Automated Malware Analysis Report for b4aMzNNBss - Joe ...
79
ID: 212376 Sample Name: b4aMzNNBss Cookbook: default.jbs Time: 02:56:04 Date: 03/03/2020 Version: 28.0.0 Lapis Lazuli
-
Upload
khangminh22 -
Category
Documents
-
view
5 -
download
0
Transcript of Automated Malware Analysis Report for b4aMzNNBss - Joe ...
ID: 212376Sample Name: b4aMzNNBssCookbook: default.jbsTime: 02:56:04Date: 03/03/2020Version: 28.0.0 Lapis Lazuli
244444556667777777778
888888999999
10101010101010101012121212141415151516161616171717
Table of Contents
Table of ContentsAnalysis Report b4aMzNNBss
OverviewGeneral InformationDetectionConfidenceClassificationAnalysis AdviceMitre Att&ck MatrixSignature Overview
AV Detection:Spreading:Networking:System Summary:Data Obfuscation:Persistence and Installation Behavior:Boot Survival:Malware Analysis System Evasion:Anti Debugging:HIPS / PFW / Operating System Protection Evasion:Stealing of Sensitive Information:
Malware ConfigurationBehavior Graph
SimulationsBehavior and APIs
Antivirus, Machine Learning and Genetic Malware DetectionInitial SampleDropped FilesUnpacked PE FilesDomainsURLs
Yara OverviewInitial SamplePCAP (Network Traffic)Dropped FilesMemory DumpsUnpacked PEs
Sigma OverviewJoe Sandbox View / Context
IPsDomainsASNJA3 FingerprintsDropped Files
ScreenshotsThumbnails
StartupCreated / dropped FilesDomains and IPs
Contacted DomainsURLs from Memory and BinariesContacted IPsPublic
Static File InfoGeneralFile IconStatic PE Info
General
Copyright Joe Security LLC 2020 Page 2 of 79
17181818191919
19192021252856767676777777777777
7878
7878
7979
7979
Entrypoint PreviewRich HeadersData DirectoriesSectionsResourcesImportsPossible Origin
Network BehaviorNetwork Port DistributionTCP PacketsUDP PacketsDNS QueriesDNS AnswersIRC Packets
Code ManipulationsStatistics
BehaviorSystem Behavior
Analysis Process: b4aMzNNBss.exe PID: 4024 Parent PID: 3388GeneralFile Activities
File CreatedFile Written
Registry ActivitiesKey Value Created
Analysis Process: SysDrefIWv2.exe PID: 1736 Parent PID: 1216General
Analysis Process: SysDrefIWv2.exe PID: 2044 Parent PID: 1216General
DisassemblyCode Analysis
Copyright Joe Security LLC 2020 Page 3 of 79
Analysis Report b4aMzNNBss
Overview
General Information
Joe Sandbox Version: 28.0.0 Lapis Lazuli
Analysis ID: 212376
Start date: 03.03.2020
Start time: 02:56:04
Joe Sandbox Product: CloudBasic
Overall analysis duration: 0h 10m 14s
Hypervisor based Inspection enabled: false
Report type: light
Sample file name: b4aMzNNBss (renamed file extension from none to exe)
Cookbook file name: default.jbs
Analysis system description: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Java 8.0.1440.1, Flash 30.0.0.113)
Number of analysed new started processes analysed: 5
Number of new started drivers analysed: 0
Number of existing processes analysed: 0
Number of existing drivers analysed: 0
Number of injected processes analysed: 0
Technologies: HCA enabledEGA enabledHDC enabledAMSI enabled
Analysis stop reason: Timeout
Detection: MAL
Classification: mal92.troj.evad.winEXE@3/2@104/16
EGA Information: Failed
HDC Information: Failed
HCA Information: Failed
Cookbook Comments: Adjust boot timeEnable AMSI
Warnings:
Detection
Strategy Score Range Reporting Whitelisted Detection
Threshold 92 0 - 100 false
Confidence
Exclude process from analysis (whitelisted): WerFault.exe, svchost.exeTCP Packets have been reduced to 100Excluded IPs from analysis (whitelisted): 216.58.201.100Excluded domains from analysis (whitelisted): www.google.comReport size getting too big, too many NtDeviceIoControlFile calls found.Report size getting too big, too many NtQueryValueKey calls found.
Show All
Copyright Joe Security LLC 2020 Page 4 of 79
Strategy Score Range Further Analysis Required? Confidence
Threshold 5 0 - 5 false
Analysis Advice
Sample is looking for USB drives. Launch the sample with the USB Fake Disk cookbook
Ransomware
Spreading
Phishing
Banker
Trojan / Bot
Adware
Spyware
Exploiter
Evader
Miner
clean
clean
clean
clean
clean
clean
clean
suspicious
suspicious
suspicious
suspicious
suspicious
suspicious
suspicious
malicious
malicious
malicious
malicious
malicious
malicious
malicious
Classification
Copyright Joe Security LLC 2020 Page 5 of 79
Mitre Att&ck Matrix
Initial Access Execution PersistencePrivilegeEscalation Defense Evasion
CredentialAccess Discovery
LateralMovement Collection Exfiltration
Commandand Control
NetworkEffects
ReplicationThroughRemovableMedia 1
WindowsRemoteManagement
RegistryRun Keys /StartupFolder 1 1
ProcessInjection 2
Masquerading 1 2 CredentialDumping
Virtualization/SandboxEvasion 2
ReplicationThroughRemovableMedia 1
Data fromLocalSystem 1
DataCompressed
UncommonlyUsed Port 1
Eavesdrop onInsecureNetworkCommunication
ReplicationThroughRemovableMedia
ServiceExecution
PortMonitors
AccessibilityFeatures
Software Packing 1 NetworkSniffing
Process Discovery 1 RemoteServices
Data fromRemovableMedia
ExfiltrationOver OtherNetworkMedium
Standard Non-ApplicationLayerProtocol 1
Exploit SS7 toRedirect PhoneCalls/SMS
ExternalRemoteServices
WindowsManagementInstrumentation
AccessibilityFeatures
PathInterception
Virtualization/SandboxEvasion 2
Input Capture Peripheral DeviceDiscovery 1 1
WindowsRemoteManagement
Data fromNetworkSharedDrive
AutomatedExfiltration
StandardApplicationLayerProtocol 1 1
Exploit SS7 toTrack DeviceLocation
Drive-byCompromise
ScheduledTask
SystemFirmware
DLL SearchOrderHijacking
Process Injection 2 Credentials inFiles
Security SoftwareDiscovery 1 1
LogonScripts
InputCapture
DataEncrypted
MultibandCommunication
SIM CardSwap
Exploit Public-FacingApplication
Command-LineInterface
ShortcutModification
File SystemPermissionsWeakness
Masquerading AccountManipulation
Remote SystemDiscovery 1
SharedWebroot
DataStaged
ScheduledTransfer
StandardCryptographicProtocol
ManipulateDeviceCommunication
SpearphishingLink
Graphical UserInterface
ModifyExistingService
NewService
DLL Search OrderHijacking
Brute Force File and DirectoryDiscovery 1 1
Third-partySoftware
ScreenCapture
DataTransferSize Limits
CommonlyUsed Port
Jamming orDenial ofService
SpearphishingAttachment
Scripting PathInterception
ScheduledTask
Software Packing Two-FactorAuthenticationInterception
System InformationDiscovery 1
Pass theHash
EmailCollection
ExfiltrationOverCommandand ControlChannel
UncommonlyUsed Port
Rogue Wi-FiAccess Points
Signature Overview
• AV Detection
• Spreading
• Networking
• System Summary
• Data Obfuscation
• Persistence and Installation Behavior
• Boot Survival
• Malware Analysis System Evasion
• Anti Debugging
• HIPS / PFW / Operating System Protection Evasion
• Stealing of Sensitive Information
Click to jump to signature section
AV Detection:
Antivirus detection for dropped file
Antivirus detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Machine Learning detection for dropped file
Machine Learning detection for sample
Antivirus or Machine Learning detection for unpacked file
Copyright Joe Security LLC 2020 Page 6 of 79
Spreading:
Checks for available system drives (often done to infect USB drives)
Enumerates the file system
Networking:
Uses IRC for communication with a C&C
Detected TCP or UDP traffic on non-standard ports
Performs DNS lookups
Urls found in memory or binary data
System Summary:
Creates files inside the system directory
Sample file is different than original file name gathered from version info
Classification label
Creates mutexes
Reads software policies
Reads the hosts file
Sample is known by Antivirus
Sample reads its own file content
Spawns processes
PE file contains a debug data directory
Binary contains paths to debug symbols
Data Obfuscation:
Entry point lies outside standard sections
Persistence and Installation Behavior:
Drops executables to the windows directory (C:\Windows) and starts them
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Boot Survival:
Creates an autostart registry key pointing to binary in C:\Windows
Creates an autostart registry key
Malware Analysis System Evasion:
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Enumerates the file system
Anti Debugging:
Checks if the current process is being debugged
HIPS / PFW / Operating System Protection Evasion:
May try to detect the Windows Explorer process (often used for injection)
Copyright Joe Security LLC 2020 Page 7 of 79
Stealing of Sensitive Information:
Searches for user specific document files
Malware Configuration
No configs have been found
Behavior GraphID: 212376
Sample: b4aMzNNBss
Startdate: 03/03/2020
Architecture: WINDOWS
Score: 92
Antivirus detectionfor sample
Multi AV Scanner detectionfor submitted file
Uses IRC for communicationwith a C&C 2 other signatures
b4aMzNNBss.exe
2 2
started
SysDrefIWv2.exe
started
SysDrefIWv2.exe
started
leak.eliteirc.co.uk irc.us.ircnet.net 19 other IPs or domains
C:\Windows\System32\SysDrefIWv2.exe, PE32
dropped
C:\...\SysDrefIWv2.exe:Zone.Identifier, ASCII
dropped
Creates an autostartregistry key pointing
to binary in C:\Windows
Antivirus detectionfor dropped file
Multi AV Scanner detectionfor dropped file
Machine Learning detectionfor dropped file
Legend:
Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
Hide Legend
Time Type Description
02:58:54 API Interceptor 1633x Sleep call for process: b4aMzNNBss.exe modified
02:58:55 Autostart Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run DrefIW C:\Windows\system32\SysDrefIWv2.exe
02:59:03 Autostart Run: HKLM\Software\Microsoft\Windows\CurrentVersion\Run DrefIW C:\Windows\system32\SysDrefIWv2.exe
Behavior Graph
Simulations
Behavior and APIs
Antivirus, Machine Learning and Genetic Malware Detection
Initial Sample
Copyright Joe Security LLC 2020 Page 8 of 79
Source Detection Scanner Label Link
b4aMzNNBss.exe 89% Virustotal Browse
b4aMzNNBss.exe 92% Metadefender Browse
b4aMzNNBss.exe 86% ReversingLabs Win32.Worm.Drefir
b4aMzNNBss.exe 100% Avira WORM/Drefir.E
b4aMzNNBss.exe 100% Joe Sandbox ML
Source Detection Scanner Label Link
C:\Windows\System32\SysDrefIWv2.exe 100% Avira WORM/Drefir.E
C:\Windows\System32\SysDrefIWv2.exe 100% Joe Sandbox ML
C:\Windows\System32\SysDrefIWv2.exe 89% Virustotal Browse
C:\Windows\System32\SysDrefIWv2.exe 92% Metadefender Browse
C:\Windows\System32\SysDrefIWv2.exe 86% ReversingLabs Win32.Worm.Drefir
Source Detection Scanner Label Link Download
0.1.b4aMzNNBss.exe.400000.0.unpack 100% Avira WORM/Drefir.E Download File
2.1.SysDrefIWv2.exe.400000.0.unpack 100% Avira WORM/Drefir.E Download File
1.0.SysDrefIWv2.exe.400000.0.unpack 100% Avira WORM/Drefir.E Download File
0.2.b4aMzNNBss.exe.400000.1.unpack 100% Avira WORM/Drefir.E Download File
2.0.SysDrefIWv2.exe.400000.0.unpack 100% Avira WORM/Drefir.E Download File
0.0.b4aMzNNBss.exe.400000.0.unpack 100% Avira WORM/Drefir.E Download File
1.2.SysDrefIWv2.exe.400000.0.unpack 100% Avira WORM/Drefir.E Download File
1.1.SysDrefIWv2.exe.400000.0.unpack 100% Avira WORM/Drefir.E Download File
2.2.SysDrefIWv2.exe.400000.0.unpack 100% Avira WORM/Drefir.E Download File
Source Detection Scanner Label Link
irc.efnet.net 1% Virustotal Browse
us.undernet.org 0% Virustotal Browse
irc.dal.net 1% Virustotal Browse
us.ircnet.net 0% Virustotal Browse
eu.undernet.org 0% Virustotal Browse
irc.rizon.net 0% Virustotal Browse
irc.us.ircnet.net 0% Virustotal Browse
leak.eliteirc.co.uk 0% Virustotal Browse
Source Detection Scanner Label Link
rd.walla.co.il/ts.cgi?i=43132&u= 0% Virustotal Browse
rd.walla.co.il/ts.cgi?i=43132&u= 0% Avira URL Cloud safe
www.magadoo.com/goto.php?url= 0% Virustotal Browse
www.magadoo.com/goto.php?url= 0% Avira URL Cloud safe
www.spodesabode.com/link.php?url= 0% Virustotal Browse
www.spodesabode.com/link.php?url= 0% Avira URL Cloud safe
www.onlyphp.com/redirect.php?url= 0% Virustotal Browse
www.onlyphp.com/redirect.php?url= 0% Avira URL Cloud safe
hornygoat.org/stats/redirect.php? 0% Virustotal Browse
hornygoat.org/stats/redirect.php? 0% Avira URL Cloud safe
abuse.rizon.net/akills/lookup?ip=84.17.52.24&drone 0% Avira URL Cloud safe
www.syntechsoftware.com/redirect.php?base= 0% Virustotal Browse
www.syntechsoftware.com/redirect.php?base= 0% Avira URL Cloud safe
Dropped Files
Unpacked PE Files
Domains
URLs
Yara Overview
Initial Sample
Copyright Joe Security LLC 2020 Page 9 of 79
Sigma Overview
No Sigma rule has matched
No yara matches
No yara matches
No yara matches
No yara matches
No yara matches
No context
No context
Match Associated Sample Name / URL SHA 256 Detection Link Context
unknown Dogovor 26.02.2020.exe Get hash malicious Browse 127.0.0.1
RFQ 624817.html Get hash malicious Browse 107.180.57.212
beaglev3-fixed.xla Get hash malicious Browse 52.114.74.43
2020_226_827636644.exe Get hash malicious Browse 79.134.225.93
https://onedrive.live.com/download?cid=9CE7F7EAB219AAB3&resid=9CE7F7EAB219AAB3!106&authkey=ANfoGkPAizfFTYo
Get hash malicious Browse 172.217.23.33
https://onedrive.live.com/download?cid=54EB1006C6C9FFF0&resid=54EB1006C6C9FFF0%21272&authkey=ADHeIrrdde6OXNE
Get hash malicious Browse 79.134.225.73
Tuition_Payment-TT.exe Get hash malicious Browse 79.134.225.93
file_68918_132A.doc Get hash malicious Browse 52.114.132.73
https://raw.githubusercontent.com/clymb3r/PowerShell/master/Invoke-Mimikatz/Invoke-Mimikatz.ps1
Get hash malicious Browse 151.101.0.133
t.info.samsungusa.com/r/?id=hcom2fd4,77c0c34,339a477f&p1=augsjhfsddsf.azurewebsites.net/1uh0N-L_dzX08-AaNDyDawFQRNEuBHQm8%2f%3fUi3___%[email protected]
Get hash malicious Browse 162.241.74.20
EDUCATION DOCUMENTS.exe Get hash malicious Browse 79.134.225.73
CVY17399QX.exe Get hash malicious Browse 212.8.242.104
www.ytbticket.com/64.dat Get hash malicious Browse 185.130.215.130
PCAP (Network Traffic)
Dropped Files
Memory Dumps
Unpacked PEs
Joe Sandbox View / Context
IPs
Domains
ASN
Copyright Joe Security LLC 2020 Page 10 of 79
msn.login.wellikalender.de/c4ca4238a0b923820dcc509a6f75849b/4d1f6b5b07cd81cc4e64c2003cef873b/d8feea6906c4a9876f420d70cf0944c6/ffc5e01f578535fd6f95f889cb31939d
Get hash malicious Browse 23.254.230.212
https://ftp.mozilla.org/pub/firefox/releases/49.0.2/win64/en-US/Firefox%20Setup%2049.0.2.exe
Get hash malicious Browse 127.0.0.1
TinyTakeSetup_v_5_2_16.exe Get hash malicious Browse 52.216.163.117
email.veromailer.com/c/eJx9kVGvmjAUxz8NvhgNtLXSBx5UcM7N3d2FZN77Qkp7LuAKxVJF_fQDNje3JUuapj3nd_79nx7By5oXWeXMlgZEURdQ2UTqkhddKAxq0LWCRuiTnQpdjsRvHDpGJc0pPYCwPftl_Tz-_DR2EPZ95iFMyEgGHPsueyw7c1NwW-hBfqUra7QaFQFykesiRDw6I9586k3Dhbf2I7JiK29JFivqEPcMpjemwAxe8kB6c-AMp0RykkJK3TfAjHPXpZiliMPIBPKgK2hQV_13KyrIra0bBy8ctO6W1KKZZlpnCvp8FzkJB6_hUmtjHRxK3VZKc-kgWsju7h3jo7jEe_R2QHt9iOLkqzpel4xsX17TTTnXHdg7Tgb67gPN_nFy54Suzh2ZULWLlXQr_8NN8OUtvO1z-7oV5r2CXZhl9eaSYa-8Ru1Lm5bb6JbvydnPnooVqyOXbp4BTegl3SEMPGf04yH_lsSX45LGTdvQFi2yzgQOh-1xMP-f5AN4P_aNdfAcM5fhR6A2uldKKl7CIFeInBs5fgeV1NdH0l7rgfgEbaPAWjB_ZKGsFbfwS2hkg_6nJj-enMwZJYz8DH4HsYLpXQ
Get hash malicious Browse 172.217.23.1
20200204_104343.html Get hash malicious Browse 91.224.140.71
https://9824000430.com/usa/usa.html Get hash malicious Browse 103.20.212.147
zeodetect.com Get hash malicious Browse 104.18.72.113
unknown Dogovor 26.02.2020.exe Get hash malicious Browse 127.0.0.1
RFQ 624817.html Get hash malicious Browse 107.180.57.212
beaglev3-fixed.xla Get hash malicious Browse 52.114.74.43
2020_226_827636644.exe Get hash malicious Browse 79.134.225.93
https://onedrive.live.com/download?cid=9CE7F7EAB219AAB3&resid=9CE7F7EAB219AAB3!106&authkey=ANfoGkPAizfFTYo
Get hash malicious Browse 172.217.23.33
https://onedrive.live.com/download?cid=54EB1006C6C9FFF0&resid=54EB1006C6C9FFF0%21272&authkey=ADHeIrrdde6OXNE
Get hash malicious Browse 79.134.225.73
Tuition_Payment-TT.exe Get hash malicious Browse 79.134.225.93
file_68918_132A.doc Get hash malicious Browse 52.114.132.73
https://raw.githubusercontent.com/clymb3r/PowerShell/master/Invoke-Mimikatz/Invoke-Mimikatz.ps1
Get hash malicious Browse 151.101.0.133
t.info.samsungusa.com/r/?id=hcom2fd4,77c0c34,339a477f&p1=augsjhfsddsf.azurewebsites.net/1uh0N-L_dzX08-AaNDyDawFQRNEuBHQm8%2f%3fUi3___%[email protected]
Get hash malicious Browse 162.241.74.20
EDUCATION DOCUMENTS.exe Get hash malicious Browse 79.134.225.73
CVY17399QX.exe Get hash malicious Browse 212.8.242.104
www.ytbticket.com/64.dat Get hash malicious Browse 185.130.215.130
msn.login.wellikalender.de/c4ca4238a0b923820dcc509a6f75849b/4d1f6b5b07cd81cc4e64c2003cef873b/d8feea6906c4a9876f420d70cf0944c6/ffc5e01f578535fd6f95f889cb31939d
Get hash malicious Browse 23.254.230.212
https://ftp.mozilla.org/pub/firefox/releases/49.0.2/win64/en-US/Firefox%20Setup%2049.0.2.exe
Get hash malicious Browse 127.0.0.1
TinyTakeSetup_v_5_2_16.exe Get hash malicious Browse 52.216.163.117
email.veromailer.com/c/eJx9kVGvmjAUxz8NvhgNtLXSBx5UcM7N3d2FZN77Qkp7LuAKxVJF_fQDNje3JUuapj3nd_79nx7By5oXWeXMlgZEURdQ2UTqkhddKAxq0LWCRuiTnQpdjsRvHDpGJc0pPYCwPftl_Tz-_DR2EPZ95iFMyEgGHPsueyw7c1NwW-hBfqUra7QaFQFykesiRDw6I9586k3Dhbf2I7JiK29JFivqEPcMpjemwAxe8kB6c-AMp0RykkJK3TfAjHPXpZiliMPIBPKgK2hQV_13KyrIra0bBy8ctO6W1KKZZlpnCvp8FzkJB6_hUmtjHRxK3VZKc-kgWsju7h3jo7jEe_R2QHt9iOLkqzpel4xsX17TTTnXHdg7Tgb67gPN_nFy54Suzh2ZULWLlXQr_8NN8OUtvO1z-7oV5r2CXZhl9eaSYa-8Ru1Lm5bb6JbvydnPnooVqyOXbp4BTegl3SEMPGf04yH_lsSX45LGTdvQFi2yzgQOh-1xMP-f5AN4P_aNdfAcM5fhR6A2uldKKl7CIFeInBs5fgeV1NdH0l7rgfgEbaPAWjB_ZKGsFbfwS2hkg_6nJj-enMwZJYz8DH4HsYLpXQ
Get hash malicious Browse 172.217.23.1
20200204_104343.html Get hash malicious Browse 91.224.140.71
https://9824000430.com/usa/usa.html Get hash malicious Browse 103.20.212.147
Match Associated Sample Name / URL SHA 256 Detection Link Context
Copyright Joe Security LLC 2020 Page 11 of 79
zeodetect.com Get hash malicious Browse 104.18.72.113
unknown Dogovor 26.02.2020.exe Get hash malicious Browse 127.0.0.1
RFQ 624817.html Get hash malicious Browse 107.180.57.212
beaglev3-fixed.xla Get hash malicious Browse 52.114.74.43
2020_226_827636644.exe Get hash malicious Browse 79.134.225.93
https://onedrive.live.com/download?cid=9CE7F7EAB219AAB3&resid=9CE7F7EAB219AAB3!106&authkey=ANfoGkPAizfFTYo
Get hash malicious Browse 172.217.23.33
https://onedrive.live.com/download?cid=54EB1006C6C9FFF0&resid=54EB1006C6C9FFF0%21272&authkey=ADHeIrrdde6OXNE
Get hash malicious Browse 79.134.225.73
Tuition_Payment-TT.exe Get hash malicious Browse 79.134.225.93
file_68918_132A.doc Get hash malicious Browse 52.114.132.73
https://raw.githubusercontent.com/clymb3r/PowerShell/master/Invoke-Mimikatz/Invoke-Mimikatz.ps1
Get hash malicious Browse 151.101.0.133
t.info.samsungusa.com/r/?id=hcom2fd4,77c0c34,339a477f&p1=augsjhfsddsf.azurewebsites.net/1uh0N-L_dzX08-AaNDyDawFQRNEuBHQm8%2f%3fUi3___%[email protected]
Get hash malicious Browse 162.241.74.20
EDUCATION DOCUMENTS.exe Get hash malicious Browse 79.134.225.73
CVY17399QX.exe Get hash malicious Browse 212.8.242.104
www.ytbticket.com/64.dat Get hash malicious Browse 185.130.215.130
msn.login.wellikalender.de/c4ca4238a0b923820dcc509a6f75849b/4d1f6b5b07cd81cc4e64c2003cef873b/d8feea6906c4a9876f420d70cf0944c6/ffc5e01f578535fd6f95f889cb31939d
Get hash malicious Browse 23.254.230.212
https://ftp.mozilla.org/pub/firefox/releases/49.0.2/win64/en-US/Firefox%20Setup%2049.0.2.exe
Get hash malicious Browse 127.0.0.1
TinyTakeSetup_v_5_2_16.exe Get hash malicious Browse 52.216.163.117
email.veromailer.com/c/eJx9kVGvmjAUxz8NvhgNtLXSBx5UcM7N3d2FZN77Qkp7LuAKxVJF_fQDNje3JUuapj3nd_79nx7By5oXWeXMlgZEURdQ2UTqkhddKAxq0LWCRuiTnQpdjsRvHDpGJc0pPYCwPftl_Tz-_DR2EPZ95iFMyEgGHPsueyw7c1NwW-hBfqUra7QaFQFykesiRDw6I9586k3Dhbf2I7JiK29JFivqEPcMpjemwAxe8kB6c-AMp0RykkJK3TfAjHPXpZiliMPIBPKgK2hQV_13KyrIra0bBy8ctO6W1KKZZlpnCvp8FzkJB6_hUmtjHRxK3VZKc-kgWsju7h3jo7jEe_R2QHt9iOLkqzpel4xsX17TTTnXHdg7Tgb67gPN_nFy54Suzh2ZULWLlXQr_8NN8OUtvO1z-7oV5r2CXZhl9eaSYa-8Ru1Lm5bb6JbvydnPnooVqyOXbp4BTegl3SEMPGf04yH_lsSX45LGTdvQFi2yzgQOh-1xMP-f5AN4P_aNdfAcM5fhR6A2uldKKl7CIFeInBs5fgeV1NdH0l7rgfgEbaPAWjB_ZKGsFbfwS2hkg_6nJj-enMwZJYz8DH4HsYLpXQ
Get hash malicious Browse 172.217.23.1
20200204_104343.html Get hash malicious Browse 91.224.140.71
https://9824000430.com/usa/usa.html Get hash malicious Browse 103.20.212.147
zeodetect.com Get hash malicious Browse 104.18.72.113
Match Associated Sample Name / URL SHA 256 Detection Link Context
No context
No context
ThumbnailsThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
JA3 Fingerprints
Dropped Files
Screenshots
Copyright Joe Security LLC 2020 Page 12 of 79
No bigger version No bigger version No bigger version No bigger version No bigger version
No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version
No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version
No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version
No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version
No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version
No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version
No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version
No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version No bigger version
No bigger version No bigger version
Copyright Joe Security LLC 2020 Page 13 of 79
System is w7
b4aMzNNBss.exe (PID: 4024 cmdline: 'C:\Users\user\Desktop\b4aMzNNBss.exe' MD5: 71974F830E49D506714C4162368B3A26)
SysDrefIWv2.exe (PID: 1736 cmdline: 'C:\Windows\system32\SysDrefIWv2.exe' MD5: 71974F830E49D506714C4162368B3A26)
SysDrefIWv2.exe (PID: 2044 cmdline: 'C:\Windows\system32\SysDrefIWv2.exe' MD5: 71974F830E49D506714C4162368B3A26)
cleanup
C:\Windows\System32\SysDrefIWv2.exe
Process: C:\Users\user\Desktop\b4aMzNNBss.exe
File Type: PE32 executable (GUI) Intel 80386, for MS Windows
Size (bytes): 127725
Entropy (8bit): 2.8199880448124066
Encrypted: false
MD5: 71974F830E49D506714C4162368B3A26
SHA1: DFAD8B84544CBE447D5B6A355F18686B8E96A14A
SHA-256: 83ED2E482BD415232570027998F980D664D37D1517A8324E945A22D9100AEFC2
SHA-512: DCE2CBBAED8F703363FD32C3E7292D71491687468DA04B151B55BF88CE7EEFD1E7C16603AD12C4666E8F7E40E90D703B4336BF2E10C3729610BE7352326A35A6
Malicious: true
Startup
Created / dropped Files
Copyright Joe Security LLC 2020 Page 14 of 79
Antivirus: Antivirus: Avira, Detection: 100%Antivirus: Joe Sandbox ML, Detection: 100%Antivirus: Virustotal, Detection: 89%, BrowseAntivirus: Metadefender, Detection: 92%, BrowseAntivirus: ReversingLabs, Detection: 86%
Reputation: low
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......=Hz'y).ty).ty).t.5.t{).t.6.tr).t.6.t{).t.!Itr).ty).t").t...tu).t./.tx).tRichy).t........PE..L....C.B............................2.............@.....................................................................................@.......................0...................................................<................................rdata........... ..................@[email protected][email protected][email protected]...@...........................@[email protected][email protected]................................................................................................................................................................................................................................................................................................................................................
C:\Windows\System32\SysDrefIWv2.exe
C:\Windows\System32\SysDrefIWv2.exe:Zone.Identifier
Process: C:\Users\user\Desktop\b4aMzNNBss.exe
File Type: ASCII text, with CRLF line terminators
Size (bytes): 26
Entropy (8bit): 3.95006375643621
Encrypted: false
MD5: 187F488E27DB4AF347237FE461A079AD
SHA1: 6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256: 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512: 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious: true
Reputation: high, very likely benign file
Preview:[ZoneTransfer]....ZoneId=0
Name IP Active Malicious Antivirus Detection Reputation
xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
104.196.117.31 true false low
irc.efnet.net 141.213.238.252 true false 1%, Virustotal, Browse unknown
us.undernet.org 104.149.232.242 true false 0%, Virustotal, Browse low
irc.dal.net 154.35.138.250 true false 1%, Virustotal, Browse low
us.ircnet.net 170.178.184.37 true false 0%, Virustotal, Browse low
eu.undernet.org 91.236.182.1 true false 0%, Virustotal, Browse low
irc.quakenet.org 83.140.172.210 true false high
irc.rizon.net unknown unknown true 0%, Virustotal, Browse low
irc.us.ircnet.net unknown unknown true 0%, Virustotal, Browse low
leak.eliteirc.co.uk unknown unknown true 0%, Virustotal, Browse low
Name Source Malicious Antivirus Detection Reputation
www.rediff.com/rss/redirect.php?url= b4aMzNNBss.exe false high
rd.walla.co.il/ts.cgi?i=43132&u= b4aMzNNBss.exe false 0%, Virustotal, BrowseAvira URL Cloud: safe
low
www.magadoo.com/goto.php?url= b4aMzNNBss.exe false 0%, Virustotal, BrowseAvira URL Cloud: safe
unknown
www.hard-core-dx.com/redirect.php? b4aMzNNBss.exe false high
neworder.box.sk/redirect.php? b4aMzNNBss.exe false high
www.spodesabode.com/link.php?url= b4aMzNNBss.exe false 0%, Virustotal, BrowseAvira URL Cloud: safe
low
www.onlyphp.com/redirect.php?url= b4aMzNNBss.exe false 0%, Virustotal, BrowseAvira URL Cloud: safe
low
hornygoat.org/stats/redirect.php? b4aMzNNBss.exe false 0%, Virustotal, BrowseAvira URL Cloud: safe
low
abuse.rizon.net/akills/lookup?ip=84.17.52.24&drone b4aMzNNBss.exe, 00000000.00000002.2345757238.022DB000.00000004.00000001.sdmp
false Avira URL Cloud: safe low
www.syntechsoftware.com/redirect.php?base= b4aMzNNBss.exe false 0%, Virustotal, BrowseAvira URL Cloud: safe
unknown
Domains and IPs
Contacted Domains
URLs from Memory and Binaries
Copyright Joe Security LLC 2020 Page 15 of 79
Static File Info
GeneralFile type: PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit): 2.8199880448124066
TrID: Win32 Executable (generic) a (10002005/4) 99.96%Generic Win/DOS Executable (2004/3) 0.02%DOS Executable Generic (2002/1) 0.02%Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name: b4aMzNNBss.exe
File size: 127725
MD5: 71974f830e49d506714c4162368b3a26
SHA1: dfad8b84544cbe447d5b6a355f18686b8e96a14a
No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs
IP Country Flag ASN ASN Name Malicious
154.35.138.250 United States 14987 unknown false
185.117.74.172 Netherlands 60117 unknown false
91.236.182.1 Hungary 14987 unknown false
108.61.240.240 United States 20473 unknown false
94.125.182.255 Hungary 29278 unknown false
170.178.184.37 United States 46844 unknown false
194.68.45.50 Sweden 42316 unknown false
194.14.236.50 Sweden 31800 unknown false
104.196.117.31 United States 15169 unknown false
45.58.183.18 United States 46844 unknown false
23.228.66.219 United States 46573 unknown false
83.140.172.210 Sweden 39369 unknown false
83.140.172.212 Sweden 39369 unknown false
104.149.232.242 United States 40676 unknown false
141.213.238.252 United States 36375 unknown false
80.65.57.18 Norway 12552 unknown false
Contacted IPs
Public
Copyright Joe Security LLC 2020 Page 16 of 79
SHA256: 83ed2e482bd415232570027998f980d664d37d1517a8324e945a22d9100aefc2
SHA512: dce2cbbaed8f703363fd32c3e7292d71491687468da04b151b55bf88ce7eefd1e7c16603ad12c4666e8f7e40e90d703b4336bf2e10c3729610be7352326a35a6
SSDEEP: 768:lbkRI1x2+qQb+w+V/W/nUO4f3CzGCmO1xUcm0yKFP9t5Z2v5gnkM5mHQFyS8z:lCI1x2Vk/nU0D/nDyK9tZkMvySm
File Content Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......=Hz'y).ty).ty).t.5.t{).t.6.tr).t.6.t{).t.!Itr).ty).t").t...tu).t./.tx).tRichy).t........PE..L....C.B...........................
