Real heckers and very hard to know from where lamers belong(look at domain name)
ng.albanianetwork.com 89.248.168.87
api.wipmania.com
api.wipmania.com 199.15.234.7
gn.albacrew.com 89.248.168.87
Download URLs
http://199.15.234.7/ (api.wipmania.com)
Outgoing connection to remote server: ng.albanianetwork.com TCP port 6869
Outgoing connection to remote server: api.wipmania.com TCP port 80
Outgoing connection to remote server: ng.albanianetwork.com TCP port 9731
Outgoing connection to remote server: ng.albanianetwork.com TCP port 6869
ircd servers:
ng.albanianetwork.com:6869 PASS ngrBot
ng.albanianetwork.com:9731 PASS ngrBot
gn.albacrew.com:6869 PASS ngrBot
gn.albacrew.com:9731 PASS ngrBot
Remote Host Port Number
123.30.110.29 80
199.15.234.7 80
74.125.157.100 80
89.248.168.87 6869 ircd here PASS ngrBot
JOIN #new
PRIVMSG #ng# :[d=”http://goo.gl/gSPFy” s=”118061 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data1.tmp” – Download retries: 0
NICK n{US|XPa}mzxlngn
USER mzxlngn 0 0 :mzxlngn
JOIN #ng# ngrBot
PRIVMSG #ng# :[HTTP]: Updated HTTP spread interval to “5”
PRIVMSG #ng# :[MSN]: Updated MSN spread interval to “5”
PRIVMSG #ng# :[HTTP]: Updated HTTP spread message to “photo http://goo.gl/VQdZ3 |”
PRIVMSG #ng# :[MSN]: Updated MSN spread message to “photo http://goo.gl/VQdZ3 |”
UPDATE:
Resolved : [ng.albanianetwork.com] To [92.243.0.91]
Remote Host Port Number
199.15.234.7 80
92.243.0.91 6869 PASS ngrBot
NICK n{US|XPa}fhztfvp
USER fhztfvp 0 0 :fhztfvp
JOIN #ng# ngrBot
hosting infos:
http://whois.domaintools.com/89.248.168.87
Anonymous - November 23, 2011 at 11:25 pm
here a link of a virus thats when execute try to resolve api.wipmania.com and soywey.sin-ip.es
http://cupcakefactoryba.com.ar/img/hearts/VerPostal.php
🙂