET / DSL BELLSOUTH.NET INC |
Moderate Details (1.3) 1 BotHunter Users 2 Infection Report 2013-06-04 to 2013-06-04 |
° 22514(2): not found ° 2000047(2): Egg Download - ET WORM Sasser Transfer _up.exe ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner |
|
211.X.X.1 (TW)
TAIPEI T'AI-PEI TAIWAN |
- / COMP SHIE-LIANG-F-CH-NET |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-03-09 to 2013-03-09 |
° 2001569(6): Outbound Attack - ET SCAN Behavioral Unusual Port NETBIOS traffic, Potential Scan or Infection (60 in 60 secs) ° 52000032(5): Outbound Attack - ET EXPLOIT LSA exploit ° 52000046(4): Outbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (Win2k) ° 2123(1): Inbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 3300001(1): Egg Download - BotHunter Scrip-based Windows egg download .exe |
|
92.X.X.141 (RO)
BUCHAREST BUCURESTI ROMANIA |
TELELINK-RO.COM / DSL ARTELECOM |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-06-09 to 2013-06-09 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
222.X.X.123 (VN)
- - VIET NAM |
LOCALHOST / DSL VIETNAM DATA COMMUNICATION COMPANY |
Moderate Details (0.8) 2 BotHunter Users 4 Infection Report 2013-05-16 to 2013-05-21 |
° 2001685(2): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(2): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
210.X.X.152 (VN)
HANOI DAC LAC VIET NAM |
FPT-CUSTOMERS.FPT.VN / DSL DAI IP CHO HOSTING GAME |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-05-15 to 2013-05-15 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
190.X.X.45 (CL)
SANTIAGO REGION METROPOLITANA CHILE |
- / DSL TELMEX CHILE S.A WIMAX |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-04-28 to 2013-04-28 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
119.X.X.121 (JP)
TOKYO TOKYO JAPAN |
MESH.AD.JP / DSL NEC BIGLOBE LTD |
Moderate Details (1.3) 3 BotHunter Users 6 Infection Report 2013-05-11 to 2013-05-23 |
° 22514(2): not found ° 2000047(2): Egg Download - ET WORM Sasser Transfer _up.exe ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner |
|
46.X.X.253 (-)
- - - |
- / - - |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-04-11 to 2013-04-11 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
190.X.X.85 (DO)
SANTIAGO DISTRITO NACIONAL DOMINICAN REPUBLIC |
TRICOM.NET / DSL TRICOM |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-06-12 to 2013-06-12 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
86.X.X.179 (BY)
MINSK MINSK BELARUS |
PPPOE.VITEBSK.BY / DIAL REPUBLICAN UNITARY ENTERPRISE BELTELECOM |
High Details (1.5) 1 BotHunter Users 13 Infection Report 2013-05-02 to 2013-05-02 |
° 22009201(17): Inbound Attack - ET CURRENT_EVENTS Conficker.b Shellcode ° 2001685(16): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 3810008(6): Russian Business Network - ET Known Russian Business Network Monitored Domain ° 9920020(2): not found |
|
203.X.X.41 (LK)
COLOMBO COLOMBO SRI LANKA |
ADSL.SLTNET.LK / DSL INTERNET SERVICE PROVIDER IN SRI LANKA |
High Details (1.5) 1 BotHunter Users 2 Infection Report 2013-05-02 to 2013-05-02 |
° 22009201(9): Inbound Attack - ET CURRENT_EVENTS Conficker.b Shellcode ° 2001685(8): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 3810008(3): Russian Business Network - ET Known Russian Business Network Monitored Domain ° 22465(1): not found ° 9920020(1): not found |
|
77.X.X.0 (PL)
ZAWIERCIE KATOWICE POLAND |
INETIA.PL / DSL INTERNETIA |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-06-10 to 2013-06-10 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
173.X.X.52 (US)
MIDDLETOWN NEW YORK UNITED STATES |
MCHSI.COM / DSL MEDIACOM COMMUNICATIONS CORP |
High Details (1.9) 2 BotHunter Users 4 Infection Report 2013-04-10 to 2013-05-09 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
190.X.X.75 (CL)
SANTIAGO REGION METROPOLITANA CHILE |
- / DSL TELMEX CHILE S.A HFC |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-05-07 to 2013-05-07 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
37.X.X.67 (-)
- - - |
- / - - |
High Details (1.9) 1 BotHunter Users 3 Infection Report 2013-06-12 to 2013-06-12 |
° 22514(3): not found ° 3300004(3): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(2): Outbound Scan - Detected intense non-malware port scanning ° 7777008(2): Malware Scan - Detected intense malware port scanning |
|
186.X.X.2 (CO)
- - COLOMBIA |
TELEFONICA.NET.CO / DSL COLOMBIA TELECOMUNICACIONES S.A. ESP |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-06-05 to 2013-06-05 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
4.X.X.126 (US)
BRIDGEVIEW ILLINOIS UNITED STATES |
LEVEL3.NET / DIAL LEVEL 3 COMMUNICATIONS INC |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-05-23 to 2013-05-23 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
118.X.X.22 (JP)
HACHIOJI TOKYO JAPAN |
HTOJ.J-CNET.JP / DSL JCN-HTMNET |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-04-16 to 2013-04-16 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
59.X.X.76 (TW)
TAIPEI T'AI-PEI TAIWAN |
- / COMP YUAN MAO GUAN DIAN CO. LTD |
Moderate Details (1.3) 1 BotHunter Users 2 Infection Report 2013-04-11 to 2013-04-11 |
° 22514(2): not found ° 2000047(2): Egg Download - ET WORM Sasser Transfer _up.exe ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner |
|
88.X.X.4 (RU)
- - RUSSIAN FEDERATION |
- / DSL PSTN DIAL-UP SERVICE |
Maximum Details (2.5) 1 BotHunter Users 4 Infection Report 2013-05-29 to 2013-05-29 |
° 22514(4): not found ° 3300004(4): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 2003070(2): CandC Communication - ET WORM Korgo.U Reporting ° 3810007(2): Russian Business Network - ET Known Russian Business Network Monitored Domain ° 7777005(2): Outbound Scan - Detected intense non-malware port scanning ° 7777008(2): Malware Scan - Detected intense malware port scanning |
|
118.X.X.168 (JP)
TOKYO TOKYO JAPAN |
HTOJ.J-CNET.JP / DSL JCN-HTMNET |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-05-24 to 2013-05-24 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
79.X.X.128 (PL)
WARSAW WARSZAWA POLAND |
CENTERTEL.PL / DSL PTK CENTERTEL BROADBAND SERVICES |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-04-20 to 2013-04-20 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
61.X.X.157 (JP)
SHIZUOKA SHIZUOKA JAPAN |
THN.NE.JP / DSL TOKAI CORPORATION |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-06-04 to 2013-06-04 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
78.X.X.163 (HU)
BUDAPEST BUDAPEST HUNGARY |
T-ONLINE.HU / DSL T-ONLINE DSL CLIENT POOL |
High Details (1.5) 1 BotHunter Users 2 Infection Report 2013-05-02 to 2013-05-02 |
