37.235.49.168 (Irc botnet hosted by edis.at)

By I_Post_Ur_Info, April 24, 2013

Server: 37.235.49.168
Port: 443
Channel: #test5
Channel password: :godlol
Topic for #test5 is: hacked by team whitehats
Topic for #test5 set by Sabu at Tue Apr 23 15:14:29 2013
Example bot nick: zwin-JJNEXJ|1952|

Opers:
[Sabu] (ryan@dildos): ryan
[Sabu] @#test5 @#opers @##fuckstamp #chats
[Sabu] irc1.molten-wow.com :mw_customer_ircd
[Sabu] is a Network Administrator
[Sabu] is available for help.
[Sabu] sysop
[Sabu] idle 16:59:16, signon: Tue Apr 23 08:50:34
[Sabu] End of WHOIS list.
[tflow] (hey@dildos): hhh
[tflow] #whatever @#ddd @#chats @#test5 @#opers
[tflow] irc1.molten-wow.com :mw_customer_ircd
[tflow] is a Network Administrator
[tflow] is available for help.
[tflow] is using a Secure Connection
[tflow] sysop
[tflow] idle 17:41:00, signon: Tue Apr 23 08:45:57
[tflow] End of WHOIS list.

Domains used for this ip in the past: fkn.ddos.cat

Hosting infos: http://whois.domaintools.com/37.235.49.168

Categories: Uncategorized

Previous postkryptic.me (Andromeda http botnet hosted by alibabahost.com)

Next postfirecrypt.net (Betabot http botnet hosted by alibabahost.com)

2 Comments

Anonymous - April 25, 2013 at 1:16 am

looks to be a variant / update of the "zodiac" bot joe giron blogged about here:

http://www.gironsec.com/blog/2013/03/reversing-a-botnet/

we have 4 distinct samples hitting the fkn.ddos.cat site, none hitting the new one

Pig - October 8, 2013 at 10:54 pm

interessing post about this bot here: http://ri0t-control.blogspot.be/2013/10/zodiac-v010-part-ii.html

2 Comments

Anonymous - April 25, 2013 at 1:16 am

Pig - October 8, 2013 at 10:54 pm

Comments are closed