mom003.net (ngrBot irc botnet hosted by Serverius.com)

Resolved mom003.net to 185.12.14.102, 74.119.216.199

Server:  mom003.net (other domains: mom002.net, mom004.net)
Port:  1887
Server password:  speedd
Channel:  #bon2
Channel password:  speedd
Topic for #xp is: ~dw hxxp://www.sendspace.com/pro/dl/1wzt65 e6bd0bd11484b27ca4f162421a4d423b ~dw hxxp://www.sendspace.com/pro/dl/a3he3l 3c2df1fd533d955c462faaaef03bab02
Topic for #xp set by google at Tue Feb 05 11:49:09 2013

Bots also join #XP, #W7 or #VIS depending on their operating system.
Topic for #XP/#W7/#VIS is: ~dw hxxp://www.sendspace.com/pro/dl/1wzt65 e6bd0bd11484b27ca4f162421a4d423b ~dw hxxp://www.sendspace.com/pro/dl/a3he3l 3c2df1fd533d955c462faaaef03bab02
Topic for #XP/#W7/#VIS set by google at Tue Feb 05 11:49:09 2013

Google has changed adfraud domains, now the bots visit nfulltono.com.

Update:
This botnet is still up after long time here more infos.

Now 15 talking in #bon 2
Topic On : [ #bon2 ] [ ~pu hxxp://www.mediafire.com/download/bb96s9qt4bu5abt/esplendido.exe 323c61ccebfc8246b32dad104f1d2635 ~s -o ~s ]
Topic By : [ google ]
Modes On : [ #bon2 ] [ +smntMu ]

Now talking in #vis
Topic On : [ #vis ] [ ~dw hxxp://www.mediafire.com/download/8h1c11c3065llv3/ghd333.exe 55b3bb7bbc5b23925d54033059b48a67 ]
Topic 11 By : [ google ]
Modes 11 On : [ #vis ] [ +smntMu ]

Now talking in #w7
Topic On : [ #w7 ] [ ~dw hxxp://www.mediafire.com/download/8h1c11c3065llv3/ghd333.exe 55b3bb7bbc5b23925d54033059b48a67 ]
Topic By : [ google ]
Modes On : [ #w7 ] [ +smntMu ]

Now talking in #xp
Topic On : [ #xp ] [ ~dw hxxp://www.mediafire.com/download/8h1c11c3065llv3/ghd333.exe 55b3bb7bbc5b23925d54033059b48a67 ]
Topic By : [ google ]
Modes On : [ #xp ] [ +smntMu ]

Still active domains:
mom003.net 178.19.99.25

dns requests:
mi.2papa.us 46.249.47.227
musi.esmusicon.com 46.249.47.227

Hosting Infos:
http://whois.domaintools.com/178.19.99.25

Hosting infos:
http://whois.domaintools.com/185.12.14.102
http://whois.domaintools.com/74.119.216.199