Most Prolific BotNet Command and Control Servers and Filters
Sat Jul 5 10:13:10 2008
10 Day Filter Set 30 Day Filter Set
| Priority 100 | TCP Ports 7000 7000 85 7000 218 | Filter deny ip host 211.096.097.044 any log ! 551 infects 04/27/08 to 05/12/08 cnuninet.net | ISP china united telecommunications corporation |
| Clients 551 |  china |
Activity | Domain cnuninet.net |
Chatter Example
|
BotClient Antivirus Diagnoses
|
| Priority 100 | TCP Ports 443 443 85 | Filter deny ip host 217.170.244.002 any log ! 370 infects 01/08/08 to 07/04/08 - | ISP ndermarrja telekomunikuese ktdn-ads |
| Clients 370 |  serbia and montenegro |
Activity | Domain - |
Chatter Example
|
BotClient Antivirus Diagnoses
|
| Priority 100 | TCP Ports 7000 8885 | Filter deny ip host 222.177.011.165 any log ! 216 infects 05/12/08 to 06/06/08 - | ISP renhexiaoxue |
| Clients 216 | china |
Activity | Domain - |
Chatter Example
|
BotClient Antivirus Diagnoses
|
| Priority 100 | TCP Ports 80 65520 211 65520 209 65520 210 80 211 65520 69 65520 217 80 64 65520 222 80 217 | Filter deny ip host 085.114.137.060 any log ! 127 infects 04/10/08 to 06/03/08 fastit.net | ISP fastit |
| Clients 127 |  germany |
Activity | Domain fastit.net |
Chatter Example
|
BotClient Antivirus Diagnoses
|
| Priority 100 | TCP Ports 9890 | Filter deny ip host 069.042.216.090 any log ! 121 infects 03/31/08 to 07/03/08 awknet.com | ISP awknet communications llc |
| Clients 121 |  united states |
Activity | Domain awknet.com |
Chatter Example
|
BotClient Antivirus Diagnoses
|
| Priority 100 | TCP Ports 13001 12351 | Filter deny ip host 069.247.147.113 any log ! 110 infects 06/27/08 to 07/04/08 comcast.net | ISP comcast cable communications inc |
| Clients 110 | united states |
Activity | Domain comcast.net |
Chatter Example
|
BotClient Antivirus Diagnoses
|
| Priority 100 | TCP Ports 7000 | Filter deny ip host 209.250.232.240 any log ! 109 infects 05/19/08 to 06/10/08 justedge.net | ISP justedge networks inc |
| Clients 109 | united states |
Activity | Domain justedge.net |
Chatter Example
|
BotClient Antivirus Diagnoses
|
| Priority 89 | TCP Ports 65520 72 80 65520 217 65520 67 65520 69 | Filter deny ip host 085.114.143.208 any log ! 86 infects 01/23/08 to 04/21/08 fastit.net | ISP fastit |
| Clients 86 | germany |
Activity | Domain fastit.net |
Chatter Example
|
BotClient Antivirus Diagnoses
|
| Priority 82 | TCP Ports 3266 3366 3267 3267 85 3366 69 | Filter deny ip host 069.042.216.124 any log ! 80 infects 02/03/08 to 04/25/08 awknet.com | ISP awknet communications llc |
| Clients 80 | united states |
Activity | Domain awknet.com |
Chatter Example
|
BotClient Antivirus Diagnoses
|
| Priority 76 | TCP Ports 65520 65520 69 65520 72 65520 217 | Filter deny ip host 210.245.211.011 any log ! 74 infects 06/28/08 to 07/04/08 romlox.net | ISP kingdom - internet access |
| Clients 74 |  hong kong |
Activity | Domain romlox.net |
Chatter Example
|
BotClient Antivirus Diagnoses
|
| Priority 57 | TCP Ports 7000 7000 85 | Filter deny ip host 067.019.050.066 any log ! 55 infects 01/11/08 to 04/09/08 theplanet.com | ISP theplanet.com internet services inc |
| Clients 55 | united states |
Activity | Domain theplanet.com |
Chatter Example
|
BotClient Antivirus Diagnoses
|
| Priority 53 | TCP Ports 6667 6668 7000 3921 | Filter deny ip host 063.173.172.098 any log ! 52 infects 01/07/08 to 06/25/08 - | ISP splk_tele yemen |
| Clients 52 |  yemen |
Activity | Domain - |
Chatter Example
|
BotClient Antivirus Diagnoses
|
| Priority 49 | TCP Ports 80 | Filter deny ip host 194.054.090.246 any log ! 48 infects 05/29/08 to 07/03/08 monkey.hosting.ua | ISP hosting.ua datacentre allocation |