° 22009201(12): Inbound Attack - ET CURRENT_EVENTS Conficker.b Shellcode ° 2001685(10): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 3810008(5): Russian Business Network - ET Known Russian Business Network Monitored Domain ° 9920020(2): not found |
|
208.X.X.211 (VC)
KINGSTOWN SAINT GEORGE SAINT VINCENT AND THE GRENADINES |
KARIBCABLE.COM / COMP KARIB CABLE |
Moderate Details (1.3) 6 BotHunter Users 6 Infection Report 2013-04-05 to 2013-04-28 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
112.X.X.198 (PH)
- - PHILIPPINES |
PLDT.NET / DSL IPG |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-04-30 to 2013-04-30 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
178.X.X.135 (UK)
- - UNITED KINGDOM |
FINEBLANK.COM / DSL EU-ZZ |
Maximum Details (3.0) 1 BotHunter Users 3 Infection Report 2013-05-23 to 2013-05-23 |
° 22514(3): not found ° 3300004(3): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(3): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(3): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 2003070(2): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(2): Outbound Scan - Detected intense non-malware port scanning ° 7777008(2): Malware Scan - Detected intense malware port scanning ° 9920003(2): not found |
|
222.X.X.156 (TW)
TAIPEI T'AI-PEI TAIWAN |
APOL.COM.TW / DSL ASIA PACIFIC ONLINE SERVICE INC |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-03-09 to 2013-03-09 |
° 2001569(7): Outbound Attack - ET SCAN Behavioral Unusual Port NETBIOS traffic, Potential Scan or Infection (60 in 60 secs) ° 52000046(5): Outbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (Win2k) ° 52000032(4): Outbound Attack - ET EXPLOIT LSA exploit ° 3300001(2): Egg Download - BotHunter Scrip-based Windows egg download .exe ° 2123(1): Inbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner |
|
71.X.X.89 (US)
SALT LAKE CITY UTAH UNITED STATES |
QWEST.NET / DSL QWEST COMMUNICATIONS CORPORATION |
Moderate Details (1.3) 1 BotHunter Users 2 Infection Report 2013-04-18 to 2013-04-18 |
° 22514(2): not found ° 2000047(2): Egg Download - ET WORM Sasser Transfer _up.exe ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner |
|
202.X.X.252 (ID)
BALIKPAPAN KALIMANTAN TIMUR INDONESIA |
- / COMP THE NATURE CONSERVANCY |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-05-30 to 2013-05-30 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
190.X.X.95 (AR)
BUENOS AIRES BUENOS AIRES ARGENTINA |
190.IN-ADDR.ARPA / DSL TELECENTRO S.A. - CLIENTES RESIDENCIALES |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-05-23 to 2013-05-23 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
210.X.X.39 (VN)
- - VIET NAM |
FPT-CUSTOMERS.FPT.VN / DSL DAI IP CHO HOSTING GAME |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-06-16 to 2013-06-16 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
42.X.X.74 (-)
- - - |
- / - - |
Moderate Details (0.8) 2 BotHunter Users 2 Infection Report 2013-04-11 to 2013-05-07 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
79.X.X.203 (HU)
MISKOLC MISKOLC HUNGARY |
SUPRAKTV.HU / DSL SUPRA KABELTELEVIZIOS KERESKEDELMI ES SZOLGALTATO KFT |
Maximum Details (3.0) 3 BotHunter Users 8 Infection Report 2013-05-06 to 2013-06-11 |
° 22514(4): not found ° 3300004(4): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(4): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(4): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 2003070(2): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(2): Outbound Scan - Detected intense non-malware port scanning ° 7777008(2): Malware Scan - Detected intense malware port scanning ° 9920003(2): not found ° 2001569(1): Outbound Attack - ET SCAN Behavioral Unusual Port NETBIOS traffic, Potential Scan or Infection (60 in 60 secs) |
|
50.X.X.56 (-)
- - - |
- / - - |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-06-10 to 2013-06-10 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
112.X.X.199 (PH)
- - PHILIPPINES |
PLDT.NET / DSL IPG |
Maximum Details (3.0) 1 BotHunter Users 3 Infection Report 2013-04-29 to 2013-04-29 |
° 22514(3): not found ° 3300004(3): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(3): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(3): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(2): Outbound Scan - Detected intense non-malware port scanning ° 7777008(2): Malware Scan - Detected intense malware port scanning ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 9920003(1): not found |
|
77.X.X.196 (UK)
LONDON ENGLAND UNITED KINGDOM |
BLUEYONDER.CO.UK / DSL UDDI UBR12UDDI |
Maximum Details (2.6) 1 BotHunter Users 1 Infection Report 2013-06-16 to 2013-06-16 |
° 1444(1): Egg Download - TFTP GET from external source ° 52123(1): Inbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 299913(1): Inbound Attack - ET SHELLCODE x86 0x90 unicode NOOP ° 2003603(1): CandC Communication - ET TROJAN W32.Virut.A joining an IRC Channel ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3000014(1): not found ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
124.X.X.89 (TW)
TAIPEI T'AI-PEI TAIWAN |
TFN.NET.TW / DSL TAIWAN FIXED NETWORK CO. LTD |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-03-09 to 2013-03-09 |
° 2001569(12): Outbound Attack - ET SCAN Behavioral Unusual Port NETBIOS traffic, Potential Scan or Infection (60 in 60 secs) ° 3300001(11): Egg Download - BotHunter Scrip-based Windows egg download .exe ° 2123(9): Inbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2000040(3): Egg Download - ET WORM Sasser FTP Traffic ° 2000047(3): Egg Download - ET WORM Sasser Transfer _up.exe ° 52000032(2): Outbound Attack - ET EXPLOIT LSA exploit ° 52000046(2): Outbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (Win2k) |
|
78.X.X.39 (GE)
- - GEORGIA |
CAUCASUS.NET / DSL CAUCASUS-NET-GEPON |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-06-13 to 2013-06-13 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
94.X.X.39 (RU)
EKATERINBURG SVERDLOVSK RUSSIAN FEDERATION |
PERMONLINE.RU / DSL DYNAMIC DISTRIBUTION IP'S FOR BROADBAND SERVICES |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-05-06 to 2013-05-06 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
151.X.X.169 (IT)
MILANO LOMBARDIA ITALY |
51-151.NET24.IT / DSL IUNET-BNET |
Maximum Details (2.5) 1 BotHunter Users 3 Infection Report 2013-05-03 to 2013-05-03 |
° 22514(3): not found ° 3300004(3): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(3): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(3): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(2): Outbound Scan - Detected intense non-malware port scanning ° 7777008(2): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
186.X.X.146 (CL)
- - CHILE |
