[Emerging-Sigs] All these have been seen on bot C&C channel.

Jart Armin jart351 at googlemail.com
Thu Mar 13 14:58:05 EST 2008 

Hi All!

I've got some logs from compromised server, via dan @ interspace.
These logs - from eggdrop-alike servers.


125.164.201.47
132.170.116.171
132.170.116.172
132.170.116.175
132.170.116.184
132.170.116.199
132.170.116.215
132.229.91.22
150.187.103.25
186-150-151-213.mtulink.net
193.142.215.15
193.242.108.82
193.242.108.83
193.242.108.85
193.25.197.127
193.254.241.203
193.254.241.204
194.109.193.125
194.150.109.26
195.225.64.206
195.234.171.110
195.248.78.13
195.70.36.237
198.63.40.177
200.140.196.124
200.38.191.26
200.68.98.226
201.155.228.218
202.172.233.27
202.179.7.68
202.74.68.167
202.74.68.174
202.74.68.177
204.110.231.76
206.212.241.115
206.212.244.67
208.77.100.123
208.77.100.124
209.208.11.1
209.208.11.10
209.208.11.11
209.208.11.12
209.208.11.13
209.208.11.14
209.208.11.2
209.208.11.3
209.208.11.4
209.208.11.5
209.208.11.6
209.208.11.7
209.208.11.9
209.216.213.6
209.216.249.195
212.114.10.247
212.123.1.52
212.43.236.7
213.164.245.236
213.193.215.57
213.203.212.83
213.203.212.84
213.203.212.85
213.203.212.86
213.203.212.87
213.203.212.88
213.203.212.89
213.203.212.90
213.203.212.91
213.203.212.92
213.203.212.93
213.203.223.60
213.218.137.34
213.219.170.231.adsl.static.edpnet.net
216.162.169.3
216.168.96.182
216.168.96.186
216.168.96.191
216.168.96.193
216.168.96.75
216.187.94.172
216.187.94.183
216.237.126.178
217.220.212.155
217.31.61.96
217.67.229.3
217.67.229.4
217.67.229.5
217.67.229.6
217.67.229.7
217.67.229.8
220.110.194.170
222.124.224.240
222.236.44.78
22.fe.1343.static.theplanet.com
233-80-244-84.vychcechy.adsl-llu.static.bluetone.cz
27lima.com
41.88.102.38.fndns.net
44.197.220.87.dynamic.jazztel.es
5356887A.cable.casema.nl
62.149.231.70
64.34.212.216
64.34.215.224
64.34.215.38
66.132.191.251
66.166.165.140
66.197.201.197
66.197.201.198
66.76.108.157
66-90-205-142.dyn.grandenetworks.net
67.159.26.118
67.159.26.148
67.159.30.79
69.28.206.167
69.28.206.186
69.90.29.29
69.90.29.37
69.90.29.39
69.90.29.4
72.29.87.145
72.5.54.119
75.125.96.243
75.125.96.244
75.125.96.246
75.125.96.247
75.125.96.248
75.125.96.249
75.125.96.250
75.125.96.251
77.74.193.107
7b.16.1343.static.theplanet.com
80.70.113.10
82.141.173.75
82-217-100-251.cable.quicknet.nl
83.145.201.13
83.86.136.122
85.12.14.5
85.214.16.249
85.214.88.40
86.123.172.110
86.123.172.246
86.123.174.162
86.123.176.142
86.123.176.15
87.119.195.215
87.249.105.136
87.249.105.145
87.50.201.234
88.191.51.156
89.107.17.206
89-149-227-96.internetserviceteam.com
89.17.210.122
89.17.210.57
89.17.210.58
91.151.108.73
91.191.161.65
abbasministries.org
akvaario.org
apache2-argon.jurupa.dreamhost.com
apache2-cabo.jurupa.dreamhost.com
apache2-grog.jurupa.dreamhost.com
apache2-kant.jurupa.dreamhost.com
apache2-linus.jurupa.dreamhost.com
apache2-moon.jurupa.dreamhost.com
apache2-pat.jurupa.dreamhost.com
apache2-quack.jurupa.dreamhost.com
apache2-rank.jurupa.dreamhost.com
apache2-whippit.jurupa.dreamhost.com
as5300-9-058.cnt.entelchile.net
at72.arbatek.ru
basic-adamant.jurupa.dreamhost.com
basic-blow.jurupa.dreamhost.com
basic-cabo.jurupa.dreamhost.com
basic-cid.jurupa.dreamhost.com
basic-echo.jurupa.dreamhost.com
basic-emu.jurupa.dreamhost.com
