Remote Host Port Number
mm1.luckybusy.com 7001
he following Internet Connection was established:
Server Name Server Port Connect as User Connection Password
www.letmeknowwhenyou.org 80 (null) (null)
The following GET request was made:
counter/20080727a/counter.php
There was a new connection established with a remote IRC Server. The generated outbound IRC traffic is provided below:
NICK IM1263Q496068
USER hzrxuror 0 0 :IM1263Q496068
HGDTUH IM1263Q496068
MODE IM1263Q496068 +x+i
HGDTJO #09Och1 caf789
NICK IM1263Q147332
USER wiapte 0 0 :IM1263Q147332
HGDTUH IM1263Q147332
MODE IM1263Q147332 +x+i
HGDTJO #09Och2 caf789
NICK IM1263Q564062
USER vozcbqzb 0 0 :IM1263Q564062
HGDTUH IM1263Q564062
MODE IM1263Q564062 +x+i
NICK IM1263Q877998
USER nzsnobde 0 0 :IM1263Q877998
HGDTUH IM1263Q877998
MODE IM1263Q877998 +x+i
The network replication uses a dictionary attack by probing credentials from the following list:
00000
000000
00000000
12345
123456
1234567
12345678
123456789
accounting
accounts
admin
admin$
administrador
administrat
administrateur
administrator
admins
america
anchor
april
arrow
artist
basic
bitch
brian
changeme
chris
compaq
cookie
country
databasepass
databasepassword
db1234
dbpass
dbpassword
dirty
domainpass
domainpassword
drive
email
england
english
france
french
george
ghost
green
guest
homeuser
india
input
japan
julie
katie
loginpass
logout
modem
monday
mouse
network
nokia
pass1234
password1
peter
phone
phrase
printer
private
right
saturday
script
siemens
silver
simple
student
success
susan
target
teacher
thailand
user1
video
winpass
xxxxx
xxxxxx
xxxxxxxx
xxxxxxxxx
Interesting ports on CUSTOMER.KRYPT.COM (174.139.0.106):
Not shown: 1665 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp vsftpd 2.0.5
22/tcp open ssh OpenSSH 4.3 (protocol 2.0)
25/tcp open smtp Postfix smtpd
53/tcp open domain
80/tcp open http Apache httpd 2.2.6 ((Fedora))
111/tcp open rpcbind 2 (rpc #100000)
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
443/tcp open ssl/http Apache httpd 2.2.6 ((Fedora))
445/tcp filtered microsoft-ds
1014/tcp open status 1 (rpc #100024)
1720/tcp filtered H.323/Q.931
5060/tcp filtered sip
7001/tcp open irc ircu ircd