General
File Icon
Icon Hash: f092b1f1d296a480
GeneralEntrypoint: 0x409732
Entrypoint Section: .data
Digitally signed: false
Imagebase: 0x400000
Subsystem: windows gui
Image File Characteristics: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
DLL Characteristics:
Time Stamp: 0x42BB438A [Thu Jun 23 23:19:38 2005 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major: 4
OS Version Minor: 0
File Version Major: 4
File Version Minor: 0
Subsystem Version Major: 4
Subsystem Version Minor: 0
Import Hash: 7688d58be3546295afcd0fb460b78ee2
Instruction
push ebp
mov ebp, esp
push FFFFFFFFh
push 00402B58h
push 0040991Ah
mov eax, dword ptr fs:[00000000h]
push eax
mov dword ptr fs:[00000000h], esp
sub esp, 68h
push ebx
push esi
push edi
mov dword ptr [ebp-18h], esp
xor ebx, ebx
mov dword ptr [ebp-04h], ebx
push 00000002h
call dword ptr [0041D474h]
pop ecx
or dword ptr [0040C8ACh], FFFFFFFFh
or dword ptr [0040C8BCh], FFFFFFFFh
call dword ptr [0041D4C8h]
mov ecx, dword ptr [0040C8A8h]
Static PE Info
Entrypoint Preview
Copyright Joe Security LLC 2020 Page 17 of 79
mov dword ptr [eax], ecx
call dword ptr [0041D4C4h]
mov ecx, dword ptr [0040C8A4h]
mov dword ptr [eax], ecx
mov eax, dword ptr [0041D4C0h]
mov eax, dword ptr [eax]
mov dword ptr [0040C8C0h], eax
call 00007F3D3CA6A4ADh
cmp dword ptr [00403760h], ebx
jne 00007F3D3CA6A38Eh
push 004098C6h
call dword ptr [0041D4BCh]
pop ecx
call 00007F3D3CA6A479h
push 004033FCh
push 004032F8h
call 00007F3D3CA6A464h
mov eax, dword ptr [0040C8A0h]
mov dword ptr [ebp-6Ch], eax
lea eax, dword ptr [ebp-6Ch]
push eax
push dword ptr [0040C89Ch]
lea eax, dword ptr [ebp-64h]
push eax
lea eax, dword ptr [ebp-70h]
push eax
lea eax, dword ptr [ebp-60h]
push eax
call dword ptr [0041D4B4h]
push 004031F4h
push 00403184h
call 00007F3D3CA6A431h
Instruction
Programming Language: [EXP] VC++ 6.0 SP5 build 8804
Name Virtual Address Virtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT 0x0 0x0
IMAGE_DIRECTORY_ENTRY_IMPORT 0x1d000 0x8c .idata
IMAGE_DIRECTORY_ENTRY_RESOURCE 0x1e000 0xd40 .rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION 0x0 0x0
IMAGE_DIRECTORY_ENTRY_SECURITY 0x0 0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC 0x1f000 0x730 .reloc
IMAGE_DIRECTORY_ENTRY_DEBUG 0x1000 0x1c .rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT 0x0 0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR 0x0 0x0
IMAGE_DIRECTORY_ENTRY_TLS 0x0 0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG 0x0 0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT 0x0 0x0
IMAGE_DIRECTORY_ENTRY_IAT 0x1d33c 0x2b0 .idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT 0x0 0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR 0x0 0x0
IMAGE_DIRECTORY_ENTRY_RESERVED 0x0 0x0
Name Virtual Address Virtual Size Raw Size Xored PE ZLIB Complexity File Type Entropy Characteristics
.rdata 0x1000 0x1eb1 0x2000 False 0.3681640625 data 4.3207133798 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data 0x3000 0x198d0 0x19a00 False 0.0975323932927 data 1.97099647913 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
Rich Headers
Data Directories
Sections
Copyright Joe Security LLC 2020 Page 18 of 79
Network Port Distribution
Total Packets: 151
• 53 (DNS)
• 6667 undefined
.idata 0x1d000 0xc53 0xe00 False 0.307756696429 data 3.72868139399 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc 0x1e000 0xd40 0xe00 False 0.489118303571 data 4.3760862092 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc 0x1f000 0x956 0xa00 False 0.6359375 data 5.51215851436 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
Name Virtual Address Virtual Size Raw Size Xored PE ZLIB Complexity File Type Entropy Characteristics
Name RVA Size Type Language Country
RT_ICON 0x1e1c0 0x8a8 dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 65536, next used block 2426631
Hebrew Israel
RT_GROUP_ICON 0x1ea68 0x14 data Hebrew Israel
DLL Import
KERNEL32.dll DeleteFileA, lstrcatA, GetTempPathA, GetModuleFileNameA, lstrlenA, lstrcpyA, SetFileAttributesA, CopyFileA, GetSystemDirectoryA, GetProcAddress, GetModuleHandleA, GetTickCount, CreateMutexA, OpenMutexA, ExitProcess, FreeLibrary, LoadLibraryA, UnmapViewOfFile, MapViewOfFile, CreateFileA, GetFileAttributesA, GetWindowsDirectoryA, FindClose, FindNextFileA, SetCurrentDirectoryA, FindFirstFileA, GetDriveTypeA, GetLocalTime, GlobalFree, GlobalAlloc, SetFilePointer, WriteFile, GetFullPathNameA, ExitThread, CreateThread, WaitForSingleObject, TerminateThread, lstrcmpA, GetFileSize, ReadFile, Sleep, CreateFileMappingA, GetStartupInfoA, CloseHandle
USER32.dll CharLowerA, DispatchMessageA, GetMessageA, wsprintfA, MessageBoxA
ADVAPI32.dll RegCloseKey, RegOpenKeyExA, RegQueryValueExA, RegSetValueExA
MSVCRT.dll __set_app_type, __dllonexit, _controlfp, _except_handler3, memcmp, memcpy, _chkesp, memset, __CxxFrameHandler, rand, srand, strstr, _exit, _XcptFilter, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, _onexit
WS2_32.dll accept, listen, bind, htons, socket, recv, connect, gethostbyname, htonl, inet_addr, getsockname, send, WSAStartup, closesocket
WININET.dll InternetCheckConnectionA
Language of compilation system Country where language is spoken Map
Hebrew Israel
Network Behavior
Resources
Imports
Possible Origin
Copyright Joe Security LLC 2020 Page 19 of 79
Timestamp Source Port Dest Port Source IP Dest IP
Mar 3, 2020 02:58:42.634365082 CET 49160 6667 192.168.2.2 83.140.172.210
Mar 3, 2020 02:58:42.651506901 CET 49161 6667 192.168.2.2 91.236.182.1
Mar 3, 2020 02:58:42.651796103 CET 49162 6667 192.168.2.2 104.196.117.31
Mar 3, 2020 02:58:42.652182102 CET 49163 6667 192.168.2.2 141.213.238.252
Mar 3, 2020 02:58:42.652525902 CET 49164 6667 192.168.2.2 154.35.138.250
Mar 3, 2020 02:58:42.670669079 CET 6667 49160 83.140.172.210 192.168.2.2
Mar 3, 2020 02:58:42.670804024 CET 49160 6667 192.168.2.2 83.140.172.210
Mar 3, 2020 02:58:42.707268953 CET 6667 49160 83.140.172.210 192.168.2.2
Mar 3, 2020 02:58:42.729475975 CET 49165 6667 192.168.2.2 170.178.184.37
Mar 3, 2020 02:58:42.766979933 CET 6667 49161 91.236.182.1 192.168.2.2
Mar 3, 2020 02:58:42.767215967 CET 49161 6667 192.168.2.2 91.236.182.1
Mar 3, 2020 02:58:42.767641068 CET 6667 49164 154.35.138.250 192.168.2.2
Mar 3, 2020 02:58:42.767810106 CET 49164 6667 192.168.2.2 154.35.138.250
Mar 3, 2020 02:58:42.771867990 CET 6667 49162 104.196.117.31 192.168.2.2
Mar 3, 2020 02:58:42.772120953 CET 49162 6667 192.168.2.2 104.196.117.31
Mar 3, 2020 02:58:42.882771015 CET 6667 49161 91.236.182.1 192.168.2.2
Mar 3, 2020 02:58:42.882957935 CET 6667 49164 154.35.138.250 192.168.2.2
Mar 3, 2020 02:58:42.892393112 CET 6667 49162 104.196.117.31 192.168.2.2
Mar 3, 2020 02:58:42.892422915 CET 6667 49165 170.178.184.37 192.168.2.2
Mar 3, 2020 02:58:42.892805099 CET 49165 6667 192.168.2.2 170.178.184.37
Mar 3, 2020 02:58:42.909693003 CET 49160 6667 192.168.2.2 83.140.172.210
Mar 3, 2020 02:58:42.940697908 CET 6667 49160 83.140.172.210 192.168.2.2
Mar 3, 2020 02:58:42.940929890 CET 49160 6667 192.168.2.2 83.140.172.210
Mar 3, 2020 02:58:42.945899010 CET 6667 49160 83.140.172.210 192.168.2.2
Mar 3, 2020 02:58:43.037395000 CET 6667 49162 104.196.117.31 192.168.2.2
Mar 3, 2020 02:58:43.037493944 CET 49162 6667 192.168.2.2 104.196.117.31
Mar 3, 2020 02:58:43.090046883 CET 49161 6667 192.168.2.2 91.236.182.1
Mar 3, 2020 02:58:43.090178013 CET 49164 6667 192.168.2.2 154.35.138.250
Mar 3, 2020 02:58:43.149594069 CET 49160 6667 192.168.2.2 83.140.172.210
Mar 3, 2020 02:58:43.205344915 CET 6667 49164 154.35.138.250 192.168.2.2
Mar 3, 2020 02:58:43.205385923 CET 6667 49161 91.236.182.1 192.168.2.2
Mar 3, 2020 02:58:43.232353926 CET 6667 49165 170.178.184.37 192.168.2.2
Mar 3, 2020 02:58:43.410842896 CET 49164 6667 192.168.2.2 154.35.138.250
Mar 3, 2020 02:58:43.410933018 CET 49161 6667 192.168.2.2 91.236.182.1
Mar 3, 2020 02:58:43.440634966 CET 49165 6667 192.168.2.2 170.178.184.37
Mar 3, 2020 02:58:45.643879890 CET 49163 6667 192.168.2.2 141.213.238.252
Mar 3, 2020 02:58:45.674325943 CET 49160 6667 192.168.2.2 83.140.172.210
Mar 3, 2020 02:58:45.710484028 CET 6667 49160 83.140.172.210 192.168.2.2
Mar 3, 2020 02:58:45.710755110 CET 49160 6667 192.168.2.2 83.140.172.210
Mar 3, 2020 02:58:45.747201920 CET 6667 49160 83.140.172.210 192.168.2.2
Mar 3, 2020 02:58:45.747379065 CET 6667 49160 83.140.172.210 192.168.2.2
Mar 3, 2020 02:58:45.749077082 CET 49160 6667 192.168.2.2 83.140.172.210
Mar 3, 2020 02:58:45.764770031 CET 49164 6667 192.168.2.2 154.35.138.250
Mar 3, 2020 02:58:45.764997959 CET 49161 6667 192.168.2.2 91.236.182.1
TCP Packets
Copyright Joe Security LLC 2020 Page 20 of 79
Mar 3, 2020 02:58:45.774341106 CET 49162 6667 192.168.2.2 104.196.117.31
Mar 3, 2020 02:58:45.786492109 CET 6667 49160 83.140.172.210 192.168.2.2
Mar 3, 2020 02:58:45.786689997 CET 6667 49160 83.140.172.210 192.168.2.2
Mar 3, 2020 02:58:45.786786079 CET 49160 6667 192.168.2.2 83.140.172.210
Mar 3, 2020 02:58:45.786906004 CET 49160 6667 192.168.2.2 83.140.172.210
Mar 3, 2020 02:58:45.822946072 CET 6667 49160 83.140.172.210 192.168.2.2
Mar 3, 2020 02:58:45.880024910 CET 6667 49164 154.35.138.250 192.168.2.2
Mar 3, 2020 02:58:45.880316973 CET 49164 6667 192.168.2.2 154.35.138.250
Mar 3, 2020 02:58:45.880326986 CET 6667 49161 91.236.182.1 192.168.2.2
Mar 3, 2020 02:58:45.880573034 CET 49161 6667 192.168.2.2 91.236.182.1
Mar 3, 2020 02:58:45.894617081 CET 6667 49162 104.196.117.31 192.168.2.2
Mar 3, 2020 02:58:45.894865990 CET 49162 6667 192.168.2.2 104.196.117.31
Mar 3, 2020 02:58:45.895854950 CET 49165 6667 192.168.2.2 170.178.184.37
Mar 3, 2020 02:58:45.930469990 CET 49166 6667 192.168.2.2 83.140.172.212
Mar 3, 2020 02:58:45.966644049 CET 6667 49166 83.140.172.212 192.168.2.2
Mar 3, 2020 02:58:45.966820955 CET 49166 6667 192.168.2.2 83.140.172.212
Mar 3, 2020 02:58:45.995508909 CET 6667 49164 154.35.138.250 192.168.2.2
Mar 3, 2020 02:58:45.995714903 CET 6667 49164 154.35.138.250 192.168.2.2
Mar 3, 2020 02:58:45.995744944 CET 6667 49164 154.35.138.250 192.168.2.2
Mar 3, 2020 02:58:45.995804071 CET 49164 6667 192.168.2.2 154.35.138.250
Mar 3, 2020 02:58:45.995891094 CET 6667 49164 154.35.138.250 192.168.2.2
Mar 3, 2020 02:58:45.995920897 CET 6667 49161 91.236.182.1 192.168.2.2
Mar 3, 2020 02:58:45.996124029 CET 6667 49161 91.236.182.1 192.168.2.2
Mar 3, 2020 02:58:45.996619940 CET 49164 6667 192.168.2.2 154.35.138.250
Mar 3, 2020 02:58:45.996831894 CET 49161 6667 192.168.2.2 91.236.182.1
Mar 3, 2020 02:58:46.003223896 CET 6667 49166 83.140.172.212 192.168.2.2
Mar 3, 2020 02:58:46.015078068 CET 6667 49162 104.196.117.31 192.168.2.2
Mar 3, 2020 02:58:46.015155077 CET 6667 49162 104.196.117.31 192.168.2.2
Mar 3, 2020 02:58:46.015532970 CET 49162 6667 192.168.2.2 104.196.117.31
Mar 3, 2020 02:58:46.058881998 CET 6667 49165 170.178.184.37 192.168.2.2
Mar 3, 2020 02:58:46.059017897 CET 49165 6667 192.168.2.2 170.178.184.37
Mar 3, 2020 02:58:46.111139059 CET 6667 49164 154.35.138.250 192.168.2.2
Mar 3, 2020 02:58:46.111177921 CET 6667 49164 154.35.138.250 192.168.2.2
Mar 3, 2020 02:58:46.111356974 CET 49164 6667 192.168.2.2 154.35.138.250
Mar 3, 2020 02:58:46.111845970 CET 6667 49164 154.35.138.250 192.168.2.2
Mar 3, 2020 02:58:46.112066984 CET 49164 6667 192.168.2.2 154.35.138.250
Mar 3, 2020 02:58:46.135859966 CET 6667 49162 104.196.117.31 192.168.2.2
Mar 3, 2020 02:58:46.135907888 CET 6667 49162 104.196.117.31 192.168.2.2
Mar 3, 2020 02:58:46.135970116 CET 6667 49162 104.196.117.31 192.168.2.2
Mar 3, 2020 02:58:46.136008024 CET 6667 49162 104.196.117.31 192.168.2.2
Mar 3, 2020 02:58:46.136043072 CET 6667 49162 104.196.117.31 192.168.2.2
Mar 3, 2020 02:58:46.136075974 CET 6667 49162 104.196.117.31 192.168.2.2
Mar 3, 2020 02:58:46.136090040 CET 49162 6667 192.168.2.2 104.196.117.31
Mar 3, 2020 02:58:46.136110067 CET 6667 49162 104.196.117.31 192.168.2.2
Mar 3, 2020 02:58:46.136143923 CET 6667 49162 104.196.117.31 192.168.2.2
Mar 3, 2020 02:58:46.136178970 CET 6667 49162 104.196.117.31 192.168.2.2
Mar 3, 2020 02:58:46.136213064 CET 6667 49162 104.196.117.31 192.168.2.2
Mar 3, 2020 02:58:46.136310101 CET 49162 6667 192.168.2.2 104.196.117.31
Mar 3, 2020 02:58:46.136429071 CET 49162 6667 192.168.2.2 104.196.117.31
Mar 3, 2020 02:58:46.151432991 CET 6667 49161 91.236.182.1 192.168.2.2
Mar 3, 2020 02:58:46.204005957 CET 49166 6667 192.168.2.2 83.140.172.212
Mar 3, 2020 02:58:46.221909046 CET 6667 49165 170.178.184.37 192.168.2.2
Mar 3, 2020 02:58:46.226574898 CET 6667 49164 154.35.138.250 192.168.2.2
Mar 3, 2020 02:58:46.227335930 CET 6667 49164 154.35.138.250 192.168.2.2
Mar 3, 2020 02:58:46.227488041 CET 6667 49164 154.35.138.250 192.168.2.2
Mar 3, 2020 02:58:46.227572918 CET 6667 49164 154.35.138.250 192.168.2.2
Timestamp Source Port Dest Port Source IP Dest IP
Timestamp Source Port Dest Port Source IP Dest IP
Mar 3, 2020 02:58:42.483531952 CET 58071 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:58:42.517324924 CET 53 58071 8.8.8.8 192.168.2.2
Mar 3, 2020 02:58:42.575922012 CET 59975 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:58:42.580487967 CET 61191 53 192.168.2.2 8.8.8.8
UDP Packets
Copyright Joe Security LLC 2020 Page 21 of 79
Mar 3, 2020 02:58:42.584496021 CET 59821 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:58:42.588411093 CET 65526 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:58:42.592338085 CET 55582 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:58:42.611617088 CET 53 59975 8.8.8.8 192.168.2.2
Mar 3, 2020 02:58:42.616306067 CET 53 61191 8.8.8.8 192.168.2.2
Mar 3, 2020 02:58:42.622173071 CET 53 65526 8.8.8.8 192.168.2.2
Mar 3, 2020 02:58:42.640264988 CET 53 55582 8.8.8.8 192.168.2.2
Mar 3, 2020 02:58:42.641793013 CET 53 59821 8.8.8.8 192.168.2.2
Mar 3, 2020 02:58:42.656189919 CET 49409 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:58:42.675930977 CET 61043 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:58:42.691967010 CET 53 49409 8.8.8.8 192.168.2.2
Mar 3, 2020 02:58:42.728344917 CET 53 61043 8.8.8.8 192.168.2.2
Mar 3, 2020 02:58:45.895270109 CET 65341 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:58:45.928976059 CET 53 65341 8.8.8.8 192.168.2.2
Mar 3, 2020 02:58:46.328710079 CET 64323 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:58:46.362520933 CET 53 64323 8.8.8.8 192.168.2.2
Mar 3, 2020 02:58:46.483880043 CET 59760 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:58:46.526906967 CET 53 59760 8.8.8.8 192.168.2.2
Mar 3, 2020 02:58:47.721071005 CET 62623 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:58:47.756628990 CET 53 62623 8.8.8.8 192.168.2.2
Mar 3, 2020 02:58:49.807653904 CET 50024 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:58:49.843471050 CET 53 50024 8.8.8.8 192.168.2.2
Mar 3, 2020 02:58:49.957897902 CET 62433 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:58:49.983320951 CET 53 62433 8.8.8.8 192.168.2.2
Mar 3, 2020 02:58:51.769185066 CET 59082 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:58:51.803003073 CET 53 59082 8.8.8.8 192.168.2.2
Mar 3, 2020 02:58:52.769306898 CET 59368 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:58:52.805826902 CET 53 59368 8.8.8.8 192.168.2.2
Mar 3, 2020 02:58:53.072654009 CET 51188 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:58:53.106466055 CET 53 51188 8.8.8.8 192.168.2.2
Mar 3, 2020 02:58:53.594789982 CET 60032 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:58:53.630362034 CET 53 60032 8.8.8.8 192.168.2.2
Mar 3, 2020 02:58:55.071216106 CET 60483 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:58:55.104760885 CET 53 60483 8.8.8.8 192.168.2.2
Mar 3, 2020 02:58:56.334348917 CET 55211 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:58:56.378103971 CET 53 55211 8.8.8.8 192.168.2.2
Mar 3, 2020 02:58:58.107361078 CET 62988 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:58:58.141156912 CET 53 62988 8.8.8.8 192.168.2.2
Mar 3, 2020 02:58:58.235498905 CET 61419 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:58:58.255970001 CET 53716 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:58:58.271428108 CET 53 61419 8.8.8.8 192.168.2.2
Mar 3, 2020 02:58:58.289623022 CET 53 53716 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:01.102760077 CET 52255 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:01.292686939 CET 53 52255 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:01.664565086 CET 53464 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:01.698451042 CET 53 53464 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:01.875492096 CET 60764 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:01.909229994 CET 53 60764 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:03.158968925 CET 60040 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:03.192779064 CET 53 60040 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:03.753977060 CET 59798 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:03.787798882 CET 53 59798 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:04.477401972 CET 58073 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:04.511234999 CET 53 58073 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:05.068731070 CET 49802 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:05.102401018 CET 53 49802 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:05.179017067 CET 56404 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:05.212677002 CET 53 56404 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:07.701100111 CET 58893 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:07.734842062 CET 53 58893 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:08.200059891 CET 54385 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:08.233861923 CET 53 54385 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:08.482434988 CET 56280 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:08.519627094 CET 53 56280 8.8.8.8 192.168.2.2
Timestamp Source Port Dest Port Source IP Dest IP
Copyright Joe Security LLC 2020 Page 22 of 79
Mar 3, 2020 02:59:10.956549883 CET 56511 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:10.990135908 CET 53 56511 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:11.791709900 CET 55725 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:11.825386047 CET 53 55725 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:14.468049049 CET 64882 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:14.501884937 CET 53 64882 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:14.547509909 CET 52673 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:14.550029039 CET 63905 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:14.581252098 CET 53 52673 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:14.583607912 CET 53 63905 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:15.095932007 CET 63027 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:15.131838083 CET 53 63027 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:17.766417980 CET 53949 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:17.791831017 CET 53 53949 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:18.406683922 CET 54865 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:18.450876951 CET 53 54865 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:19.508985996 CET 60107 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:19.565301895 CET 53 60107 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:21.001256943 CET 50880 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:21.026721954 CET 53 50880 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:22.042042971 CET 51592 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:22.075815916 CET 53 51592 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:23.361979008 CET 55112 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:23.395772934 CET 53 55112 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:24.241472960 CET 54123 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:24.274987936 CET 53 54123 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:24.590812922 CET 61530 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:24.624658108 CET 53 61530 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:24.894284010 CET 53009 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:24.928029060 CET 53 53009 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:25.344686985 CET 54321 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:25.378356934 CET 53 54321 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:26.548959017 CET 53821 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:26.582578897 CET 53 53821 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:27.478524923 CET 53457 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:27.512293100 CET 53 53457 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:28.665527105 CET 63615 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:28.699227095 CET 53 63615 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:29.630881071 CET 50107 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:29.665036917 CET 53 50107 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:29.854454994 CET 61749 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:29.888133049 CET 53 61749 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:30.691550016 CET 62155 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:30.727500916 CET 53 62155 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:32.284756899 CET 49334 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:32.318432093 CET 53 49334 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:33.056709051 CET 63337 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:33.090390921 CET 53 63337 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:33.930681944 CET 54654 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:33.964260101 CET 53 54654 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:34.666383028 CET 57381 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:34.691662073 CET 53 57381 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:35.910629988 CET 54060 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:35.945986986 CET 53 54060 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:37.142359972 CET 55299 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:37.167826891 CET 53 55299 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:39.213246107 CET 58140 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:39.246877909 CET 53 58140 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:39.694916010 CET 50609 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:39.729149103 CET 53 50609 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:40.400686026 CET 60641 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:40.426050901 CET 53 60641 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:41.771095037 CET 60978 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:41.804899931 CET 53 60978 8.8.8.8 192.168.2.2
Timestamp Source Port Dest Port Source IP Dest IP
Copyright Joe Security LLC 2020 Page 23 of 79
Mar 3, 2020 02:59:42.512851954 CET 62263 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:42.548566103 CET 53 62263 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:43.642534971 CET 65224 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:43.678421021 CET 53 65224 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:46.170953035 CET 49443 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:46.204761982 CET 53 49443 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:46.263122082 CET 50852 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:46.293056011 CET 63657 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:46.301246881 CET 53 50852 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:46.326898098 CET 53 63657 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:46.397322893 CET 58685 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:46.431030989 CET 53 58685 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:46.896008015 CET 50035 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:46.921334028 CET 53 50035 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:49.478441000 CET 63321 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:49.503793001 CET 53 63321 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:49.700956106 CET 61709 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:49.734684944 CET 53 61709 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:50.120256901 CET 51132 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:50.145689011 CET 53 51132 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:51.214941025 CET 54014 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:51.248886108 CET 53 54014 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:52.744365931 CET 50539 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:52.778170109 CET 53 50539 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:53.020303965 CET 55899 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:53.055788040 CET 53 55899 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:53.328210115 CET 59967 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:53.353554010 CET 53 59967 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:55.911750078 CET 53003 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:55.945466042 CET 53 53003 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:56.260744095 CET 63695 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:56.294528008 CET 53 63695 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:56.559190035 CET 58789 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:56.584424973 CET 53 58789 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:56.640055895 CET 63206 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:56.665370941 CET 53 63206 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:59.095232964 CET 65188 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:59.129090071 CET 53 65188 8.8.8.8 192.168.2.2
Mar 3, 2020 02:59:59.766551971 CET 53800 53 192.168.2.2 8.8.8.8
Mar 3, 2020 02:59:59.802356958 CET 53 53800 8.8.8.8 192.168.2.2
Mar 3, 2020 03:00:00.268826962 CET 53068 53 192.168.2.2 8.8.8.8
Mar 3, 2020 03:00:00.304663897 CET 53 53068 8.8.8.8 192.168.2.2
Mar 3, 2020 03:00:02.895324945 CET 50450 53 192.168.2.2 8.8.8.8
Mar 3, 2020 03:00:02.920644045 CET 53 50450 8.8.8.8 192.168.2.2
Mar 3, 2020 03:00:02.987610102 CET 61883 53 192.168.2.2 8.8.8.8
Mar 3, 2020 03:00:02.990108013 CET 56456 53 192.168.2.2 8.8.8.8
Mar 3, 2020 03:00:03.023592949 CET 53 56456 8.8.8.8 192.168.2.2
Mar 3, 2020 03:00:03.048018932 CET 53 61883 8.8.8.8 192.168.2.2
Mar 3, 2020 03:00:03.572412968 CET 61664 53 192.168.2.2 8.8.8.8
Mar 3, 2020 03:00:03.605873108 CET 53 61664 8.8.8.8 192.168.2.2
Mar 3, 2020 03:00:06.213157892 CET 55264 53 192.168.2.2 8.8.8.8
Mar 3, 2020 03:00:06.223356009 CET 53671 53 192.168.2.2 8.8.8.8
Mar 3, 2020 03:00:06.246649981 CET 53 55264 8.8.8.8 192.168.2.2
Mar 3, 2020 03:00:06.259120941 CET 53 53671 8.8.8.8 192.168.2.2
Mar 3, 2020 03:00:06.877672911 CET 60271 53 192.168.2.2 8.8.8.8
Mar 3, 2020 03:00:06.911353111 CET 53 60271 8.8.8.8 192.168.2.2
Mar 3, 2020 03:00:07.428534031 CET 56418 53 192.168.2.2 8.8.8.8
Mar 3, 2020 03:00:07.465667963 CET 53 56418 8.8.8.8 192.168.2.2
Mar 3, 2020 03:00:07.925437927 CET 60342 53 192.168.2.2 8.8.8.8
Mar 3, 2020 03:00:07.959275007 CET 53 60342 8.8.8.8 192.168.2.2
Mar 3, 2020 03:00:09.391057968 CET 63144 53 192.168.2.2 8.8.8.8
Mar 3, 2020 03:00:09.424839020 CET 53 63144 8.8.8.8 192.168.2.2
Mar 3, 2020 03:00:09.441179991 CET 65350 53 192.168.2.2 8.8.8.8
Mar 3, 2020 03:00:09.474936962 CET 53 65350 8.8.8.8 192.168.2.2
Timestamp Source Port Dest Port Source IP Dest IP
Copyright Joe Security LLC 2020 Page 24 of 79
Mar 3, 2020 03:00:10.452692032 CET 56739 53 192.168.2.2 8.8.8.8
Mar 3, 2020 03:00:10.486392021 CET 53 56739 8.8.8.8 192.168.2.2
Mar 3, 2020 03:00:12.565790892 CET 59260 53 192.168.2.2 8.8.8.8
Mar 3, 2020 03:00:12.599679947 CET 53 59260 8.8.8.8 192.168.2.2
Mar 3, 2020 03:00:12.674940109 CET 51741 53 192.168.2.2 8.8.8.8
Mar 3, 2020 03:00:12.700344086 CET 53 51741 8.8.8.8 192.168.2.2
Mar 3, 2020 03:00:12.965033054 CET 54409 53 192.168.2.2 8.8.8.8
Mar 3, 2020 03:00:12.990371943 CET 53 54409 8.8.8.8 192.168.2.2
Mar 3, 2020 03:00:14.098208904 CET 60330 53 192.168.2.2 8.8.8.8
Mar 3, 2020 03:00:14.133182049 CET 53 60330 8.8.8.8 192.168.2.2
Mar 3, 2020 03:00:15.741408110 CET 52879 53 192.168.2.2 8.8.8.8
Mar 3, 2020 03:00:15.775207996 CET 53 52879 8.8.8.8 192.168.2.2
Mar 3, 2020 03:00:15.899106026 CET 53842 53 192.168.2.2 8.8.8.8
Mar 3, 2020 03:00:15.932889938 CET 53 53842 8.8.8.8 192.168.2.2
Timestamp Source Port Dest Port Source IP Dest IP
Timestamp Source IP Dest IP Trans ID OP Code Name Type Class
Mar 3, 2020 02:58:42.575922012 CET 192.168.2.2 8.8.8.8 0x5aa5 Standard query (0)
irc.quakenet.org A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.580487967 CET 192.168.2.2 8.8.8.8 0xcb22 Standard query (0)
irc.rizon.net A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.584496021 CET 192.168.2.2 8.8.8.8 0x9a1b Standard query (0)
irc.dal.net A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.588411093 CET 192.168.2.2 8.8.8.8 0x16b3 Standard query (0)
eu.undernet.org A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.592338085 CET 192.168.2.2 8.8.8.8 0x2f3d Standard query (0)
irc.efnet.net A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.656189919 CET 192.168.2.2 8.8.8.8 0xe99b Standard query (0)
leak.eliteirc.co.uk A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.675930977 CET 192.168.2.2 8.8.8.8 0x9728 Standard query (0)
irc.us.ircnet.net A (IP address) IN (0x0001)
Mar 3, 2020 02:58:45.895270109 CET 192.168.2.2 8.8.8.8 0xa09a Standard query (0)
irc.quakenet.org A (IP address) IN (0x0001)
Mar 3, 2020 02:58:46.328710079 CET 192.168.2.2 8.8.8.8 0xd4b0 Standard query (0)
irc.rizon.net A (IP address) IN (0x0001)
Mar 3, 2020 02:58:46.483880043 CET 192.168.2.2 8.8.8.8 0x11b4 Standard query (0)
irc.dal.net A (IP address) IN (0x0001)
Mar 3, 2020 02:58:47.721071005 CET 192.168.2.2 8.8.8.8 0xfbdd Standard query (0)
leak.eliteirc.co.uk A (IP address) IN (0x0001)
Mar 3, 2020 02:58:49.807653904 CET 192.168.2.2 8.8.8.8 0xd660 Standard query (0)
irc.dal.net A (IP address) IN (0x0001)
Mar 3, 2020 02:58:49.957897902 CET 192.168.2.2 8.8.8.8 0x3a13 Standard query (0)
irc.rizon.net A (IP address) IN (0x0001)
Mar 3, 2020 02:58:51.769185066 CET 192.168.2.2 8.8.8.8 0xeaaf Standard query (0)
us.undernet.org A (IP address) IN (0x0001)
Mar 3, 2020 02:58:52.769306898 CET 192.168.2.2 8.8.8.8 0x7a4f Standard query (0)
leak.eliteirc.co.uk A (IP address) IN (0x0001)
Mar 3, 2020 02:58:53.072654009 CET 192.168.2.2 8.8.8.8 0x22f5 Standard query (0)
irc.dal.net A (IP address) IN (0x0001)
Mar 3, 2020 02:58:53.594789982 CET 192.168.2.2 8.8.8.8 0xb993 Standard query (0)
irc.rizon.net A (IP address) IN (0x0001)
Mar 3, 2020 02:58:55.071216106 CET 192.168.2.2 8.8.8.8 0xf316 Standard query (0)
us.undernet.org A (IP address) IN (0x0001)
Mar 3, 2020 02:58:56.334348917 CET 192.168.2.2 8.8.8.8 0x2540 Standard query (0)
irc.dal.net A (IP address) IN (0x0001)
Mar 3, 2020 02:58:58.107361078 CET 192.168.2.2 8.8.8.8 0xf628 Standard query (0)
leak.eliteirc.co.uk A (IP address) IN (0x0001)
Mar 3, 2020 02:58:58.235498905 CET 192.168.2.2 8.8.8.8 0xe54a Standard query (0)
irc.rizon.net A (IP address) IN (0x0001)
Mar 3, 2020 02:58:58.255970001 CET 192.168.2.2 8.8.8.8 0x4294 Standard query (0)
us.undernet.org A (IP address) IN (0x0001)
Mar 3, 2020 02:59:01.102760077 CET 192.168.2.2 8.8.8.8 0xf222 Standard query (0)
irc.dal.net A (IP address) IN (0x0001)
Mar 3, 2020 02:59:01.664565086 CET 192.168.2.2 8.8.8.8 0xedd1 Standard query (0)
us.undernet.org A (IP address) IN (0x0001)
Mar 3, 2020 02:59:01.875492096 CET 192.168.2.2 8.8.8.8 0x6404 Standard query (0)
irc.rizon.net A (IP address) IN (0x0001)
Mar 3, 2020 02:59:03.158968925 CET 192.168.2.2 8.8.8.8 0xa309 Standard query (0)
leak.eliteirc.co.uk A (IP address) IN (0x0001)
DNS Queries
Copyright Joe Security LLC 2020 Page 25 of 79
Mar 3, 2020 02:59:03.753977060 CET 192.168.2.2 8.8.8.8 0xf51e Standard query (0)
irc.efnet.net A (IP address) IN (0x0001)
Mar 3, 2020 02:59:04.477401972 CET 192.168.2.2 8.8.8.8 0xddbc Standard query (0)
irc.dal.net A (IP address) IN (0x0001)
Mar 3, 2020 02:59:05.068731070 CET 192.168.2.2 8.8.8.8 0x4f91 Standard query (0)
eu.undernet.org A (IP address) IN (0x0001)
Mar 3, 2020 02:59:05.179017067 CET 192.168.2.2 8.8.8.8 0xc53d Standard query (0)
irc.rizon.net A (IP address) IN (0x0001)
Mar 3, 2020 02:59:07.701100111 CET 192.168.2.2 8.8.8.8 0x9e68 Standard query (0)
irc.dal.net A (IP address) IN (0x0001)
Mar 3, 2020 02:59:08.200059891 CET 192.168.2.2 8.8.8.8 0xb810 Standard query (0)
leak.eliteirc.co.uk A (IP address) IN (0x0001)
Mar 3, 2020 02:59:08.482434988 CET 192.168.2.2 8.8.8.8 0x85e9 Standard query (0)
irc.rizon.net A (IP address) IN (0x0001)
Mar 3, 2020 02:59:10.956549883 CET 192.168.2.2 8.8.8.8 0xf630 Standard query (0)
irc.dal.net A (IP address) IN (0x0001)
Mar 3, 2020 02:59:11.791709900 CET 192.168.2.2 8.8.8.8 0xef57 Standard query (0)
irc.rizon.net A (IP address) IN (0x0001)
Mar 3, 2020 02:59:14.468049049 CET 192.168.2.2 8.8.8.8 0xf4f8 Standard query (0)
leak.eliteirc.co.uk A (IP address) IN (0x0001)
Mar 3, 2020 02:59:14.547509909 CET 192.168.2.2 8.8.8.8 0xa0c1 Standard query (0)
us.undernet.org A (IP address) IN (0x0001)
Mar 3, 2020 02:59:14.550029039 CET 192.168.2.2 8.8.8.8 0xacbb Standard query (0)
irc.dal.net A (IP address) IN (0x0001)
Mar 3, 2020 02:59:15.095932007 CET 192.168.2.2 8.8.8.8 0xbe32 Standard query (0)
irc.rizon.net A (IP address) IN (0x0001)
Mar 3, 2020 02:59:17.766417980 CET 192.168.2.2 8.8.8.8 0x74b5 Standard query (0)
irc.dal.net A (IP address) IN (0x0001)
Mar 3, 2020 02:59:18.406683922 CET 192.168.2.2 8.8.8.8 0xd428 Standard query (0)
irc.rizon.net A (IP address) IN (0x0001)
Mar 3, 2020 02:59:19.508985996 CET 192.168.2.2 8.8.8.8 0xb78f Standard query (0)
leak.eliteirc.co.uk A (IP address) IN (0x0001)
Mar 3, 2020 02:59:21.001256943 CET 192.168.2.2 8.8.8.8 0x6dbf Standard query (0)
irc.dal.net A (IP address) IN (0x0001)
Mar 3, 2020 02:59:22.042042971 CET 192.168.2.2 8.8.8.8 0xbb2d Standard query (0)
irc.rizon.net A (IP address) IN (0x0001)
Mar 3, 2020 02:59:23.361979008 CET 192.168.2.2 8.8.8.8 0x21bc Standard query (0)
eu.undernet.org A (IP address) IN (0x0001)
Mar 3, 2020 02:59:24.241472960 CET 192.168.2.2 8.8.8.8 0xfcc0 Standard query (0)
irc.dal.net A (IP address) IN (0x0001)
Mar 3, 2020 02:59:24.590812922 CET 192.168.2.2 8.8.8.8 0xdf8 Standard query (0)
leak.eliteirc.co.uk A (IP address) IN (0x0001)
Mar 3, 2020 02:59:24.894284010 CET 192.168.2.2 8.8.8.8 0x9d0f Standard query (0)
