webchat.dairc.net mirc bots

67.159.37.246 (6667)[variables]n0=%nick raptoff|capn1=%r 25n2=%a 49n3=%readline 1n4=%starts 5n5=%active $falsen6=%chan #tmn7=%control #wp.botsn8=%1 irc.gamesurge.netn9=%2 b.thetainted.net 6667n10=%chancount 4n11=%rnick tF`StrideR|oFFn12=%char |n13=%version 1

facker.gotdns.org

# Outgoing Connections * HTTP Data o Method: GET o Url: 67.217.36.174/whois/index.php?query= o HTTP Version: HTTP/1.1 + Header Data # Host: www.topwebhosts.org # Connection: keep-alive o Method: GET o Url: 67.217.36.174/whois/index.php?query=72.236.167.136 o HTTP Version: HTTP/1.1 + Header Data # Host: www.topwebhosts.org # Connection: keep-alive o IRC Data + User Name: Fack + Host Name: “gmail.com”

xx.nadnadzz.info and zonetech.info large net

– DNS Queries:xx.nadnadzz.infozonetech.info – IRC Conversations:67.43.236.66:10324Nick: SMKbFBgZUsername: duphykJoined Channel: #las6Channel Topic for Channel #m: “=UTlwLAUtNOd6BkRTT4KTLDHCgT82+kjj04zJxVhmS3JchZ1dx4KibcE6BKVP+5Hh75XycCF6i7Av5E4tixQ1u/AW1ljZMKWwHXTAaRh93QbU”

Mouse’s large botnet

– DNS Queries:cx10man.weedns.com IRC Data User Name: swdo85rek Host Name: * Server Name: Real Name: USA|XP|931 Password: secretpass Nick Name: P|fk3ebk807 Non RFC Conform: 1 Channel Name: #mm Password: RSA Topic Deleted: :+yOfS7/ZgRdB.6w2GQ0tQkXD1bqhV7/ipBe01hiyOt1tAGoD0bni40/nobx.1kmNSG0Vilef/jw3NQ.1MD7F.zHYt//ZSMTE/IQhIO0/do540d2vZX/C8d1J07gDr61k4Jvn1n9lNv1Sb1Au/ZZkmF.WULzq.0.Nyh1ShH1m/ Plain Communication Data Send Dump Line: Off Set: $0000 Dump: 50 41 53 53 20 73 65 63 72 65 74 70

izleindir.fileave.com

– DNS Queries:izleindir.fileave.com – HTTP Conversations:64.62.181.43:80 – [izleindir.fileave.com]Request: GET /lasted.exeResponse: 200 “OK”Download File: URL: http://izleindir.fileave.com/lasted.exe Local File: C:Windowswuasgrd.exe Successful: 1 Api-Function: URLDownloadToFileA Download File: URL: http://izleindir.fileave.com/defacer.exe Local File: C:Windowswuagrd.exe Successful: 1 Api-Function: URLDownloadToFileA Transport Protocol: TCP Remote Address: 64.62.181.43 Remote Port: 80 Protocol: HTTP Connection Established Connections Server: shockboy.no-ip.biz Port: 8080 Service: INTERNET_SERVICE_HTTP Successful: 1

cyber-gods.x0rg.com

– DNS Queries:cyber-gods.x0rg.com– IRC Conversations: 62.118.174.133:6667Nick: [USA|XP|1542375]Username: haumServer Pass: fuckyou

irc.Wearab.net

– DNS Queries:irc.Wearab.net – IRC Conversations:64.124.159.66:6667Nick: Oz-botUsername: bot