| Clients 48 |  ukraine |
Activity | Domain monkey.hosting.ua |
Chatter Example
|
BotClient Antivirus Diagnoses
|
| Priority 47 | TCP Ports 7000 | Filter deny ip host 210.217.196.011 any log ! 46 infects 05/10/08 to 05/12/08 innosoft.biz | ISP intertns-lline-giga |
| Clients 46 |  korea_ republic of |
Activity | Domain innosoft.biz |
Chatter Example
|
BotClient Antivirus Diagnoses
|
| Priority 45 | TCP Ports 3838 2293 7382 8492 9283 3938 7763 9928 3240 | Filter deny ip host 072.010.172.218 any log ! 44 infects 01/07/08 to 07/02/08 webdesignpro.org | ISP globotech communications |
| Clients 44 |  canada |
Activity | Domain webdesignpro.org |
Chatter Example
|
BotClient Antivirus Diagnoses
|
| Priority 44 | TCP Ports 7000 | Filter deny ip host 218.093.014.236 any log ! 43 infects 04/29/08 to 05/03/08 - | ISP jintan changshen elementary school |
| Clients 43 | china |
Activity | Domain - |
Chatter Example
|
BotClient Antivirus Diagnoses
|
| Priority 37 | TCP Ports 6668 6667 6667 63 6667 85 7000 7000 63 | Filter deny ip host 203.186.079.248 any log ! 36 infects 01/07/08 to 03/22/08 ctinets.com | ISP i t city international ltd - por mee factory bui |
| Clients 36 | hong kong |
Activity | Domain ctinets.com |
Chatter Example
|
BotClient Antivirus Diagnoses
|
| Priority 36 | TCP Ports 2345 | Filter deny ip host 084.244.019.183 any log ! 35 infects 02/02/08 to 04/26/08 spray.net | ISP spray network services ab |
| Clients 35 |  sweden |
Activity | Domain spray.net |
Chatter Example
|
BotClient Antivirus Diagnoses
|
| Priority 19 | TCP Ports 2345 | Filter deny ip host 084.244.019.254 any log ! 19 infects 02/17/08 to 04/23/08 spray.net | ISP spray network services ab |
| Clients 19 | sweden |
Activity | Domain spray.net |
Chatter Example
|
BotClient Antivirus Diagnoses
|
| Priority 17 | TCP Ports 3935 | Filter deny ip host 069.042.216.122 any log ! 17 infects 01/07/08 to 01/14/08 awknet.com | ISP awknet communications llc |
| Clients 17 | united states |
Activity | Domain awknet.com |
Chatter Example
|
BotClient Antivirus Diagnoses
|
| Priority 16 | TCP Ports 9988 6677 | Filter deny ip host 069.042.216.120 any log ! 16 infects 01/18/08 to 02/29/08 awknet.com | ISP awknet communications llc |
| Clients 16 | united states |
Activity | Domain awknet.com |
Chatter Example
|
BotClient Antivirus Diagnoses
|
| Priority 14 | TCP Ports 1977 1977 85 | Filter deny ip host 212.026.001.178 any log ! 14 infects 01/09/08 to 02/03/08 - | ISP king fahd univ |
| Clients 14 |  saudi arabia |
Activity | Domain - |
Chatter Example
|
BotClient Antivirus Diagnoses
|
| Priority 11 | TCP Ports 2345 2345 66 | Filter deny ip host 084.244.005.183 any log ! 11 infects 05/15/08 to 06/12/08 brimob.org | ISP spray network services ab |
| Clients 11 | sweden |
Activity | Domain brimob.org |
Chatter Example
|
BotClient Antivirus Diagnoses
|
| Priority 9 | TCP Ports 2345 | Filter deny ip host 084.244.019.189 any log ! 9 infects 02/11/08 to 02/13/08 spray.net | ISP spray network services ab |
| Clients 9 | sweden |
Activity | Domain spray.net |
Chatter Example
|
BotClient Antivirus Diagnoses
|
| Priority 8 | TCP Ports 51115 51115 85 | Filter deny ip host 069.050.208.003 any log ! 8 infects 04/21/08 to 05/06/08 bulletads.com | ISP atjeu publishing llc |
| Clients 8 | united states |
Activity | Domain bulletads.com |
Chatter Example
|
BotClient Antivirus Diagnoses
|
| Priority 8 | TCP Ports 51115 | Filter deny ip host 069.050.209.031 any log ! 8 infects 04/23/08 to 05/07/08 bulletads.com | ISP atjeu publishing llc |