irc.efnet.net A (IP address) IN (0x0001)
Mar 3, 2020 02:59:25.344686985 CET 192.168.2.2 8.8.8.8 0xac44 Standard query (0)
irc.rizon.net A (IP address) IN (0x0001)
Mar 3, 2020 02:59:26.548959017 CET 192.168.2.2 8.8.8.8 0x9b5e Standard query (0)
us.undernet.org A (IP address) IN (0x0001)
Mar 3, 2020 02:59:27.478524923 CET 192.168.2.2 8.8.8.8 0x9334 Standard query (0)
irc.dal.net A (IP address) IN (0x0001)
Mar 3, 2020 02:59:28.665527105 CET 192.168.2.2 8.8.8.8 0x83b Standard query (0)
irc.rizon.net A (IP address) IN (0x0001)
Mar 3, 2020 02:59:29.630881071 CET 192.168.2.2 8.8.8.8 0x32d0 Standard query (0)
leak.eliteirc.co.uk A (IP address) IN (0x0001)
Mar 3, 2020 02:59:29.854454994 CET 192.168.2.2 8.8.8.8 0x421 Standard query (0)
eu.undernet.org A (IP address) IN (0x0001)
Mar 3, 2020 02:59:30.691550016 CET 192.168.2.2 8.8.8.8 0x8cb5 Standard query (0)
irc.dal.net A (IP address) IN (0x0001)
Mar 3, 2020 02:59:32.284756899 CET 192.168.2.2 8.8.8.8 0x513a Standard query (0)
irc.rizon.net A (IP address) IN (0x0001)
Mar 3, 2020 02:59:33.056709051 CET 192.168.2.2 8.8.8.8 0xcf22 Standard query (0)
eu.undernet.org A (IP address) IN (0x0001)
Mar 3, 2020 02:59:33.930681944 CET 192.168.2.2 8.8.8.8 0x6aea Standard query (0)
irc.dal.net A (IP address) IN (0x0001)
Mar 3, 2020 02:59:34.666383028 CET 192.168.2.2 8.8.8.8 0x649f Standard query (0)
leak.eliteirc.co.uk A (IP address) IN (0x0001)
Mar 3, 2020 02:59:35.910629988 CET 192.168.2.2 8.8.8.8 0xfbe1 Standard query (0)
irc.rizon.net A (IP address) IN (0x0001)
Mar 3, 2020 02:59:37.142359972 CET 192.168.2.2 8.8.8.8 0xee2e Standard query (0)
irc.dal.net A (IP address) IN (0x0001)
Mar 3, 2020 02:59:39.213246107 CET 192.168.2.2 8.8.8.8 0x82 Standard query (0)
irc.rizon.net A (IP address) IN (0x0001)
Mar 3, 2020 02:59:39.694916010 CET 192.168.2.2 8.8.8.8 0x9ae7 Standard query (0)
leak.eliteirc.co.uk A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID OP Code Name Type Class
Copyright Joe Security LLC 2020 Page 26 of 79
Mar 3, 2020 02:59:40.400686026 CET 192.168.2.2 8.8.8.8 0x11fe Standard query (0)
irc.dal.net A (IP address) IN (0x0001)
Mar 3, 2020 02:59:41.771095037 CET 192.168.2.2 8.8.8.8 0xdf31 Standard query (0)
eu.undernet.org A (IP address) IN (0x0001)
Mar 3, 2020 02:59:42.512851954 CET 192.168.2.2 8.8.8.8 0x9344 Standard query (0)
irc.rizon.net A (IP address) IN (0x0001)
Mar 3, 2020 02:59:43.642534971 CET 192.168.2.2 8.8.8.8 0x12b4 Standard query (0)
irc.dal.net A (IP address) IN (0x0001)
Mar 3, 2020 02:59:46.170953035 CET 192.168.2.2 8.8.8.8 0xc6a5 Standard query (0)
leak.eliteirc.co.uk A (IP address) IN (0x0001)
Mar 3, 2020 02:59:46.263122082 CET 192.168.2.2 8.8.8.8 0xc184 Standard query (0)
irc.efnet.net A (IP address) IN (0x0001)
Mar 3, 2020 02:59:46.293056011 CET 192.168.2.2 8.8.8.8 0x5d5f Standard query (0)
us.undernet.org A (IP address) IN (0x0001)
Mar 3, 2020 02:59:46.397322893 CET 192.168.2.2 8.8.8.8 0x4071 Standard query (0)
irc.rizon.net A (IP address) IN (0x0001)
Mar 3, 2020 02:59:46.896008015 CET 192.168.2.2 8.8.8.8 0xcfdd Standard query (0)
irc.dal.net A (IP address) IN (0x0001)
Mar 3, 2020 02:59:49.478441000 CET 192.168.2.2 8.8.8.8 0xe547 Standard query (0)
us.undernet.org A (IP address) IN (0x0001)
Mar 3, 2020 02:59:49.700956106 CET 192.168.2.2 8.8.8.8 0xa464 Standard query (0)
irc.rizon.net A (IP address) IN (0x0001)
Mar 3, 2020 02:59:50.120256901 CET 192.168.2.2 8.8.8.8 0xd38b Standard query (0)
irc.dal.net A (IP address) IN (0x0001)
Mar 3, 2020 02:59:51.214941025 CET 192.168.2.2 8.8.8.8 0xb1e6 Standard query (0)
leak.eliteirc.co.uk A (IP address) IN (0x0001)
Mar 3, 2020 02:59:52.744365931 CET 192.168.2.2 8.8.8.8 0xa593 Standard query (0)
eu.undernet.org A (IP address) IN (0x0001)
Mar 3, 2020 02:59:53.020303965 CET 192.168.2.2 8.8.8.8 0x709 Standard query (0)
irc.rizon.net A (IP address) IN (0x0001)
Mar 3, 2020 02:59:53.328210115 CET 192.168.2.2 8.8.8.8 0x76ab Standard query (0)
irc.dal.net A (IP address) IN (0x0001)
Mar 3, 2020 02:59:55.911750078 CET 192.168.2.2 8.8.8.8 0x15bf Standard query (0)
us.undernet.org A (IP address) IN (0x0001)
Mar 3, 2020 02:59:56.260744095 CET 192.168.2.2 8.8.8.8 0x45d0 Standard query (0)
leak.eliteirc.co.uk A (IP address) IN (0x0001)
Mar 3, 2020 02:59:56.559190035 CET 192.168.2.2 8.8.8.8 0x9b9 Standard query (0)
irc.dal.net A (IP address) IN (0x0001)
Mar 3, 2020 02:59:56.640055895 CET 192.168.2.2 8.8.8.8 0xada Standard query (0)
irc.rizon.net A (IP address) IN (0x0001)
Mar 3, 2020 02:59:59.095232964 CET 192.168.2.2 8.8.8.8 0x7351 Standard query (0)
eu.undernet.org A (IP address) IN (0x0001)
Mar 3, 2020 02:59:59.766551971 CET 192.168.2.2 8.8.8.8 0xbb8e Standard query (0)
irc.dal.net A (IP address) IN (0x0001)
Mar 3, 2020 03:00:00.268826962 CET 192.168.2.2 8.8.8.8 0x6e48 Standard query (0)
irc.rizon.net A (IP address) IN (0x0001)
Mar 3, 2020 03:00:02.895324945 CET 192.168.2.2 8.8.8.8 0xdad6 Standard query (0)
leak.eliteirc.co.uk A (IP address) IN (0x0001)
Mar 3, 2020 03:00:02.987610102 CET 192.168.2.2 8.8.8.8 0xf08c Standard query (0)
eu.undernet.org A (IP address) IN (0x0001)
Mar 3, 2020 03:00:02.990108013 CET 192.168.2.2 8.8.8.8 0x39d2 Standard query (0)
irc.dal.net A (IP address) IN (0x0001)
Mar 3, 2020 03:00:03.572412968 CET 192.168.2.2 8.8.8.8 0x957a Standard query (0)
irc.rizon.net A (IP address) IN (0x0001)
Mar 3, 2020 03:00:06.213157892 CET 192.168.2.2 8.8.8.8 0x874 Standard query (0)
eu.undernet.org A (IP address) IN (0x0001)
Mar 3, 2020 03:00:06.223356009 CET 192.168.2.2 8.8.8.8 0xa1cd Standard query (0)
irc.dal.net A (IP address) IN (0x0001)
Mar 3, 2020 03:00:06.877672911 CET 192.168.2.2 8.8.8.8 0x5892 Standard query (0)
irc.rizon.net A (IP address) IN (0x0001)
Mar 3, 2020 03:00:07.428534031 CET 192.168.2.2 8.8.8.8 0x960b Standard query (0)
irc.efnet.net A (IP address) IN (0x0001)
Mar 3, 2020 03:00:07.925437927 CET 192.168.2.2 8.8.8.8 0xab0f Standard query (0)
leak.eliteirc.co.uk A (IP address) IN (0x0001)
Mar 3, 2020 03:00:09.391057968 CET 192.168.2.2 8.8.8.8 0xbbc3 Standard query (0)
us.undernet.org A (IP address) IN (0x0001)
Mar 3, 2020 03:00:09.441179991 CET 192.168.2.2 8.8.8.8 0x2ceb Standard query (0)
irc.dal.net A (IP address) IN (0x0001)
Mar 3, 2020 03:00:10.452692032 CET 192.168.2.2 8.8.8.8 0x8a81 Standard query (0)
irc.rizon.net A (IP address) IN (0x0001)
Mar 3, 2020 03:00:12.565790892 CET 192.168.2.2 8.8.8.8 0x7dc Standard query (0)
eu.undernet.org A (IP address) IN (0x0001)
Mar 3, 2020 03:00:12.674940109 CET 192.168.2.2 8.8.8.8 0x1cc1 Standard query (0)
irc.dal.net A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID OP Code Name Type Class
Copyright Joe Security LLC 2020 Page 27 of 79
Mar 3, 2020 03:00:12.965033054 CET 192.168.2.2 8.8.8.8 0xaa8d Standard query (0)
leak.eliteirc.co.uk A (IP address) IN (0x0001)
Mar 3, 2020 03:00:14.098208904 CET 192.168.2.2 8.8.8.8 0xc42e Standard query (0)
irc.rizon.net A (IP address) IN (0x0001)
Mar 3, 2020 03:00:15.741408110 CET 192.168.2.2 8.8.8.8 0xb4d0 Standard query (0)
eu.undernet.org A (IP address) IN (0x0001)
Mar 3, 2020 03:00:15.899106026 CET 192.168.2.2 8.8.8.8 0xe20b Standard query (0)
irc.dal.net A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID OP Code Name Type Class
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Mar 3, 2020 02:58:42.611617088 CET
8.8.8.8 192.168.2.2 0x5aa5 No error (0) irc.quakenet.org 83.140.172.210 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.611617088 CET
8.8.8.8 192.168.2.2 0x5aa5 No error (0) irc.quakenet.org 91.217.189.21 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.611617088 CET
8.8.8.8 192.168.2.2 0x5aa5 No error (0) irc.quakenet.org 83.140.172.211 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.611617088 CET
8.8.8.8 192.168.2.2 0x5aa5 No error (0) irc.quakenet.org 80.65.57.26 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.611617088 CET
8.8.8.8 192.168.2.2 0x5aa5 No error (0) irc.quakenet.org 83.140.172.212 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.616306067 CET
8.8.8.8 192.168.2.2 0xcb22 No error (0) irc.rizon.net irc.map.rizon.net CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:58:42.616306067 CET
8.8.8.8 192.168.2.2 0xcb22 No error (0) irc.map.rizon.net sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:58:42.616306067 CET
8.8.8.8 192.168.2.2 0xcb22 No error (0) sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:58:42.616306067 CET
8.8.8.8 192.168.2.2 0xcb22 No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
104.196.117.31 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.616306067 CET
8.8.8.8 192.168.2.2 0xcb22 No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
80.65.57.18 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.622173071 CET
8.8.8.8 192.168.2.2 0x16b3 No error (0) eu.undernet.org 91.236.182.1 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.622173071 CET
8.8.8.8 192.168.2.2 0x16b3 No error (0) eu.undernet.org 45.58.135.130 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.622173071 CET
8.8.8.8 192.168.2.2 0x16b3 No error (0) eu.undernet.org 185.198.56.60 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.622173071 CET
8.8.8.8 192.168.2.2 0x16b3 No error (0) eu.undernet.org 45.58.183.18 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.622173071 CET
8.8.8.8 192.168.2.2 0x16b3 No error (0) eu.undernet.org 185.117.74.172 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.622173071 CET
8.8.8.8 192.168.2.2 0x16b3 No error (0) eu.undernet.org 94.125.182.255 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.640264988 CET
8.8.8.8 192.168.2.2 0x2f3d No error (0) irc.efnet.net 141.213.238.252 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.640264988 CET
8.8.8.8 192.168.2.2 0x2f3d No error (0) irc.efnet.net 193.163.220.3 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.640264988 CET
8.8.8.8 192.168.2.2 0x2f3d No error (0) irc.efnet.net 194.109.129.220 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.640264988 CET
8.8.8.8 192.168.2.2 0x2f3d No error (0) irc.efnet.net 195.140.202.142 A (IP address) IN (0x0001)
DNS Answers
Copyright Joe Security LLC 2020 Page 28 of 79
Mar 3, 2020 02:58:42.640264988 CET
8.8.8.8 192.168.2.2 0x2f3d No error (0) irc.efnet.net 198.252.144.2 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.640264988 CET
8.8.8.8 192.168.2.2 0x2f3d No error (0) irc.efnet.net 198.3.160.3 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.640264988 CET
8.8.8.8 192.168.2.2 0x2f3d No error (0) irc.efnet.net 198.47.99.99 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.640264988 CET
8.8.8.8 192.168.2.2 0x2f3d No error (0) irc.efnet.net 205.188.234.121 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.640264988 CET
8.8.8.8 192.168.2.2 0x2f3d No error (0) irc.efnet.net 205.210.145.3 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.640264988 CET
8.8.8.8 192.168.2.2 0x2f3d No error (0) irc.efnet.net 208.51.40.2 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.640264988 CET
8.8.8.8 192.168.2.2 0x2f3d No error (0) irc.efnet.net 209.249.249.126 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.640264988 CET
8.8.8.8 192.168.2.2 0x2f3d No error (0) irc.efnet.net 217.17.33.10 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.640264988 CET
8.8.8.8 192.168.2.2 0x2f3d No error (0) irc.efnet.net 64.237.34.150 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.640264988 CET
8.8.8.8 192.168.2.2 0x2f3d No error (0) irc.efnet.net 66.225.225.225 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.640264988 CET
8.8.8.8 192.168.2.2 0x2f3d No error (0) irc.efnet.net 67.210.234.18 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.640264988 CET
8.8.8.8 192.168.2.2 0x2f3d No error (0) irc.efnet.net 69.16.172.2 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.640264988 CET
8.8.8.8 192.168.2.2 0x2f3d No error (0) irc.efnet.net 77.67.101.101 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.640264988 CET
8.8.8.8 192.168.2.2 0x2f3d No error (0) irc.efnet.net 8.7.233.233 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.641793013 CET
8.8.8.8 192.168.2.2 0x9a1b No error (0) irc.dal.net 154.35.138.250 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.641793013 CET
8.8.8.8 192.168.2.2 0x9a1b No error (0) irc.dal.net 170.178.184.34 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.641793013 CET
8.8.8.8 192.168.2.2 0x9a1b No error (0) irc.dal.net 172.107.98.86 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.641793013 CET
8.8.8.8 192.168.2.2 0x9a1b No error (0) irc.dal.net 194.14.236.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.641793013 CET
8.8.8.8 192.168.2.2 0x9a1b No error (0) irc.dal.net 194.68.45.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.641793013 CET
8.8.8.8 192.168.2.2 0x9a1b No error (0) irc.dal.net 31.24.226.185 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.641793013 CET
8.8.8.8 192.168.2.2 0x9a1b No error (0) irc.dal.net 45.35.51.141 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.641793013 CET
8.8.8.8 192.168.2.2 0x9a1b No error (0) irc.dal.net 91.217.189.35 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.641793013 CET
8.8.8.8 192.168.2.2 0x9a1b No error (0) irc.dal.net 108.61.240.240 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.641793013 CET
8.8.8.8 192.168.2.2 0x9a1b No error (0) irc.dal.net 119.31.225.100 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.641793013 CET
8.8.8.8 192.168.2.2 0x9a1b No error (0) irc.dal.net 154.35.17.2 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:42.691967010 CET
8.8.8.8 192.168.2.2 0xe99b Name error (3) leak.eliteirc.co.uk
none none A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2020 Page 29 of 79
Mar 3, 2020 02:58:42.728344917 CET
8.8.8.8 192.168.2.2 0x9728 No error (0) irc.us.ircnet.net us.ircnet.net CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:58:42.728344917 CET
8.8.8.8 192.168.2.2 0x9728 No error (0) us.ircnet.net 170.178.184.37 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:45.928976059 CET
8.8.8.8 192.168.2.2 0xa09a No error (0) irc.quakenet.org 83.140.172.212 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:45.928976059 CET
8.8.8.8 192.168.2.2 0xa09a No error (0) irc.quakenet.org 91.217.189.21 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:45.928976059 CET
8.8.8.8 192.168.2.2 0xa09a No error (0) irc.quakenet.org 83.140.172.210 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:45.928976059 CET
8.8.8.8 192.168.2.2 0xa09a No error (0) irc.quakenet.org 80.65.57.26 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:45.928976059 CET
8.8.8.8 192.168.2.2 0xa09a No error (0) irc.quakenet.org 83.140.172.211 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:46.362520933 CET
8.8.8.8 192.168.2.2 0xd4b0 No error (0) irc.rizon.net irc.map.rizon.net CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:58:46.362520933 CET
8.8.8.8 192.168.2.2 0xd4b0 No error (0) irc.map.rizon.net sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:58:46.362520933 CET
8.8.8.8 192.168.2.2 0xd4b0 No error (0) sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:58:46.362520933 CET
8.8.8.8 192.168.2.2 0xd4b0 No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
104.196.117.31 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:46.362520933 CET
8.8.8.8 192.168.2.2 0xd4b0 No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
80.65.57.18 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:46.526906967 CET
8.8.8.8 192.168.2.2 0x11b4 No error (0) irc.dal.net 194.68.45.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:46.526906967 CET
8.8.8.8 192.168.2.2 0x11b4 No error (0) irc.dal.net 31.24.226.185 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:46.526906967 CET
8.8.8.8 192.168.2.2 0x11b4 No error (0) irc.dal.net 45.35.51.141 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:46.526906967 CET
8.8.8.8 192.168.2.2 0x11b4 No error (0) irc.dal.net 91.217.189.35 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:46.526906967 CET
8.8.8.8 192.168.2.2 0x11b4 No error (0) irc.dal.net 108.61.240.240 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:46.526906967 CET
8.8.8.8 192.168.2.2 0x11b4 No error (0) irc.dal.net 119.31.225.100 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:46.526906967 CET
8.8.8.8 192.168.2.2 0x11b4 No error (0) irc.dal.net 154.35.17.2 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:46.526906967 CET
8.8.8.8 192.168.2.2 0x11b4 No error (0) irc.dal.net 154.35.138.250 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:46.526906967 CET
8.8.8.8 192.168.2.2 0x11b4 No error (0) irc.dal.net 170.178.184.34 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:46.526906967 CET
8.8.8.8 192.168.2.2 0x11b4 No error (0) irc.dal.net 172.107.98.86 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:46.526906967 CET
8.8.8.8 192.168.2.2 0x11b4 No error (0) irc.dal.net 194.14.236.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:47.756628990 CET
8.8.8.8 192.168.2.2 0xfbdd Name error (3) leak.eliteirc.co.uk
none none A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2020 Page 30 of 79
Mar 3, 2020 02:58:49.843471050 CET
8.8.8.8 192.168.2.2 0xd660 No error (0) irc.dal.net 154.35.138.250 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:49.843471050 CET
8.8.8.8 192.168.2.2 0xd660 No error (0) irc.dal.net 170.178.184.34 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:49.843471050 CET
8.8.8.8 192.168.2.2 0xd660 No error (0) irc.dal.net 172.107.98.86 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:49.843471050 CET
8.8.8.8 192.168.2.2 0xd660 No error (0) irc.dal.net 194.14.236.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:49.843471050 CET
8.8.8.8 192.168.2.2 0xd660 No error (0) irc.dal.net 194.68.45.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:49.843471050 CET
8.8.8.8 192.168.2.2 0xd660 No error (0) irc.dal.net 31.24.226.185 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:49.843471050 CET
8.8.8.8 192.168.2.2 0xd660 No error (0) irc.dal.net 45.35.51.141 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:49.843471050 CET
8.8.8.8 192.168.2.2 0xd660 No error (0) irc.dal.net 91.217.189.35 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:49.843471050 CET
8.8.8.8 192.168.2.2 0xd660 No error (0) irc.dal.net 108.61.240.240 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:49.843471050 CET
8.8.8.8 192.168.2.2 0xd660 No error (0) irc.dal.net 119.31.225.100 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:49.843471050 CET
8.8.8.8 192.168.2.2 0xd660 No error (0) irc.dal.net 154.35.17.2 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:49.983320951 CET
8.8.8.8 192.168.2.2 0x3a13 No error (0) irc.rizon.net irc.map.rizon.net CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:58:49.983320951 CET
8.8.8.8 192.168.2.2 0x3a13 No error (0) irc.map.rizon.net sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:58:49.983320951 CET
8.8.8.8 192.168.2.2 0x3a13 No error (0) sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:58:49.983320951 CET
8.8.8.8 192.168.2.2 0x3a13 No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
104.196.117.31 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:49.983320951 CET
8.8.8.8 192.168.2.2 0x3a13 No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
80.65.57.18 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:51.803003073 CET
8.8.8.8 192.168.2.2 0xeaaf No error (0) us.undernet.org 104.149.232.242 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:51.803003073 CET
8.8.8.8 192.168.2.2 0xeaaf No error (0) us.undernet.org 45.58.183.18 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:51.803003073 CET
8.8.8.8 192.168.2.2 0xeaaf No error (0) us.undernet.org 23.228.66.219 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:51.803003073 CET
8.8.8.8 192.168.2.2 0xeaaf No error (0) us.undernet.org 91.236.182.1 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:52.805826902 CET
8.8.8.8 192.168.2.2 0x7a4f Name error (3) leak.eliteirc.co.uk
none none A (IP address) IN (0x0001)
Mar 3, 2020 02:58:53.106466055 CET
8.8.8.8 192.168.2.2 0x22f5 No error (0) irc.dal.net 194.68.45.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:53.106466055 CET
8.8.8.8 192.168.2.2 0x22f5 No error (0) irc.dal.net 31.24.226.185 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:53.106466055 CET
8.8.8.8 192.168.2.2 0x22f5 No error (0) irc.dal.net 45.35.51.141 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2020 Page 31 of 79
Mar 3, 2020 02:58:53.106466055 CET
8.8.8.8 192.168.2.2 0x22f5 No error (0) irc.dal.net 91.217.189.35 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:53.106466055 CET
8.8.8.8 192.168.2.2 0x22f5 No error (0) irc.dal.net 108.61.240.240 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:53.106466055 CET
8.8.8.8 192.168.2.2 0x22f5 No error (0) irc.dal.net 119.31.225.100 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:53.106466055 CET
8.8.8.8 192.168.2.2 0x22f5 No error (0) irc.dal.net 154.35.17.2 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:53.106466055 CET
8.8.8.8 192.168.2.2 0x22f5 No error (0) irc.dal.net 154.35.138.250 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:53.106466055 CET
8.8.8.8 192.168.2.2 0x22f5 No error (0) irc.dal.net 170.178.184.34 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:53.106466055 CET
8.8.8.8 192.168.2.2 0x22f5 No error (0) irc.dal.net 172.107.98.86 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:53.106466055 CET
8.8.8.8 192.168.2.2 0x22f5 No error (0) irc.dal.net 194.14.236.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:53.630362034 CET
8.8.8.8 192.168.2.2 0xb993 No error (0) irc.rizon.net irc.map.rizon.net CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:58:53.630362034 CET
8.8.8.8 192.168.2.2 0xb993 No error (0) irc.map.rizon.net sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:58:53.630362034 CET
8.8.8.8 192.168.2.2 0xb993 No error (0) sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:58:53.630362034 CET
8.8.8.8 192.168.2.2 0xb993 No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
80.65.57.18 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:53.630362034 CET
8.8.8.8 192.168.2.2 0xb993 No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
104.196.117.31 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:55.104760885 CET
8.8.8.8 192.168.2.2 0xf316 No error (0) us.undernet.org 45.58.183.18 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:55.104760885 CET
8.8.8.8 192.168.2.2 0xf316 No error (0) us.undernet.org 104.149.232.242 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:55.104760885 CET
8.8.8.8 192.168.2.2 0xf316 No error (0) us.undernet.org 91.236.182.1 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:55.104760885 CET
8.8.8.8 192.168.2.2 0xf316 No error (0) us.undernet.org 23.228.66.219 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:56.378103971 CET
8.8.8.8 192.168.2.2 0x2540 No error (0) irc.dal.net 108.61.240.240 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:56.378103971 CET
8.8.8.8 192.168.2.2 0x2540 No error (0) irc.dal.net 119.31.225.100 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:56.378103971 CET
8.8.8.8 192.168.2.2 0x2540 No error (0) irc.dal.net 154.35.17.2 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:56.378103971 CET
8.8.8.8 192.168.2.2 0x2540 No error (0) irc.dal.net 154.35.138.250 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:56.378103971 CET
8.8.8.8 192.168.2.2 0x2540 No error (0) irc.dal.net 170.178.184.34 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:56.378103971 CET
8.8.8.8 192.168.2.2 0x2540 No error (0) irc.dal.net 172.107.98.86 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:56.378103971 CET
8.8.8.8 192.168.2.2 0x2540 No error (0) irc.dal.net 194.14.236.50 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2020 Page 32 of 79
Mar 3, 2020 02:58:56.378103971 CET
8.8.8.8 192.168.2.2 0x2540 No error (0) irc.dal.net 194.68.45.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:56.378103971 CET
8.8.8.8 192.168.2.2 0x2540 No error (0) irc.dal.net 31.24.226.185 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:56.378103971 CET
8.8.8.8 192.168.2.2 0x2540 No error (0) irc.dal.net 45.35.51.141 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:56.378103971 CET
8.8.8.8 192.168.2.2 0x2540 No error (0) irc.dal.net 91.217.189.35 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:58.141156912 CET
8.8.8.8 192.168.2.2 0xf628 Name error (3) leak.eliteirc.co.uk
none none A (IP address) IN (0x0001)
Mar 3, 2020 02:58:58.271428108 CET
8.8.8.8 192.168.2.2 0xe54a No error (0) irc.rizon.net irc.map.rizon.net CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:58:58.271428108 CET
8.8.8.8 192.168.2.2 0xe54a No error (0) irc.map.rizon.net sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:58:58.271428108 CET
8.8.8.8 192.168.2.2 0xe54a No error (0) sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:58:58.271428108 CET
8.8.8.8 192.168.2.2 0xe54a No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
104.196.117.31 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:58.271428108 CET
8.8.8.8 192.168.2.2 0xe54a No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
80.65.57.18 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:58.289623022 CET
8.8.8.8 192.168.2.2 0x4294 No error (0) us.undernet.org 104.149.232.242 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:58.289623022 CET
8.8.8.8 192.168.2.2 0x4294 No error (0) us.undernet.org 45.58.183.18 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:58.289623022 CET
8.8.8.8 192.168.2.2 0x4294 No error (0) us.undernet.org 23.228.66.219 A (IP address) IN (0x0001)
Mar 3, 2020 02:58:58.289623022 CET
8.8.8.8 192.168.2.2 0x4294 No error (0) us.undernet.org 91.236.182.1 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:01.292686939 CET
8.8.8.8 192.168.2.2 0xf222 No error (0) irc.dal.net 194.14.236.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:01.292686939 CET
8.8.8.8 192.168.2.2 0xf222 No error (0) irc.dal.net 194.68.45.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:01.292686939 CET
8.8.8.8 192.168.2.2 0xf222 No error (0) irc.dal.net 31.24.226.185 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:01.292686939 CET
8.8.8.8 192.168.2.2 0xf222 No error (0) irc.dal.net 45.35.51.141 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:01.292686939 CET
8.8.8.8 192.168.2.2 0xf222 No error (0) irc.dal.net 91.217.189.35 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:01.292686939 CET
8.8.8.8 192.168.2.2 0xf222 No error (0) irc.dal.net 108.61.240.240 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:01.292686939 CET
8.8.8.8 192.168.2.2 0xf222 No error (0) irc.dal.net 119.31.225.100 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:01.292686939 CET
8.8.8.8 192.168.2.2 0xf222 No error (0) irc.dal.net 154.35.17.2 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:01.292686939 CET
8.8.8.8 192.168.2.2 0xf222 No error (0) irc.dal.net 154.35.138.250 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:01.292686939 CET
8.8.8.8 192.168.2.2 0xf222 No error (0) irc.dal.net 170.178.184.34 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2020 Page 33 of 79
Mar 3, 2020 02:59:01.292686939 CET
8.8.8.8 192.168.2.2 0xf222 No error (0) irc.dal.net 172.107.98.86 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:01.698451042 CET
8.8.8.8 192.168.2.2 0xedd1 No error (0) us.undernet.org 104.149.232.242 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:01.698451042 CET
8.8.8.8 192.168.2.2 0xedd1 No error (0) us.undernet.org 91.236.182.1 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:01.698451042 CET
8.8.8.8 192.168.2.2 0xedd1 No error (0) us.undernet.org 45.58.183.18 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:01.698451042 CET
8.8.8.8 192.168.2.2 0xedd1 No error (0) us.undernet.org 23.228.66.219 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:01.909229994 CET
8.8.8.8 192.168.2.2 0x6404 No error (0) irc.rizon.net irc.map.rizon.net CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:01.909229994 CET
8.8.8.8 192.168.2.2 0x6404 No error (0) irc.map.rizon.net sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:01.909229994 CET
8.8.8.8 192.168.2.2 0x6404 No error (0) sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:01.909229994 CET
8.8.8.8 192.168.2.2 0x6404 No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
80.65.57.18 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:01.909229994 CET
8.8.8.8 192.168.2.2 0x6404 No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
104.196.117.31 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:03.192779064 CET
8.8.8.8 192.168.2.2 0xa309 Name error (3) leak.eliteirc.co.uk
none none A (IP address) IN (0x0001)
Mar 3, 2020 02:59:03.787798882 CET
8.8.8.8 192.168.2.2 0xf51e No error (0) irc.efnet.net 141.213.238.252 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:03.787798882 CET
8.8.8.8 192.168.2.2 0xf51e No error (0) irc.efnet.net 193.163.220.3 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:03.787798882 CET
8.8.8.8 192.168.2.2 0xf51e No error (0) irc.efnet.net 194.109.129.220 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:03.787798882 CET
8.8.8.8 192.168.2.2 0xf51e No error (0) irc.efnet.net 195.140.202.142 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:03.787798882 CET
8.8.8.8 192.168.2.2 0xf51e No error (0) irc.efnet.net 198.252.144.2 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:03.787798882 CET
8.8.8.8 192.168.2.2 0xf51e No error (0) irc.efnet.net 198.3.160.3 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:03.787798882 CET
8.8.8.8 192.168.2.2 0xf51e No error (0) irc.efnet.net 198.47.99.99 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:03.787798882 CET
8.8.8.8 192.168.2.2 0xf51e No error (0) irc.efnet.net 205.188.234.121 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:03.787798882 CET
8.8.8.8 192.168.2.2 0xf51e No error (0) irc.efnet.net 205.210.145.3 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:03.787798882 CET
8.8.8.8 192.168.2.2 0xf51e No error (0) irc.efnet.net 208.51.40.2 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:03.787798882 CET
8.8.8.8 192.168.2.2 0xf51e No error (0) irc.efnet.net 209.249.249.126 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:03.787798882 CET
8.8.8.8 192.168.2.2 0xf51e No error (0) irc.efnet.net 217.17.33.10 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:03.787798882 CET
8.8.8.8 192.168.2.2 0xf51e No error (0) irc.efnet.net 64.237.34.150 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2020 Page 34 of 79
Mar 3, 2020 02:59:03.787798882 CET
8.8.8.8 192.168.2.2 0xf51e No error (0) irc.efnet.net 66.225.225.225 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:03.787798882 CET
8.8.8.8 192.168.2.2 0xf51e No error (0) irc.efnet.net 67.210.234.18 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:03.787798882 CET
8.8.8.8 192.168.2.2 0xf51e No error (0) irc.efnet.net 69.16.172.2 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:03.787798882 CET
8.8.8.8 192.168.2.2 0xf51e No error (0) irc.efnet.net 77.67.101.101 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:03.787798882 CET
8.8.8.8 192.168.2.2 0xf51e No error (0) irc.efnet.net 8.7.233.233 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:04.511234999 CET
8.8.8.8 192.168.2.2 0xddbc No error (0) irc.dal.net 194.14.236.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:04.511234999 CET
8.8.8.8 192.168.2.2 0xddbc No error (0) irc.dal.net 194.68.45.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:04.511234999 CET
8.8.8.8 192.168.2.2 0xddbc No error (0) irc.dal.net 31.24.226.185 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:04.511234999 CET
8.8.8.8 192.168.2.2 0xddbc No error (0) irc.dal.net 45.35.51.141 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:04.511234999 CET
8.8.8.8 192.168.2.2 0xddbc No error (0) irc.dal.net 91.217.189.35 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:04.511234999 CET
8.8.8.8 192.168.2.2 0xddbc No error (0) irc.dal.net 108.61.240.240 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:04.511234999 CET
8.8.8.8 192.168.2.2 0xddbc No error (0) irc.dal.net 119.31.225.100 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:04.511234999 CET
8.8.8.8 192.168.2.2 0xddbc No error (0) irc.dal.net 154.35.17.2 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:04.511234999 CET
8.8.8.8 192.168.2.2 0xddbc No error (0) irc.dal.net 154.35.138.250 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:04.511234999 CET
8.8.8.8 192.168.2.2 0xddbc No error (0) irc.dal.net 170.178.184.34 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:04.511234999 CET
8.8.8.8 192.168.2.2 0xddbc No error (0) irc.dal.net 172.107.98.86 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:05.102401018 CET
8.8.8.8 192.168.2.2 0x4f91 No error (0) eu.undernet.org 91.236.182.1 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:05.102401018 CET
8.8.8.8 192.168.2.2 0x4f91 No error (0) eu.undernet.org 45.58.135.130 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:05.102401018 CET
8.8.8.8 192.168.2.2 0x4f91 No error (0) eu.undernet.org 185.198.56.60 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:05.102401018 CET
8.8.8.8 192.168.2.2 0x4f91 No error (0) eu.undernet.org 45.58.183.18 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:05.102401018 CET
8.8.8.8 192.168.2.2 0x4f91 No error (0) eu.undernet.org 185.117.74.172 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:05.102401018 CET
8.8.8.8 192.168.2.2 0x4f91 No error (0) eu.undernet.org 94.125.182.255 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:05.212677002 CET
8.8.8.8 192.168.2.2 0xc53d No error (0) irc.rizon.net irc.map.rizon.net CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:05.212677002 CET
8.8.8.8 192.168.2.2 0xc53d No error (0) irc.map.rizon.net sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:05.212677002 CET
8.8.8.8 192.168.2.2 0xc53d No error (0) sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2020 Page 35 of 79
Mar 3, 2020 02:59:05.212677002 CET
8.8.8.8 192.168.2.2 0xc53d No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
80.65.57.18 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:05.212677002 CET
8.8.8.8 192.168.2.2 0xc53d No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
104.196.117.31 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:07.734842062 CET
8.8.8.8 192.168.2.2 0x9e68 No error (0) irc.dal.net 154.35.138.250 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:07.734842062 CET
8.8.8.8 192.168.2.2 0x9e68 No error (0) irc.dal.net 170.178.184.34 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:07.734842062 CET
8.8.8.8 192.168.2.2 0x9e68 No error (0) irc.dal.net 172.107.98.86 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:07.734842062 CET
