feb.scorevidic.net(botnet hosted in United States Baltimore Gandi Us Inc)

Remote Host Port Number
feb.scorevidic.net 5900

Resolved : [feb.scorevidic.net] To [173.246.103.17]
Resolved : [feb.scorevidic.net] To [173.246.103.19]

NICK VirUs-zlxuiykn
USER VirUs “” “zte” :
8Coded
8Ahmed.Ramzey@Hotmail.Com..
JOIN #Rana1# Virus
PONG :TESTING1.VirUs.HERE

00000000 | 5041 5353 2056 6972 7573 0D0A 4E49 434B | PASS Virus..NICK
00000010 | 2056 6972 5573 2D78 7565 757A 7966 790D | VirUs-xueuzyfy.
00000020 | 0A55 5345 5220 5669 7255 7320 2222 2022 | .USER VirUs “” “
00000030 | 7266 7722 203A 2003 382C 3102 0338 436F | rfw” : .8,1..8Co
00000040 | 6465 6420 0334 4279 2003 3841 686D 6564 | ded .4By .8Ahmed
00000050 | 2E52 616D 7A65 7940 486F 746D 6169 6C2E | .Ramzey@Hotmail.
00000060 | 436F 6D2E 2E0D 0A | Com….

UPDATE:
Remote Host Port Number
173.246.103.19 4949 PASS trb123trb

195.122.131.13 443

62.67.1.18 443

213.251.170.52 80

216.45.58.150 80

64.208.241.34 80

USER gdetsuk 0 0 :gdetsuk
JOIN ##RedEm-001## redem
JOIN #t
JOIN #new
PRIVMSG #t :[MSN]: Updated MSN spread interval to “3”
PRIVMSG #t :[MSN]: Updated MSN spread message to “:| http://apps.facebook.com/xxx_photoo/index.php?=”
NICK VirUs-xszppj
PRIVMSG #t :[d=”https://rapidshare.com/files/457931204/SerMsvB.exe” s=”140800 bytes”] Updated bot file “C:Documents and SettingsUserNameApplication DataZcxaxz.exe” – Download retries: 0
PONG :TESTING1.VirUs.HERE
USER VirUs “” “omt” :
8Coded
8VirUs..
JOIN #MarCH# Testbro
PRIVMSG #MarCH# :Success.
NICK n{US|XPa}gdetsuk

infos about hosting:
http://whois.domaintools.com/173.246.103.17

Categories: Uncategorized