Mouse’s large botnet

– DNS Queries:cx10man.weedns.com

    • IRC Data
      • User Name: swdo85rek
      • Host Name: *
      • Server Name:
      • Real Name: USA|XP|931
      • Password: secretpass
      • Nick Name: P|fk3ebk807
      • Non RFC Conform: 1
        • Channel
          • Name: #mm
          • Password: RSA
          • Topic Deleted: :+yOfS7/ZgRdB.6w2GQ0tQkXD1bqhV7/ipBe01hiyOt1tAGoD0bni40/nobx.1kmNSG0Vilef/jw3NQ.1MD7F.zHYt//ZSMTE/IQhIO0/do540d2vZX/C8d1J07gDr61k4Jvn1n9lNv1Sb1Au/ZZkmF.WULzq.0.Nyh1ShH1m/
  • Plain Communication Data
    • Send
      • Dump Line:
        • Off Set: $0000
        • Dump: 50 41 53 53 20 73 65 63 72 65 74 70 61 73 73 0D
        • ASCII: PASS secretpass.
        • Off Set: $0010
        • Dump: 0A
        • ASCII: .
        • Off Set: $0000
        • Dump: 4E 49 43 4B 20 50 7C 66 6B 33 65 62 6B 38 30 37
        • ASCII: NICK P|fk3ebk807
        • Off Set: $0010
        • Dump: 0D 0A
        • ASCII: ..
        • Off Set: $0000
        • Dump: 55 53 45 52 20 73 77 64 6F 38 35 72 65 6B 20 2A
        • ASCII: USER swdo85rek *
        • Off Set: $0020
        • Dump: 20 30 20 3A 55 53 41 7C 58 50 7C 39 33 31 0D 0A
        • ASCII: 0 :USA|XP|931..
    • Receive
      • Dump Line:
        • Off Set: $0000
        • Dump: 3A 68 75 62 2E 34 31 39 32 31 2E 6E 65 74 20 30
        • ASCII: :hub.41921.net 0
        • Off Set: $0010
        • Dump: 30 31 20 50 7C 66 6B 33 65 62 6B 38 30 37 20 3A
        • ASCII: 01 P|fk3ebk807 :
        • Off Set: $0020
        • Dump: 50 7C 66 6B 33 65 62 6B 38 30 37 21 73 77 64 6F
        • ASCII: P|fk3ebk807!swdo
        • Off Set: $0030
        • Dump: 38 35 72 65 6B 40 37 32 2E 32 33 36 2E 31 36 37
        • ASCII: 85rek@72.236.167
        • Off Set: $0040
        • Dump: 2E 31 33 36 0D 0A 3A 68 75 62 2E 34 31 39 32 31
        • ASCII: .136..:hub.41921
        • Off Set: $0050
        • Dump: 2E 6E 65 74 20 31 20 50 7C 66 6B 33 65 62 6B 38
        • ASCII: .net 1 P|fk3ebk8
        • Off Set: $0060
        • Dump: 30 37 20 3A 4C 6F 67 69 6E 3A 20 0D 0A 3A 68 75
        • ASCII: 07 :Login: ..:hu
        • Off Set: $0070
        • Dump: 62 2E 34 31 39 32 31 2E 6E 65 74 20 33 37 36 20
        • ASCII: b.41921.net 376
        • Off Set: $0080
        • Dump: 50 7C 66 6B 33 65 62 6B 38 30 37 20 3A 0D 0A
        • ASCII: P|fk3ebk807 :..
  • Transport Protocol: TCP
  • Remote Address: 61.120.62.28
  • Remote Port: 3305
  • Protocol: IRC
  • Connection Established: 1
  • Socket: 2164

here more infos lol

Looking up cx10man.weedns.com
Resolved : [cx10man.weedns.com] To [147.46.222.80]
Resolved : [cx10man.weedns.com] To [203.146.251.62]
Resolved : [cx10man.weedns.com] To [210.166.223.51]
Resolved : [cx10man.weedns.com] To [62.128.152.250]
Resolved : [cx10man.weedns.com] To [61.120.62.28]
Interesting ports on lxplesk233.fm.netbenefit.co.uk (62.128.152.250):
Not shown: 1006 filtered ports, 660 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp ProFTPD 1.3.1
22/tcp open ssh OpenSSH 4.3 (protocol 2.0)
25/tcp open smtp qmail smtpd
53/tcp open domain
80/tcp open http Apache httpd 2.2.3 ((CentOS))
110/tcp open pop3
143/tcp open imap Courier Imapd (released 2004)
443/tcp open ssl/http Apache httpd 2.2.3 ((CentOS))
993/tcp open ssl/imap Courier Imapd (released 2004)
995/tcp open ssl/pop3
3306/tcp open mysql MySQL 5.0.45
8080/tcp open http-proxy?
8081/tcp open blackice-icecap?
8443/tcp open http Apache httpd

Interesting ports on ns.yumetairiku.co.jp (210.166.223.51):
Not shown: 1668 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 4.2 (protocol 1.99)
25/tcp open smtp Postfix smtpd
53/tcp open domain
80/tcp open http Apache httpd
110/tcp open pop3 Dovecot pop3d
143/tcp open imap Dovecot imapd
199/tcp open smux Linux SNMP multiplexer
993/tcp open ssl/imap Dovecot imapd
995/tcp open ssl/pop3 Dovecot pop3d
3306/tcp open mysql MySQL (unauthorized)
8080/tcp open http-proxy?
8081/tcp open blackice-icecap?

Interesting ports on 203.146.251.62:
Not shown: 1657 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp ProFTPD 1.3.1
22/tcp open ssh OpenSSH 4.3 (protocol 2.0)
25/tcp open smtp qmail smtpd
53/tcp open domain
80/tcp open http Apache httpd 2.2.2 ((Fedora))
106/tcp open pop3pw poppassd
110/tcp open pop3
111/tcp filtered rpcbind
143/tcp open imap Courier Imapd (released 2004)
170/tcp filtered print-srv
443/tcp open ssl/http Apache httpd 2.2.2 ((Fedora))
465/tcp open ssl/smtp qmail smtpd
469/tcp filtered rcp
515/tcp filtered printer
587/tcp open smtp qmail smtpd
993/tcp open ssl/imap Courier Imapd (released 2004)
995/tcp open ssl/pop3
2049/tcp filtered nfs
3306/tcp open mysql MySQL 5.0.27
8080/tcp open http-proxy?
8081/tcp open blackice-icecap?
8443/tcp open http Apache httpd
9991/tcp filtered issa

Interesting ports on climate.snu.ac.kr (147.46.222.80):
Not shown: 1664 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp vsftpd 2.0.5
22/tcp filtered ssh
25/tcp open smtp Sendmail 8.13.8/8.13.8
80/tcp open http Apache httpd 2.2.3 ((Fedora))
110/tcp open pop3 Dovecot pop3d
135/tcp filtered msrpc
143/tcp open imap Dovecot imapd
443/tcp open ssl/http Apache httpd 2.2.3 ((Fedora))
445/tcp filtered microsoft-ds
993/tcp open ssl/imap Dovecot imapd
995/tcp open ssl/pop3 Dovecot pop3d
3128/tcp filtered squid-http
4444/tcp filtered krb524
8080/tcp open http-proxy?
8081/tcp open blackice-icecap?
17300/tcp filtered kuang2

Categories: Uncategorized