8.8.8.8 192.168.2.2 0x9e68 No error (0) irc.dal.net 194.14.236.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:07.734842062 CET
8.8.8.8 192.168.2.2 0x9e68 No error (0) irc.dal.net 194.68.45.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:07.734842062 CET
8.8.8.8 192.168.2.2 0x9e68 No error (0) irc.dal.net 31.24.226.185 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:07.734842062 CET
8.8.8.8 192.168.2.2 0x9e68 No error (0) irc.dal.net 45.35.51.141 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:07.734842062 CET
8.8.8.8 192.168.2.2 0x9e68 No error (0) irc.dal.net 91.217.189.35 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:07.734842062 CET
8.8.8.8 192.168.2.2 0x9e68 No error (0) irc.dal.net 108.61.240.240 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:07.734842062 CET
8.8.8.8 192.168.2.2 0x9e68 No error (0) irc.dal.net 119.31.225.100 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:07.734842062 CET
8.8.8.8 192.168.2.2 0x9e68 No error (0) irc.dal.net 154.35.17.2 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:08.233861923 CET
8.8.8.8 192.168.2.2 0xb810 Name error (3) leak.eliteirc.co.uk
none none A (IP address) IN (0x0001)
Mar 3, 2020 02:59:08.519627094 CET
8.8.8.8 192.168.2.2 0x85e9 No error (0) irc.rizon.net irc.map.rizon.net CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:08.519627094 CET
8.8.8.8 192.168.2.2 0x85e9 No error (0) irc.map.rizon.net sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:08.519627094 CET
8.8.8.8 192.168.2.2 0x85e9 No error (0) sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:08.519627094 CET
8.8.8.8 192.168.2.2 0x85e9 No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
80.65.57.18 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:08.519627094 CET
8.8.8.8 192.168.2.2 0x85e9 No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
104.196.117.31 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:10.990135908 CET
8.8.8.8 192.168.2.2 0xf630 No error (0) irc.dal.net 108.61.240.240 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:10.990135908 CET
8.8.8.8 192.168.2.2 0xf630 No error (0) irc.dal.net 119.31.225.100 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:10.990135908 CET
8.8.8.8 192.168.2.2 0xf630 No error (0) irc.dal.net 154.35.17.2 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:10.990135908 CET
8.8.8.8 192.168.2.2 0xf630 No error (0) irc.dal.net 154.35.138.250 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2020 Page 36 of 79
Mar 3, 2020 02:59:10.990135908 CET
8.8.8.8 192.168.2.2 0xf630 No error (0) irc.dal.net 170.178.184.34 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:10.990135908 CET
8.8.8.8 192.168.2.2 0xf630 No error (0) irc.dal.net 172.107.98.86 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:10.990135908 CET
8.8.8.8 192.168.2.2 0xf630 No error (0) irc.dal.net 194.14.236.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:10.990135908 CET
8.8.8.8 192.168.2.2 0xf630 No error (0) irc.dal.net 194.68.45.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:10.990135908 CET
8.8.8.8 192.168.2.2 0xf630 No error (0) irc.dal.net 31.24.226.185 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:10.990135908 CET
8.8.8.8 192.168.2.2 0xf630 No error (0) irc.dal.net 45.35.51.141 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:10.990135908 CET
8.8.8.8 192.168.2.2 0xf630 No error (0) irc.dal.net 91.217.189.35 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:11.825386047 CET
8.8.8.8 192.168.2.2 0xef57 No error (0) irc.rizon.net irc.map.rizon.net CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:11.825386047 CET
8.8.8.8 192.168.2.2 0xef57 No error (0) irc.map.rizon.net sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:11.825386047 CET
8.8.8.8 192.168.2.2 0xef57 No error (0) sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:11.825386047 CET
8.8.8.8 192.168.2.2 0xef57 No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
80.65.57.18 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:11.825386047 CET
8.8.8.8 192.168.2.2 0xef57 No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
104.196.117.31 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:14.501884937 CET
8.8.8.8 192.168.2.2 0xf4f8 Name error (3) leak.eliteirc.co.uk
none none A (IP address) IN (0x0001)
Mar 3, 2020 02:59:14.581252098 CET
8.8.8.8 192.168.2.2 0xa0c1 No error (0) us.undernet.org 23.228.66.219 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:14.581252098 CET
8.8.8.8 192.168.2.2 0xa0c1 No error (0) us.undernet.org 91.236.182.1 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:14.581252098 CET
8.8.8.8 192.168.2.2 0xa0c1 No error (0) us.undernet.org 45.58.183.18 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:14.581252098 CET
8.8.8.8 192.168.2.2 0xa0c1 No error (0) us.undernet.org 104.149.232.242 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:14.583607912 CET
8.8.8.8 192.168.2.2 0xacbb No error (0) irc.dal.net 194.14.236.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:14.583607912 CET
8.8.8.8 192.168.2.2 0xacbb No error (0) irc.dal.net 194.68.45.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:14.583607912 CET
8.8.8.8 192.168.2.2 0xacbb No error (0) irc.dal.net 31.24.226.185 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:14.583607912 CET
8.8.8.8 192.168.2.2 0xacbb No error (0) irc.dal.net 45.35.51.141 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:14.583607912 CET
8.8.8.8 192.168.2.2 0xacbb No error (0) irc.dal.net 91.217.189.35 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:14.583607912 CET
8.8.8.8 192.168.2.2 0xacbb No error (0) irc.dal.net 108.61.240.240 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:14.583607912 CET
8.8.8.8 192.168.2.2 0xacbb No error (0) irc.dal.net 119.31.225.100 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2020 Page 37 of 79
Mar 3, 2020 02:59:14.583607912 CET
8.8.8.8 192.168.2.2 0xacbb No error (0) irc.dal.net 154.35.17.2 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:14.583607912 CET
8.8.8.8 192.168.2.2 0xacbb No error (0) irc.dal.net 154.35.138.250 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:14.583607912 CET
8.8.8.8 192.168.2.2 0xacbb No error (0) irc.dal.net 170.178.184.34 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:14.583607912 CET
8.8.8.8 192.168.2.2 0xacbb No error (0) irc.dal.net 172.107.98.86 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:15.131838083 CET
8.8.8.8 192.168.2.2 0xbe32 No error (0) irc.rizon.net irc.map.rizon.net CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:15.131838083 CET
8.8.8.8 192.168.2.2 0xbe32 No error (0) irc.map.rizon.net sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:15.131838083 CET
8.8.8.8 192.168.2.2 0xbe32 No error (0) sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:15.131838083 CET
8.8.8.8 192.168.2.2 0xbe32 No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
80.65.57.18 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:15.131838083 CET
8.8.8.8 192.168.2.2 0xbe32 No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
104.196.117.31 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:17.791831017 CET
8.8.8.8 192.168.2.2 0x74b5 No error (0) irc.dal.net 108.61.240.240 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:17.791831017 CET
8.8.8.8 192.168.2.2 0x74b5 No error (0) irc.dal.net 119.31.225.100 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:17.791831017 CET
8.8.8.8 192.168.2.2 0x74b5 No error (0) irc.dal.net 154.35.17.2 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:17.791831017 CET
8.8.8.8 192.168.2.2 0x74b5 No error (0) irc.dal.net 154.35.138.250 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:17.791831017 CET
8.8.8.8 192.168.2.2 0x74b5 No error (0) irc.dal.net 170.178.184.34 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:17.791831017 CET
8.8.8.8 192.168.2.2 0x74b5 No error (0) irc.dal.net 172.107.98.86 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:17.791831017 CET
8.8.8.8 192.168.2.2 0x74b5 No error (0) irc.dal.net 194.14.236.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:17.791831017 CET
8.8.8.8 192.168.2.2 0x74b5 No error (0) irc.dal.net 194.68.45.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:17.791831017 CET
8.8.8.8 192.168.2.2 0x74b5 No error (0) irc.dal.net 31.24.226.185 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:17.791831017 CET
8.8.8.8 192.168.2.2 0x74b5 No error (0) irc.dal.net 45.35.51.141 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:17.791831017 CET
8.8.8.8 192.168.2.2 0x74b5 No error (0) irc.dal.net 91.217.189.35 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:18.450876951 CET
8.8.8.8 192.168.2.2 0xd428 No error (0) irc.rizon.net irc.map.rizon.net CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:18.450876951 CET
8.8.8.8 192.168.2.2 0xd428 No error (0) irc.map.rizon.net sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:18.450876951 CET
8.8.8.8 192.168.2.2 0xd428 No error (0) sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2020 Page 38 of 79
Mar 3, 2020 02:59:18.450876951 CET
8.8.8.8 192.168.2.2 0xd428 No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
104.196.117.31 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:18.450876951 CET
8.8.8.8 192.168.2.2 0xd428 No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
80.65.57.18 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:19.565301895 CET
8.8.8.8 192.168.2.2 0xb78f Name error (3) leak.eliteirc.co.uk
none none A (IP address) IN (0x0001)
Mar 3, 2020 02:59:21.026721954 CET
8.8.8.8 192.168.2.2 0x6dbf No error (0) irc.dal.net 154.35.138.250 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:21.026721954 CET
8.8.8.8 192.168.2.2 0x6dbf No error (0) irc.dal.net 170.178.184.34 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:21.026721954 CET
8.8.8.8 192.168.2.2 0x6dbf No error (0) irc.dal.net 172.107.98.86 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:21.026721954 CET
8.8.8.8 192.168.2.2 0x6dbf No error (0) irc.dal.net 194.14.236.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:21.026721954 CET
8.8.8.8 192.168.2.2 0x6dbf No error (0) irc.dal.net 194.68.45.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:21.026721954 CET
8.8.8.8 192.168.2.2 0x6dbf No error (0) irc.dal.net 31.24.226.185 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:21.026721954 CET
8.8.8.8 192.168.2.2 0x6dbf No error (0) irc.dal.net 45.35.51.141 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:21.026721954 CET
8.8.8.8 192.168.2.2 0x6dbf No error (0) irc.dal.net 91.217.189.35 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:21.026721954 CET
8.8.8.8 192.168.2.2 0x6dbf No error (0) irc.dal.net 108.61.240.240 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:21.026721954 CET
8.8.8.8 192.168.2.2 0x6dbf No error (0) irc.dal.net 119.31.225.100 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:21.026721954 CET
8.8.8.8 192.168.2.2 0x6dbf No error (0) irc.dal.net 154.35.17.2 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:22.075815916 CET
8.8.8.8 192.168.2.2 0xbb2d No error (0) irc.rizon.net irc.map.rizon.net CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:22.075815916 CET
8.8.8.8 192.168.2.2 0xbb2d No error (0) irc.map.rizon.net sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:22.075815916 CET
8.8.8.8 192.168.2.2 0xbb2d No error (0) sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:22.075815916 CET
8.8.8.8 192.168.2.2 0xbb2d No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
80.65.57.18 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:22.075815916 CET
8.8.8.8 192.168.2.2 0xbb2d No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
104.196.117.31 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:23.395772934 CET
8.8.8.8 192.168.2.2 0x21bc No error (0) eu.undernet.org 45.58.183.18 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:23.395772934 CET
8.8.8.8 192.168.2.2 0x21bc No error (0) eu.undernet.org 91.236.182.1 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:23.395772934 CET
8.8.8.8 192.168.2.2 0x21bc No error (0) eu.undernet.org 185.117.74.172 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:23.395772934 CET
8.8.8.8 192.168.2.2 0x21bc No error (0) eu.undernet.org 94.125.182.255 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2020 Page 39 of 79
Mar 3, 2020 02:59:23.395772934 CET
8.8.8.8 192.168.2.2 0x21bc No error (0) eu.undernet.org 45.58.135.130 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:23.395772934 CET
8.8.8.8 192.168.2.2 0x21bc No error (0) eu.undernet.org 185.198.56.60 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:24.274987936 CET
8.8.8.8 192.168.2.2 0xfcc0 No error (0) irc.dal.net 108.61.240.240 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:24.274987936 CET
8.8.8.8 192.168.2.2 0xfcc0 No error (0) irc.dal.net 119.31.225.100 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:24.274987936 CET
8.8.8.8 192.168.2.2 0xfcc0 No error (0) irc.dal.net 154.35.17.2 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:24.274987936 CET
8.8.8.8 192.168.2.2 0xfcc0 No error (0) irc.dal.net 154.35.138.250 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:24.274987936 CET
8.8.8.8 192.168.2.2 0xfcc0 No error (0) irc.dal.net 170.178.184.34 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:24.274987936 CET
8.8.8.8 192.168.2.2 0xfcc0 No error (0) irc.dal.net 172.107.98.86 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:24.274987936 CET
8.8.8.8 192.168.2.2 0xfcc0 No error (0) irc.dal.net 194.14.236.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:24.274987936 CET
8.8.8.8 192.168.2.2 0xfcc0 No error (0) irc.dal.net 194.68.45.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:24.274987936 CET
8.8.8.8 192.168.2.2 0xfcc0 No error (0) irc.dal.net 31.24.226.185 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:24.274987936 CET
8.8.8.8 192.168.2.2 0xfcc0 No error (0) irc.dal.net 45.35.51.141 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:24.274987936 CET
8.8.8.8 192.168.2.2 0xfcc0 No error (0) irc.dal.net 91.217.189.35 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:24.624658108 CET
8.8.8.8 192.168.2.2 0xdf8 Name error (3) leak.eliteirc.co.uk
none none A (IP address) IN (0x0001)
Mar 3, 2020 02:59:24.928029060 CET
8.8.8.8 192.168.2.2 0x9d0f No error (0) irc.efnet.net 141.213.238.252 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:24.928029060 CET
8.8.8.8 192.168.2.2 0x9d0f No error (0) irc.efnet.net 193.163.220.3 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:24.928029060 CET
8.8.8.8 192.168.2.2 0x9d0f No error (0) irc.efnet.net 194.109.129.220 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:24.928029060 CET
8.8.8.8 192.168.2.2 0x9d0f No error (0) irc.efnet.net 195.140.202.142 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:24.928029060 CET
8.8.8.8 192.168.2.2 0x9d0f No error (0) irc.efnet.net 198.252.144.2 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:24.928029060 CET
8.8.8.8 192.168.2.2 0x9d0f No error (0) irc.efnet.net 198.3.160.3 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:24.928029060 CET
8.8.8.8 192.168.2.2 0x9d0f No error (0) irc.efnet.net 198.47.99.99 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:24.928029060 CET
8.8.8.8 192.168.2.2 0x9d0f No error (0) irc.efnet.net 205.188.234.121 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:24.928029060 CET
8.8.8.8 192.168.2.2 0x9d0f No error (0) irc.efnet.net 205.210.145.3 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:24.928029060 CET
8.8.8.8 192.168.2.2 0x9d0f No error (0) irc.efnet.net 208.51.40.2 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:24.928029060 CET
8.8.8.8 192.168.2.2 0x9d0f No error (0) irc.efnet.net 209.249.249.126 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:24.928029060 CET
8.8.8.8 192.168.2.2 0x9d0f No error (0) irc.efnet.net 217.17.33.10 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2020 Page 40 of 79
Mar 3, 2020 02:59:24.928029060 CET
8.8.8.8 192.168.2.2 0x9d0f No error (0) irc.efnet.net 64.237.34.150 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:24.928029060 CET
8.8.8.8 192.168.2.2 0x9d0f No error (0) irc.efnet.net 66.225.225.225 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:24.928029060 CET
8.8.8.8 192.168.2.2 0x9d0f No error (0) irc.efnet.net 67.210.234.18 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:24.928029060 CET
8.8.8.8 192.168.2.2 0x9d0f No error (0) irc.efnet.net 69.16.172.2 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:24.928029060 CET
8.8.8.8 192.168.2.2 0x9d0f No error (0) irc.efnet.net 77.67.101.101 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:24.928029060 CET
8.8.8.8 192.168.2.2 0x9d0f No error (0) irc.efnet.net 8.7.233.233 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:25.378356934 CET
8.8.8.8 192.168.2.2 0xac44 No error (0) irc.rizon.net irc.map.rizon.net CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:25.378356934 CET
8.8.8.8 192.168.2.2 0xac44 No error (0) irc.map.rizon.net sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:25.378356934 CET
8.8.8.8 192.168.2.2 0xac44 No error (0) sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:25.378356934 CET
8.8.8.8 192.168.2.2 0xac44 No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
80.65.57.18 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:25.378356934 CET
8.8.8.8 192.168.2.2 0xac44 No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
104.196.117.31 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:26.582578897 CET
8.8.8.8 192.168.2.2 0x9b5e No error (0) us.undernet.org 104.149.232.242 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:26.582578897 CET
8.8.8.8 192.168.2.2 0x9b5e No error (0) us.undernet.org 91.236.182.1 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:26.582578897 CET
8.8.8.8 192.168.2.2 0x9b5e No error (0) us.undernet.org 45.58.183.18 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:26.582578897 CET
8.8.8.8 192.168.2.2 0x9b5e No error (0) us.undernet.org 23.228.66.219 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:27.512293100 CET
8.8.8.8 192.168.2.2 0x9334 No error (0) irc.dal.net 194.14.236.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:27.512293100 CET
8.8.8.8 192.168.2.2 0x9334 No error (0) irc.dal.net 194.68.45.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:27.512293100 CET
8.8.8.8 192.168.2.2 0x9334 No error (0) irc.dal.net 31.24.226.185 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:27.512293100 CET
8.8.8.8 192.168.2.2 0x9334 No error (0) irc.dal.net 45.35.51.141 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:27.512293100 CET
8.8.8.8 192.168.2.2 0x9334 No error (0) irc.dal.net 91.217.189.35 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:27.512293100 CET
8.8.8.8 192.168.2.2 0x9334 No error (0) irc.dal.net 108.61.240.240 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:27.512293100 CET
8.8.8.8 192.168.2.2 0x9334 No error (0) irc.dal.net 119.31.225.100 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:27.512293100 CET
8.8.8.8 192.168.2.2 0x9334 No error (0) irc.dal.net 154.35.17.2 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:27.512293100 CET
8.8.8.8 192.168.2.2 0x9334 No error (0) irc.dal.net 154.35.138.250 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2020 Page 41 of 79
Mar 3, 2020 02:59:27.512293100 CET
8.8.8.8 192.168.2.2 0x9334 No error (0) irc.dal.net 170.178.184.34 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:27.512293100 CET
8.8.8.8 192.168.2.2 0x9334 No error (0) irc.dal.net 172.107.98.86 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:28.699227095 CET
8.8.8.8 192.168.2.2 0x83b No error (0) irc.rizon.net irc.map.rizon.net CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:28.699227095 CET
8.8.8.8 192.168.2.2 0x83b No error (0) irc.map.rizon.net sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:28.699227095 CET
8.8.8.8 192.168.2.2 0x83b No error (0) sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:28.699227095 CET
8.8.8.8 192.168.2.2 0x83b No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
104.196.117.31 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:28.699227095 CET
8.8.8.8 192.168.2.2 0x83b No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
80.65.57.18 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:29.665036917 CET
8.8.8.8 192.168.2.2 0x32d0 Name error (3) leak.eliteirc.co.uk
none none A (IP address) IN (0x0001)
Mar 3, 2020 02:59:29.888133049 CET
8.8.8.8 192.168.2.2 0x421 No error (0) eu.undernet.org 185.117.74.172 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:29.888133049 CET
8.8.8.8 192.168.2.2 0x421 No error (0) eu.undernet.org 45.58.135.130 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:29.888133049 CET
8.8.8.8 192.168.2.2 0x421 No error (0) eu.undernet.org 45.58.183.18 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:29.888133049 CET
8.8.8.8 192.168.2.2 0x421 No error (0) eu.undernet.org 185.198.56.60 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:29.888133049 CET
8.8.8.8 192.168.2.2 0x421 No error (0) eu.undernet.org 91.236.182.1 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:29.888133049 CET
8.8.8.8 192.168.2.2 0x421 No error (0) eu.undernet.org 94.125.182.255 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:30.727500916 CET
8.8.8.8 192.168.2.2 0x8cb5 No error (0) irc.dal.net 108.61.240.240 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:30.727500916 CET
8.8.8.8 192.168.2.2 0x8cb5 No error (0) irc.dal.net 119.31.225.100 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:30.727500916 CET
8.8.8.8 192.168.2.2 0x8cb5 No error (0) irc.dal.net 154.35.17.2 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:30.727500916 CET
8.8.8.8 192.168.2.2 0x8cb5 No error (0) irc.dal.net 154.35.138.250 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:30.727500916 CET
8.8.8.8 192.168.2.2 0x8cb5 No error (0) irc.dal.net 170.178.184.34 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:30.727500916 CET
8.8.8.8 192.168.2.2 0x8cb5 No error (0) irc.dal.net 172.107.98.86 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:30.727500916 CET
8.8.8.8 192.168.2.2 0x8cb5 No error (0) irc.dal.net 194.14.236.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:30.727500916 CET
8.8.8.8 192.168.2.2 0x8cb5 No error (0) irc.dal.net 194.68.45.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:30.727500916 CET
8.8.8.8 192.168.2.2 0x8cb5 No error (0) irc.dal.net 31.24.226.185 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:30.727500916 CET
8.8.8.8 192.168.2.2 0x8cb5 No error (0) irc.dal.net 45.35.51.141 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2020 Page 42 of 79
Mar 3, 2020 02:59:30.727500916 CET
8.8.8.8 192.168.2.2 0x8cb5 No error (0) irc.dal.net 91.217.189.35 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:32.318432093 CET
8.8.8.8 192.168.2.2 0x513a No error (0) irc.rizon.net irc.map.rizon.net CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:32.318432093 CET
8.8.8.8 192.168.2.2 0x513a No error (0) irc.map.rizon.net sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:32.318432093 CET
8.8.8.8 192.168.2.2 0x513a No error (0) sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:32.318432093 CET
8.8.8.8 192.168.2.2 0x513a No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
104.196.117.31 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:32.318432093 CET
8.8.8.8 192.168.2.2 0x513a No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
80.65.57.18 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:33.090390921 CET
8.8.8.8 192.168.2.2 0xcf22 No error (0) eu.undernet.org 91.236.182.1 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:33.090390921 CET
8.8.8.8 192.168.2.2 0xcf22 No error (0) eu.undernet.org 45.58.135.130 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:33.090390921 CET
8.8.8.8 192.168.2.2 0xcf22 No error (0) eu.undernet.org 185.198.56.60 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:33.090390921 CET
8.8.8.8 192.168.2.2 0xcf22 No error (0) eu.undernet.org 45.58.183.18 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:33.090390921 CET
8.8.8.8 192.168.2.2 0xcf22 No error (0) eu.undernet.org 185.117.74.172 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:33.090390921 CET
8.8.8.8 192.168.2.2 0xcf22 No error (0) eu.undernet.org 94.125.182.255 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:33.964260101 CET
8.8.8.8 192.168.2.2 0x6aea No error (0) irc.dal.net 194.14.236.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:33.964260101 CET
8.8.8.8 192.168.2.2 0x6aea No error (0) irc.dal.net 194.68.45.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:33.964260101 CET
8.8.8.8 192.168.2.2 0x6aea No error (0) irc.dal.net 31.24.226.185 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:33.964260101 CET
8.8.8.8 192.168.2.2 0x6aea No error (0) irc.dal.net 45.35.51.141 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:33.964260101 CET
8.8.8.8 192.168.2.2 0x6aea No error (0) irc.dal.net 91.217.189.35 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:33.964260101 CET
8.8.8.8 192.168.2.2 0x6aea No error (0) irc.dal.net 108.61.240.240 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:33.964260101 CET
8.8.8.8 192.168.2.2 0x6aea No error (0) irc.dal.net 119.31.225.100 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:33.964260101 CET
8.8.8.8 192.168.2.2 0x6aea No error (0) irc.dal.net 154.35.17.2 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:33.964260101 CET
8.8.8.8 192.168.2.2 0x6aea No error (0) irc.dal.net 154.35.138.250 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:33.964260101 CET
8.8.8.8 192.168.2.2 0x6aea No error (0) irc.dal.net 170.178.184.34 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:33.964260101 CET
8.8.8.8 192.168.2.2 0x6aea No error (0) irc.dal.net 172.107.98.86 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:34.691662073 CET
8.8.8.8 192.168.2.2 0x649f Name error (3) leak.eliteirc.co.uk
none none A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2020 Page 43 of 79
Mar 3, 2020 02:59:35.945986986 CET
8.8.8.8 192.168.2.2 0xfbe1 No error (0) irc.rizon.net irc.map.rizon.net CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:35.945986986 CET
8.8.8.8 192.168.2.2 0xfbe1 No error (0) irc.map.rizon.net sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:35.945986986 CET
8.8.8.8 192.168.2.2 0xfbe1 No error (0) sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:35.945986986 CET
8.8.8.8 192.168.2.2 0xfbe1 No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
80.65.57.18 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:35.945986986 CET
8.8.8.8 192.168.2.2 0xfbe1 No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
104.196.117.31 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:37.167826891 CET
8.8.8.8 192.168.2.2 0xee2e No error (0) irc.dal.net 154.35.138.250 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:37.167826891 CET
8.8.8.8 192.168.2.2 0xee2e No error (0) irc.dal.net 170.178.184.34 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:37.167826891 CET
8.8.8.8 192.168.2.2 0xee2e No error (0) irc.dal.net 172.107.98.86 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:37.167826891 CET
8.8.8.8 192.168.2.2 0xee2e No error (0) irc.dal.net 194.14.236.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:37.167826891 CET
8.8.8.8 192.168.2.2 0xee2e No error (0) irc.dal.net 194.68.45.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:37.167826891 CET
8.8.8.8 192.168.2.2 0xee2e No error (0) irc.dal.net 31.24.226.185 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:37.167826891 CET
8.8.8.8 192.168.2.2 0xee2e No error (0) irc.dal.net 45.35.51.141 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:37.167826891 CET
8.8.8.8 192.168.2.2 0xee2e No error (0) irc.dal.net 91.217.189.35 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:37.167826891 CET
8.8.8.8 192.168.2.2 0xee2e No error (0) irc.dal.net 108.61.240.240 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:37.167826891 CET
8.8.8.8 192.168.2.2 0xee2e No error (0) irc.dal.net 119.31.225.100 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:37.167826891 CET
8.8.8.8 192.168.2.2 0xee2e No error (0) irc.dal.net 154.35.17.2 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:39.246877909 CET
8.8.8.8 192.168.2.2 0x82 No error (0) irc.rizon.net irc.map.rizon.net CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:39.246877909 CET
8.8.8.8 192.168.2.2 0x82 No error (0) irc.map.rizon.net sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:39.246877909 CET
8.8.8.8 192.168.2.2 0x82 No error (0) sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:39.246877909 CET
8.8.8.8 192.168.2.2 0x82 No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
80.65.57.18 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:39.246877909 CET
8.8.8.8 192.168.2.2 0x82 No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
104.196.117.31 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:39.729149103 CET
8.8.8.8 192.168.2.2 0x9ae7 Name error (3) leak.eliteirc.co.uk
none none A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2020 Page 44 of 79
Mar 3, 2020 02:59:40.426050901 CET
8.8.8.8 192.168.2.2 0x11fe No error (0) irc.dal.net 108.61.240.240 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:40.426050901 CET
8.8.8.8 192.168.2.2 0x11fe No error (0) irc.dal.net 119.31.225.100 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:40.426050901 CET
8.8.8.8 192.168.2.2 0x11fe No error (0) irc.dal.net 154.35.17.2 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:40.426050901 CET
8.8.8.8 192.168.2.2 0x11fe No error (0) irc.dal.net 154.35.138.250 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:40.426050901 CET
8.8.8.8 192.168.2.2 0x11fe No error (0) irc.dal.net 170.178.184.34 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:40.426050901 CET
8.8.8.8 192.168.2.2 0x11fe No error (0) irc.dal.net 172.107.98.86 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:40.426050901 CET
8.8.8.8 192.168.2.2 0x11fe No error (0) irc.dal.net 194.14.236.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:40.426050901 CET
8.8.8.8 192.168.2.2 0x11fe No error (0) irc.dal.net 194.68.45.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:40.426050901 CET
8.8.8.8 192.168.2.2 0x11fe No error (0) irc.dal.net 31.24.226.185 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:40.426050901 CET
8.8.8.8 192.168.2.2 0x11fe No error (0) irc.dal.net 45.35.51.141 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:40.426050901 CET
8.8.8.8 192.168.2.2 0x11fe No error (0) irc.dal.net 91.217.189.35 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:41.804899931 CET
8.8.8.8 192.168.2.2 0xdf31 No error (0) eu.undernet.org 185.117.74.172 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:41.804899931 CET
8.8.8.8 192.168.2.2 0xdf31 No error (0) eu.undernet.org 45.58.135.130 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:41.804899931 CET
8.8.8.8 192.168.2.2 0xdf31 No error (0) eu.undernet.org 45.58.183.18 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:41.804899931 CET
8.8.8.8 192.168.2.2 0xdf31 No error (0) eu.undernet.org 185.198.56.60 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:41.804899931 CET
8.8.8.8 192.168.2.2 0xdf31 No error (0) eu.undernet.org 91.236.182.1 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:41.804899931 CET
8.8.8.8 192.168.2.2 0xdf31 No error (0) eu.undernet.org 94.125.182.255 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:42.548566103 CET
8.8.8.8 192.168.2.2 0x9344 No error (0) irc.rizon.net irc.map.rizon.net CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:42.548566103 CET
8.8.8.8 192.168.2.2 0x9344 No error (0) irc.map.rizon.net sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:42.548566103 CET
8.8.8.8 192.168.2.2 0x9344 No error (0) sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:42.548566103 CET
8.8.8.8 192.168.2.2 0x9344 No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
80.65.57.18 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:42.548566103 CET
8.8.8.8 192.168.2.2 0x9344 No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
104.196.117.31 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:43.678421021 CET
8.8.8.8 192.168.2.2 0x12b4 No error (0) irc.dal.net 154.35.138.250 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:43.678421021 CET
8.8.8.8 192.168.2.2 0x12b4 No error (0) irc.dal.net 170.178.184.34 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2020 Page 45 of 79
Mar 3, 2020 02:59:43.678421021 CET
8.8.8.8 192.168.2.2 0x12b4 No error (0) irc.dal.net 172.107.98.86 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:43.678421021 CET
8.8.8.8 192.168.2.2 0x12b4 No error (0) irc.dal.net 194.14.236.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:43.678421021 CET
8.8.8.8 192.168.2.2 0x12b4 No error (0) irc.dal.net 194.68.45.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:43.678421021 CET
8.8.8.8 192.168.2.2 0x12b4 No error (0) irc.dal.net 31.24.226.185 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:43.678421021 CET
8.8.8.8 192.168.2.2 0x12b4 No error (0) irc.dal.net 45.35.51.141 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:43.678421021 CET
8.8.8.8 192.168.2.2 0x12b4 No error (0) irc.dal.net 91.217.189.35 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:43.678421021 CET
8.8.8.8 192.168.2.2 0x12b4 No error (0) irc.dal.net 108.61.240.240 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:43.678421021 CET
8.8.8.8 192.168.2.2 0x12b4 No error (0) irc.dal.net 119.31.225.100 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:43.678421021 CET
8.8.8.8 192.168.2.2 0x12b4 No error (0) irc.dal.net 154.35.17.2 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:46.204761982 CET
8.8.8.8 192.168.2.2 0xc6a5 Name error (3) leak.eliteirc.co.uk
none none A (IP address) IN (0x0001)
Mar 3, 2020 02:59:46.301246881 CET
8.8.8.8 192.168.2.2 0xc184 No error (0) irc.efnet.net 141.213.238.252 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:46.301246881 CET
8.8.8.8 192.168.2.2 0xc184 No error (0) irc.efnet.net 193.163.220.3 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:46.301246881 CET
8.8.8.8 192.168.2.2 0xc184 No error (0) irc.efnet.net 194.109.129.220 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:46.301246881 CET
8.8.8.8 192.168.2.2 0xc184 No error (0) irc.efnet.net 195.140.202.142 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:46.301246881 CET
8.8.8.8 192.168.2.2 0xc184 No error (0) irc.efnet.net 198.252.144.2 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:46.301246881 CET