| Clients 8 | united states |
Activity | Domain bulletads.com |
Chatter Example
|
BotClient Antivirus Diagnoses
|
| Priority 8 | TCP Ports 6667 85 6668 | Filter deny ip host 218.234.032.194 any log ! 8 infects 03/03/08 to 03/04/08 - | ISP hananet-highban-aroinformationtech |
| Clients 8 | korea_ republic of |
Activity | Domain - |
Chatter Example
|
BotClient Antivirus Diagnoses
|
| Priority 7 | TCP Ports 8080 72 1863 10324 | Filter deny ip host 067.043.236.066 any log ! 7 infects 04/12/08 to 06/29/08 synflood.ws | ISP globotech communications |
| Clients 7 | canada |
Activity | Domain synflood.ws |
Chatter Example
|
BotClient Antivirus Diagnoses
|
| Priority 7 | TCP Ports 7000 | Filter deny ip host 218.025.036.007 any log ! 7 infects 01/07/08 to 01/08/08 online.ln.cn | ISP cncgroup liaoning province network |
| Clients 7 | china |
Activity | Domain online.ln.cn |
Chatter Example
|
BotClient Antivirus Diagnoses
|
| Priority 6 | TCP Ports 18067 | Filter deny ip host 058.020.187.016 any log ! 6 infects 04/03/08 to 04/20/08 - | ISP cnc group hunan province network |
| Clients 6 | china |
Activity | Domain - |
Chatter Example
|
BotClient Antivirus Diagnoses
|
| Priority 6 | TCP Ports 7776 | Filter deny ip host 220.128.233.154 any log ! 6 infects 01/09/08 to 02/01/08 hinet.net | ISP chtd chunghwa telecom co. ltd |
| Clients 6 |  taiwan |
Activity | Domain hinet.net |
Chatter Example
|
BotClient Antivirus Diagnoses
|
| Priority 6 | TCP Ports 18067 | Filter deny ip host 222.051.025.090 any log ! 6 infects 05/12/08 to 05/30/08 herbalqc.com | ISP china railway telecommunications center |
| Clients 6 | china |
Activity | Domain herbalqc.com |
Chatter Example
|
BotClient Antivirus Diagnoses
|
| Priority 6 | TCP Ports 10324 | Filter deny ip host 067.043.236.098 any log ! 6 infects 06/09/08 to 07/02/08 synflood.ws | ISP globotech communications |
| Clients 6 | canada |
Activity | Domain synflood.ws |
Chatter Example
|
BotClient Antivirus Diagnoses
|
| Priority 5 | TCP Ports 18067 | Filter deny ip host 121.254.173.070 any log ! 5 infects 01/17/08 to 02/13/08 kidc.net | ISP korea internet data center inc |
| Clients 5 | korea_ republic of |
Activity | Domain kidc.net |
Chatter Example
|
BotClient Antivirus Diagnoses
|
| Priority 5 | TCP Ports 10324 8080 67 | Filter deny ip host 072.010.172.211 any log ! 5 infects 04/12/08 to 06/25/08 webdesignpro.org | ISP globotech communications |
| Clients 5 | canada |
Activity | Domain webdesignpro.org |
Chatter Example
|
BotClient Antivirus Diagnoses
|
| Priority 5 | TCP Ports 5190 10324 | Filter deny ip host 067.043.236.069 any log ! 5 infects 01/30/08 to 04/12/08 synflood.ws | ISP globotech communications |
| Clients 5 | canada |
Activity | Domain synflood.ws |
Chatter Example
|
BotClient Antivirus Diagnoses
|
| Priority 4 | TCP Ports 8080 5190 10324 | Filter deny ip host 067.043.232.036 any log ! 4 infects 02/04/08 to 04/12/08 synflood.ws | ISP globotech communications |
| Clients 4 | canada |
Activity | Domain synflood.ws |
Chatter Example
|
BotClient Antivirus Diagnoses
|
| Priority 4 | TCP Ports 55003 | Filter deny ip host 084.200.032.209 any log ! 4 infects 04/12/08 to 04/12/08 internet-homing.de | ISP internet-homing-gmbh |
| Clients 4 | germany |
Activity | Domain internet-homing.de |
Chatter Example
|
BotClient Antivirus Diagnoses
|
| Priority 4 | TCP Ports 7000 67 10324 5190 | Filter deny ip host 072.010.172.213 any log ! 4 infects 04/12/08 to 06/23/08 webdesignpro.org | ISP globotech communications |
| Clients 4 | canada |
Activity | Domain webdesignpro.org |
Chatter Example
|