[nsp-sec] IRC Botnet (yeah, they still exist) AS46562
Scott A. McIntyre
scott at howyagoin.net
Thu Mar 7 23:50:38 EST 2013
Hi all,
Anyone have any contacts at AS 46562?
46562 | 199.229.249.189 | COLO-AT-55-LLC - Colo at 55, LLC
We've found an IRC bot on a Windows server (not sure how it got there yet) that connects back to:
*** Connecting to port 443 of server 199.229.249.189
-magnesium.ddos.cat- *** Looking up your hostname...
-magnesium.ddos.cat- *** Couldn't resolve your hostname; using your IP address instead
*** UHNAMES NAMESX SAFELIST HCN MAXCHANNELS=10 CHANLIMIT=#: 10 MAXLIST=b:300,e:300,I:300 NICKLEN=30 CHANNELLEN=32 TOPICLEN=307 KICKLEN=307 AWAYLEN=307 MAXTARGETS=20 :are supported by this server
*** WALLCHOPS WATCH=128 WATCHOPTS=A SILENCE=15 MODES=12 CHANTYPES=# PREFIX=(qaohv)~&@%+ CHANMODES=beI,kfL,lj,psmntirRcOAQKVCuzNSMTGZ NETWORK=ddos.cat CASEMAPPING=ascii EXTBAN=~,qjncrRa ELIST=MNUCT STATUSMSG=~&@%+ : are supported by this server
*** EXCEPTS INVEX CMDS=KNOCK,MAP,DCCALLOW,USERIP,STARTTLS are supported by this server
*** There are 3 users and 1041 invisible on 2 servers
*** There are 7 operators online
*** 10 channels have been formed
*** This server has 1035 clients and 0 servers connected
*** 1035 4000 Current local users 1035, max 4000
*** 1044 4010 Current global users 1044, max 4010
*** Channel Users Topic
*** #chats 9
*** #shell 4 wat happen
*** #cat 1
Regards,
Scott A. McIntyre
Telstra AS1221
More information about the nsp-security
mailing list