8.8.8.8 192.168.2.2 0xc184 No error (0) irc.efnet.net 198.3.160.3 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:46.301246881 CET
8.8.8.8 192.168.2.2 0xc184 No error (0) irc.efnet.net 198.47.99.99 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:46.301246881 CET
8.8.8.8 192.168.2.2 0xc184 No error (0) irc.efnet.net 205.188.234.121 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:46.301246881 CET
8.8.8.8 192.168.2.2 0xc184 No error (0) irc.efnet.net 205.210.145.3 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:46.301246881 CET
8.8.8.8 192.168.2.2 0xc184 No error (0) irc.efnet.net 208.51.40.2 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:46.301246881 CET
8.8.8.8 192.168.2.2 0xc184 No error (0) irc.efnet.net 209.249.249.126 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:46.301246881 CET
8.8.8.8 192.168.2.2 0xc184 No error (0) irc.efnet.net 217.17.33.10 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:46.301246881 CET
8.8.8.8 192.168.2.2 0xc184 No error (0) irc.efnet.net 64.237.34.150 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:46.301246881 CET
8.8.8.8 192.168.2.2 0xc184 No error (0) irc.efnet.net 66.225.225.225 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:46.301246881 CET
8.8.8.8 192.168.2.2 0xc184 No error (0) irc.efnet.net 67.210.234.18 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:46.301246881 CET
8.8.8.8 192.168.2.2 0xc184 No error (0) irc.efnet.net 69.16.172.2 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2020 Page 46 of 79
Mar 3, 2020 02:59:46.301246881 CET
8.8.8.8 192.168.2.2 0xc184 No error (0) irc.efnet.net 77.67.101.101 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:46.301246881 CET
8.8.8.8 192.168.2.2 0xc184 No error (0) irc.efnet.net 8.7.233.233 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:46.326898098 CET
8.8.8.8 192.168.2.2 0x5d5f No error (0) us.undernet.org 45.58.183.18 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:46.326898098 CET
8.8.8.8 192.168.2.2 0x5d5f No error (0) us.undernet.org 104.149.232.242 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:46.326898098 CET
8.8.8.8 192.168.2.2 0x5d5f No error (0) us.undernet.org 91.236.182.1 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:46.326898098 CET
8.8.8.8 192.168.2.2 0x5d5f No error (0) us.undernet.org 23.228.66.219 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:46.431030989 CET
8.8.8.8 192.168.2.2 0x4071 No error (0) irc.rizon.net irc.map.rizon.net CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:46.431030989 CET
8.8.8.8 192.168.2.2 0x4071 No error (0) irc.map.rizon.net sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:46.431030989 CET
8.8.8.8 192.168.2.2 0x4071 No error (0) sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:46.431030989 CET
8.8.8.8 192.168.2.2 0x4071 No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
80.65.57.18 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:46.431030989 CET
8.8.8.8 192.168.2.2 0x4071 No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
104.196.117.31 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:46.921334028 CET
8.8.8.8 192.168.2.2 0xcfdd No error (0) irc.dal.net 108.61.240.240 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:46.921334028 CET
8.8.8.8 192.168.2.2 0xcfdd No error (0) irc.dal.net 119.31.225.100 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:46.921334028 CET
8.8.8.8 192.168.2.2 0xcfdd No error (0) irc.dal.net 154.35.17.2 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:46.921334028 CET
8.8.8.8 192.168.2.2 0xcfdd No error (0) irc.dal.net 154.35.138.250 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:46.921334028 CET
8.8.8.8 192.168.2.2 0xcfdd No error (0) irc.dal.net 170.178.184.34 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:46.921334028 CET
8.8.8.8 192.168.2.2 0xcfdd No error (0) irc.dal.net 172.107.98.86 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:46.921334028 CET
8.8.8.8 192.168.2.2 0xcfdd No error (0) irc.dal.net 194.14.236.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:46.921334028 CET
8.8.8.8 192.168.2.2 0xcfdd No error (0) irc.dal.net 194.68.45.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:46.921334028 CET
8.8.8.8 192.168.2.2 0xcfdd No error (0) irc.dal.net 31.24.226.185 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:46.921334028 CET
8.8.8.8 192.168.2.2 0xcfdd No error (0) irc.dal.net 45.35.51.141 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:46.921334028 CET
8.8.8.8 192.168.2.2 0xcfdd No error (0) irc.dal.net 91.217.189.35 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:49.503793001 CET
8.8.8.8 192.168.2.2 0xe547 No error (0) us.undernet.org 104.149.232.242 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:49.503793001 CET
8.8.8.8 192.168.2.2 0xe547 No error (0) us.undernet.org 45.58.183.18 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2020 Page 47 of 79
Mar 3, 2020 02:59:49.503793001 CET
8.8.8.8 192.168.2.2 0xe547 No error (0) us.undernet.org 23.228.66.219 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:49.503793001 CET
8.8.8.8 192.168.2.2 0xe547 No error (0) us.undernet.org 91.236.182.1 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:49.734684944 CET
8.8.8.8 192.168.2.2 0xa464 No error (0) irc.rizon.net irc.map.rizon.net CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:49.734684944 CET
8.8.8.8 192.168.2.2 0xa464 No error (0) irc.map.rizon.net sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:49.734684944 CET
8.8.8.8 192.168.2.2 0xa464 No error (0) sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:49.734684944 CET
8.8.8.8 192.168.2.2 0xa464 No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
80.65.57.18 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:49.734684944 CET
8.8.8.8 192.168.2.2 0xa464 No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
104.196.117.31 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:50.145689011 CET
8.8.8.8 192.168.2.2 0xd38b No error (0) irc.dal.net 194.68.45.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:50.145689011 CET
8.8.8.8 192.168.2.2 0xd38b No error (0) irc.dal.net 31.24.226.185 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:50.145689011 CET
8.8.8.8 192.168.2.2 0xd38b No error (0) irc.dal.net 45.35.51.141 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:50.145689011 CET
8.8.8.8 192.168.2.2 0xd38b No error (0) irc.dal.net 91.217.189.35 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:50.145689011 CET
8.8.8.8 192.168.2.2 0xd38b No error (0) irc.dal.net 108.61.240.240 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:50.145689011 CET
8.8.8.8 192.168.2.2 0xd38b No error (0) irc.dal.net 119.31.225.100 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:50.145689011 CET
8.8.8.8 192.168.2.2 0xd38b No error (0) irc.dal.net 154.35.17.2 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:50.145689011 CET
8.8.8.8 192.168.2.2 0xd38b No error (0) irc.dal.net 154.35.138.250 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:50.145689011 CET
8.8.8.8 192.168.2.2 0xd38b No error (0) irc.dal.net 170.178.184.34 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:50.145689011 CET
8.8.8.8 192.168.2.2 0xd38b No error (0) irc.dal.net 172.107.98.86 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:50.145689011 CET
8.8.8.8 192.168.2.2 0xd38b No error (0) irc.dal.net 194.14.236.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:51.248886108 CET
8.8.8.8 192.168.2.2 0xb1e6 Name error (3) leak.eliteirc.co.uk
none none A (IP address) IN (0x0001)
Mar 3, 2020 02:59:52.778170109 CET
8.8.8.8 192.168.2.2 0xa593 No error (0) eu.undernet.org 45.58.183.18 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:52.778170109 CET
8.8.8.8 192.168.2.2 0xa593 No error (0) eu.undernet.org 91.236.182.1 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:52.778170109 CET
8.8.8.8 192.168.2.2 0xa593 No error (0) eu.undernet.org 185.117.74.172 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:52.778170109 CET
8.8.8.8 192.168.2.2 0xa593 No error (0) eu.undernet.org 94.125.182.255 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:52.778170109 CET
8.8.8.8 192.168.2.2 0xa593 No error (0) eu.undernet.org 45.58.135.130 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2020 Page 48 of 79
Mar 3, 2020 02:59:52.778170109 CET
8.8.8.8 192.168.2.2 0xa593 No error (0) eu.undernet.org 185.198.56.60 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:53.055788040 CET
8.8.8.8 192.168.2.2 0x709 No error (0) irc.rizon.net irc.map.rizon.net CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:53.055788040 CET
8.8.8.8 192.168.2.2 0x709 No error (0) irc.map.rizon.net sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:53.055788040 CET
8.8.8.8 192.168.2.2 0x709 No error (0) sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:53.055788040 CET
8.8.8.8 192.168.2.2 0x709 No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
104.196.117.31 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:53.055788040 CET
8.8.8.8 192.168.2.2 0x709 No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
80.65.57.18 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:53.353554010 CET
8.8.8.8 192.168.2.2 0x76ab No error (0) irc.dal.net 108.61.240.240 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:53.353554010 CET
8.8.8.8 192.168.2.2 0x76ab No error (0) irc.dal.net 119.31.225.100 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:53.353554010 CET
8.8.8.8 192.168.2.2 0x76ab No error (0) irc.dal.net 154.35.17.2 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:53.353554010 CET
8.8.8.8 192.168.2.2 0x76ab No error (0) irc.dal.net 154.35.138.250 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:53.353554010 CET
8.8.8.8 192.168.2.2 0x76ab No error (0) irc.dal.net 170.178.184.34 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:53.353554010 CET
8.8.8.8 192.168.2.2 0x76ab No error (0) irc.dal.net 172.107.98.86 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:53.353554010 CET
8.8.8.8 192.168.2.2 0x76ab No error (0) irc.dal.net 194.14.236.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:53.353554010 CET
8.8.8.8 192.168.2.2 0x76ab No error (0) irc.dal.net 194.68.45.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:53.353554010 CET
8.8.8.8 192.168.2.2 0x76ab No error (0) irc.dal.net 31.24.226.185 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:53.353554010 CET
8.8.8.8 192.168.2.2 0x76ab No error (0) irc.dal.net 45.35.51.141 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:53.353554010 CET
8.8.8.8 192.168.2.2 0x76ab No error (0) irc.dal.net 91.217.189.35 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:55.945466042 CET
8.8.8.8 192.168.2.2 0x15bf No error (0) us.undernet.org 45.58.183.18 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:55.945466042 CET
8.8.8.8 192.168.2.2 0x15bf No error (0) us.undernet.org 104.149.232.242 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:55.945466042 CET
8.8.8.8 192.168.2.2 0x15bf No error (0) us.undernet.org 91.236.182.1 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:55.945466042 CET
8.8.8.8 192.168.2.2 0x15bf No error (0) us.undernet.org 23.228.66.219 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:56.294528008 CET
8.8.8.8 192.168.2.2 0x45d0 Name error (3) leak.eliteirc.co.uk
none none A (IP address) IN (0x0001)
Mar 3, 2020 02:59:56.584424973 CET
8.8.8.8 192.168.2.2 0x9b9 No error (0) irc.dal.net 194.14.236.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:56.584424973 CET
8.8.8.8 192.168.2.2 0x9b9 No error (0) irc.dal.net 194.68.45.50 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2020 Page 49 of 79
Mar 3, 2020 02:59:56.584424973 CET
8.8.8.8 192.168.2.2 0x9b9 No error (0) irc.dal.net 31.24.226.185 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:56.584424973 CET
8.8.8.8 192.168.2.2 0x9b9 No error (0) irc.dal.net 45.35.51.141 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:56.584424973 CET
8.8.8.8 192.168.2.2 0x9b9 No error (0) irc.dal.net 91.217.189.35 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:56.584424973 CET
8.8.8.8 192.168.2.2 0x9b9 No error (0) irc.dal.net 108.61.240.240 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:56.584424973 CET
8.8.8.8 192.168.2.2 0x9b9 No error (0) irc.dal.net 119.31.225.100 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:56.584424973 CET
8.8.8.8 192.168.2.2 0x9b9 No error (0) irc.dal.net 154.35.17.2 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:56.584424973 CET
8.8.8.8 192.168.2.2 0x9b9 No error (0) irc.dal.net 154.35.138.250 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:56.584424973 CET
8.8.8.8 192.168.2.2 0x9b9 No error (0) irc.dal.net 170.178.184.34 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:56.584424973 CET
8.8.8.8 192.168.2.2 0x9b9 No error (0) irc.dal.net 172.107.98.86 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:56.665370941 CET
8.8.8.8 192.168.2.2 0xada No error (0) irc.rizon.net irc.map.rizon.net CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:56.665370941 CET
8.8.8.8 192.168.2.2 0xada No error (0) irc.map.rizon.net sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:56.665370941 CET
8.8.8.8 192.168.2.2 0xada No error (0) sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 02:59:56.665370941 CET
8.8.8.8 192.168.2.2 0xada No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
104.196.117.31 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:56.665370941 CET
8.8.8.8 192.168.2.2 0xada No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
80.65.57.18 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:59.129090071 CET
8.8.8.8 192.168.2.2 0x7351 No error (0) eu.undernet.org 91.236.182.1 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:59.129090071 CET
8.8.8.8 192.168.2.2 0x7351 No error (0) eu.undernet.org 45.58.135.130 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:59.129090071 CET
8.8.8.8 192.168.2.2 0x7351 No error (0) eu.undernet.org 185.198.56.60 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:59.129090071 CET
8.8.8.8 192.168.2.2 0x7351 No error (0) eu.undernet.org 45.58.183.18 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:59.129090071 CET
8.8.8.8 192.168.2.2 0x7351 No error (0) eu.undernet.org 185.117.74.172 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:59.129090071 CET
8.8.8.8 192.168.2.2 0x7351 No error (0) eu.undernet.org 94.125.182.255 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:59.802356958 CET
8.8.8.8 192.168.2.2 0xbb8e No error (0) irc.dal.net 194.68.45.50 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:59.802356958 CET
8.8.8.8 192.168.2.2 0xbb8e No error (0) irc.dal.net 31.24.226.185 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:59.802356958 CET
8.8.8.8 192.168.2.2 0xbb8e No error (0) irc.dal.net 45.35.51.141 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:59.802356958 CET
8.8.8.8 192.168.2.2 0xbb8e No error (0) irc.dal.net 91.217.189.35 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2020 Page 50 of 79
Mar 3, 2020 02:59:59.802356958 CET
8.8.8.8 192.168.2.2 0xbb8e No error (0) irc.dal.net 108.61.240.240 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:59.802356958 CET
8.8.8.8 192.168.2.2 0xbb8e No error (0) irc.dal.net 119.31.225.100 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:59.802356958 CET
8.8.8.8 192.168.2.2 0xbb8e No error (0) irc.dal.net 154.35.17.2 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:59.802356958 CET
8.8.8.8 192.168.2.2 0xbb8e No error (0) irc.dal.net 154.35.138.250 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:59.802356958 CET
8.8.8.8 192.168.2.2 0xbb8e No error (0) irc.dal.net 170.178.184.34 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:59.802356958 CET
8.8.8.8 192.168.2.2 0xbb8e No error (0) irc.dal.net 172.107.98.86 A (IP address) IN (0x0001)
Mar 3, 2020 02:59:59.802356958 CET
8.8.8.8 192.168.2.2 0xbb8e No error (0) irc.dal.net 194.14.236.50 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:00.304663897 CET
8.8.8.8 192.168.2.2 0x6e48 No error (0) irc.rizon.net irc.map.rizon.net CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 03:00:00.304663897 CET
8.8.8.8 192.168.2.2 0x6e48 No error (0) irc.map.rizon.net sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 03:00:00.304663897 CET
8.8.8.8 192.168.2.2 0x6e48 No error (0) sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 03:00:00.304663897 CET
8.8.8.8 192.168.2.2 0x6e48 No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
80.65.57.18 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:00.304663897 CET
8.8.8.8 192.168.2.2 0x6e48 No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
104.196.117.31 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:02.920644045 CET
8.8.8.8 192.168.2.2 0xdad6 Name error (3) leak.eliteirc.co.uk
none none A (IP address) IN (0x0001)
Mar 3, 2020 03:00:03.023592949 CET
8.8.8.8 192.168.2.2 0x39d2 No error (0) irc.dal.net 194.68.45.50 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:03.023592949 CET
8.8.8.8 192.168.2.2 0x39d2 No error (0) irc.dal.net 31.24.226.185 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:03.023592949 CET
8.8.8.8 192.168.2.2 0x39d2 No error (0) irc.dal.net 45.35.51.141 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:03.023592949 CET
8.8.8.8 192.168.2.2 0x39d2 No error (0) irc.dal.net 91.217.189.35 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:03.023592949 CET
8.8.8.8 192.168.2.2 0x39d2 No error (0) irc.dal.net 108.61.240.240 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:03.023592949 CET
8.8.8.8 192.168.2.2 0x39d2 No error (0) irc.dal.net 119.31.225.100 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:03.023592949 CET
8.8.8.8 192.168.2.2 0x39d2 No error (0) irc.dal.net 154.35.17.2 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:03.023592949 CET
8.8.8.8 192.168.2.2 0x39d2 No error (0) irc.dal.net 154.35.138.250 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:03.023592949 CET
8.8.8.8 192.168.2.2 0x39d2 No error (0) irc.dal.net 170.178.184.34 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:03.023592949 CET
8.8.8.8 192.168.2.2 0x39d2 No error (0) irc.dal.net 172.107.98.86 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:03.023592949 CET
8.8.8.8 192.168.2.2 0x39d2 No error (0) irc.dal.net 194.14.236.50 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2020 Page 51 of 79
Mar 3, 2020 03:00:03.048018932 CET
8.8.8.8 192.168.2.2 0xf08c No error (0) eu.undernet.org 94.125.182.255 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:03.048018932 CET
8.8.8.8 192.168.2.2 0xf08c No error (0) eu.undernet.org 45.58.183.18 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:03.048018932 CET
8.8.8.8 192.168.2.2 0xf08c No error (0) eu.undernet.org 91.236.182.1 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:03.048018932 CET
8.8.8.8 192.168.2.2 0xf08c No error (0) eu.undernet.org 45.58.135.130 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:03.048018932 CET
8.8.8.8 192.168.2.2 0xf08c No error (0) eu.undernet.org 185.198.56.60 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:03.048018932 CET
8.8.8.8 192.168.2.2 0xf08c No error (0) eu.undernet.org 185.117.74.172 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:03.605873108 CET
8.8.8.8 192.168.2.2 0x957a No error (0) irc.rizon.net irc.map.rizon.net CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 03:00:03.605873108 CET
8.8.8.8 192.168.2.2 0x957a No error (0) irc.map.rizon.net sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 03:00:03.605873108 CET
8.8.8.8 192.168.2.2 0x957a No error (0) sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 03:00:03.605873108 CET
8.8.8.8 192.168.2.2 0x957a No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
80.65.57.18 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:03.605873108 CET
8.8.8.8 192.168.2.2 0x957a No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
104.196.117.31 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:06.246649981 CET
8.8.8.8 192.168.2.2 0x874 No error (0) eu.undernet.org 45.58.183.18 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:06.246649981 CET
8.8.8.8 192.168.2.2 0x874 No error (0) eu.undernet.org 91.236.182.1 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:06.246649981 CET
8.8.8.8 192.168.2.2 0x874 No error (0) eu.undernet.org 185.117.74.172 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:06.246649981 CET
8.8.8.8 192.168.2.2 0x874 No error (0) eu.undernet.org 94.125.182.255 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:06.246649981 CET
8.8.8.8 192.168.2.2 0x874 No error (0) eu.undernet.org 45.58.135.130 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:06.246649981 CET
8.8.8.8 192.168.2.2 0x874 No error (0) eu.undernet.org 185.198.56.60 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:06.259120941 CET
8.8.8.8 192.168.2.2 0xa1cd No error (0) irc.dal.net 194.68.45.50 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:06.259120941 CET
8.8.8.8 192.168.2.2 0xa1cd No error (0) irc.dal.net 31.24.226.185 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:06.259120941 CET
8.8.8.8 192.168.2.2 0xa1cd No error (0) irc.dal.net 45.35.51.141 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:06.259120941 CET
8.8.8.8 192.168.2.2 0xa1cd No error (0) irc.dal.net 91.217.189.35 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:06.259120941 CET
8.8.8.8 192.168.2.2 0xa1cd No error (0) irc.dal.net 108.61.240.240 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:06.259120941 CET
8.8.8.8 192.168.2.2 0xa1cd No error (0) irc.dal.net 119.31.225.100 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:06.259120941 CET
8.8.8.8 192.168.2.2 0xa1cd No error (0) irc.dal.net 154.35.17.2 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2020 Page 52 of 79
Mar 3, 2020 03:00:06.259120941 CET
8.8.8.8 192.168.2.2 0xa1cd No error (0) irc.dal.net 154.35.138.250 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:06.259120941 CET
8.8.8.8 192.168.2.2 0xa1cd No error (0) irc.dal.net 170.178.184.34 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:06.259120941 CET
8.8.8.8 192.168.2.2 0xa1cd No error (0) irc.dal.net 172.107.98.86 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:06.259120941 CET
8.8.8.8 192.168.2.2 0xa1cd No error (0) irc.dal.net 194.14.236.50 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:06.911353111 CET
8.8.8.8 192.168.2.2 0x5892 No error (0) irc.rizon.net irc.map.rizon.net CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 03:00:06.911353111 CET
8.8.8.8 192.168.2.2 0x5892 No error (0) irc.map.rizon.net sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 03:00:06.911353111 CET
8.8.8.8 192.168.2.2 0x5892 No error (0) sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 03:00:06.911353111 CET
8.8.8.8 192.168.2.2 0x5892 No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
80.65.57.18 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:06.911353111 CET
8.8.8.8 192.168.2.2 0x5892 No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
104.196.117.31 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:07.465667963 CET
8.8.8.8 192.168.2.2 0x960b No error (0) irc.efnet.net 141.213.238.252 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:07.465667963 CET
8.8.8.8 192.168.2.2 0x960b No error (0) irc.efnet.net 193.163.220.3 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:07.465667963 CET
8.8.8.8 192.168.2.2 0x960b No error (0) irc.efnet.net 194.109.129.220 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:07.465667963 CET
8.8.8.8 192.168.2.2 0x960b No error (0) irc.efnet.net 195.140.202.142 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:07.465667963 CET
8.8.8.8 192.168.2.2 0x960b No error (0) irc.efnet.net 198.252.144.2 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:07.465667963 CET
8.8.8.8 192.168.2.2 0x960b No error (0) irc.efnet.net 198.3.160.3 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:07.465667963 CET
8.8.8.8 192.168.2.2 0x960b No error (0) irc.efnet.net 198.47.99.99 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:07.465667963 CET
8.8.8.8 192.168.2.2 0x960b No error (0) irc.efnet.net 205.188.234.121 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:07.465667963 CET
8.8.8.8 192.168.2.2 0x960b No error (0) irc.efnet.net 205.210.145.3 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:07.465667963 CET
8.8.8.8 192.168.2.2 0x960b No error (0) irc.efnet.net 208.51.40.2 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:07.465667963 CET
8.8.8.8 192.168.2.2 0x960b No error (0) irc.efnet.net 209.249.249.126 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:07.465667963 CET
8.8.8.8 192.168.2.2 0x960b No error (0) irc.efnet.net 217.17.33.10 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:07.465667963 CET
8.8.8.8 192.168.2.2 0x960b No error (0) irc.efnet.net 64.237.34.150 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:07.465667963 CET
8.8.8.8 192.168.2.2 0x960b No error (0) irc.efnet.net 66.225.225.225 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:07.465667963 CET
8.8.8.8 192.168.2.2 0x960b No error (0) irc.efnet.net 67.210.234.18 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2020 Page 53 of 79
Mar 3, 2020 03:00:07.465667963 CET
8.8.8.8 192.168.2.2 0x960b No error (0) irc.efnet.net 69.16.172.2 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:07.465667963 CET
8.8.8.8 192.168.2.2 0x960b No error (0) irc.efnet.net 77.67.101.101 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:07.465667963 CET
8.8.8.8 192.168.2.2 0x960b No error (0) irc.efnet.net 8.7.233.233 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:07.959275007 CET
8.8.8.8 192.168.2.2 0xab0f Name error (3) leak.eliteirc.co.uk
none none A (IP address) IN (0x0001)
Mar 3, 2020 03:00:09.424839020 CET
8.8.8.8 192.168.2.2 0xbbc3 No error (0) us.undernet.org 45.58.183.18 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:09.424839020 CET
8.8.8.8 192.168.2.2 0xbbc3 No error (0) us.undernet.org 104.149.232.242 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:09.424839020 CET
8.8.8.8 192.168.2.2 0xbbc3 No error (0) us.undernet.org 91.236.182.1 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:09.424839020 CET
8.8.8.8 192.168.2.2 0xbbc3 No error (0) us.undernet.org 23.228.66.219 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:09.474936962 CET
8.8.8.8 192.168.2.2 0x2ceb No error (0) irc.dal.net 108.61.240.240 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:09.474936962 CET
8.8.8.8 192.168.2.2 0x2ceb No error (0) irc.dal.net 119.31.225.100 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:09.474936962 CET
8.8.8.8 192.168.2.2 0x2ceb No error (0) irc.dal.net 154.35.17.2 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:09.474936962 CET
8.8.8.8 192.168.2.2 0x2ceb No error (0) irc.dal.net 154.35.138.250 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:09.474936962 CET
8.8.8.8 192.168.2.2 0x2ceb No error (0) irc.dal.net 170.178.184.34 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:09.474936962 CET
8.8.8.8 192.168.2.2 0x2ceb No error (0) irc.dal.net 172.107.98.86 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:09.474936962 CET
8.8.8.8 192.168.2.2 0x2ceb No error (0) irc.dal.net 194.14.236.50 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:09.474936962 CET
8.8.8.8 192.168.2.2 0x2ceb No error (0) irc.dal.net 194.68.45.50 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:09.474936962 CET
8.8.8.8 192.168.2.2 0x2ceb No error (0) irc.dal.net 31.24.226.185 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:09.474936962 CET
8.8.8.8 192.168.2.2 0x2ceb No error (0) irc.dal.net 45.35.51.141 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:09.474936962 CET
8.8.8.8 192.168.2.2 0x2ceb No error (0) irc.dal.net 91.217.189.35 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:10.486392021 CET
8.8.8.8 192.168.2.2 0x8a81 No error (0) irc.rizon.net irc.map.rizon.net CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 03:00:10.486392021 CET
8.8.8.8 192.168.2.2 0x8a81 No error (0) irc.map.rizon.net sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 03:00:10.486392021 CET
8.8.8.8 192.168.2.2 0x8a81 No error (0) sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 03:00:10.486392021 CET
8.8.8.8 192.168.2.2 0x8a81 No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
104.196.117.31 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:10.486392021 CET
8.8.8.8 192.168.2.2 0x8a81 No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
80.65.57.18 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2020 Page 54 of 79
Mar 3, 2020 03:00:12.599679947 CET
8.8.8.8 192.168.2.2 0x7dc No error (0) eu.undernet.org 45.58.183.18 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:12.599679947 CET
8.8.8.8 192.168.2.2 0x7dc No error (0) eu.undernet.org 91.236.182.1 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:12.599679947 CET
8.8.8.8 192.168.2.2 0x7dc No error (0) eu.undernet.org 185.117.74.172 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:12.599679947 CET
8.8.8.8 192.168.2.2 0x7dc No error (0) eu.undernet.org 94.125.182.255 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:12.599679947 CET
8.8.8.8 192.168.2.2 0x7dc No error (0) eu.undernet.org 45.58.135.130 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:12.599679947 CET
8.8.8.8 192.168.2.2 0x7dc No error (0) eu.undernet.org 185.198.56.60 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:12.700344086 CET
8.8.8.8 192.168.2.2 0x1cc1 No error (0) irc.dal.net 108.61.240.240 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:12.700344086 CET
8.8.8.8 192.168.2.2 0x1cc1 No error (0) irc.dal.net 119.31.225.100 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:12.700344086 CET
8.8.8.8 192.168.2.2 0x1cc1 No error (0) irc.dal.net 154.35.17.2 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:12.700344086 CET
8.8.8.8 192.168.2.2 0x1cc1 No error (0) irc.dal.net 154.35.138.250 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:12.700344086 CET
8.8.8.8 192.168.2.2 0x1cc1 No error (0) irc.dal.net 170.178.184.34 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:12.700344086 CET
8.8.8.8 192.168.2.2 0x1cc1 No error (0) irc.dal.net 172.107.98.86 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:12.700344086 CET
8.8.8.8 192.168.2.2 0x1cc1 No error (0) irc.dal.net 194.14.236.50 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:12.700344086 CET
8.8.8.8 192.168.2.2 0x1cc1 No error (0) irc.dal.net 194.68.45.50 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:12.700344086 CET
8.8.8.8 192.168.2.2 0x1cc1 No error (0) irc.dal.net 31.24.226.185 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:12.700344086 CET
8.8.8.8 192.168.2.2 0x1cc1 No error (0) irc.dal.net 45.35.51.141 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:12.700344086 CET
8.8.8.8 192.168.2.2 0x1cc1 No error (0) irc.dal.net 91.217.189.35 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:12.990371943 CET
8.8.8.8 192.168.2.2 0xaa8d Name error (3) leak.eliteirc.co.uk
none none A (IP address) IN (0x0001)
Mar 3, 2020 03:00:14.133182049 CET
8.8.8.8 192.168.2.2 0xc42e No error (0) irc.rizon.net irc.map.rizon.net CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 03:00:14.133182049 CET
8.8.8.8 192.168.2.2 0xc42e No error (0) irc.map.rizon.net sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 03:00:14.133182049 CET
8.8.8.8 192.168.2.2 0xc42e No error (0) sfykrmx3gi2lvjzbq33dweqm5qyiky2u7fzqtmjtzq.map.rizon.net
xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
CNAME (Canonical name)
IN (0x0001)
Mar 3, 2020 03:00:14.133182049 CET
8.8.8.8 192.168.2.2 0xc42e No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
80.65.57.18 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:14.133182049 CET
8.8.8.8 192.168.2.2 0xc42e No error (0) xp5kvlsxhgt5m4z3qpt6vik4a55shw7dxb5zwabuka.map.rizon.net
104.196.117.31 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:15.775207996 CET
8.8.8.8 192.168.2.2 0xb4d0 No error (0) eu.undernet.org 94.125.182.255 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2020 Page 55 of 79
Mar 3, 2020 03:00:15.775207996 CET
8.8.8.8 192.168.2.2 0xb4d0 No error (0) eu.undernet.org 45.58.183.18 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:15.775207996 CET
8.8.8.8 192.168.2.2 0xb4d0 No error (0) eu.undernet.org 91.236.182.1 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:15.775207996 CET
8.8.8.8 192.168.2.2 0xb4d0 No error (0) eu.undernet.org 45.58.135.130 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:15.775207996 CET
8.8.8.8 192.168.2.2 0xb4d0 No error (0) eu.undernet.org 185.198.56.60 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:15.775207996 CET
8.8.8.8 192.168.2.2 0xb4d0 No error (0) eu.undernet.org 185.117.74.172 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:15.932889938 CET
8.8.8.8 192.168.2.2 0xe20b No error (0) irc.dal.net 194.14.236.50 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:15.932889938 CET
8.8.8.8 192.168.2.2 0xe20b No error (0) irc.dal.net 194.68.45.50 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:15.932889938 CET
8.8.8.8 192.168.2.2 0xe20b No error (0) irc.dal.net 31.24.226.185 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:15.932889938 CET
8.8.8.8 192.168.2.2 0xe20b No error (0) irc.dal.net 45.35.51.141 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:15.932889938 CET
8.8.8.8 192.168.2.2 0xe20b No error (0) irc.dal.net 91.217.189.35 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:15.932889938 CET
8.8.8.8 192.168.2.2 0xe20b No error (0) irc.dal.net 108.61.240.240 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:15.932889938 CET
8.8.8.8 192.168.2.2 0xe20b No error (0) irc.dal.net 119.31.225.100 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:15.932889938 CET
8.8.8.8 192.168.2.2 0xe20b No error (0) irc.dal.net 154.35.17.2 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:15.932889938 CET
8.8.8.8 192.168.2.2 0xe20b No error (0) irc.dal.net 154.35.138.250 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:15.932889938 CET
8.8.8.8 192.168.2.2 0xe20b No error (0) irc.dal.net 170.178.184.34 A (IP address) IN (0x0001)
Mar 3, 2020 03:00:15.932889938 CET
8.8.8.8 192.168.2.2 0xe20b No error (0) irc.dal.net 172.107.98.86 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
TimestampSourcePort
DestPort Source IP Dest IP Commands
Mar 3, 2020 02:58:42.707268953 CET 6667 49160 83.140.172.210 192.168.2.2 NOTICE AUTH :*** Looking up your hostname
Mar 3, 2020 02:58:42.882771015 CET 6667 49161 91.236.182.1 192.168.2.2 NOTICE AUTH :*** Looking up your hostname
Mar 3, 2020 02:58:42.882957935 CET 6667 49164 154.35.138.250 192.168.2.2 :halcyon.il.us.dal.net NOTICE AUTH :*** Looking up your hostname...
