al_eberia

If someone is hosting an IRC botnet using Tor, they would direct it to a hidden service like the skynet botnet did. Having it use Tor to connect to an clearnet IRC server will still leave the botnet vulnerable to the suspension of the clearnet domain and/or server, something that can be prevented by using a hidden service.

The traffic you encountered was from the shadowserver foundation which monitors botnet IRC channels using emulated bot clients in order to collect information about DDOS attacks and to collect the IP addresses of bots so that they can contact ISPs and try and get the malware removed. They use Tor to connect to the C&C channels so the botnet owners don't see a bot join from a shadowserver.org IP and ban them. It's unfortunate that you though the traffic was malicious and disabled the exit node.

What ruins the RC community is people dying (opioid users) and chems migrating into general use (selling spice and bath salts out of bodegas). Aside from opioid RCs and synthetic cannabinoids most RCs haven't seen that much turnover, 4-aco-dmt is still legal in most places despite being around for a long time. Even stimulants have only seen bans targeting specific chems of abuse (see methylone, MDPV and A-PVP).

It happens quite frequently. The big Dutch crews that produce many of the pills managed to avoid it for a while because they switch the pills so often and used complex shapes, but someone caught up recently.

Good Superman

Good Superman

Good Superman

Bad Superman

Do you still keep an eye on anonymous, or have you just been focusing on Anonymous since they are in the media much more often and more visible on places like twitter and irl?

What do you think about the synthetic opioid situation? Governments seem to be quicker to ban them than any other synthetic drug (most likely because people keep dying from them) and the replacements seem to be following the usual trend of having more side effects and being much less tested and understood (see u-49900 for an example).