CHILESAT.NET / DSL TELMEX SERVICIOS EMPRESARIALES S.A |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-06-15 to 2013-06-15 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
95.X.X.27 (LV)
RIGA RIGA LATVIA |
- / DSL ADDRESS POOL FOR LTC-HOME CUSTOMERS |
High Details (1.9) 3 BotHunter Users 5 Infection Report 2013-04-24 to 2013-05-21 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
84.X.X.204 (KZ)
- - KAZAKHSTAN |
MAIL.CBC-GROUP.KZ / DSL PROVIDER LOCAL REGISTRY |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-05-08 to 2013-05-08 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
109.X.X.169 (UK)
- - UNITED KINGDOM |
JWS.COM / DSL EU-ZZ |
Maximum Details (3.0) 3 BotHunter Users 6 Infection Report 2013-05-02 to 2013-05-31 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
84.X.X.197 (KZ)
- - KAZAKHSTAN |
MAIL.CBC-GROUP.KZ / DSL PROVIDER LOCAL REGISTRY |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-06-13 to 2013-06-13 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
42.X.X.150 (-)
- - - |
- / - - |
Moderate Details (0.8) 4 BotHunter Users 7 Infection Report 2013-02-25 to 2013-05-07 |
° 2001685(3): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(3): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
94.X.X.161 (IT)
ROME LAZIO ITALY |
BUSINESS.TELECOMITALIA.IT / DSL INTERBUSINESS |
Moderate Details (1.3) 1 BotHunter Users 2 Infection Report 2013-04-16 to 2013-04-16 |
° 22514(2): not found ° 2000047(2): Egg Download - ET WORM Sasser Transfer _up.exe ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner |
|
24.X.X.78 (PR)
- - PUERTO RICO |
ONELINKPR.NET / DSL SAN JUAN CABLE LLC |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-06-08 to 2013-06-08 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777008(2): Malware Scan - Detected intense malware port scanning ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 9920003(1): not found |
|
66.X.X.130 (US)
NEW YORK NEW YORK UNITED STATES |
LONGLINES.COM / DSL THE COMMUNITY AGENCY |
High Details (1.9) 4 BotHunter Users 11 Infection Report 2013-05-21 to 2013-05-25 |
° 22514(5): not found ° 3300004(5): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(3): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(3): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(2): Outbound Scan - Detected intense non-malware port scanning ° 7777008(2): Malware Scan - Detected intense malware port scanning ° 9920003(2): not found ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting |
|
95.X.X.40 (KZ)
ALMATY ALMATY CITY KAZAKHSTAN |
DIAL.ONLINE.KZ / DSL JSC KAZAKHTELECOM ALMATY AFFILIATE |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-05-04 to 2013-05-04 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
212.X.X.205 (TR)
ISTANBUL ISTANBUL TURKEY |
- / DSL TURK TELEKOM TTNET NATIONAL BACKBONE |
Moderate Details (0.8) 3 BotHunter Users 3 Infection Report 2013-05-17 to 2013-06-10 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
5.X.X.0 (-)
- - - |
- / - - |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-04-08 to 2013-04-08 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
116.X.X.54 (JP)
TOYAMA TOYAMA JAPAN |
INFOWEB.NE.JP / DSL INFOWEB(FUJITSU LTD.) |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-05-20 to 2013-05-20 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
14.X.X.20 (-)
- - - |
- / - - |
Moderate Details (0.8) 2 BotHunter Users 2 Infection Report 2013-02-25 to 2013-04-13 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
103.X.X.51 (-)
- - - |
- / - - |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-06-08 to 2013-06-08 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
208.X.X.168 (US)
CHANDLER ARIZONA UNITED STATES |
- / DSL GILA RIVER TELECOMMUNICATIONS INC |
Moderate Details (1.3) 4 BotHunter Users 4 Infection Report 2013-04-06 to 2013-06-15 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
103.X.X.27 (-)
- - - |
- / - - |
Moderate Details (0.8) 2 BotHunter Users 3 Infection Report 2013-04-19 to 2013-05-07 |
° 2001685(2): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(2): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
60.X.X.76 (JP)
TOKYO TOKYO JAPAN |
PLALA.OR.JP / DSL NTT PLALA INC |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-05-02 to 2013-05-02 |
° 22514(1): not found ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2000047(1): Egg Download - ET WORM Sasser Transfer _up.exe |
|
220.X.X.164 (TW)
TAOYUAN T'AI-WAN TAIWAN |
HINET.NET / COMP YUAN MAO PHOTOELCTRON CO. LTD |
Moderate Details (1.3) 1 BotHunter Users 2 Infection Report 2013-05-22 to 2013-05-22 |
° 22514(2): not found ° 2000047(2): Egg Download - ET WORM Sasser Transfer _up.exe ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner |
|
118.X.X.220 (JP)
- - JAPAN |
HTOJ.J-CNET.JP / DSL JCN-HTMNET |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-05-19 to 2013-05-19 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
93.X.X.25 (PL)
WARSAW WARSZAWA POLAND |
MIKOLOW.NET / DSL MICONET |
High Details (1.9) 1 BotHunter Users 1 Infection Report 2013-05-07 to 2013-05-07 |
° 22514(1): not found ° 3300004(1): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
79.X.X.117 (HU)
BUDAPEST BUDAPEST HUNGARY |
SUPRAKTV.HU / DSL SUPRA KABELTELEVIZIOS KERESKEDELMI ES SZOLGALTATO KFT |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-05-02 to 2013-05-02 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
141.X.X.178 (UK)
- - UNITED KINGDOM |
TERMBILLING.COM / DSL VARIOUS REGISTRIES |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-06-12 to 2013-06-12 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
101.X.X.75 (-)
- - - |
- / - - |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-05-28 to 2013-05-28 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
80.X.X.137 (RO)
BUCHAREST BUCURESTI ROMANIA |
ARTELECOM.NET / DSL SC ARTELECOM SA |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-04-09 to 2013-04-09 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
46.X.X.199 (-)
- - - |
- / - - |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-06-11 to 2013-06-11 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
120.X.X.244 (-)
- - - |
- / - - |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-06-01 to 2013-06-01 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
24.X.X.158 (US)
HEWITT TEXAS UNITED STATES |
GRANDENETWORKS.NET / DSL GRANDE COMMUNICATIONS WACO |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-05-26 to 2013-05-26 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
220.X.X.3 (JP)
NAGASAKI NAGASAKI JAPAN |
BBTEC.NET / DSL JAPAN NATION-WIDE NETWORK OF SOFTBANK BB CORP |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-05-23 to 2013-05-23 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
202.X.X.50 (JP)