Mar 3, 2020 02:58:42.892393112 CET 6667 49162 104.196.117.31 192.168.2.2 :magnet.rizon.net NOTICE * :*** Looking up your hostname...
Mar 3, 2020 02:58:42.940697908 CET 6667 49160 83.140.172.210 192.168.2.2 NOTICE AUTH :*** Looking up your hostname
Mar 3, 2020 02:58:42.945899010 CET 6667 49160 83.140.172.210 192.168.2.2 NOTICE AUTH :*** Checking IdentNOTICE AUTH :*** No ident responseNOTICE AUTH :*** Couldn't look up your hostname
Mar 3, 2020 02:58:43.037395000 CET 6667 49162 104.196.117.31 192.168.2.2 :magnet.rizon.net NOTICE * :*** Couldn't look up your hostname
Mar 3, 2020 02:58:43.205344915 CET 6667 49164 154.35.138.250 192.168.2.2 :halcyon.il.us.dal.net NOTICE AUTH :*** Found your hostname
Mar 3, 2020 02:58:43.205385923 CET 6667 49161 91.236.182.1 192.168.2.2 NOTICE AUTH :*** Checking IdentNOTICE AUTH :*** No ident response
Mar 3, 2020 02:58:43.232353926 CET 6667 49165 170.178.184.37 192.168.2.2 :irc.us.ircnet.net 020 * :Please wait while we process your connection.
Mar 3, 2020 02:58:45.674325943 CET 49160 6667 192.168.2.2 83.140.172.210 USER CesTCgE 8 * :DanielleC65TC
Mar 3, 2020 02:58:45.710755110 CET 49160 6667 192.168.2.2 83.140.172.210 NICK Zoe18
Mar 3, 2020 02:58:45.747379065 CET 6667 49160 83.140.172.210 192.168.2.2 PING :2229649135
Mar 3, 2020 02:58:45.749077082 CET 49160 6667 192.168.2.2 83.140.172.210 PONG 2229649135Zoe18
Mar 3, 2020 02:58:45.764770031 CET 49164 6667 192.168.2.2 154.35.138.250 USER cpDulLhP 8 * :EmilycpD1l
Mar 3, 2020 02:58:45.764997959 CET 49161 6667 192.168.2.2 91.236.182.1 USER cpDulLhP 8 * :EmilycpD1l
Mar 3, 2020 02:58:45.774341106 CET 49162 6667 192.168.2.2 104.196.117.31 USER cpDulLhP 8 * :EmilycpD1l
IRC Packets
Copyright Joe Security LLC 2020 Page 56 of 79
Mar 3, 2020 02:58:45.786492109 CET 6667 49160 83.140.172.210 192.168.2.2 :port80a.se.quakenet.org 468 Zoe18 :Your username is invalid.:port80a.se.quakenet.org 468 Zoe18 :Connect with your real username, in lowercase.:port80a.se.quakenet.org 468 Zoe18 :If your mail address were [email protected], your username would be foo.ERROR :Closing Link: Zoe18 by port80a.se.quakenet.org (USER: Bad username)
Mar 3, 2020 02:58:45.880316973 CET 49164 6667 192.168.2.2 154.35.138.250 NICK Amorita24
Mar 3, 2020 02:58:45.880573034 CET 49161 6667 192.168.2.2 91.236.182.1 NICK Amorita24
Mar 3, 2020 02:58:45.894865990 CET 49162 6667 192.168.2.2 104.196.117.31 NICK Amorita24
Mar 3, 2020 02:58:45.895854950 CET 49165 6667 192.168.2.2 170.178.184.37 USER HQEqjsmj 8 * :ZeniaHQEq8
Mar 3, 2020 02:58:45.995714903 CET 6667 49164 154.35.138.250 192.168.2.2 :halcyon.il.us.dal.net 001 Amorita24 :Welcome to the DALnet IRC Network [email protected]:halcyon.il.us.dal.net 002 Amorita24 :Your host is halcyon.il.us.dal.net, running version bahamut-2.1.4:halcyon.il.us.dal.net 003 Amorita24 :This server was created Wed Nov 28 2018 at 18:47:41 CST:halcyon.il.us.dal.net 004 Amorita24 halcyon.il.us.dal.net bahamut-2.1.4 aAbcCdefFghHiIjkKmnoOPrRsSwxXy AbceiIjklLmMnoOpPrRsStv:halcyon.il.us.dal.net 005 Amorita24 NETWORK=DALnet SAFELIST MAXBANS=200 MAXCHANNELS=50 CHANNELLEN=32 KICKLEN=307 NICKLEN=30 TOPICLEN=307 MODES=6 CHANTYPES=# CHANLIMIT=#:50 PREFIX=(ov)@+ STATUSMSG=@+ :are available on this server:halcyon.il.us.dal.net 005 Amorita24 CASEMAPPING=ascii WATCH=128 SILENCE=10 ELIST=cmntu EXCEPTS INVEX CHANMODES=beI,k,jl,cimMnOprRsSt MAXLIST=b:200,e:100,I:100 TARGMAX=DCCALLOW:,JOIN:,KICK:4,KILL:20,NOTICE:20,PART:,PRIVMSG:20,WHOIS:,WHOWAS: :are available on this server:halcyon.il.us.dal.net 251 Amorita24 :There are 24 users and 7353 invisible on 39 servers:halcyon.il.us.dal.net 252 Amorita24 74 :IRC Operators online:halcyon.il.us.dal.net 254 Amorita24 3886 :channels formed:halcyon.il.us.dal.net 255 Amorita24 :I have 840 clients and 1 servers:halcyon.il.us.dal.net 265 Amorita24 :Current local users: 840 Max: 4111:halcyon.il.us.dal.net 266 Amorita24 :Current global users:
Mar 3, 2020 02:58:45.995744944 CET 6667 49164 154.35.138.250 192.168.2.2 377 Max: 16706:halcyon.il.us.dal.net NOTICE Amorita24 :*** Notice -- motd was last changed at 26/10/2017 10:12:halcyon.il.us.dal.net 375 Amorita24 :- halcyon.il.us.dal.net Message of the Day - :halcyon.il.us.dal.net 372 Amorita24 :-26/10/2017 10:12:halcyon.il.us.dal.net 372 Amorita24 :- _ _ ____ _ ____ _ _ ____ __ _:halcyon.il.us.dal.net 372 Amorita24 :- |--| |--| |___ |___ Y [__] | \|:halcyon.il.us.dal.net 372 Amorita24 :- :halcyon.il.us.dal.net 372 Amorita24 :- [ halcyon.il.us.dal.net ]:halcyon.il.us.dal.net 372 Amorita24 :- :halcyon.il.us.dal.net 372 Amorita24 :- [ Accessible via... ]:halcyon.il.us.dal.net 372 Amorita24 :- [ ipv4: halcyon.dal.net ]:halcyon.il.us.dal.net 372 Amorita24 :- [ ipv6: halcyon-v6.dal.net ]:halcyon.il.us.dal.net 372 Amorita24 :- :halcyon.il.us.dal.net 372 Amorita24 :- Welcome to DALnet! By connecting to this network, you agree to abide:halcyon.il.us.dal.net 372 Amorita24 :- by its acceptable use policy, available here: http://www.dal.net/aup:halcyon.il.us.dal.net 372 Amorita24 :- :halcyon.il.us.dal.net 372 Amorita24 :- Server Policies::halcyon.il.us.dal.net 372 Amorita24 :- :halcyon.il.us.dal.net 372 Amorita24 :- * We reserve the right to deny access to this s
Mar 3, 2020 02:58:45.995891094 CET 6667 49164 154.35.138.250 192.168.2.2 rver without:halcyon.il.us.dal.net 372 Amorita24 :- warning or explanation:halcyon.il.us.dal.net 372 Amorita24 :- * No malicious bots, including flood and nick/channel chasers:halcyon.i
Mar 3, 2020 02:58:45.996124029 CET 6667 49161 91.236.182.1 192.168.2.2 PING :2808893155
Mar 3, 2020 02:58:45.996619940 CET 49164 6667 192.168.2.2 154.35.138.250 USERIP Amorita24
Mar 3, 2020 02:58:45.996831894 CET 49161 6667 192.168.2.2 91.236.182.1 PONG 2808893155MAmorita24
Mar 3, 2020 02:58:46.003223896 CET 6667 49166 83.140.172.212 192.168.2.2 NOTICE AUTH :*** Looking up your hostname
Mar 3, 2020 02:58:46.015155077 CET 6667 49162 104.196.117.31 192.168.2.2 PING :2715438990
Mar 3, 2020 02:58:46.015532970 CET 49162 6667 192.168.2.2 104.196.117.31 PONG 2715438990-Amorita24
Mar 3, 2020 02:58:46.059017897 CET 49165 6667 192.168.2.2 170.178.184.37 NICK Carla14
TimestampSourcePort
DestPort Source IP Dest IP Commands
Copyright Joe Security LLC 2020 Page 57 of 79
Mar 3, 2020 02:58:46.111139059 CET 6667 49164 154.35.138.250 192.168.2.2 .us.dal.net 372 Amorita24 :- * No channel filler bots/clients/psybncs:halcyon.il.us.dal.net 372 Amorita24 :- - A channel filler is a client, bnc, or bot which is:halcyon.il.us.dal.net 372 Amorita24 :- connected just to fill a channel and make it look:halcyon.il.us.dal.net 372 Amorita24 :- bigger:halcyon.il.us.dal.net 372 Amorita24 :- * Operator impersonation, spamming, or any other abuse will:halcyon.il.us.dal.net 372 Amorita24 :- cause you to be banned from this server:halcyon.il.us.dal.net 372 Amorita24 :- * Abide by DALnet's AUP (www.dal.net/aup):halcyon.il.us.dal.net 372 Amorita24 :- * Please have fun and enjoy DALnet!:halcyon.il.us.dal.net 372 Amorita24 :- :halcyon.il.us.dal.net 372 Amorita24 :- ///admins////////////////////////////////////////:halcyon.il.us.dal.net 372 Amorita24 :- // //:halcyon.il.us.dal.net 372 Amorita24 :- // [ brandon - administrator ] //:halcyon.il.us.dal.net 372 Amorita24 :- // [ klb - assistant administrator ] //:halcyon.il.us.dal.net 372 Amorita24 :- // //:halcyon.il.us.dal.net 372 Amorita24 :- ///operators/////////////////////////////////////:halcyon.il.us.dal.net 372 Amorita2
Mar 3, 2020 02:58:46.111177921 CET 6667 49164 154.35.138.250 192.168.2.2 :- // //:halcyon.il.us.dal.net 372 Amorita24 :- // [ guppy ] [ oldcrow ] [ niflheim ] //:halcyon.il.us.dal.net 372 Amorita24 :- // [ s2pid ] [ lilmiss ] [ start` ] //:halcyon.il.us.dal.net 372 Amorita24 :- // [ kiraela ] [ Altern8 ] [ fredfred ] //:halcyon.il.us.dal.net 372 Amorita24 :- // [ Acidli ] //:halcyon.il.us.dal.net 372 Amorita24 :- /////////////////////////////////////////////////:halcyon.il.us.dal.net 372 Amorita24 :- :halcyon.il.us.dal.net 372 Amorita24 :- :halcyon.il.us.dal.net 372 Amorita24 :- For IRCop assistance, please /join #operhelp or message one of our:halcyon.il.us.dal.net 372 Amorita24 :- friendly server staff listed above.:halcyon.il.us.dal.net 372 Amorita24 :- :halcyon.il.us.dal.net 372 Amorita24 :- For multilingual information: <http://docs.dal.net/>:halcyon.il.us.dal.net 372 Amorita24 :- :halcyon.il.us.dal.net 372 Amorita24 :- Thank you for using DALnet! We hope you have a pleasant day.:halcyon.il.us.dal.net 376 Amorita24 :End of /MOTD command.:Amorita24 MODE Amorita24 :+iw
Mar 3, 2020 02:58:46.112066984 CET 49164 6667 192.168.2.2 154.35.138.250 LIST >46
Mar 3, 2020 02:58:46.135859966 CET 6667 49162 104.196.117.31 192.168.2.2 :magnet.rizon.net NOTICE Amorita24 :*** Your host is masked (45FCBBD3.EDCFA696.CB982F15.IP)
Mar 3, 2020 02:58:46.135907888 CET 6667 49162 104.196.117.31 192.168.2.2 :magnet.rizon.net 001 Amorita24 :Welcome to the Rizon Internet Relay Chat Network Amorita24
Mar 3, 2020 02:58:46.135970116 CET 6667 49162 104.196.117.31 192.168.2.2 :magnet.rizon.net 002 Amorita24 :Your host is magnet.rizon.net, running version plexus-4(hybrid-8.1.20)
Mar 3, 2020 02:58:46.136008024 CET 6667 49162 104.196.117.31 192.168.2.2 :magnet.rizon.net 003 Amorita24 :This server was created Jan 13 2020 at 15:27:02
Mar 3, 2020 02:58:46.136043072 CET 6667 49162 104.196.117.31 192.168.2.2 :magnet.rizon.net 004 Amorita24 magnet.rizon.net plexus-4(hybrid-8.1.20) CDGNRSUWagilopqrswxyz BCIMNORSabcehiklmnopqstvz Iabehkloqv
Mar 3, 2020 02:58:46.136075974 CET 6667 49162 104.196.117.31 192.168.2.2 :magnet.rizon.net 005 Amorita24 CALLERID CASEMAPPING=rfc1459 DEAF=D KICKLEN=180 MODES=4 PREFIX=(qaohv)~&@%+ STATUSMSG=~&@%+ EXCEPTS=e INVEX=I NICKLEN=30 NETWORK=Rizon MAXLIST=beI:250 MAXTARGETS=4 :are supported by this server
Mar 3, 2020 02:58:46.136110067 CET 6667 49162 104.196.117.31 192.168.2.2 :magnet.rizon.net 005 Amorita24 CHANTYPES=# CHANLIMIT=#:250 CHANNELLEN=50 TOPICLEN=390 CHANMODES=beI,k,l,BCMNORScimnpstz WATCH=60 ELIST=CMNTU SAFELIST AWAYLEN=180 KNOCK NAMESX UHNAMES :are supported by this server
Mar 3, 2020 02:58:46.136143923 CET 6667 49162 104.196.117.31 192.168.2.2 :magnet.rizon.net 251 Amorita24 :There are 37 users and 11734 invisible on 14 servers
Mar 3, 2020 02:58:46.136178970 CET 6667 49162 104.196.117.31 192.168.2.2 :magnet.rizon.net 252 Amorita24 52 :IRC Operators online
Mar 3, 2020 02:58:46.136213064 CET 6667 49162 104.196.117.31 192.168.2.2 :magnet.rizon.net 253 Amorita24 1 :unknown connection(s)
Mar 3, 2020 02:58:46.226574898 CET 6667 49164 154.35.138.250 192.168.2.2 :halcyon.il.us.dal.net 481 Amorita24 :Permission Denied, You do not have the correct irc operator privileges
TimestampSourcePort
DestPort Source IP Dest IP Commands
Copyright Joe Security LLC 2020 Page 58 of 79
Mar 3, 2020 02:58:46.227488041 CET 6667 49164 154.35.138.250 192.168.2.2 :halcyon.il.us.dal.net 321 Amorita24 Channel :Users Name:halcyon.il.us.dal.net 322 Amorita24 #bali 72 :0,15(14,15)15,14(1,14)14,1(1,1) 8 Welcome to #bali @ DALNet - Rahajeng Nyagra Rahinan Jagat Galungan Lan Kuningan 1,1 (14,1)1,14(15,14)14,15(0,15):halcyon.il.us.dal.net 322 Amorita24 #cebu 54 : Welcome to #Cebu! ENjoy Chatting.. HAPPY NEW YEAR :halcyon.il.us.dal.net 322 Amorita24 # 47 :Make the Internet great again! End September! [ 2https://iraxi.us/ ][ 2https://weks.tk/facts ][ 2https://weks.ws/quotes ][ on what grounds has AYUKAWA OLINE? 2https://www.change.org/p/dalnet-remeve-ayukawa-oline ]:halcyon.il.us.dal.net 322 Amorita24 #BDSM 58 :Welcome to #BDSM. 18+ only.:halcyon.il.us.dal.net 322 Amorita24 #Doha 50 :4,1Welcome TO Doha@Dalnet. Capital City Of Qatar https://en.wikipedia.org/wiki/Doha 7Love , Peace , Descipline , No Harrasment , Follow Rules , Have Fun , Games !Uno - Trivia ON = DuckGame = Duck Sooars...!BanG It |Language :- ENGLISH ONLY Give Respect Have Respect Be Respected!:halcyon.il.us.dal.net 322 Amorita24 #Saudiarabia 125 :If a man takes bath on Friday, cleans himself, oils his hair,applies perfume available in his house,sets forth for the mosque, does not separate two people,performs as many Prayers as written, remains silent when the Imam sp
Mar 3, 2020 02:58:46.227572918 CET 6667 49164 154.35.138.250 192.168.2.2 aks,his sins between that Friday and the following Friday will be forgiven-Bukhari:halcyon.il.us.dal.net 322 Amorita24 #coli 118 :Server Online - Baca Ceritanya, Siapkan Tisu... Dan Keluarkan Nafsu Anda Bersamaan dengan Cairan Anda... ah ah Crot~~:halcyon.il.us.dal.net 322 Amorita24 #request 65 :Free BounCer ServiCe In 4#ReQuesT : 3SBnC EggDrop 5NoTiCe (4 ReaD The RuLes CareFuLLy BeFore AskinG For A SBnC 3!RuLes ):halcyon.il.us.dal.net 322 Amorita24 #help 77 :6Ask your question and wait patiently 3 Welcome to #Help on DALnet 12Websites at http://help.dal.net/help http://help.dal.net/HelpCommittee/official/ http://docs.dal.net 4Never go to web pages spammed on IRC, Never give out your password to anything EXCEPT nickserv:halcyon.il.us.dal.net 322 Amorita24 #batam 180 :Welcome to #BATAM - Enjoy the chit chat and play the games.:halcyon.il.us.dal.net 322 Amorita24 #sbnc 172 : We're CurrenTLy In The ProCess Of DeveLoPinG SBnC. FeeL Free To Remain In This ChanneL #SBnC To keep Up To DaTe On Our ProGress. 412L4o12G4i12Q4u12e 5NoTiCe : (4 Make Sure ThaT You Are FamiLiar WiTh Our RuLes BeFore ReQuesTinG A Free SBnC AccounT. 12!RuLes ):halcyon.il.us.dal.net 322 Amorita24 #seks 422 :0,44,4 5,44,55,5 1,55,11,1 0,1 Welcome to INDONESIAN
Mar 3, 2020 02:58:46.227595091 CET 6667 49164 154.35.138.250 192.168.2.2 #SEKS0 - 4The Biggest Channel Sex On DALnet11 - http://seksdalnet.site - 8Ramalan Binta
Mar 3, 2020 02:58:46.238104105 CET 6667 49166 83.140.172.212 192.168.2.2 NOTICE AUTH :*** Looking up your hostname
Mar 3, 2020 02:58:46.240204096 CET 6667 49166 83.140.172.212 192.168.2.2 NOTICE AUTH :*** Checking IdentNOTICE AUTH :*** Couldn't look up your hostnameNOTICE AUTH :*** No ident response
Mar 3, 2020 02:58:46.256309986 CET 6667 49162 104.196.117.31 192.168.2.2 :magnet.rizon.net 254 Amorita24 9537 :channels formed:magnet.rizon.net 255 Amorita24 :I have 11771 clients and 14 servers:magnet.rizon.net 265 Amorita24 :Current local users: 11771 Max: 12691:magnet.rizon.net 266 Amorita24 :Current global users: 11771 Max: 12691:magnet.rizon.net 375 Amorita24 :- magnet.rizon.net Message of the Day - :magnet.rizon.net 372 Amorita24 :- 11oo :magnet.rizon.net 372 Amorita24 :- :magnet.rizon.net 372 Amorita24 :- 88d888b. dP d888888b .d8888b. 88d888b. :magnet.rizon.net 372 Amorita24 :- 88' `88 88 .d8P' 88' `88 88' `88 :magnet.rizon.net 372 Amorita24 :- 1188 88 .Y8P 88. .88 88 88 :magnet.rizon.net 372 Amorita24 :- 11dP dP d888888P `88888P' dP dP:magnet.rizon.net 372 Amorita24 :- :magnet.rizon.net 372 Amorita24 :- Rizon Chat Network -- http://rizon.net:magnet.rizon.net 372 Amorita24 :- :magnet.rizon.net 372 Amorita24 :- Listening on ports: 6660 - 6669, 7000. SSL: 6697, 9999:magnet.rizon.net 372 Amorita24 :- :magnet.rizon.net 372 Amorita24 :- Rules::magnet.rizon.net 372 Amorita24 :- o No spamming or flooding:magnet.rizon.net 372 Amorita24 :- o No clones or malicious bots:magnet.rizon.net 372 Amorita24 :- o No takeovers:magnet.rizon.net 372 Amorita24 :- o No distribution of child pornogr
TimestampSourcePort
DestPort Source IP Dest IP Commands
Copyright Joe Security LLC 2020 Page 59 of 79
Mar 3, 2020 02:58:46.256347895 CET 6667 49162 104.196.117.31 192.168.2.2 phy:magnet.rizon.net 372 Amorita24 :- o Clients must respond to VERSION requests:magnet.rizon.net 372 Amorita24 :- o Rizon staff may disconnect clients for any or no reason:magnet.rizon.net 372 Amorita24 :- :magnet.rizon.net 372 Amorita24 :- First steps::magnet.rizon.net 372 Amorita24 :- o To register your nick: /msg NickServ HELP:magnet.rizon.net 372 Amorita24 :- o To register your channel: /msg ChanServ HELP:magnet.rizon.net 372 Amorita24 :- o To get a vHost: /msg HostServ HELP REQUEST:magnet.rizon.net 372 Amorita24 :- o For other help with Rizon: /join #help:magnet.rizon.net 372 Amorita24 :- :magnet.rizon.net 372 Amorita24 :- Usage of this network is a privilege, not a right. Rizon is a:magnet.rizon.net 372 Amorita24 :- transit provider, therefore no person or entity involved with:magnet.rizon.net 372 Amorita24 :- *.rizon.net or magnet.rizon.net takes any responsibility for:magnet.rizon.net 372 Amorita24 :- users' actions. Absolutely no warranty is expressed or implied.:magnet.rizon.net 376 Amorita24 :End of /MOTD command.:[email protected] MODE Amorita24 :+ix:[email protected] PRIVMSG Amorita24 :VERSION
Mar 3, 2020 02:58:46.378808975 CET 49164 6667 192.168.2.2 154.35.138.250 JOIN #cebu
Mar 3, 2020 02:58:46.379112959 CET 49164 6667 192.168.2.2 154.35.138.250 JOIN #batamJOIN #sbncJOIN #baliJOIN #DohaJOIN #requestJOIN #sbnc
Mar 3, 2020 02:58:46.604526997 CET 6667 49167 104.196.117.31 192.168.2.2 :magnet.rizon.net NOTICE * :*** Couldn't look up your hostname (cached)
Mar 3, 2020 02:58:46.679439068 CET 6667 49168 194.68.45.50 192.168.2.2 NOTICE * :*** You are banned from DALnetNOTICE * :*** Reason: [exp/dm2] Compromised host, go to http://kline.dal.net/exploits/akills.htm [ID: DM-75] [AKILL ID: OS21583200725-100] (2020/03/03 03.58)NOTICE * :*** Connection info: <unnamed>([-][email protected]) [84.17.52.24]NOTICE * :*** Ban contact: http://www.dal.net/admin/contactkline.php3NOTICE * :*** When contacting DALnet, please include all of the information shown above:nonstop.ix.me.dal.net 465 * :A-banned: [exp/dm2] Compromised host, go to http://kline.dal.net/exploits/akills.htm [ID: DM-75] [AKILL ID: OS21583200725-100] (2020/03/03 03.58)ERROR :Closing Link: 0.0.0.0 (A-banned: [exp/dm2] Compromised host, go to http://kline.dal.net/exploits/akills.htm [ID: DM-75] [AKILL ID: OS21583200725-100] (2020/03/03 03.58))
Mar 3, 2020 02:58:48.968847990 CET 49166 6667 192.168.2.2 83.140.172.212 USER VyEyoEOv 8 * :AprilV8E27
Mar 3, 2020 02:58:49.005405903 CET 49166 6667 192.168.2.2 83.140.172.212 NICK Eden11
Mar 3, 2020 02:58:49.046266079 CET 6667 49166 83.140.172.212 192.168.2.2 PING :1309302078
Mar 3, 2020 02:58:49.046488047 CET 49166 6667 192.168.2.2 83.140.172.212 PONG 1309302078Eden11
Mar 3, 2020 02:58:49.084292889 CET 6667 49166 83.140.172.212 192.168.2.2 :port80c.se.quakenet.org 001 Eden11 :Welcome to the QuakeNet IRC Network, Eden11:port80c.se.quakenet.org 002 Eden11 :Your host is port80c.se.quakenet.org, running version u2.10.12.10+snircd(1.3.4a):port80c.se.quakenet.org 003 Eden11 :This server was created Wed Apr 23 2014 at 01:59:23 CEST:port80c.se.quakenet.org 004 Eden11 port80c.se.quakenet.org u2.10.12.10+snircd(1.3.4a) dioswkgxRXInP biklmnopstvrDcCNuMT bklov:port80c.se.quakenet.org 005 Eden11 WHOX WALLCHOPS WALLVOICES USERIP CPRIVMSG CNOTICE SILENCE=15 MODES=6 MAXCHANNELS=50 MAXBANS=45 NICKLEN=15 :are supported by this server:port80c.se.quakenet.org 005 Eden11 MAXNICKLEN=15 TOPICLEN=250 AWAYLEN=160 KICKLEN=250 CHANNELLEN=200 MAXCHANNELLEN=200 CHANTYPES=#& PREFIX=(ov)@+ STATUSMSG=@+ CHANMODES=b,k,l,imnpstrDducCNMT CASEMAPPING=rfc1459 NETWORK=QuakeNet :are supported by this server:port80c.se.quakenet.org 251 Eden11 :There are 15 users and 11429 invisible on 27 servers:port80c.se.quakenet.org 252 Eden11 52 :operator(s) online:port80c.se.quakenet.org 254 Eden11 10258 :channels formed
TimestampSourcePort
DestPort Source IP Dest IP Commands
Copyright Joe Security LLC 2020 Page 60 of 79
Mar 3, 2020 02:58:49.084608078 CET 6667 49166 83.140.172.212 192.168.2.2 :port80c.se.quakenet.org 255 Eden11 :I have 2090 clients and 1 servers:port80c.se.quakenet.org NOTICE Eden11 :Highest connection count: 6056 (6055 clients):port80c.se.quakenet.org 375 Eden11 :- port80c.se.quakenet.org Message of the Day - :port80c.se.quakenet.org 372 Eden11 :- 2017-5-10 7:40:port80c.se.quakenet.org 372 Eden11 :- .........................................................................:port80c.se.quakenet.org 372 Eden11 :- ... ...:port80c.se.quakenet.org 372 Eden11 :- ... You are connected to the QuakeNet IRC Network ...:port80c.se.quakenet.org 372 Eden11 :- ... via port80c.se.quakenet.org. ...:port80c.se.quakenet.org 372 Eden11 :- ... ...:port80c.se.quakenet.org 372 Eden11 :- ... port80c.se.quakenet.org ...:port80c.se.quakenet.org 372 Eden11 :- ... ...:port80c.se.quakenet.org 372 Eden11 :- ... i t ' s g o o d t o b 0 r k ...:port80c.se.quakenet.org 372 Eden11 :- ... ...:port80c.se.quakenet.org 372 Ed
Mar 3, 2020 02:58:49.084625959 CET 49166 6667 192.168.2.2 83.140.172.212 USERIP Eden11
Mar 3, 2020 02:58:49.084853888 CET 6667 49166 83.140.172.212 192.168.2.2 n11 :- ... For information about this server's host please visit ...:port80c.se.quakenet.org 372 Eden11 :- ... the website below: ...:port80c.se.quakenet.org 372 Eden11 :- ... http://www.ip-only.se/ ...:port80c.se.quakenet.org 372 Eden11 :- ... ...:port80c.se.quakenet.org 372 Eden11 :- ... For information about this network please visit ...:port80c.se.quakenet.org 372 Eden11 :- ... the website below: ...:port80c.se.quakenet.org 372 Eden11 :- ... http://www.quakenet.org/ ...:port80c.se.quakenet.org 372 Eden11 :- ... ...:port80c.se.quakenet.org 372 Eden11 :- ... This server accepts IPv6 connections on the following ports: ...:port80c.se.quakenet.org 372 Eden11 :- ... 6667, 6668 & 6669 ...:port80c.se.quakenet.org 372 Eden11 :- ... ...:port80c.se.quakenet.org 372 Eden11 :- ... By connecting to this network you give us permission to probe ...:port80c.se.quakenet.
