Port: 22503 (note, this is not irc based)
This is one of the various botnets attempting to bruteforce wordpress blogs. It works pretty fast, during a short run on the malwr.com sandbox it attempted to login to 981 different blogs, all with domains starting with exp.
Since malwr.com only allows the sample uploader to download the pcap file, I’ve uploaded it here:
Hosting infos: http://whois.domaintools.com/22.214.171.124
Related md5s (Search on malwr.com to download the samples)
Brute bot: fa06bddf0e5fc62a487bc38399d347ed