xD.a7aneek.net(80-100k ngrBotnet hosted in France Paris Gandi)

By Pig, November 25, 2011

Same lamer with big net and still hosting with Gandi.net

Resolved : [xD.a7aneek.net] To [92.243.17.156]
Resolved : [xD.a7aneek.net] To [92.243.25.164]
Resolved : [xD.a7aneek.net] To [92.243.0.109]
Resolved : [xD.a7aneek.net] To [92.243.27.72]
Resolved : [xD.a7aneek.net] To [92.243.10.12]

Other domain names used to control bots:
xD.0dayx.com
appupdate.org
xD.0days.me

92.243.10.12 5900 PASS ngrBot
92.243.0.109 5900 PASS ngrBot
92.243.27.72 5900 PASS ngrBot
92.243.17.156 5900 PASS ngrBot
92.243.25.164 5900 PASS ngrBot

NICK n{US|XPa}vowobev
USER vowobev 0 0 :vowobev
JOIN ##Redrm-002## redem
JOIN #new
JOIN #SPp,#DLx,#UP

Now talking in ##Redrm-002##
Topic On: [ ##Redrm-002## ] [ !m on !j #SPp,#DLx,#UP !j -c UA,UKR #vnc ]
Topic By: [ x3x ]
[18:53] [x3x:##redrm-002## VERSION]

the noob now version everyone who join his botnet and autoglines them if theyre not bots

exe file used to spread:
Download
Download

UPDATE:
Resolved : [xD.0days.me] To [92.243.27.72]
Resolved : [xD.0days.me] To [92.243.25.164]
Resolved : [xD.0days.me] To [92.243.10.12]
Resolved : [xD.0days.me] To [217.70.189.146]
Resolved : [xD.0days.me] To [92.243.0.109]

Now talking in ##Redrm-002##
Topic On: [ ##Redrm-002## ] [ !m on !j #SPp,#DLx,#UP !j -c UA,UKR #vnc ]
Topic By: [ _Magic ]

Now talking in #sPp
Topic On: [ #sPp ] [ !mod usbi on ]
Topic By: [ _Magic ]

Now talking in #vnc
Topic On: [ #vnc 12] [ !mod pdef off !NAZEL http://hotfile.com/dl/134087331/ae699bf/yavncc.jpeg 291BFC99016ED4647862AEB896F741D1 -n ]
Topic By: [ _Magic ]

hosting infos:
http://whois.domaintools.com/92.243.25.164

Categories: Uncategorized