facebook-o.com( botnet hosted in CNC Group CHINA169 Sichuan Province network)

Another server from our russian friend snk big hecker

Remote Host Port Number
118.144.79.148 5500

194.109.6.97 80

NICK n[USA|XP]0991293
USER x “” “x” 😡
JOIN #xux
PONG 422
PONG :srv5500.net

* Topic is ‘.usb .msn ALL /125/115/124/115/38/48/62/125/82/118/43/114/98/65/106/108/126/65/127/126/112/104/124/36/66/114/48/124/106/117/102/105/78/44/108/77/106/53/108/99/58/47/43/61/78/107/120/117/112/105/51/67/94/102/44/19/63/56/38/19/36/63/49/56/22/15/105/85/87/’

.msn ALL /125/115/124/115/38/48/62/125/82/118/43/114/98/65/106/108/126/65/127/126/112/104/124/36/66/114/48/124/106/117/102/105/78/44/108/77/106/53/108/99/58/47/43/61/78/107/120/117/112/105/51/67/94/102/44/19/63/56/38/19/36/63/49/56/22/15/105/85/87/

DNS Lookup
Host Name IP Address
facebook-o.com 118.144.79.148
facebook-t.com 118.144.79.148
x1x4x0.net 127.0.0.1
Outgoing connection to remote server: facebook-o.com TCP port 5500
Outgoing connection to remote server: facebook-o.com TCP port 5500
Outgoing connection to remote server: x1x4x0.net TCP port 5500
Outgoing connection to remote server: facebook-o.com TCP port 5500
Outgoing connection to remote server: facebook-o.com TCP port 5500
Outgoing connection to remote server: x1x4x0.net TCP port 5500
Outgoing connection to remote server: facebook-o.com TCP port 5500

infos about hosting:
http://whois.domaintools.com/118.144.79.148

Categories: Uncategorized