Author Topic: ngr.ipwhois.org.uk - Looking for assistance  (Read 2855 times)

0 Members and 1 Guest are viewing this topic.

April 04, 2011, 10:52:18 am
Read 2855 times

Radovan

  • Newbie

  • Offline
  • *

  • 1
An IRCbot that is connecting to ngr.ipwhois.org.uk have been pestering our network for a couple of weeks now, I've sent numerous of abuse complaints to abuse@reg.ru which is the registrar but been unable to get a proper response.

References:

http://www.threatexpert.com/report.aspx?md5=c26b0a34deb80ae1492bd2b3f7b7013d
http://www.virustotal.com/file-scan/report.html?id=936a74e6a91afdc4cfd3daeae090439021a506addc6590fcd927eb06ed07d927-1301912535

Help getting this domain suspended would be greatly apprechiated, currently download payloads from:

Code: [Select]
hxxp://rapidshare.com/files/455757996/nsprd.exe
hxxp://rapidshare.com/files/455485925/102.exe
hxxp://thefilesmovie.in/install.48208.exe