OKAYAMA OKAYAMA JAPAN |
ONINET.NE.JP / DSL OKAYAMA NETWORK INC |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-04-12 to 2013-04-12 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
75.X.X.33 (US)
PLANO TEXAS UNITED STATES |
SBCGLOBAL.NET / DSL DANNY CHON DBA |
Moderate Details (1.3) 2 BotHunter Users 2 Infection Report 2013-05-17 to 2013-06-15 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
58.X.X.109 (KR)
SEOUL SEOUL-T'UKPYOLSI KOREA, REPUBLIC OF |
- / DSL DACOM CORPORATION |
High Details (1.5) 1 BotHunter Users 3 Infection Report 2013-05-02 to 2013-05-02 |
° 22009201(5): Inbound Attack - ET CURRENT_EVENTS Conficker.b Shellcode ° 2001685(4): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 3810008(1): Russian Business Network - ET Known Russian Business Network Monitored Domain ° 9920020(1): not found |
|
2.X.X.68 (-)
- - - |
- / - - |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-06-16 to 2013-06-16 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
186.X.X.185 (-)
- - - |
- / - - |
Moderate Details (0.8) 1 BotHunter Users 2 Infection Report 2013-04-15 to 2013-04-15 |
° 2001685(2): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(2): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
110.X.X.130 (IN)
DELHI DELHI INDIA |
- / DSL IPVPN/INTERNET SERVICE PROVIDER |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-05-24 to 2013-05-24 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
37.X.X.41 (-)
- - - |
- / - - |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-04-19 to 2013-04-19 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
58.X.X.26 (MY)
- - MALAYSIA |
MAXIS.NET.MY / DSL MAXIS COMMUNICATIONS BHD |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-02-25 to 2013-02-25 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
79.X.X.164 (RU)
MOSCOW MOSCOW CITY RUSSIAN FEDERATION |
NETBYNET.RU / DIAL CUSTOMERS BROADBAND AGGREGATION |
Maximum Details (3.5) 1 BotHunter Users 4 Infection Report 2013-05-07 to 2013-05-07 |
° 22514(4): not found ° 3300004(4): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(2): Outbound Scan - Detected intense non-malware port scanning ° 7777008(2): Malware Scan - Detected intense malware port scanning ° 5653(1): not found ° 52314(1): not found ° 52514(1): not found ° 2001569(1): Outbound Attack - ET SCAN Behavioral Unusual Port NETBIOS traffic, Potential Scan or Infection (60 in 60 secs) ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 9920003(1): not found |
|
24.X.X.148 (US)
WOODWAY TEXAS UNITED STATES |
GRANDENETWORKS.NET / DSL GRANDE COMMUNICATIONS WACO |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-04-06 to 2013-04-06 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
46.X.X.148 (-)
- - - |
- / - - |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-04-28 to 2013-04-28 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
201.X.X.168 (MX)
- - MEXICO |
BESTEL.COM.MX / DSL OPERBES S.A. DE C.V |
Moderate Details (1.2) 1 BotHunter Users 2 Infection Report 2013-05-22 to 2013-05-22 |
° 2002971(2): Inbound Attack - ET EXPLOIT Wmm2fxa.dll COM Object Instantiation Memory Corruption ° 2008576(2): Egg Download - ET TROJAN TinyPE Binary - Possibly Hostile ° 3300007(1): Egg Download - BotHunter Malware Windows executable (PE) sent from remote host ° 3810007(1): Russian Business Network - ET Known Russian Business Network Monitored Domain |
|
119.X.X.11 (TW)
TAIPEI T'AI-PEI TAIWAN |
TCOL.COM.TW / DSL E-MAX NETWORK CORP |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-05-15 to 2013-05-15 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
202.X.X.176 (JP)
KUMAMOTO KUMAMOTO JAPAN |
KCN-TV.NE.JP / DSL KUMAMOTO CABLE NETWORK CORPORATION |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-05-03 to 2013-05-03 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
185.X.X.245 (-)
- - - |
- / - - |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-04-11 to 2013-04-11 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
58.X.X.5 (JP)
NAGOYA TOKYO JAPAN |
STARCAT.NE.JP / DSL KMN CORPORATION |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-05-06 to 2013-05-06 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
88.X.X.93 (RU)
- - RUSSIAN FEDERATION |
- / DSL DIMEDIA-SPB-KOLPINSKIY |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-06-06 to 2013-06-06 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
118.X.X.247 (JP)
HACHIOJI TOKYO JAPAN |
HTOJ.J-CNET.JP / DSL JCN-HTMNET |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-04-30 to 2013-04-30 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
91.X.X.93 (UK)
- - UNITED KINGDOM |
NACKSYSTEM.NET / DSL EU-ZZ |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-04-12 to 2013-04-12 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
178.X.X.93 (UK)
- - UNITED KINGDOM |
FINEBLANK.COM / DSL EU-ZZ |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-04-26 to 2013-04-26 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
141.X.X.114 (UK)
- - UNITED KINGDOM |
TERMBILLING.COM / DSL VARIOUS REGISTRIES |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-06-05 to 2013-06-05 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
74.X.X.254 (US)
- - UNITED STATES |
MTCBROADBAND.NET / DSL MTC BROADBAND INC |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-06-07 to 2013-06-07 |
° 22514(1): not found ° 3300004(1): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(1): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(1): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) |
|
78.X.X.183 (PL)
WROCLAW DOLNOSLASKIE POLAND |
NET.PL / DSL DIALOG |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-05-30 to 2013-05-30 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
219.X.X.5 (JP)
TOKYO TOKYO JAPAN |
CABLENET.NE.JP / DSL CABLENET SAITAMA CO. LTD |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-04-17 to 2013-04-17 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
92.X.X.237 (RO)
BUCHAREST BUCURESTI ROMANIA |
TELELINK-RO.COM / DSL ARTELECOM |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-04-21 to 2013-04-21 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
193.X.X.95 (FR)
LILLE NORD-PAS-DE-CALAIS FRANCE |
ABO.WANADOO.FR / DSL NSLIL205 LILLE |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-04-10 to 2013-04-10 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
189.X.X.249 (BR)
MACEIó ALAGOAS BRAZIL |
VELOXZONE.COM.BR / DSL COMITE GESTOR DA INTERNET NO BRASIL |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-04-25 to 2013-04-25 |
° 22514(1): not found ° 3300004(1): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(1): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(1): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) |
