juegalon.com(ngrBot hosted in Seychelles Ideal Solution Ltd)

Resolved : [juegalon.com] To [193.107.16.75]

Remote Host Port Number
173.208.131.234 80
199.15.234.7 80
65.60.49.28 80
193.107.16.75 1863 PASS ngrBot

NICK n{US|XPa}knloiig
USER knloiig 0 0 :knloiig
JOIN #rjr RjR
PRIVMSG #rjr :[DNS]: Blocked 0 domain(s) – Redirected 8 domain(s)
PRIVMSG #rjr :[d=”http://173.208.131.234/~dalepapi/ngr18.exe” s=”158208 bytes”] Updated bot file “C:Documents and SettingsUserNameApplication DataGcxaxg.exe” – Download retries: 0

Exe file:
* The data identified by the following URLs was then requested from the remote web server:
o http://173.208.131.234/~dalepapi/ngr18.exe
o http://api.wipmania.com/
o http://65.60.49.28/~megustal/ip.txt

hosting infos:
http://whois.domaintools.com/193.107.16.75

Categories: Uncategorized