Hackforums.net Investigation


We are working to get Hackforums.net shut down. We feel strongly that it a website which has an undue influence on young people as well as promoting illegal computer activities such as hacking, virus spreading, manipulation of online financial services etc.

I'm not certain of what your criteria if for judging a site to be 'positive for malware'. I know that is not an easy threat to withstand and I don't blame this site for exercising caution and withdrawing the 'positive' for malware decision.

Hackforums.net - "Infecting one another with malware."


We are reporting this site for illegal activitie and it should be closed as soon as posible!

Legal internet law will clean all illegal activities and we will help realise it!

[IT Security Team]

212.7.214.39(ngrBot hosted in Netherlands Dediserv Dedicated Servers Sp. Z O.o)

Remote Host Port Number
195.122.131.9 80
212.7.214.16 80
213.251.170.52 80
212.7.214.39 1866 PASS ngrBot

PRIVMSG #!hot! :[DNS]: Blocked 1269 domain(s) - Redirected 0 domain(s)
PRIVMSG #!hot! :[d="http://rapidshare.com/files/3581947473/jamesbond.exe"] Error downloading file [e="12039"]
NICK n{US|XPa}gshmhma
USER gshmhma 0 0 :gshmhma
JOIN #!hot! ngrBot
PRIVMSG #!hot! :[HTTP]: Updated HTTP spread interval to "5"
PRIVMSG #!hot! :[HTTP]: Updated HTTP spread message to "oh you gotta see this lol http://www.baitbook.net/facebook-profile-pic-9292-JPEG"
PRIVMSG #!hot! :[MSN]: Updated MSN spread interval to "5"
PRIVMSG #!hot! :[MSN]: Updated MSN spread message to "LOL http://www.baitbook.net/facebook-profile-pic-1531-JPEG"


* The data identified by the following URLs was then requested from the remote web server:
o http://rapidshare.com/files/3581947473/jamesbond.exe
o http://212.7.214.16/list.txt
o http://api.wipmania.com/


hosting infos:
http://whois.domaintools.com/212.7.214.39