|
37.X.X.30 (-)
- - - |
- / - - |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-04-25 to 2013-04-25 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
114.X.X.18 (TW)
TAIPEI T'AI-PEI TAIWAN |
HINET.NET / DSL CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-04-09 to 2013-04-09 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
66.X.X.49 (US)
WALNUT CREEK CALIFORNIA UNITED STATES |
ASTOUND.NET / DSL ASTOUND BROADBAND |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-06-12 to 2013-06-12 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
141.X.X.97 (UK)
- - UNITED KINGDOM |
TERMBILLING.COM / DSL VARIOUS REGISTRIES |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-04-29 to 2013-04-29 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
91.X.X.201 (PL)
WARSAW WARSZAWA POLAND |
MIKOLOW.NET / DSL MICONET |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-04-14 to 2013-04-14 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
46.X.X.72 (-)
- - - |
- / - - |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-05-19 to 2013-05-19 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
121.X.X.47 (PH)
QUEZON CITY QUEZON CITY PHILIPPINES |
BTI.NET.PH / DSL BAYANDSL-AP |
Moderate Details (0.8) 2 BotHunter Users 3 Infection Report 2013-04-26 to 2013-05-29 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
202.X.X.148 (JP)
OKAYAMA OKAYAMA JAPAN |
ONINET.NE.JP / DSL OKAYAMA NETWORK INC |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-04-24 to 2013-04-24 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
90.X.X.127 (RU)
MOSCOW MOSCOW CITY RUSSIAN FEDERATION |
PERMONLINE.RU / DSL DYNAMIC DISTRIBUTION IP'S FOR BROADBAND SERVICES |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-05-26 to 2013-05-26 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
71.X.X.168 (US)
TEMPE ARIZONA UNITED STATES |
QWEST.NET / COMP QWEST COMMUNICATIONS CORPORATION |
Moderate Details (1.3) 1 BotHunter Users 2 Infection Report 2013-04-25 to 2013-04-25 |
° 22514(2): not found ° 2000047(2): Egg Download - ET WORM Sasser Transfer _up.exe ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner |
|
46.X.X.137 (-)
- - - |
- / - - |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-05-07 to 2013-05-07 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
190.X.X.96 (CL)
- - CHILE |
- / DSL TELMEX CHILE S.A HFC |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-06-13 to 2013-06-13 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
77.X.X.193 (RU)
MOSCOW MOSCOW CITY RUSSIAN FEDERATION |
NATIONALCABLENETWORKS.RU / DSL NKS BROADBAND CUSTOMERS |
High Details (1.4) 1 BotHunter Users 2 Infection Report 2013-05-15 to 2013-05-15 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 9920009(1): not found |
|
72.X.X.85 (US)
BEND OREGON UNITED STATES |
BENDBROADBAND.COM / DSL BEND CABLE COMMUNICATIONS LLC |
High Details (1.9) 1 BotHunter Users 1 Infection Report 2013-04-29 to 2013-04-29 |
° 22514(1): not found ° 3300004(1): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
70.X.X.95 (US)
COLUMBUS OHIO UNITED STATES |
RR.COM / DSL ROAD RUNNER HOLDCO LLC |
Moderate Details (1.3) 2 BotHunter Users 2 Infection Report 2013-04-25 to 2013-06-16 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
5.X.X.136 (-)
- - - |
- / - - |
High Details (1.4) 1 BotHunter Users 2 Infection Report 2013-05-06 to 2013-05-06 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 9920009(1): not found |
|
92.X.X.51 (RO)
BUCHAREST BUCURESTI ROMANIA |
TELELINK-RO.COM / DSL ARTELECOM |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-05-26 to 2013-05-26 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
46.X.X.9 (-)
- - - |
- / - - |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-05-16 to 2013-05-16 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
46.X.X.39 (-)
- - - |
- / - - |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-05-26 to 2013-05-26 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
213.X.X.253 (SA)
RIYADH AR RIYAD SAUDI ARABIA |
FIRSTFFC.COM / COMP MEDUNET |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-04-09 to 2013-04-09 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
120.X.X.89 (-)
- - - |
- / - - |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-04-13 to 2013-04-13 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
24.X.X.220 (US)
LOS ANGELES CALIFORNIA UNITED STATES |
RR.COM / DSL ROAD RUNNER HOLDCO LLC |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-04-07 to 2013-04-07 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
2.X.X.122 (-)
- - - |
- / - - |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-04-23 to 2013-04-23 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
93.X.X.66 (BG)
- - BULGARIA |
SHAPER.PLADI.BG / DSL PLADI COMPUTERS LTD. LOVECH |
High Details (1.5) 1 BotHunter Users 1 Infection Report 2013-05-02 to 2013-05-02 |
° 22009201(7): Inbound Attack - ET CURRENT_EVENTS Conficker.b Shellcode ° 2001685(6): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 3810008(2): Russian Business Network - ET Known Russian Business Network Monitored Domain ° 9920020(1): not found |
|
41.X.X.16 (DZ)
ALGIERS ALGER ALGERIA |
196-46-248-WIMAX.SLC.DZ / DSL AFRINIC |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-05-22 to 2013-05-22 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
31.X.X.10 (-)
- - - |
- / - - |
Maximum Details (3.5) 1 BotHunter Users 4 Infection Report 2013-02-17 to 2013-02-17 |
° 22514(4): not found ° 3300003(4): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(4): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(4): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 2001569(2): Outbound Attack - ET SCAN Behavioral Unusual Port NETBIOS traffic, Potential Scan or Infection (60 in 60 secs) ° 2003070(2): CandC Communication - ET WORM Korgo.U Reporting ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(2): Outbound Scan - Detected intense non-malware port scanning ° 7777008(2): Malware Scan - Detected intense malware port scanning ° 9920003(2): not found |
|
109.X.X.138 (UK)
- - UNITED KINGDOM |
JWS.COM / DSL EU-ZZ |
High Details (1.9) 1 BotHunter Users 1 Infection Report 2013-05-05 to 2013-05-05 |
° 22514(1): not found ° 3300004(1): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
141.X.X.48 (UK)
- - UNITED KINGDOM |
TERMBILLING.COM / DSL VARIOUS REGISTRIES |
Maximum Details (2.4) 1 BotHunter Users 2 Infection Report 2013-04-20 to 2013-04-20 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 2001569(1): Outbound Attack - ET SCAN Behavioral Unusual Port NETBIOS traffic, Potential Scan or Infection (60 in 60 secs) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