Mar 3, 2020 02:58:49.084959984 CET 49166 6667 192.168.2.2 83.140.172.212 LIST >119
Mar 3, 2020 02:58:49.120949030 CET 6667 49166 83.140.172.212 192.168.2.2 rg 372 Eden11 :- ... your machine for open proxies/wingates. You also agree to adhere ...:port80c.se.quakenet.org 372 Eden11 :- ... by the following rules: ...:port80c.se.quakenet.org 372 Eden11 :- ... ...:port80c.se.quakenet.org 372 Eden11 :- ... o No flooding (including flood/clonebots). ...:port80c.se.quakenet.org 372 Eden11 :- ... o No distribution of copyrighted material or pornography. ...:port80c.se.quakenet.org 372 Eden11 :- ... o No multiplayer gaming cheat channels. ...:port80c.se.quakenet.org 372 Eden11 :- ... o No clones. http://www.quakenet.org/faq/faq.php?c=128 ...:port80c.se.quakenet.org 372 Eden11 :- ... o No channel takeovers. ...:port80c.se.quakenet.org 372 Eden11 :- ... o No attempts to disrupt network services. ...:port80c.se.quakenet.org 372 Eden11 :- ... o No racism and/or Nazism. ...:port80c.se.quakenet.org 372 Eden11 :- ... o No spamming and/or advertising. ...:port80c.se.quakenet.org 372 Eden11 :- ... o No hacking (including Virus/Trojan distribution). ...:port80c.se
TimestampSourcePort
DestPort Source IP Dest IP Commands
Copyright Joe Security LLC 2020 Page 61 of 79
Mar 3, 2020 02:58:49.121088028 CET 6667 49166 83.140.172.212 192.168.2.2 quakenet.org 372 Eden11 :- ... o No actions we, the operators, regard as abuse. ...:port80c.se.quakenet.org 372 Eden11 :- ... ...:port80c.se.quakenet.org 372 Eden11 :- ... For more details of the network's terms of service ...:port80c.se.quakenet.org 372 Eden11 :- ... please visit the website below: ...:port80c.se.quakenet.org 372 Eden11 :- ... http://www.quakenet.org/rules/ ...:port80c.se.quakenet.org 372 Eden11 :- ... ...:port80c.se.quakenet.org 372 Eden11 :- ... Violation of the network's rules will result in kills ...:port80c.se.quakenet.org 372 Eden11 :- ... and possible network-wide access bans. ...:port80c.se.quakenet.org 372 Eden11 :- ... ...:port80c.se.quakenet.org 372 Eden11 :- ... o Server Admins: ...:port80c.se.quakenet.org 372 Eden11 :- ... _nalle stevoo ...:port80c.se.quakenet.org 372 Eden11 :- ... (E-mail: append @quakenet.org to above.) ...
Mar 3, 2020 02:58:49.121144056 CET 6667 49166 83.140.172.212 192.168.2.2 port80c.se.quakenet.org 372 Eden11 :- ... ...:port80c.se.quakenet.org 372 Eden11 :- ... Many common problems are explained on the website below: ...:port80c.se.quakenet.org 372 Eden11 :- ... http://www.quakenet.org/faq/ ...:port80c.se.quakenet.org 372 Eden11 :- ... If you have a general enquiry not answered by this website ...:port80c.se.quakenet.org 372 Eden11 :- ... please visit #help. If you *require* an IRC operator please ...:port80c.se.quakenet.org 372 Eden11 :- ... visit #help. ...:port80c.se.quakenet.org 372 Eden11 :- ... ...:port80c.se.quakenet.org 372 Eden11 :- ... The use of this server & network is a privilege, not a right. ...:port80c.se.quakenet.org 372 Eden11 :- ... The network operators may deny network access to anyone, ...:port80c.se.quakenet.org 372 Eden11 :- ... for any reason, at their sole discretion. ...:port80c.se.quakenet.org 372 Eden11 :- ... ...:port80c.se.quakenet.org 372 Eden11 :- ... IRC is a free media, therefore the operators of this network
Mar 3, 2020 02:58:49.121258020 CET 6667 49166 83.140.172.212 192.168.2.2 ake ...:port80c.se.quakenet.org 372 Eden11 :- ... no responsibility whatsoever for the opinions expressed or ...:port80c.se.quakenet.org 372 Eden11 :- ... the actions taken by users. Absolutely no warranty is either ...:port80c.se.quakenet.org 372 Eden11 :- ... expressed or implied. ...:port80c.se.quakenet.org 372 Eden11 :- ... ...
Mar 3, 2020 02:58:49.157740116 CET 6667 49166 83.140.172.212 192.168.2.2 :port80c.se.quakenet.org 372 Eden11 :- .........................................................................:port80c.se.quakenet.org 376 Eden11 :End of /MOTD command.:port80c.se.quakenet.org NOTICE Eden11 :on 1 ca 1(4) ft 20(20):port80c.se.quakenet.org 221 Eden11 +i:[email protected] MODE Eden11 +i:port80c.se.quakenet.org 421 Eden11 Eden11 :Unknown command:port80c.se.quakenet.org 340 Eden11 :[email protected]:port80c.se.quakenet.org 321 Eden11 Channel :Users Name:port80c.se.quakenet.org 322 Eden11 #chating 179 :1,9 FP FB : Chating.id || Streaming @ http://radio.chating.id:8000/listen.pls [for Winamp,MP,VLC & XiiaLive] or http://www.chating.id [Web browser] || Download APK ChatingID @ http://apps.chating.id [for Android] :port80c.se.quakenet.org 322 Eden11 #jakarta 153 :Welcome To Jakarta! Respect The Quakenet Rules And Do Not Act Like An Idiot. Thanks:port80c.se.quakenet.org 322 Eden11 #Quakenet 156 ::port80c.se.quakenet.org 322 Eden11 #surabaya 123 :apa kabar coy?:port80c.se.quakenet.org 322 Eden11 #sdamarathon 148 :Frost Fatales 2020 is over! A big thank you to everyone who participated in raising over $50,000 for The Malala Fund! | Next up: idk | Chat rules: https://bit.ly/3bXq49c:port80c.se.quakenet.org 322 Eden11 #arkku.net 151 ::: www.arkku.net :: Kotisivutilaa, bouncer
Mar 3, 2020 02:58:49.194044113 CET 6667 49166 83.140.172.212 192.168.2.2 ita ja paljon muuta ilmaiseksi jo vuodesta 2003! :::port80c.se.quakenet.org 323 Eden11 :End of /LIST
Mar 3, 2020 02:58:49.333864927 CET 49166 6667 192.168.2.2 83.140.172.212 JOIN #chating
TimestampSourcePort
DestPort Source IP Dest IP Commands
Copyright Joe Security LLC 2020 Page 62 of 79
Mar 3, 2020 02:58:49.371014118 CET 6667 49166 83.140.172.212 192.168.2.2 :[email protected] JOIN #chating:port80c.se.quakenet.org 332 Eden11 #chating :1,9 FP FB : Chating.id || Streaming @ http://radio.chating.id:8000/listen.pls [for Winamp,MP,VLC & XiiaLive] or http://www.chating.id [Web browser] || Download APK ChatingID @ http://apps.chating.id [for Android] :port80c.se.quakenet.org 333 Eden11 #chating ^Virgin^ 1583070425:port80c.se.quakenet.org 353 Eden11 = #chating :Eden11 JupIt3r nyuci HotPacket TjahAyoe jabrai cid1 reborn ayuRa cicit @DuckHunt @Sinchan Bumi c^ savana oase elina ramboo calibra +Aela +Jodi heimdall @Safira Dira Nimra swendy xavin xiuvan- +irul +BeRanDaL +ucup Xerox xiuvan nurani- virgilia- Vonila zordi jorddan- Windyana Thinkers ChatingID Guguk zozu Gyen umila- nindyana wises- nungkey jandacek- CID_indo nurani CID_indo| jandamulus ilany- wullan jeleks- zozu- jandacekcih gotri transdec-:port80c.se.quakenet.org 353 Eden11 = #chating :transdec udix yoyok yinyin ce_semox jogyy jorddan voney umila irrana zahkia +TechTube ilany yolaanda ducksalt virgilia iimm wises yinyin- uzman- CID_indo- Thiana- Gyen- GhianT Gugunz @Sanjunganjiwa yodiz yanseku yegi yandi vreepnv virtuoso vayana vandy shakila sarinna sherrly shenandoah upill ursamayor uyuy umsu geronima gunsroses gratiass geraldinho tomm thintin tikitik Tulalit BladenyaEMira ucuploveniel Danieldanilla florri fluence fla
Mar 3, 2020 02:58:49.371124029 CET 6667 49166 83.140.172.212 192.168.2.2 e
Mar 3, 2020 02:58:49.371169090 CET 49166 6667 192.168.2.2 83.140.172.212 JOIN #surabayaJOIN #QuakenetJOIN #arkku.netJOIN #arkku.netJOIN #jakartaJOIN #sdamarathon
Mar 3, 2020 02:58:49.479547024 CET 49167 6667 192.168.2.2 104.196.117.31 USER yNwhcwGW 8 * :RitayN03c
Mar 3, 2020 02:58:49.600115061 CET 49167 6667 192.168.2.2 104.196.117.31 NICK Eve14
Mar 3, 2020 02:58:49.606811047 CET 6667 49166 83.140.172.212 192.168.2.2 :port80c.se.quakenet.org 353 Eden11 = #chating :fifiana srity srimulya Sastia rolinz Rxone ruhmi Riyana qimere Qiyuan qiruz Quoni poercy Pivyan Phica PhanomX oubax Ogiz Ordi Olivya nilami nuyge ninin Nelysi mandani Lindya- lunamayo Lindya karpix Karimz jujunx Jonky insann illes hermanZ Humanz FuadH Fanyla Encoli Emiramos Dogyaja DollyGank Chupkes Chintyabella Butuhteman Binalbanget Airani Aishin Fainali Fairydean Rapiz Redzone Saylor Sheilla fishbot @Blind_ +B_A_Y_O @eskosong +OiO @^Virgin^:port80c.se.quakenet.org 353 Eden11 = #chating :ChanStat-06 +kitty D @Q:port80c.se.quakenet.org 366 Eden11 #chating :End of /NAMES list.:[email protected] NOTICE Eden11 :[#chating] For Download MP3, MP4, 3GP from YouTube - go to chating.id - #mp3
Mar 3, 2020 02:58:49.609262943 CET 49168 6667 192.168.2.2 194.68.45.50 USER ViwihGrj 8 * :XandraViw7h
Mar 3, 2020 02:58:49.609541893 CET 49168 6667 192.168.2.2 194.68.45.50 NICK Olga24
Mar 3, 2020 02:58:49.720671892 CET 6667 49167 104.196.117.31 192.168.2.2 PING :2209294985
Mar 3, 2020 02:58:49.732765913 CET 49167 6667 192.168.2.2 104.196.117.31 PONG 2209294985-Eve14
Mar 3, 2020 02:58:49.845654011 CET 6667 49166 83.140.172.212 192.168.2.2 :[email protected] KICK #chating Eden11 :[email protected]/1trojan2/1ircworm detected
Mar 3, 2020 02:58:49.845876932 CET 49166 6667 192.168.2.2 83.140.172.212 JOIN #surabaya
Mar 3, 2020 02:58:49.853317976 CET 6667 49167 104.196.117.31 192.168.2.2 :magnet.rizon.net NOTICE Eve14 :*** Banned until Fri Mar 6 01:58:46 2020: [G][netsec] [[email protected]:EmilycpD1l] has been matched to a known bot pattern r#35 (compromised host id#rb5d - see kline.rizon.net) - Visit http://abuse.rizon.net/akills/lookup?ip=84.17.52.24&drone for more information. (Akill ID: RT7V8S2N1B) (2020/3/3 01.58)
Mar 3, 2020 02:58:49.853342056 CET 6667 49167 104.196.117.31 192.168.2.2 ERROR :Closing Link: 84.17.52.24 (Banned)
Mar 3, 2020 02:58:50.075540066 CET 6667 49169 154.35.138.250 192.168.2.2 NOTICE * :*** You are banned from DALnetNOTICE * :*** Reason: [exp/dm2] Compromised host, go to http://kline.dal.net/exploits/akills.htm [ID: DM-75] [AKILL ID: OS21583200725-100] (2020/03/02 19.58)NOTICE * :*** Connection info: <unnamed>([-][email protected]) [84.17.52.24]NOTICE * :*** Ban contact: [email protected] * :*** When contacting DALnet, please include all of the information shown above:halcyon.il.us.dal.net 465 * :A-banned: [exp/dm2] Compromised host, go to http://kline.dal.net/exploits/akills.htm [ID: DM-75] [AKILL ID: OS21583200725-100] (2020/03/02 19.58)ERROR :Closing Link: 0.0.0.0 (A-banned: [exp/dm2] Compromised host, go to http://kline.dal.net/exploits/akills.htm [ID: DM-75] [AKILL ID: OS21583200725-100] (2020/03/02 19.58))
Mar 3, 2020 02:58:50.245218039 CET 6667 49170 104.196.117.31 192.168.2.2 :magnet.rizon.net NOTICE * :*** Couldn't look up your hostname (cached)
TimestampSourcePort
DestPort Source IP Dest IP Commands
Copyright Joe Security LLC 2020 Page 63 of 79
Mar 3, 2020 02:58:51.022878885 CET 6667 49166 83.140.172.212 192.168.2.2 :[email protected] JOIN #surabaya:port80c.se.quakenet.org 332 Eden11 #surabaya :apa kabar coy?:port80c.se.quakenet.org 333 Eden11 #surabaya Q 1582900029:port80c.se.quakenet.org 353 Eden11 = #surabaya :Eden11 lelaki c0n4c JupIt3r nyuci omsyukur schizo rjQ dikka tepos Firewall cenil ayuRa NapaLm Harimas _Quake Bumi Franek techshelf Samirah Aela Demon sitti calya martini miyabi Denia Joker mantan Battousai Lestat eL uky Avior XIUNIU Light Z- bagas N3ynA KaMPuNGaN adit Afia Ratna oase Kids WoDnY isun zuma katr0k +NaKaL ramboo calibra shap mantul alya Jodi elina Sotel +Khan classIc Rere_ sugar \^^ abi Optp Singo cece amoba +lyodra zozo Seif:port80c.se.quakenet.org 353 Eden11 = #surabaya :Jeng reaper irul +ucup Sing0Etdah Lj |BubbleGum| TechTube iesya ket RAGA Rexy arwo elite Dira imas crane monik tio Letta- eco cinta vivo gober BeRanDaL Przemek92-irccl rinda +elektra evita +creasy andro babez ve NuGeLo Fa fuhren1 @|In-Love| @Euro +pita icebaby @S ^Adinda^ akoe ChanStat-12 kirana ChikiKeju Neng aiueo kokoh sri D Nimra @Q
Mar 3, 2020 02:58:51.257359982 CET 6667 49166 83.140.172.212 192.168.2.2 :port80c.se.quakenet.org 366 Eden11 #surabaya :End of /NAMES list.
Mar 3, 2020 02:58:51.488403082 CET 6667 49166 83.140.172.212 192.168.2.2 :[email protected] NOTICE Eden11 :[#surabaya] 0,14 You can Also Join #Surabaya through Website By Double Click On it ====> 0,10 http://www.surabaya.rr.nu 0,14 <==== 0,12 The channel (#surabaya) was created on: Mon Mar 7 07:20:37 2005
Mar 3, 2020 02:58:51.668477058 CET 6667 49161 91.236.182.1 192.168.2.2 NOTICE AUTH :*** Couldn't look up your hostname
Mar 3, 2020 02:58:51.784269094 CET 6667 49161 91.236.182.1 192.168.2.2 ERROR :Closing Link: Amorita24 by Chicago.IL.US.Undernet.Org (EOF from client)
Mar 3, 2020 02:58:52.106246948 CET 6667 49171 104.149.232.242 192.168.2.2 NOTICE AUTH :*** Looking up your hostname
Mar 3, 2020 02:58:52.146905899 CET 6667 49166 83.140.172.212 192.168.2.2 :|In-Love|!bot78@|In-Love|.users.quakenet.org NOTICE Eden11 :5Selamat datang Eden11 di #Surabaya
Mar 3, 2020 02:58:52.173957109 CET 6667 49171 104.149.232.242 192.168.2.2 NOTICE AUTH :*** Checking Ident:dallas.tx.us.undernet.org 465 * :AUTO [0] (84.17.52.24) Infected with a virus or trojan, please clean your system. (P64)ERROR :Closing Link: by dallas.tx.us.undernet.org (G-lined (AUTO [0] (84.17.52.24) Infected with a virus or trojan, please clean your system. (P64)))
Mar 3, 2020 02:58:52.964896917 CET 49169 6667 192.168.2.2 154.35.138.250 USER ykkrmlcv 8 * :Caray3kr5
Mar 3, 2020 02:58:52.965285063 CET 49169 6667 192.168.2.2 154.35.138.250 NICK Olga29
Mar 3, 2020 02:58:53.124406099 CET 49170 6667 192.168.2.2 104.196.117.31 USER stCofosB 8 * :Vanessas6C14
Mar 3, 2020 02:58:53.175508976 CET 6667 49166 83.140.172.212 192.168.2.2 :[email protected] JOIN #Quakenet:port80c.se.quakenet.org 353 Eden11 = #Quakenet :Eden11 Buiz__ CTF schizo Golem Zesty SleepySprite Ketchup901 zGrav LOCA HotPacket Helenah Tokkobot medalice Tux[Qyou] KnuX Benett n1 phil pztrn peterandre Kinny comptech Denia Shane psycho hangy eska snugglo gacks decl mmx_in_orbit Solex naf St3ak Krizze vigilant Yendred TheSilentLink Spanjoekel TNWR^tm cateye Viki w00t Mahjong hydra DarkDeviL @Demp disc9 Cail Beowulf noni Ztefan Rivernile _joe_ h4ck3t_fizz Thanatux bluk @Sorcerer lijnk Roedy:port80c.se.quakenet.org 353 Eden11 = #Quakenet :Leviathan^^9 KhashayaR Kirk Harrys_ Luca Rz3zNiK ducksalt abacus Pontuzz Fusl orphean Mombius Salvaje aurix Malediction depeche globaldomain atlas nnm Kahvia Normie nbm rcz iso Mikro Ragnar Hidden proto @KillaH isomeissa Przemek92-irccl sebghost Friskmaelk soczol Dizmo Benefit AlexanderS FUGaS_ Roketee iampoul caskd Aebian_ Spydar007 LucianoSilva lstanley cooldude Bajen _KaszpiR_ Lord255 renzody NuGeLo @FalconSpy wuni bn[ft] fred LadyPearlace
Mar 3, 2020 02:58:53.245096922 CET 49170 6667 192.168.2.2 104.196.117.31 NICK Carmen22
Mar 3, 2020 02:58:53.365710020 CET 6667 49170 104.196.117.31 192.168.2.2 PING :1725913034
Mar 3, 2020 02:58:53.365964890 CET 49170 6667 192.168.2.2 104.196.117.31 PONG 1725913034-Carmen22
Mar 3, 2020 02:58:53.410593987 CET 6667 49166 83.140.172.212 192.168.2.2 :port80c.se.quakenet.org 353 Eden11 = #Quakenet :Microbes aqsen blind_peer +Salt icebaby @S Randy trdaisuke trash1e oovets Akame Metatroni akoe kamikaze Ritche sebbe Pixelz RePlacer TuxTok trip butcha beenhere ^^^fIzI^^^ Arieh aimee @Ahnberg olspookishmagus meffe D AltDelete Nimra ViCi @Q @meeb ice Ekips @iolaire Timoteus Drastic @G:port80c.se.quakenet.org 366 Eden11 #Quakenet :End of /NAMES list.
Mar 3, 2020 02:58:53.486573935 CET 6667 49170 104.196.117.31 192.168.2.2 :magnet.rizon.net NOTICE Carmen22 :*** Banned until Fri Mar 6 01:58:46 2020: [G][netsec] [[email protected]:EmilycpD1l] has been matched to a known bot pattern r#35 (compromised host id#rb5d - see kline.rizon.net) - Visit http://abuse.rizon.net/akills/lookup?ip=84.17.52.24&drone for more information. (Akill ID: RT7V8S2N1B) (2020/3/3 01.58)
Mar 3, 2020 02:58:53.486634016 CET 6667 49170 104.196.117.31 192.168.2.2 ERROR :Closing Link: 84.17.52.24 (Banned)
Mar 3, 2020 02:58:53.715831995 CET 6667 49173 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** Looking up your hostname...
Mar 3, 2020 02:58:53.715867996 CET 6667 49173 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** Checking Ident
Mar 3, 2020 02:58:53.745651960 CET 6667 49173 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** No Ident response
Mar 3, 2020 02:58:53.885936022 CET 6667 49173 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** Couldn't look up your hostname
Mar 3, 2020 02:58:54.580389977 CET 6667 49166 83.140.172.212 192.168.2.2 :[email protected] NOTICE Eden11 :{14,1[15Hei} 9Eden1115,Yuk chat sambil dengarin lagu-lagu kesukaan kamu,selain bisa request hemat data juga loh.., klik 2x http://JKTRadio.com ||atau pengen jadi penyiar radio online??, kirim data kamu di [email protected] || now playing : 03The La's - There She Goes (Official Video)14\]
Mar 3, 2020 02:58:54.967786074 CET 49171 6667 192.168.2.2 104.149.232.242 USER cesVimWb 8 * :Joannac02V1
TimestampSourcePort
DestPort Source IP Dest IP Commands
Copyright Joe Security LLC 2020 Page 64 of 79
Mar 3, 2020 02:58:54.968298912 CET 49171 6667 192.168.2.2 104.149.232.242 NICK Emily10
Mar 3, 2020 02:58:55.030158043 CET 6667 49166 83.140.172.212 192.168.2.2 :[email protected] JOIN #arkku.net:port80c.se.quakenet.org 332 Eden11 #arkku.net ::: www.arkku.net :: Kotisivutilaa, bouncereita ja paljon muuta ilmaiseksi jo vuodesta 2003! :::port80c.se.quakenet.org 333 Eden11 #arkku.net Q 1570396397:port80c.se.quakenet.org 353 Eden11 = #arkku.net :Eden11 gg LOCA Filtteri kaido cenil delly Quikka RatsuReiska Viki Unkka Sakke58 ViFi DickSteel Kaizu @meukow white_ RRRRMEl Cendorr Aba mikke_ Unruhe AApee jiipeee Kaalipappa Setae trian kuppazki tintti tekki Alepa teamahma Taco CoffeeD Anzee kae LLSSNEN Sibuli Leo___ TriviaBotti zassi Sompi K0hju KindOne +Joose kakkula Fast sasha Juzi lelawala ChopSuey neutralboi Miksuu MaenNaa tasuri Rokkari Kotisivuille Tupsi sigis ASucAL nnia Epe minixmix:port80c.se.quakenet.org 353 Eden11 = #arkku.net :fear smilbur Luckie EvilWalrus kaka Angga Jimiii- teumo @Tonzas Miekkala emergency- Huppis salaneuvos ave shitbreak jjaniprkl iHaukka lupo Esko Kartsa Kadonnut Zerious juhasd kana inffy Zathor Nemesis ultiss kalyly ChosenOne luth Chip Arsq Vaitti Mossepo dare Lewder LaDeX Kopo lancel banaaneja KooD Vetu Rosvoranga psymbiote Tiwaz Aivo Pascal Jivaro wrdo Marko kepne paskalokki West84 zappi chumppi Shasu Julle- Juba JuuS0 starcraft2fi leipakone
Mar 3, 2020 02:58:55.160861015 CET 6667 49174 45.58.183.18 192.168.2.2 NOTICE AUTH :*** Looking up your hostname
Mar 3, 2020 02:58:55.263891935 CET 6667 49166 83.140.172.212 192.168.2.2 :port80c.se.quakenet.org 353 Eden11 = #arkku.net :Sheriffi @lefa Devi Ray @S ouz Nazipoli arnis @axl- Teuska jonsku @arkku Mosquito denial Arkku|55006 Arkku|55003 Arkku|55009 Arkku|55007 Arkku|55008 D @Q monni- tate Arkku|55004 Arkku|55005 Arkku|55010 Arkku|55002:port80c.se.quakenet.org 366 Eden11 #arkku.net :End of /NAMES list.
Mar 3, 2020 02:58:55.384608984 CET 6667 49174 45.58.183.18 192.168.2.2 NOTICE AUTH :*** Checking IdentNOTICE AUTH :*** No ident responseNOTICE AUTH :*** Couldn't look up your hostname
Mar 3, 2020 02:58:55.503700972 CET 6667 49166 83.140.172.212 192.168.2.2 :[email protected] NOTICE Eden11 :[#arkku.net] <-- Arkku.net : Suomen suosituimmat Bouncerit jo vuodesta 2003! -->:[email protected] MODE #arkku.net +b *!*@84.17.52.24:[email protected] KICK #arkku.net Eden11 :Banned: country ban
Mar 3, 2020 02:58:55.504091024 CET 49166 6667 192.168.2.2 83.140.172.212 JOIN #Quakenet
Mar 3, 2020 02:58:56.208849907 CET 49172 6667 192.168.2.2 194.68.45.50 USER dpikmgXw 8 * :Brianadpi3m
Mar 3, 2020 02:58:56.209116936 CET 49172 6667 192.168.2.2 194.68.45.50 NICK Kyle25
Mar 3, 2020 02:58:56.568403959 CET 6667 49175 108.61.240.240 192.168.2.2 NOTICE * :*** You are banned from DALnetNOTICE * :*** Reason: [exp/dm2] Compromised host, go to http://kline.dal.net/exploits/akills.htm [ID: DM-75] [AKILL ID: OS21583200725-100] (2020/03/02 20.58)NOTICE * :*** Connection info: <unnamed>([-][email protected]) [84.17.52.24]NOTICE * :*** Ban contact: http://www.dal.net/admin/contactkline.php3NOTICE * :*** When contacting DALnet, please include all of the information shown above:choopa.nj.us.dal.net 465 * :A-banned: [exp/dm2] Compromised host, go to http://kline.dal.net/exploits/akills.htm [ID: DM-75] [AKILL ID: OS21583200725-100] (2020/03/02 20.58)ERROR :Closing Link: 0.0.0.0 (A-banned: [exp/dm2] Compromised host, go to http://kline.dal.net/exploits/akills.htm [ID: DM-75] [AKILL ID: OS21583200725-100] (2020/03/02 20.58))
Mar 3, 2020 02:58:57.048829079 CET 6667 49166 83.140.172.212 192.168.2.2 :port80c.se.quakenet.org 474 Eden11 #arkku.net :Cannot join channel, you are banned (+b)
Mar 3, 2020 02:58:58.007168055 CET 49173 6667 192.168.2.2 80.65.57.18 USER EswNOoIy 8 * :CarlaE53NO
Mar 3, 2020 02:58:58.048651934 CET 49173 6667 192.168.2.2 80.65.57.18 NICK Anita13
Mar 3, 2020 02:58:58.090080023 CET 6667 49173 80.65.57.18 192.168.2.2 PING :2046222373
Mar 3, 2020 02:58:58.099143028 CET 49173 6667 192.168.2.2 80.65.57.18 PONG 2046222373-Anita13
Mar 3, 2020 02:58:58.131957054 CET 49174 6667 192.168.2.2 45.58.183.18 USER jlyklVNs 8 * :Sharonjl83l
Mar 3, 2020 02:58:58.140712023 CET 6667 49173 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE Anita13 :*** Banned until Fri Mar 6 02:58:46 2020: [G][netsec] [[email protected]:EmilycpD1l] has been matched to a known bot pattern r#35 (compromised host id#rb5d - see kline.rizon.net) - Visit http://abuse.rizon.net/akills/lookup?ip=84.17.52.24&drone for more information. (Akill ID: RT7V8S2N1B) (2020/3/3 02.58)
Mar 3, 2020 02:58:58.140747070 CET 6667 49173 80.65.57.18 192.168.2.2 ERROR :Closing Link: 84.17.52.24 (Banned)
Mar 3, 2020 02:58:58.159220934 CET 6667 49174 45.58.183.18 192.168.2.2 :tulip.eu.ix.undernet.org 465 * :AUTO [0] (84.17.52.24) Infected with a virus or trojan, please clean your system. (P64).ERROR :Closing Link: by tulip.eu.ix.undernet.org (G-lined)
Mar 3, 2020 02:58:58.159368992 CET 49174 6667 192.168.2.2 45.58.183.18 NICK Caitlin23
Mar 3, 2020 02:58:58.523509979 CET 6667 49176 104.196.117.31 192.168.2.2 :magnet.rizon.net NOTICE * :*** Couldn't look up your hostname (cached)
Mar 3, 2020 02:58:58.561108112 CET 6667 49177 104.149.232.242 192.168.2.2 NOTICE AUTH :*** Looking up your hostname
Mar 3, 2020 02:58:58.888370037 CET 6667 49177 104.149.232.242 192.168.2.2 NOTICE AUTH :*** Checking IdentNOTICE AUTH :*** No ident responseNOTICE AUTH :*** Couldn't look up your hostname
TimestampSourcePort
DestPort Source IP Dest IP Commands
Copyright Joe Security LLC 2020 Page 65 of 79
Mar 3, 2020 02:58:59.034497976 CET 6667 49166 83.140.172.212 192.168.2.2 :[email protected] JOIN #jakarta:port80c.se.quakenet.org 332 Eden11 #jakarta :Welcome To Jakarta! Respect The Quakenet Rules And Do Not Act Like An Idiot. Thanks:port80c.se.quakenet.org 333 Eden11 #jakarta Q 1580305391:port80c.se.quakenet.org 353 Eden11 = #jakarta :Eden11 lelaki c0n4c JupIt3r ranniee_ nyuci wie omsyukur schizo webber rhega Singo jabrai tepos Firewall iesha wUno ayuRa cicit sdx utari @SherKhan Benett zoro +lyodra Hompimpa sEm _Quake +cya bening sitti +Blade Nissa miyabi beautiful Denia Joker mantan Battousai savana dara Lestat eL uky Avior AngeLL XIUNIU guspur bagas +Light N3ynA KaMPuNGaN adit Sigrewo maniez- molty oase Kids nopir puw +Saya|Off maniez c| isun zuma +cyara katr0k persebaya:port80c.se.quakenet.org 353 Eden11 = #jakarta :Chamomile ramboo NaKaL calibra +nextjacks shap mantul Aela honey Jodi elina cauIine Sotel honesty Mac +classIc reyhan heimdall +Sinchan Safira katrok +\^^ abi Optp mokkus sunu noni o` cece amoba andra +nia- kidnap +ailie +Paso ronee Seif dul ket irul +Sing0Etdah IU Lj +phantomhive TechTube juLak RAGA Rexy arwo KaYla @herky elite Dira imas crane wirosableng renren Letta- eco Ady cinta us BeRanDaL sebghost irene Simon92 eskosong NuGeLo B_A_Y_O
Mar 3, 2020 02:58:59.269298077 CET 6667 49166 83.140.172.212 192.168.2.2 :port80c.se.quakenet.org 353 Eden11 = #jakarta :fuhren1 reborn @|Icecube-X| @Games m0djO zoonk_ OiO ^Adinda^ NapaLm akoe @ChanStat-07 kokoh archi sri D Nimra @Q:port80c.se.quakenet.org 366 Eden11 #jakarta :End of /NAMES list.