basic-fungi.jurupa.dreamhost.com
basic-grog.jurupa.dreamhost.com
basic-heavy.jurupa.dreamhost.com
basic-ichiban.jurupa.dreamhost.com
basic-igloo.jurupa.dreamhost.com
basic-jiffy.jurupa.dreamhost.com
basic-linus.jurupa.dreamhost.com
basic-moon.jurupa.dreamhost.com
basic-twiddle.jurupa.dreamhost.com
basic-udder.jurupa.dreamhost.com
basic-vat.jurupa.dreamhost.com
basic-whippit.jurupa.dreamhost.com
basic-xenon.jurupa.dreamhost.com
basic-yak.jurupa.dreamhost.com
basic-zoo.jurupa.dreamhost.com
burn.phatservers.com
c6.ibone.ch
callcenterflevoland.adsl.iaf.nl
ce4.conetix.com.au
chuao.fundacite.arg.gov.ve
cippp.adnc.com
cll.memphis.edu
cp119.agava.net
craaft.e-max.sk
da1.cyberserv.nl
dc224.rackhosting.com
devs.com.au
digital-blues.com
dont.disturb.while.zzz.be
dyn-86.106.60.201.ph.upcnet.ro
echo.vmis.nl
elbe223.server4you.de
evpcellulardiscounts.com
f2.f4.354a.static.theplanet.com
force.hxh.info
frontpage-argon.jurupa.dreamhost.com
gep2.buildtrade.hu
graphicinterfacedesign.com
guardn.de
hangar17.securesites.net
hazhistoria.info
host02.offisoft.dk
host70-231-149-62.serverdedicati.aruba.it
hosting6.nexicom.net
housing02.world4you.com
ilearnatlunch.org
ingoalnetwork.de
investamar.com.ec
ip-208-97-151-231.dreamhost.com
ip-208-97-151-99.dreamhost.com
joda.superhosting.bg
jurupa.dreamhost.com
kanal-28.de
kcomp.net
linux17.grserver.gr
mail.caracaswebsite.com
mail.f-lix.net
mail.smcmetal.com
main.pserve.hu
mm-marketing.de
mysmsdiscount.com
nccentral.com
niler.protocol-systems.com
nothing.can.undo.it
ns1.harfdesign.com
ns1.hostforfun.com
ns1.intak.pl
ns1.traffichosting.nl
ns2.hostforfun.com
ns2.hxh.info
ns2.miinetserver.com.ar
ns2.traffichosting.nl
ns6.i-mecca.net
ns7.i-mecca.net
ns.onlineweb.hu
orestis.teiion.gr
palas.tircis.net
penelope.teiion.gr
plasmaedge.com
plesk4.spoox.eu
premiercellulardiscounts.com
raptor.csd.auth.gr
rrcs-208-125-112-243.nys.biz.rr.com
rrcs-24-242-178-226.sw.biz.rr.com
s15278919.onlinehome-server.info
s15281879.onlinehome-server.info
s5591e8ed.adsl.wanadoo.nl
sb2.meta13.com
schweriner-sporttermine.de
sd-9394.dedibox.fr
sercosys4.de
server06.citus.nl
server11.web4a.de
server272.com
server.q8young.org
server-staupendahl.de
server.webgood.info
setup.kochdata.de
shopmaster.com.au
sites.croix-rouge.fr
sru00-1.servers-r-us.com
srv011.infobox.ru
srv195061.webreus.nl
static.88-198-112-10.clients.your-server.de
static.88-198-112-11.clients.your-server.de
static.88-198-112-3.clients.your-server.de
static.88-198-112-4.clients.your-server.de
static.88-198-112-5.clients.your-server.de
static.88-198-112-6.clients.your-server.de
static.88-198-112-7.clients.your-server.de
static.88-198-112-8.clients.your-server.de
static.88-198-112-9.clients.your-server.de
st-clv-1.uevora.pt
store.smokeyamps.com
sulley.dm.ucf.edu
sva70.sva.psu.edu
taximauritius.mu
theta.ibone.ch
tkb92.jj-net.jp
todesmut.de
tspaderborn.de
uran.elbud.krakow.pl
v1322.ncsrv.de
vrlube.com
web12sbp.jronline.nl
web.bezant.ru
wh-05.cybernet.ch
wpc0018.amenworld.com
ws01.webspacesolutions.com
www127.celeonet.fr
www.foodservicedisplays.com
www.mosquality.ru
www.nbucherag.com
www.rosetteprinting.com
www.secure.chastitylifestyle.com
www.sfdm.ucf.edu
www.teastart.idv.tw
www.walkermethodist.org

Jart

More information about the Emerging-sigs mailing list