119.X.X.25 (TW)
TAIPEI T'AI-PEI TAIWAN |
TCOL.COM.TW / DSL E-MAX NETWORK CORP |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-05-16 to 2013-05-16 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
5.X.X.192 (-)
- - - |
- / - - |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-04-16 to 2013-04-16 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
106.X.X.27 (-)
- - - |
- / - - |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-04-16 to 2013-04-16 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
116.X.X.134 (-)
- - - |
- / - - |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-05-16 to 2013-05-16 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
67.X.X.76 (US)
BLAIR NEBRASKA UNITED STATES |
NETINS.NET / DSL CENTRAL SCOTT TELEPHONE |
Maximum Details (2.5) 4 BotHunter Users 7 Infection Report 2013-04-19 to 2013-06-09 |
° 22514(1): not found ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 3300004(1): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found ° 22000032(1): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(1): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) |
|
46.X.X.152 (-)
- - - |
- / - - |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-04-20 to 2013-04-20 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
95.X.X.89 (RU)
MOSCOW MOSCOW CITY RUSSIAN FEDERATION |
CORBINA.RU / COMP INVESTELEKTROSVIAZ LTD |
High Details (1.6) 1 BotHunter Users 17 Infection Report 2013-05-05 to 2013-05-05 |
° 22009201(25): Inbound Attack - ET CURRENT_EVENTS Conficker.b Shellcode ° 2001685(23): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22465(4): not found ° 22514(3): not found ° 9910002(2): Bot Space Access - BOTHUNTER CURRENT_EVENTS Excessive NXDOMAIN responses by internal host ° 22475(1): not found ° 22000032(1): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(1): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) |
|
106.X.X.83 (-)
- - - |
- / - - |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-05-10 to 2013-05-10 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
190.X.X.87 (CL)
- - CHILE |
- / DSL TELMEX CHILE S.A HFC |
Maximum Details (3.0) 2 BotHunter Users 6 Infection Report 2013-04-06 to 2013-04-09 |
° 22514(4): not found ° 3300004(4): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(2): Outbound Scan - Detected intense non-malware port scanning ° 7777008(2): Malware Scan - Detected intense malware port scanning ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 9920003(1): not found |
|
182.X.X.116 (-)
- - - |
- / - - |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-04-07 to 2013-04-07 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
37.X.X.138 (-)
- - - |
- / - - |
Maximum Details (2.5) 1 BotHunter Users 4 Infection Report 2013-06-05 to 2013-06-05 |
° 22514(4): not found ° 3300004(4): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(2): Outbound Scan - Detected intense non-malware port scanning ° 7777008(2): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
202.X.X.252 (JP)
KUMAMOTO KUMAMOTO JAPAN |
KCN-TV.NE.JP / DSL KUMAMOTO CABLE NETWORK CORPORATION |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-04-20 to 2013-04-20 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
114.X.X.247 (TW)
TAIPEI T'AI-PEI TAIWAN |
HINET.NET / DSL CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP |
Maximum Details (3.5) 1 BotHunter Users 2 Infection Report 2013-02-17 to 2013-02-17 |
° 22514(2): not found ° 3300003(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 2001569(1): Outbound Attack - ET SCAN Behavioral Unusual Port NETBIOS traffic, Potential Scan or Infection (60 in 60 secs) ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 3300004(1): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
50.X.X.198 (-)
- - - |
- / - - |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-06-01 to 2013-06-01 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
178.X.X.76 (UK)
- - UNITED KINGDOM |
FINEBLANK.COM / DSL EU-ZZ |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-06-12 to 2013-06-12 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
5.X.X.77 (-)
- - - |
- / - - |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-05-12 to 2013-05-12 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
199.X.X.74 (-)
- - - |
- / - - |
Maximum Details (3.5) 1 BotHunter Users 2 Infection Report 2013-02-17 to 2013-02-17 |
° 22514(2): not found ° 3300003(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 2001569(1): Outbound Attack - ET SCAN Behavioral Unusual Port NETBIOS traffic, Potential Scan or Infection (60 in 60 secs) ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 3300004(1): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
2.X.X.203 (-)
- - - |
- / - - |
Maximum Details (3.5) 1 BotHunter Users 4 Infection Report 2013-04-20 to 2013-04-20 |
° 22514(4): not found ° 3300004(4): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(4): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(4): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(2): Outbound Scan - Detected intense non-malware port scanning ° 7777008(2): Malware Scan - Detected intense malware port scanning ° 2001569(1): Outbound Attack - ET SCAN Behavioral Unusual Port NETBIOS traffic, Potential Scan or Infection (60 in 60 secs) ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 9920003(1): not found |
|
69.X.X.88 (US)
WALNUT CREEK CALIFORNIA UNITED STATES |
ASTOUND.NET / DSL ASTOUND BROADBAND |
High Details (1.9) 1 BotHunter Users 4 Infection Report 2013-04-26 to 2013-04-26 |
° 22514(4): not found ° 3300004(4): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(4): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(4): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(2): Outbound Scan - Detected intense non-malware port scanning ° 7777008(2): Malware Scan - Detected intense malware port scanning |
|
110.X.X.162 (CN)
BEIJING BEIJING CHINA |
JWS.COM / DSL CHINA TIETONG TELECOMMUNICATIONS CORPORATION |
Moderate Details (1.3) 1 BotHunter Users 2 Infection Report 2013-05-05 to 2013-05-05 |
° 22514(2): not found ° 2000047(2): Egg Download - ET WORM Sasser Transfer _up.exe ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner |
|
181.X.X.145 (-)
- - - |
- / - - |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-04-13 to 2013-04-13 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
190.X.X.250 (AR)
- - ARGENTINA |
NET.AR / COMP TORANZO HECTOR |
Moderate Details (0.8) 2 BotHunter Users 2 Infection Report 2013-04-07 to 2013-05-26 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
46.X.X.94 (-)
- - - |
- / - - |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-05-22 to 2013-05-22 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
