gigasbh.org(IRC Botnet Hosted In France Paris 1&1 Internet Ag)

By Pig, July 12, 2015

Domains

Domain IP
f.eastmoon.pl 148.81.111.101
s.richlab.pl 148.81.111.101
gigasbh.org 82.165.129.253

IRC Traffic

>> NICK {USA-XPx86a}cwecttyo
>> USER cwectty 7949 7840 :cwectty
>> MODE {USA-XPx86a}cwecttyo +iwG
>> JOIN #sp yap
>> PING 422 MOTD
<< 332 {USA-XPx86a}cwecttyo #sp :
<< 333 {USA-XPx86a}cwecttyo #sp x 1436609273
>> PONG 422
>> JOIN #sp yap
>> PING :f4.production.net
>> PONG :f4.production.net
>> JOIN #sp yap

Find the port ur self sniffing with wireshark.

Sample here.

Hosting infos :
http://whois.domaintools.com/82.165.129.253

Categories: Uncategorized

Tags: irc bot

Previous post197.85.182.110(Trojan Emotet hosted in South Africa Cape Town Mweb Connect (proprietary) Limited)

Next postptmr1.in(HTTP Botnet Hosted In France Roubaix Ovh Sas)

89.248.172.240(30k botnet hosted in Netherlands Amsterdam Ecatel Ltd)

gki2mpdt3rsokbmv.onion (Irc botnet hosted on a Tor hidden service)

keshmoney.biz(irc botnet hosted in France Roubaix Ovh Systems)