z.joerv02.com(irc botnet hosted in China Nanjing Chinanet Jiangsu Province Network)

Name                     Query Type               Query Result        Successful        Protocol
api.wipmania.com      DNS_TYPE_A      69.197.137.58      YES                   udp
z.baerr02.com          DNS_TYPE_A                                     NO                    udp
z.joerv02.com          DNS_TYPE_A       58.221.60.87         YES                    udp

Server: z.joerv02.com:6513 PASS smart

Channels: #dpi,#suk.#sar PASS smart

UPDATE/
a.joerv03.com       DNS_TYPE_A       58.221.60.87 60.169.73.119
a.baerr03.com inactive for now

Topic for #dpi: #dpi :!dl hxxp://146.185.246.192/6515.exe

Other samples: hxxp://146.185.246.192/1313.exe
hxxp://146.185.246.192/15.exe

hosting infos:
http://whois.domaintools.com/58.221.60.87

Categories: Uncategorized

1 Comment

Anonymous - June 17, 2013 at 8:45 am

Hi,
Very nice blog and good information posted. How I can sign up for your RSS?

Comments are closed