5.X.X.56 (-)
- - - |
- / - - |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-04-07 to 2013-04-07 |
° 22514(1): not found ° 3300004(1): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port |
|
178.X.X.75 (UK)
- - UNITED KINGDOM |
FINEBLANK.COM / DSL EU-ZZ |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-04-19 to 2013-04-19 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
190.X.X.49 (AR)
- - ARGENTINA |
TECHTELNET.NET / DSL - |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-04-20 to 2013-04-20 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
79.X.X.201 (RU)
MOSCOW MOSCOW CITY RUSSIAN FEDERATION |
NETBYNET.RU / DIAL CUSTOMERS BROADBAND AGGREGATION |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-05-08 to 2013-05-08 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
109.X.X.41 (UK)
- - UNITED KINGDOM |
JWS.COM / DSL EU-ZZ |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-05-10 to 2013-05-10 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
113.X.X.154 (VN)
- - VIET NAM |
LOCALHOST / DSL VIETNAM POST AND TELECOM CORPORATION |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-04-13 to 2013-04-13 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
37.X.X.125 (-)
- - - |
- / - - |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-05-17 to 2013-05-17 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
199.X.X.4 (US)
HONOLULU HAWAII UNITED STATES |
TRANQUILITY.NET / DSL CORAL WIRELESS LLC |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-05-04 to 2013-05-04 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
74.X.X.170 (-)
- - - |
- / - - |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-03-09 to 2013-03-09 |
° 2001569(12): Outbound Attack - ET SCAN Behavioral Unusual Port NETBIOS traffic, Potential Scan or Infection (60 in 60 secs) ° 3300001(11): Egg Download - BotHunter Scrip-based Windows egg download .exe ° 2123(9): Inbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2000040(3): Egg Download - ET WORM Sasser FTP Traffic ° 2000047(3): Egg Download - ET WORM Sasser Transfer _up.exe ° 52000032(2): Outbound Attack - ET EXPLOIT LSA exploit ° 52000046(2): Outbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (Win2k) |
|
70.X.X.197 (PR)
SAN JUAN PUERTO RICO PUERTO RICO |
ONELINKPR.NET / DSL SAN JUAN CABLE LLC |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-04-27 to 2013-04-27 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
119.X.X.12 (TW)
TAIPEI T'AI-PEI TAIWAN |
TCOL.COM.TW / DSL E-MAX NETWORK CORP |
Maximum Details (2.5) 1 BotHunter Users 4 Infection Report 2013-05-27 to 2013-05-27 |
° 22514(4): not found ° 3300004(4): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(4): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(4): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(2): Outbound Scan - Detected intense non-malware port scanning ° 7777008(2): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
46.X.X.42 (-)
- - - |
- / - - |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-05-20 to 2013-05-20 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
62.X.X.173 (SA)
RIYADH AR RIYAD SAUDI ARABIA |
SAUDI.NET.SA / COMP SAUDINET SAUDI TELECOM COMPANY |
Moderate Details (1.3) 2 BotHunter Users 3 Infection Report 2013-04-21 to 2013-05-06 |
° 22514(1): not found ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2000047(1): Egg Download - ET WORM Sasser Transfer _up.exe |
|
62.X.X.90 (HU)
BUDAPEST BUDAPEST HUNGARY |
T-ONLINE.HU / COMP T-ONLINE CATV CLIENTS (DYNAMIC ADDRESS POOL) |
Moderate Details (1.3) 1 BotHunter Users 4 Infection Report 2013-05-04 to 2013-05-04 |
° 2001685(4): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009201(4): Inbound Attack - ET CURRENT_EVENTS Conficker.b Shellcode ° 2008578(2): not found |
|
141.X.X.121 (UK)
- - UNITED KINGDOM |
TERMBILLING.COM / DSL VARIOUS REGISTRIES |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-04-24 to 2013-04-24 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
50.X.X.105 (-)
- - - |
- / - - |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-06-05 to 2013-06-05 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
210.X.X.129 (TW)
TAIPEI T'AI-PEI TAIWAN |
- / DSL NATIONAL HEALTH RESEARCH INSTITUTES |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-03-09 to 2013-03-09 |
° 2001569(12): Outbound Attack - ET SCAN Behavioral Unusual Port NETBIOS traffic, Potential Scan or Infection (60 in 60 secs) ° 3300001(11): Egg Download - BotHunter Scrip-based Windows egg download .exe ° 2123(9): Inbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2000040(3): Egg Download - ET WORM Sasser FTP Traffic ° 2000047(3): Egg Download - ET WORM Sasser Transfer _up.exe ° 52000032(2): Outbound Attack - ET EXPLOIT LSA exploit ° 52000046(2): Outbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (Win2k) |
|
141.X.X.220 (UK)
- - UNITED KINGDOM |
TERMBILLING.COM / DSL VARIOUS REGISTRIES |
Maximum Details (3.0) 1 BotHunter Users 4 Infection Report 2013-05-05 to 2013-05-05 |
° 22514(4): not found ° 3300004(4): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(2): Outbound Scan - Detected intense non-malware port scanning ° 7777008(2): Malware Scan - Detected intense malware port scanning ° 9920003(2): not found ° 2001569(1): Outbound Attack - ET SCAN Behavioral Unusual Port NETBIOS traffic, Potential Scan or Infection (60 in 60 secs) |
|
101.X.X.191 (-)
- - - |
- / - - |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-06-13 to 2013-06-13 |
° 1444(1): Egg Download - TFTP GET from external source ° 22351(1): Inbound Attack - REGISTERED FREE NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2008120(1): Egg Download - ET POLICY Outbound TFTP Read Request ° 3001441(1): Egg Download - TFTP GET .exe from external source |
|
70.X.X.225 (PR)
SAN JUAN PUERTO RICO PUERTO RICO |
ONELINKPR.NET / DSL SAN JUAN CABLE LLC |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-05-25 to 2013-05-25 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
84.X.X.36 (IT)
OLBIA SARDEGNA ITALY |
CUST-ADSL.TISCALI.IT / DSL TISCALI ITALIA SPA |
Maximum Details (3.2) 1 BotHunter Users 2 Infection Report 2013-06-16 to 2013-06-16 |
° 22466(2): not found ° 299913(2): Inbound Attack - ET SHELLCODE x86 0x90 unicode NOOP ° 3000003(2): not found ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 292000032(2): not found ° 2001683(1): Egg Download - ET MALWARE Windows executable sent when remote host claims to send an image ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 3000000(1): not found ° 3000014(1): not found |
|
46.X.X.139 (-)
- - - |
- / - - |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-04-20 to 2013-04-20 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
