46.38.63.119(reptile mod hosted in Russian Federation Moscow Jsc Tel Company)

From the nick format looks like reptile mod

Local users: 45 147 Current local users 45, max 147
Global users: 45 147 Current global users 45, max 147

Server: 46.38.63.119:6667
Username: 3
Nickname: [D|x86|DEU|XP|1020942]
Channel: #inet (Password: )
Channeltopic: :?bitcoin-24896128560982359857125906 gpu high
* Topic for #inet set by Dexter at Mon Jan 28 15:08:05 2013

* Now talking on #theoffice
* Topic for #theoffice is: Stats: 21:47:23 elapsed; 1280 hosts completed (1344 up), 64 undergoing Traceroute
* Topic for #theoffice set by kate at Thu Jan 31 00:55:43 2013
* [kate] (ENS@!-78E07C07.static.srsvps.com): FGD
* [kate] @#theoffice
* [kate] 46.38.63.119 :Chat Server
* [kate] idle 10:36:11, signon: Mon Jan 28 17:21:39
* [kate] End of WHOIS list.

Channel Users Topic
#inet 40 [+snt] ?bitcoin-24896128560982359857125906 gpu high
#rnet 1 [+nt]
#tnet 1 [+nt]
#unet 3 [+nt]
#ynet 1 [+nt]
#theoffice 1 [+nt] Stats: 21:47:23 elapsed; 1280 hosts completed (1344 up), 64 undergoing Traceroute

worker info: http://api.bitcoin.cz:8332/ -u consort.worker1 -p RtSMTJ3Q found by I_Post_Your_Info

to download samples go here:hxxp://46.38.63.119/bck/

Logs from the conversation with the girl(yes she’s a girl lol):

 [D|x86|DEU|XP|10438942]> !scan google.ca
 <[D|x86|DEU|XP|10438942]> !info
 <[D|x86|DEU|XP|10438942]> !botnets
<kate> wat
 <kate> wat
 <[D|x86|DEU|XP|10438942]> just testing
<kate> testing what? who are you?
 <[D|x86|DEU|XP|10438942]> I though you were a bot
 <[D|x86|DEU|XP|10438942]> coming from a vps ip and all
 <[D|x86|DEU|XP|10438942]> Stats: 21:47:23 elapsed; 1280 hosts completed (1344 up), 64 undergoing Traceroute
 <[D|x86|DEU|XP|10438942]> so how's the buttcoin business?
 <kate> Quite profitable. 
 <kate> I assume you are some sort of researcher, is that correct?
 <[D|x86|DEU|XP|10438942]> not that involved
 <[D|x86|DEU|XP|10438942]> why irc?
<[D|x86|DEU|XP|10438942]> you could do this better with http
<kate> http is only needed when certain conditions are met
 <[D|x86|DEU|XP|10438942]> This is a reptile mod right?
 <[D|x86|DEU|XP|10438942]> not so many open source http bots around
<kate> You underestimate my level of skill

hosting infos:
http://whois.domaintools.com/46.38.63.119

Categories: Uncategorized

Tags: reptile mod

Previous postmonstercvv.cc (Multilocker 3 winlocker hosted by altushost.com)

Next postzxvfircd.no-ip.biz (Athena irc botnet hosted by digitalocean.com)

6 Comments

Anonymous - February 1, 2013 at 11:29 pm

Can you share the sample? 🙂

Pig - February 2, 2013 at 12:41 am

read better u will find samples link on the post

Anonymous - February 3, 2013 at 2:06 am

hi pig i was wondering if you can sample a irc that has nixs on it

Pig - February 3, 2013 at 11:31 pm

i allready posted alot of nets with nix bots inside

Anonymous - February 18, 2013 at 4:45 pm

seems they took down that /bck/ sample fairly quickly after being posted here. I am very interested in this GPU mining sample so if anyone has a copy please make it known.

Pig - February 18, 2013 at 7:51 pm

the sample is inside this package http://www.exposedbotnets.com/2013/02/92mb-samples-for-analysis.html

74.208.111.48 (HEX reptile mod hosted by 1and1.com)