f0001.info (ngrbot irc botnet hosted by United States Chicago Steadfast Networks)

By I_Post_Ur_Info, November 23, 2012

Resolved f0001.info to 208.117.34.204, 208.117.34.20

Server: f0001.info
Port: 1887
Server password: leonis
Channel: #pool
Channel password: leonis
* Topic for #pool is: ~pu hxxp://hotfile.com/dl/180565282/bc43943/queriendo.exe 3ea04ecdc19fad85fdf2eb15ba20cc9a ~s -o ~s
* Topic for #pool set by google at Fri Nov 23 10:26:12 2012

Channel: #XP
* Topic for #xp is: ~dw hxxp://hotfile.com/dl/180565391/ee7fa0b/ccc.exe 55c6bf0eac7a786de324c7f34ef6db12 ~dw hxxp://hotfile.com/dl/180565492/0dd28c1/10.exe ee2dcac3f9f630c69dd750cc6abc5b8a
* Topic for #xp set by google at Fri Nov 23 10:26:12 2012

Other channels are country codes, eg #US, #CO, #ES

The bots seem to be being used for ad fraud, with the files from #XP visiting 2musicaonline.com and clicking on the ads.

Hosting infos: http://whois.domaintools.com/208.117.34.204
http://whois.domaintools.com/208.117.34.20

Categories: Uncategorized

Tags: googlengrBot

Previous postlagner.taess.net (Zeus banking malware hosted by Germany Frankfurt Am Main Ovh Gmbh)

Next post199.119.226.75 (Barracuda irc botnet hosted by France Paris Dnsslave.com)

dd.sult4n.net(ngrBot hosted in United States Chicago Steadfast Networks)

178.86.23.225(ngrBot hosted in Ukraine Odessa Tehnologii Budushego Llc)

t.baerr01.com (Ngrbot irc botnet hosted by Chinanet)