93.X.X.8 (PT)
PORTO PORTO PORTUGAL |
REV.OPTIMUS.PT / DSL OPTIMUS PORTUGAL |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-06-05 to 2013-06-05 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
219.X.X.67 (JP)
ICHIHARA CHIBA JAPAN |
ICNTV.NE.JP / DSL ICHIHARA COMMUNITY NETWORK TV CO.LTD |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-05-23 to 2013-05-23 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
220.X.X.67 (TW)
TAIPEI T'AI-PEI TAIWAN |
SPARQNET.NET / DSL CHIUNG-LI-YU-TUNG CO. LTD |
Moderate Details (1.3) 1 BotHunter Users 1 Infection Report 2013-03-09 to 2013-03-09 |
° 2001569(12): Outbound Attack - ET SCAN Behavioral Unusual Port NETBIOS traffic, Potential Scan or Infection (60 in 60 secs) ° 3300001(11): Egg Download - BotHunter Scrip-based Windows egg download .exe ° 2123(9): Inbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner ° 2000040(3): Egg Download - ET WORM Sasser FTP Traffic ° 2000047(3): Egg Download - ET WORM Sasser Transfer _up.exe ° 52000032(2): Outbound Attack - ET EXPLOIT LSA exploit ° 52000046(2): Outbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (Win2k) |
|
223.X.X.171 (-)
- - - |
- / - - |
Moderate Details (0.8) 1 BotHunter Users 1 Infection Report 2013-05-30 to 2013-05-30 |
° 2001685(1): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(1): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
109.X.X.107 (UK)
- - UNITED KINGDOM |
JWS.COM / DSL EU-ZZ |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-05-09 to 2013-05-09 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
94.X.X.118 (RO)
BUCHAREST BUCURESTI ROMANIA |
- / DSL NEW COM TELECOMUNICATII SA |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-06-08 to 2013-06-08 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
46.X.X.3 (-)
- - - |
- / - - |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-05-07 to 2013-05-07 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
72.X.X.218 (US)
NEW YORK NEW YORK UNITED STATES |
HERITAGE-HCS.COM / DSL BUCKEYE CABLEVISION INC |
Moderate Details (1.3) 1 BotHunter Users 2 Infection Report 2013-05-03 to 2013-05-03 |
° 22514(2): not found ° 2000047(2): Egg Download - ET WORM Sasser Transfer _up.exe ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner |
|
212.X.X.51 (AM)
- - ARMENIA |
- / DSL UCOM |
Maximum Details (2.5) 1 BotHunter Users 3 Infection Report 2013-05-28 to 2013-05-28 |
° 22514(3): not found ° 3300004(3): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
80.X.X.202 (TR)
ISTANBUL ISTANBUL TURKEY |
- / COMP NET-BIZIM |
Moderate Details (0.8) 1 BotHunter Users 2 Infection Report 2013-04-08 to 2013-04-08 |
° 2001685(2): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(2): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
70.X.X.191 (PR)
SAN JUAN PUERTO RICO PUERTO RICO |
ONELINKPR.NET / DSL SAN JUAN CABLE LLC |
High Details (1.9) 1 BotHunter Users 4 Infection Report 2013-06-06 to 2013-06-06 |
° 22514(4): not found ° 3300004(4): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(2): Outbound Scan - Detected intense non-malware port scanning ° 7777008(2): Malware Scan - Detected intense malware port scanning ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) |
|
190.X.X.93 (VE)
CARACAS DISTRITO FEDERAL VENEZUELA, BOLIVARIAN REPUBLIC OF |
CANTV.NET / DSL CANTV SERVICIOS VENEZUELA |
Moderate Details (1.3) 1 BotHunter Users 2 Infection Report 2013-05-07 to 2013-05-07 |
° 2001685(2): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009201(2): Inbound Attack - ET CURRENT_EVENTS Conficker.b Shellcode ° 2008578(1): not found |
|
46.X.X.117 (-)
- - - |
- / - - |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-05-02 to 2013-05-02 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
183.X.X.55 (-)
- - - |
- / - - |
Moderate Details (1.3) 1 BotHunter Users 21 Infection Report 2013-05-19 to 2013-05-19 |
° 2001685(35): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009201(34): Inbound Attack - ET CURRENT_EVENTS Conficker.b Shellcode ° 2008578(1): not found |
|
218.X.X.198 (HK)
HONG KONG HONG KONG (SAR) HONG KONG |
HUTCHCITY.COM / DSL HUTCHISON GLOBAL COMMUNICATIONS |
Moderate Details (0.8) 1 BotHunter Users 2 Infection Report 2013-06-04 to 2013-06-04 |
° 2001685(2): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(2): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
122.X.X.214 (IN)
NEW DELHI DELHI INDIA |
122.AIRTELBROADBAND.IN / DSL BHARTI AIRTEL LTD. TELEMEDIA SERVICES |
Moderate Details (0.8) 1 BotHunter Users 2 Infection Report 2013-05-07 to 2013-05-07 |
° 2001685(2): Egg Download - ET MALWARE Possible Windows executable sent when remote host claims to send an image ° 22009200(2): Inbound Attack - ET CURRENT_EVENTS Conficker.a Shellcode |
|
46.X.X.169 (-)
- - - |
- / - - |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-04-05 to 2013-04-05 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
80.X.X.120 (RO)
BUCHAREST BUCURESTI ROMANIA |
ARTELECOM.NET / DSL SC ARTELECOM SA |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-05-13 to 2013-05-13 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |
|
180.X.X.34 (-)
- - - |
- / - - |
Moderate Details (1.3) 1 BotHunter Users 2 Infection Report 2013-04-09 to 2013-04-09 |
° 22514(2): not found ° 2000047(2): Egg Download - ET WORM Sasser Transfer _up.exe ° 552123(1): Outbound Attack - REGISTERED FREE ATTACK-RESPONSES Microsoft cmd.exe banner |
|
96.X.X.68 (US)
WEST CHESTER PENNSYLVANIA UNITED STATES |
VERIZON.NET / DSL VERIZON INTERNET SERVICES INC |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-06-10 to 2013-06-10 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
190.X.X.5 (CL)
- - CHILE |
- / DSL TELMEX CHILE S.A HFC |
Maximum Details (2.5) 1 BotHunter Users 2 Infection Report 2013-04-08 to 2013-04-08 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
113.X.X.118 (MY)
- - MALAYSIA |
MAXIS.NET.MY / DSL MAXIS BROADBAND SDN BHD |
Maximum Details (3.0) 1 BotHunter Users 2 Infection Report 2013-04-10 to 2013-04-10 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 22000032(2): Inbound Attack - ET EXPLOIT LSA exploit ° 22000033(2): Inbound Attack - ET EXPLOIT MS04011 Lsasrv.dll RPC exploit (WinXP) ° 2003070(1): CandC Communication - ET WORM Korgo.U Reporting ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning ° 9920003(1): not found |
|
46.X.X.100 (-)
- - - |
- / - - |
High Details (1.9) 1 BotHunter Users 2 Infection Report 2013-06-16 to 2013-06-16 |
° 22514(2): not found ° 3300004(2): Egg Download - BotHunter HTTP-based .exe Upload on backdoor port ° 7777005(1): Outbound Scan - Detected intense non-malware port scanning ° 7777008(1): Malware Scan - Detected intense malware port scanning |