Mar 3, 2020 02:58:59.499938965 CET 6667 49166 83.140.172.212 192.168.2.2 :[email protected] NOTICE Eden11 :[#jakarta] Welcome to #Jakarta! Respect the quakenet rules and Don't act like an idiot Have respect for everyone in the channel, regardless of status. Most importantly, have fun!
Mar 3, 2020 02:59:00.198304892 CET 6667 49166 83.140.172.212 192.168.2.2 :|Icecube-X|[email protected] NOTICE Eden11 :Happy new Year 2020
Mar 3, 2020 02:59:00.995948076 CET 49175 6667 192.168.2.2 108.61.240.240 USER YEPpkkEj 8 * :LisaYEP5k
Mar 3, 2020 02:59:00.996361971 CET 49175 6667 192.168.2.2 108.61.240.240 NICK Olga23
Mar 3, 2020 02:59:01.024513006 CET 6667 49166 83.140.172.212 192.168.2.2 :[email protected] JOIN #sdamarathon:port80c.se.quakenet.org 332 Eden11 #sdamarathon :Frost Fatales 2020 is over! A big thank you to everyone who participated in raising over $50,000 for The Malala Fund! | Next up: idk | Chat rules: https://bit.ly/3bXq49c:port80c.se.quakenet.org 333 Eden11 #sdamarathon KennyMan666 1583050179:port80c.se.quakenet.org 353 Eden11 = #sdamarathon :Eden11 EmipeDSa Mateon1 horrible Black_Ribbon Lord_Nightmare RichardG867 jmui perplexa dk Lexy @Kibbo Kralian Vidi Tokkobot Sorcerer KSSBrawl_ minip lurker[] Zialus [14]Chaosvex BrightCrucible FIX94 sanfrid snapcase vociferous Da^Crux cappe comptech kekstee Ashiudo Vaporeon @maz Daz Freezard MacGyverr Motuk Smiley onekopaka ventic Demp Johnny^ m3Lith peanut|| @Qurid prx @Ravager Nanaya @KennyMan666 sgun Kernel86 lijnk tekki nephyrin_ Laban:port80c.se.quakenet.org 353 Eden11 = #sdamarathon :Hypebot bVork lapyo ToMMe brainbug Rainbearer ElBarto Snowblind Chappie-san Jettis nitroxis Drayan KindOne thedopefish sh0kk^ mipsulii maleficarium rr Makere GraveDIGGER Allo nnm DFiNE tappi Maitre @KillaH mcj Tanthie @CyberBotX Elyxi CockRoach|42 Diablo-D3 Amphinought Tezz KrzaQ Sophira Mino capman Ghabry duke Tegu jjaniprkl Lewder Supremumguru @FalconSpy hodapp_ Konvertor blind_peer theworst @S _nalle Benizakura herbie sid3windr chreddy
Mar 3, 2020 02:59:01.262207031 CET 6667 49166 83.140.172.212 192.168.2.2 :port80c.se.quakenet.org 353 Eden11 = #sdamarathon :Voronoi Nimra Learath2 Cobra_Fast Aexoden_ @anton smiler BloodBrother Saturnine Corrodias theroflcopter D Merola Finarvas @Q meeb malmat_ Ekips Deaod @A:port80c.se.quakenet.org 366 Eden11 #sdamarathon :End of /NAMES list.
Mar 3, 2020 02:59:01.407135963 CET 49176 6667 192.168.2.2 104.196.117.31 USER xrRsLBJh 8 * :BeckyxrRsL
Mar 3, 2020 02:59:01.428072929 CET 49177 6667 192.168.2.2 104.149.232.242 USER xrRsLBJh 8 * :BeckyxrRsL
Mar 3, 2020 02:59:01.527154922 CET 49176 6667 192.168.2.2 104.196.117.31 NICK Gilda13
Mar 3, 2020 02:59:01.563450098 CET 6667 49177 104.149.232.242 192.168.2.2 :dallas.tx.us.undernet.org 465 * :AUTO [0] (84.17.52.24) Infected with a virus or trojan, please clean your system. (P64).ERROR :Closing Link: by dallas.tx.us.undernet.org (G-lined)
Mar 3, 2020 02:59:01.563616037 CET 49177 6667 192.168.2.2 104.149.232.242 NICK Gilda13
Mar 3, 2020 02:59:01.647006035 CET 6667 49176 104.196.117.31 192.168.2.2 PING :612885048
Mar 3, 2020 02:59:01.647778034 CET 49176 6667 192.168.2.2 104.196.117.31 PONG 612885048-Gilda13
Mar 3, 2020 02:59:01.767852068 CET 6667 49176 104.196.117.31 192.168.2.2 :magnet.rizon.net NOTICE Gilda13 :*** Banned until Fri Mar 6 01:58:46 2020: [G][netsec] [[email protected]:EmilycpD1l] has been matched to a known bot pattern r#35 (compromised host id#rb5d - see kline.rizon.net) - Visit http://abuse.rizon.net/akills/lookup?ip=84.17.52.24&drone for more information. (Akill ID: RT7V8S2N1B) (2020/3/3 01.58)
Mar 3, 2020 02:59:01.767889023 CET 6667 49176 104.196.117.31 192.168.2.2 ERROR :Closing Link: 84.17.52.24 (Banned)
Mar 3, 2020 02:59:01.970271111 CET 6667 49179 104.149.232.242 192.168.2.2 NOTICE AUTH :*** Looking up your hostname
Mar 3, 2020 02:59:01.993985891 CET 6667 49180 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** Couldn't look up your hostname (cached)
Mar 3, 2020 02:59:01.994024038 CET 6667 49180 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** Checking Ident
Mar 3, 2020 02:59:02.077090025 CET 6667 49180 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** No Ident response
TimestampSourcePort
DestPort Source IP Dest IP Commands
Copyright Joe Security LLC 2020 Page 66 of 79
Mar 3, 2020 02:59:02.302633047 CET 6667 49179 104.149.232.242 192.168.2.2 NOTICE AUTH :*** Checking IdentNOTICE AUTH :*** Couldn't look up your hostnameNOTICE AUTH :*** No ident response
Mar 3, 2020 02:59:04.371233940 CET 49178 6667 192.168.2.2 194.14.236.50 USER EnwjmCjt 8 * :KaraEnwjm
Mar 3, 2020 02:59:04.371680975 CET 49178 6667 192.168.2.2 194.14.236.50 NICK Lisa18
Mar 3, 2020 02:59:04.679810047 CET 6667 49182 194.14.236.50 192.168.2.2 NOTICE * :*** You are banned from DALnetNOTICE * :*** Reason: [exp/dm2] Compromised host, go to http://kline.dal.net/exploits/akills.htm [ID: DM-75] [AKILL ID: OS21583200725-100] (2020/03/03 03.58)NOTICE * :*** Connection info: <unnamed>([-][email protected]) [84.17.52.24]NOTICE * :*** Ban contact: http://www.dal.net/admin/contactkline.php3NOTICE * :*** When contacting DALnet, please include all of the information shown above:nonstop.ix.me.dal.net 465 * :A-banned: [exp/dm2] Compromised host, go to http://kline.dal.net/exploits/akills.htm [ID: DM-75] [AKILL ID: OS21583200725-100] (2020/03/03 03.58)ERROR :Closing Link: 0.0.0.0 (A-banned: [exp/dm2] Compromised host, go to http://kline.dal.net/exploits/akills.htm [ID: DM-75] [AKILL ID: OS21583200725-100] (2020/03/03 03.58))
Mar 3, 2020 02:59:04.830960989 CET 49179 6667 192.168.2.2 104.149.232.242 USER lnkmwGOC 8 * :Caitlinl0k2w
Mar 3, 2020 02:59:04.951395035 CET 49180 6667 192.168.2.2 80.65.57.18 USER MytmhsxL 8 * :DoraMy0m0
Mar 3, 2020 02:59:04.966377020 CET 6667 49179 104.149.232.242 192.168.2.2 :dallas.tx.us.undernet.org 465 * :AUTO [0] (84.17.52.24) Infected with a virus or trojan, please clean your system. (P64).ERROR :Closing Link: by dallas.tx.us.undernet.org (G-lined)
Mar 3, 2020 02:59:04.966583967 CET 49179 6667 192.168.2.2 104.149.232.242 NICK Gilda14
Mar 3, 2020 02:59:04.993031025 CET 49180 6667 192.168.2.2 80.65.57.18 NICK Iris21
Mar 3, 2020 02:59:05.034434080 CET 6667 49180 80.65.57.18 192.168.2.2 PING :112689341
Mar 3, 2020 02:59:05.034728050 CET 49180 6667 192.168.2.2 80.65.57.18 PONG 112689341-Iris21
Mar 3, 2020 02:59:05.076208115 CET 6667 49180 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE Iris21 :*** Banned until Fri Mar 6 02:58:46 2020: [G][netsec] [[email protected]:EmilycpD1l] has been matched to a known bot pattern r#35 (compromised host id#rb5d - see kline.rizon.net) - Visit http://abuse.rizon.net/akills/lookup?ip=84.17.52.24&drone for more information. (Akill ID: RT7V8S2N1B) (2020/3/3 02.58)
Mar 3, 2020 02:59:05.076270103 CET 6667 49180 80.65.57.18 192.168.2.2 ERROR :Closing Link: 84.17.52.24 (Banned)
Mar 3, 2020 02:59:05.296905994 CET 6667 49184 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** Couldn't look up your hostname (cached)
Mar 3, 2020 02:59:05.296952009 CET 6667 49184 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** Checking Ident
Mar 3, 2020 02:59:05.326730967 CET 6667 49184 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** No Ident response
Mar 3, 2020 02:59:05.369796991 CET 6667 49183 91.236.182.1 192.168.2.2 NOTICE AUTH :*** Looking up your hostname
Mar 3, 2020 02:59:05.679714918 CET 6667 49183 91.236.182.1 192.168.2.2 NOTICE AUTH :*** Checking IdentNOTICE AUTH :*** No ident response
Mar 3, 2020 02:59:07.595079899 CET 49182 6667 192.168.2.2 194.14.236.50 USER gMbqpksW 8 * :PeggygMbqp
Mar 3, 2020 02:59:07.595314026 CET 49182 6667 192.168.2.2 194.14.236.50 NICK Kyle25
Mar 3, 2020 02:59:07.967720032 CET 6667 49185 154.35.138.250 192.168.2.2 NOTICE * :*** You are banned from DALnetNOTICE * :*** Reason: [exp/dm2] Compromised host, go to http://kline.dal.net/exploits/akills.htm [ID: DM-75] [AKILL ID: OS21583200725-100] (2020/03/02 19.58)NOTICE * :*** Connection info: <unnamed>([-][email protected]) [84.17.52.24]NOTICE * :*** Ban contact: [email protected] * :*** When contacting DALnet, please include all of the information shown above:halcyon.il.us.dal.net 465 * :A-banned: [exp/dm2] Compromised host, go to http://kline.dal.net/exploits/akills.htm [ID: DM-75] [AKILL ID: OS21583200725-100] (2020/03/02 19.58)ERROR :Closing Link: 0.0.0.0 (A-banned: [exp/dm2] Compromised host, go to http://kline.dal.net/exploits/akills.htm [ID: DM-75] [AKILL ID: OS21583200725-100] (2020/03/02 19.58))
Mar 3, 2020 02:59:08.216483116 CET 49183 6667 192.168.2.2 91.236.182.1 USER OPwukcyP 8 * :IdaOP3u0
Mar 3, 2020 02:59:08.256709099 CET 49184 6667 192.168.2.2 80.65.57.18 USER LFoqxUEX 8 * :AprilLF101
Mar 3, 2020 02:59:08.298424006 CET 49184 6667 192.168.2.2 80.65.57.18 NICK Gilda11
Mar 3, 2020 02:59:08.332106113 CET 49183 6667 192.168.2.2 91.236.182.1 NICK Gilda27
Mar 3, 2020 02:59:08.340002060 CET 6667 49184 80.65.57.18 192.168.2.2 PING :627817478
Mar 3, 2020 02:59:08.340255976 CET 49184 6667 192.168.2.2 80.65.57.18 PONG 627817478-Gilda11
Mar 3, 2020 02:59:08.381788015 CET 6667 49184 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE Gilda11 :*** Banned until Fri Mar 6 02:58:46 2020: [G][netsec] [[email protected]:EmilycpD1l] has been matched to a known bot pattern r#35 (compromised host id#rb5d - see kline.rizon.net) - Visit http://abuse.rizon.net/akills/lookup?ip=84.17.52.24&drone for more information. (Akill ID: RT7V8S2N1B) (2020/3/3 02.58)
Mar 3, 2020 02:59:08.381849051 CET 6667 49184 80.65.57.18 192.168.2.2 ERROR :Closing Link: 84.17.52.24 (Banned)
Mar 3, 2020 02:59:08.447459936 CET 6667 49183 91.236.182.1 192.168.2.2 PING :1728441652
Mar 3, 2020 02:59:08.447877884 CET 49183 6667 192.168.2.2 91.236.182.1 PONG 1728441652MGilda27
Mar 3, 2020 02:59:08.604708910 CET 6667 49186 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** Couldn't look up your hostname (cached)
Mar 3, 2020 02:59:08.604748011 CET 6667 49186 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** Checking Ident
Mar 3, 2020 02:59:08.634540081 CET 6667 49186 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** No Ident response
TimestampSourcePort
DestPort Source IP Dest IP Commands
Copyright Joe Security LLC 2020 Page 67 of 79
Mar 3, 2020 02:59:10.850178003 CET 49185 6667 192.168.2.2 154.35.138.250 USER RryjtpB 8 * :NovaR1y5
Mar 3, 2020 02:59:10.850610018 CET 49185 6667 192.168.2.2 154.35.138.250 NICK Ivana21
Mar 3, 2020 02:59:11.561904907 CET 49186 6667 192.168.2.2 80.65.57.18 USER cifFmsEb 8 * :Jewelci4F5
Mar 3, 2020 02:59:11.603653908 CET 49186 6667 192.168.2.2 80.65.57.18 NICK Erika11
Mar 3, 2020 02:59:11.645185947 CET 6667 49186 80.65.57.18 192.168.2.2 PING :2034416425
Mar 3, 2020 02:59:11.645476103 CET 49186 6667 192.168.2.2 80.65.57.18 PONG 2034416425-Erika11
Mar 3, 2020 02:59:11.686978102 CET 6667 49186 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE Erika11 :*** Banned until Fri Mar 6 02:58:46 2020: [G][netsec] [[email protected]:EmilycpD1l] has been matched to a known bot pattern r#35 (compromised host id#rb5d - see kline.rizon.net) - Visit http://abuse.rizon.net/akills/lookup?ip=84.17.52.24&drone for more information. (Akill ID: RT7V8S2N1B) (2020/3/3 02.58)
Mar 3, 2020 02:59:11.687019110 CET 6667 49186 80.65.57.18 192.168.2.2 ERROR :Closing Link: 84.17.52.24 (Banned)
Mar 3, 2020 02:59:11.909904003 CET 6667 49188 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** Couldn't look up your hostname (cached)
Mar 3, 2020 02:59:11.909946918 CET 6667 49188 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** Checking Ident
Mar 3, 2020 02:59:11.939697981 CET 6667 49188 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** No Ident response
Mar 3, 2020 02:59:13.657757044 CET 6667 49183 91.236.182.1 192.168.2.2 NOTICE AUTH :*** Couldn't look up your hostname
Mar 3, 2020 02:59:13.657850027 CET 6667 49183 91.236.182.1 192.168.2.2 :Chicago.IL.US.Undernet.Org 465 Gilda27 :AUTO [0] (84.17.52.24) Infected with a virus or trojan, please clean your system. (P64).ERROR :Closing Link: Gilda27 by Chicago.IL.US.Undernet.Org (G-lined)
Mar 3, 2020 02:59:14.447218895 CET 49187 6667 192.168.2.2 108.61.240.240 USER oHNpxCxy 8 * :NicoleoHNp4
Mar 3, 2020 02:59:14.447371960 CET 49187 6667 192.168.2.2 108.61.240.240 NICK Violet26
Mar 3, 2020 02:59:14.865953922 CET 49188 6667 192.168.2.2 80.65.57.18 USER veQQsxm 8 * :Camillev3QQ
Mar 3, 2020 02:59:14.907685995 CET 49188 6667 192.168.2.2 80.65.57.18 NICK Lolita15
Mar 3, 2020 02:59:14.916364908 CET 6667 49189 23.228.66.219 192.168.2.2 NOTICE AUTH :*** Looking up your hostname
Mar 3, 2020 02:59:14.949181080 CET 6667 49188 80.65.57.18 192.168.2.2 PING :228596440
Mar 3, 2020 02:59:14.949486017 CET 49188 6667 192.168.2.2 80.65.57.18 PONG 228596440-Lolita15
Mar 3, 2020 02:59:14.991106033 CET 6667 49188 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE Lolita15 :*** Banned until Fri Mar 6 02:58:46 2020: [G][netsec] [[email protected]:EmilycpD1l] has been matched to a known bot pattern r#35 (compromised host id#rb5d - see kline.rizon.net) - Visit http://abuse.rizon.net/akills/lookup?ip=84.17.52.24&drone for more information. (Akill ID: RT7V8S2N1B) (2020/3/3 02.58)
Mar 3, 2020 02:59:14.991154909 CET 6667 49188 80.65.57.18 192.168.2.2 ERROR :Closing Link: 84.17.52.24 (Banned)
Mar 3, 2020 02:59:15.216533899 CET 6667 49191 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** Couldn't look up your hostname (cached)
Mar 3, 2020 02:59:15.216568947 CET 6667 49191 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** Checking Ident
Mar 3, 2020 02:59:15.268805027 CET 6667 49191 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** No Ident response
Mar 3, 2020 02:59:15.280556917 CET 6667 49189 23.228.66.219 192.168.2.2 NOTICE AUTH :*** Checking IdentNOTICE AUTH :*** No ident response
Mar 3, 2020 02:59:15.505007029 CET 6667 49191 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** No Ident response
Mar 3, 2020 02:59:17.659779072 CET 49190 6667 192.168.2.2 194.14.236.50 USER uwTpBrj 8 * :Bellau3Tp
Mar 3, 2020 02:59:17.660079956 CET 49190 6667 192.168.2.2 194.14.236.50 NICK Nora19
Mar 3, 2020 02:59:17.750649929 CET 49189 6667 192.168.2.2 23.228.66.219 USER vkeempyC 8 * :Damitavke08
Mar 3, 2020 02:59:17.983155012 CET 6667 49192 108.61.240.240 192.168.2.2 NOTICE * :*** You are banned from DALnetNOTICE * :*** Reason: [exp/dm2] Compromised host, go to http://kline.dal.net/exploits/akills.htm [ID: DM-75] [AKILL ID: OS21583200725-100] (2020/03/02 20.58)NOTICE * :*** Connection info: <unnamed>([-][email protected]) [84.17.52.24]NOTICE * :*** Ban contact: http://www.dal.net/admin/contactkline.php3NOTICE * :*** When contacting DALnet, please include all of the information shown above:choopa.nj.us.dal.net 465 * :A-banned: [exp/dm2] Compromised host, go to http://kline.dal.net/exploits/akills.htm [ID: DM-75] [AKILL ID: OS21583200725-100] (2020/03/02 20.58)ERROR :Closing Link: 0.0.0.0 (A-banned: [exp/dm2] Compromised host, go to http://kline.dal.net/exploits/akills.htm [ID: DM-75] [AKILL ID: OS21583200725-100] (2020/03/02 20.58))
Mar 3, 2020 02:59:18.021398067 CET 49189 6667 192.168.2.2 23.228.66.219 NICK Peggy26
Mar 3, 2020 02:59:18.170109987 CET 49191 6667 192.168.2.2 80.65.57.18 USER eWghnoey 8 * :NadiaeWghn
Mar 3, 2020 02:59:18.186322927 CET 6667 49189 23.228.66.219 192.168.2.2 PING :1538261459
Mar 3, 2020 02:59:18.186635971 CET 49189 6667 192.168.2.2 23.228.66.219 PONG 1538261459MPeggy26
Mar 3, 2020 02:59:18.211767912 CET 49191 6667 192.168.2.2 80.65.57.18 NICK Julie15
Mar 3, 2020 02:59:18.258044004 CET 6667 49191 80.65.57.18 192.168.2.2 PING :1680787737
Mar 3, 2020 02:59:18.258387089 CET 49191 6667 192.168.2.2 80.65.57.18 PONG 1680787737-Julie15
Mar 3, 2020 02:59:18.299989939 CET 6667 49191 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE Julie15 :*** Banned until Fri Mar 6 02:58:46 2020: [G][netsec] [[email protected]:EmilycpD1l] has been matched to a known bot pattern r#35 (compromised host id#rb5d - see kline.rizon.net) - Visit http://abuse.rizon.net/akills/lookup?ip=84.17.52.24&drone for more information. (Akill ID: RT7V8S2N1B) (2020/3/3 02.58)
Mar 3, 2020 02:59:18.300030947 CET 6667 49191 80.65.57.18 192.168.2.2 ERROR :Closing Link: 84.17.52.24 (Banned)
Mar 3, 2020 02:59:18.692877054 CET 6667 49193 104.196.117.31 192.168.2.2 :magnet.rizon.net NOTICE * :*** Couldn't look up your hostname (cached)
Mar 3, 2020 02:59:20.895549059 CET 49192 6667 192.168.2.2 108.61.240.240 USER lEmmCpkg 8 * :EmilylEm2C
TimestampSourcePort
DestPort Source IP Dest IP Commands
Copyright Joe Security LLC 2020 Page 68 of 79
Mar 3, 2020 02:59:20.896001101 CET 49192 6667 192.168.2.2 108.61.240.240 NICK Wendy29
Mar 3, 2020 02:59:21.575278997 CET 49193 6667 192.168.2.2 104.196.117.31 USER yGCmkbvh 8 * :LaurayGC2k
Mar 3, 2020 02:59:21.695188046 CET 49193 6667 192.168.2.2 104.196.117.31 NICK Rosa15
Mar 3, 2020 02:59:21.814886093 CET 6667 49193 104.196.117.31 192.168.2.2 PING :883254080
Mar 3, 2020 02:59:21.815198898 CET 49193 6667 192.168.2.2 104.196.117.31 PONG 883254080-Rosa15
Mar 3, 2020 02:59:21.935086012 CET 6667 49193 104.196.117.31 192.168.2.2 :magnet.rizon.net NOTICE Rosa15 :*** Banned until Fri Mar 6 01:58:46 2020: [G][netsec] [[email protected]:EmilycpD1l] has been matched to a known bot pattern r#35 (compromised host id#rb5d - see kline.rizon.net) - Visit http://abuse.rizon.net/akills/lookup?ip=84.17.52.24&drone for more information. (Akill ID: RT7V8S2N1B) (2020/3/3 01.58)
Mar 3, 2020 02:59:21.935127020 CET 6667 49193 104.196.117.31 192.168.2.2 ERROR :Closing Link: 84.17.52.24 (Banned)
Mar 3, 2020 02:59:22.160619974 CET 6667 49195 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** Couldn't look up your hostname (cached)
Mar 3, 2020 02:59:22.160659075 CET 6667 49195 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** Checking Ident
Mar 3, 2020 02:59:22.190486908 CET 6667 49195 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** No Ident response
Mar 3, 2020 02:59:23.259809971 CET 6667 49189 23.228.66.219 192.168.2.2 NOTICE AUTH :*** Couldn't look up your hostname
Mar 3, 2020 02:59:23.259846926 CET 6667 49189 23.228.66.219 192.168.2.2 :LosAngeles.CA.US.Undernet.Org 465 Peggy26 :AUTO [0] (84.17.52.24) Infected with a virus or trojan, please clean your system. (P64).ERROR :Closing Link: Peggy26 by LosAngeles.CA.US.Undernet.Org (G-lined)
Mar 3, 2020 02:59:23.451423883 CET 6667 49196 45.58.183.18 192.168.2.2 NOTICE AUTH :*** Looking up your hostname
Mar 3, 2020 02:59:23.685488939 CET 6667 49196 45.58.183.18 192.168.2.2 NOTICE AUTH :*** Checking IdentNOTICE AUTH :*** No ident responseNOTICE AUTH :*** Couldn't look up your hostname
Mar 3, 2020 02:59:24.139450073 CET 49194 6667 192.168.2.2 154.35.138.250 USER bSEeHWEf 8 * :CaitlinbSE0H
Mar 3, 2020 02:59:24.139844894 CET 49194 6667 192.168.2.2 154.35.138.250 NICK Isabel14
Mar 3, 2020 02:59:25.120158911 CET 49195 6667 192.168.2.2 80.65.57.18 USER MFdhGsKL 8 * :OliviaMFd0G
Mar 3, 2020 02:59:25.162019014 CET 49195 6667 192.168.2.2 80.65.57.18 NICK Vanessa23
Mar 3, 2020 02:59:25.203563929 CET 6667 49195 80.65.57.18 192.168.2.2 PING :2054476465
Mar 3, 2020 02:59:25.203818083 CET 49195 6667 192.168.2.2 80.65.57.18 PONG 2054476465-Vanessa23
Mar 3, 2020 02:59:25.245354891 CET 6667 49195 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE Vanessa23 :*** Banned until Fri Mar 6 02:58:46 2020: [G][netsec] [[email protected]:EmilycpD1l] has been matched to a known bot pattern r#35 (compromised host id#rb5d - see kline.rizon.net) - Visit http://abuse.rizon.net/akills/lookup?ip=84.17.52.24&drone for more information. (Akill ID: RT7V8S2N1B) (2020/3/3 02.58)
Mar 3, 2020 02:59:25.245388985 CET 6667 49195 80.65.57.18 192.168.2.2 ERROR :Closing Link: 84.17.52.24 (Banned)
Mar 3, 2020 02:59:25.462455988 CET 6667 49199 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** Couldn't look up your hostname (cached)
Mar 3, 2020 02:59:25.462486029 CET 6667 49199 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** Checking Ident
Mar 3, 2020 02:59:25.492347956 CET 6667 49199 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** No Ident response
Mar 3, 2020 02:59:25.740987062 CET 6667 49199 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** No Ident response
Mar 3, 2020 02:59:26.422317982 CET 49196 6667 192.168.2.2 45.58.183.18 USER FHfHgppg 8 * :DorisFHfH8
Mar 3, 2020 02:59:26.449775934 CET 6667 49196 45.58.183.18 192.168.2.2 :tulip.eu.ix.undernet.org 465 * :AUTO [0] (84.17.52.24) Infected with a virus or trojan, please clean your system. (P64).ERROR :Closing Link: by tulip.eu.ix.undernet.org (G-lined)
Mar 3, 2020 02:59:26.450037956 CET 49196 6667 192.168.2.2 45.58.183.18 NICK Lynn15
Mar 3, 2020 02:59:26.886105061 CET 6667 49200 104.149.232.242 192.168.2.2 ERROR :Your host is trying to (re)connect too fast -- throttled
Mar 3, 2020 02:59:27.373774052 CET 49197 6667 192.168.2.2 108.61.240.240 USER ulvijPtk 8 * :Rosaulv12
Mar 3, 2020 02:59:27.374203920 CET 49197 6667 192.168.2.2 108.61.240.240 NICK Nadia21
Mar 3, 2020 02:59:27.660200119 CET 6667 49201 194.14.236.50 192.168.2.2 NOTICE * :*** You are banned from DALnetNOTICE * :*** Reason: [exp/dm2] Compromised host, go to http://kline.dal.net/exploits/akills.htm [ID: DM-75] [AKILL ID: OS21583200725-100] (2020/03/03 03.58)NOTICE * :*** Connection info: <unnamed>([-][email protected]) [84.17.52.24]NOTICE * :*** Ban contact: http://www.dal.net/admin/contactkline.php3NOTICE * :*** When contacting DALnet, please include all of the information shown above:nonstop.ix.me.dal.net 465 * :A-banned: [exp/dm2] Compromised host, go to http://kline.dal.net/exploits/akills.htm [ID: DM-75] [AKILL ID: OS21583200725-100] (2020/03/03 03.58)ERROR :Closing Link: 0.0.0.0 (A-banned: [exp/dm2] Compromised host, go to http://kline.dal.net/exploits/akills.htm [ID: DM-75] [AKILL ID: OS21583200725-100] (2020/03/03 03.58))
Mar 3, 2020 02:59:28.415364981 CET 49199 6667 192.168.2.2 80.65.57.18 USER lrgKWuyY 8 * :KatrinalrgKW
Mar 3, 2020 02:59:28.456986904 CET 49199 6667 192.168.2.2 80.65.57.18 NICK Ruby13
Mar 3, 2020 02:59:28.498563051 CET 6667 49199 80.65.57.18 192.168.2.2 PING :3457978677
Mar 3, 2020 02:59:28.498791933 CET 49199 6667 192.168.2.2 80.65.57.18 PONG 3457978677-Ruby13
Mar 3, 2020 02:59:28.540285110 CET 6667 49199 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE Ruby13 :*** Banned until Fri Mar 6 02:58:46 2020: [G][netsec] [[email protected]:EmilycpD1l] has been matched to a known bot pattern r#35 (compromised host id#rb5d - see kline.rizon.net) - Visit http://abuse.rizon.net/akills/lookup?ip=84.17.52.24&drone for more information. (Akill ID: RT7V8S2N1B) (2020/3/3 02.58)
TimestampSourcePort
DestPort Source IP Dest IP Commands
Copyright Joe Security LLC 2020 Page 69 of 79
Mar 3, 2020 02:59:28.540324926 CET 6667 49199 80.65.57.18 192.168.2.2 ERROR :Closing Link: 84.17.52.24 (Banned)
Mar 3, 2020 02:59:28.946645975 CET 6667 49202 104.196.117.31 192.168.2.2 :magnet.rizon.net NOTICE * :*** Couldn't look up your hostname (cached)
Mar 3, 2020 02:59:29.747596979 CET 49200 6667 192.168.2.2 104.149.232.242 USER ikbplLbs 8 * :Karaikb81
Mar 3, 2020 02:59:29.748012066 CET 49200 6667 192.168.2.2 104.149.232.242 NICK Lynn28
Mar 3, 2020 02:59:29.953020096 CET 6667 49203 185.117.74.172 192.168.2.2 NOTICE AUTH :*** Looking up your hostname
Mar 3, 2020 02:59:30.188704014 CET 6667 49203 185.117.74.172 192.168.2.2 NOTICE AUTH :*** Checking IdentNOTICE AUTH :*** No ident responseNOTICE AUTH :*** Couldn't look up your hostname
Mar 3, 2020 02:59:30.588709116 CET 49201 6667 192.168.2.2 194.14.236.50 USER ljprjTgy 8 * :Alysial88rj
Mar 3, 2020 02:59:30.589184999 CET 49201 6667 192.168.2.2 194.14.236.50 NICK Violet10
Mar 3, 2020 02:59:31.820142031 CET 49202 6667 192.168.2.2 104.196.117.31 USER DygyuhJk 8 * :AprilD58yu
Mar 3, 2020 02:59:31.940629005 CET 49202 6667 192.168.2.2 104.196.117.31 NICK Rosa11
Mar 3, 2020 02:59:32.060950041 CET 6667 49202 104.196.117.31 192.168.2.2 PING :4110180954
Mar 3, 2020 02:59:32.061156034 CET 49202 6667 192.168.2.2 104.196.117.31 PONG 4110180954-Rosa11
Mar 3, 2020 02:59:32.181524038 CET 6667 49202 104.196.117.31 192.168.2.2 :magnet.rizon.net NOTICE Rosa11 :*** Banned until Fri Mar 6 01:58:46 2020: [G][netsec] [[email protected]:EmilycpD1l] has been matched to a known bot pattern r#35 (compromised host id#rb5d - see kline.rizon.net) - Visit http://abuse.rizon.net/akills/lookup?ip=84.17.52.24&drone for more information. (Akill ID: RT7V8S2N1B) (2020/3/3 01.58)
Mar 3, 2020 02:59:32.181557894 CET 6667 49202 104.196.117.31 192.168.2.2 ERROR :Closing Link: 84.17.52.24 (Banned)
Mar 3, 2020 02:59:32.561472893 CET 6667 49205 104.196.117.31 192.168.2.2 :magnet.rizon.net NOTICE * :*** Couldn't look up your hostname (cached)
Mar 3, 2020 02:59:32.921917915 CET 49203 6667 192.168.2.2 185.117.74.172 USER utdoqfh 8 * :Elizautd7
Mar 3, 2020 02:59:32.953246117 CET 6667 49203 185.117.74.172 192.168.2.2 :Capelle.NL.EU.Undernet.Org 465 * :AUTO [0] (84.17.52.24) Infected with a virus or trojan, please clean your system. (P64).ERROR :Closing Link: by Capelle.NL.EU.Undernet.Org (G-lined)
Mar 3, 2020 02:59:32.953480959 CET 49203 6667 192.168.2.2 185.117.74.172 NICK Emily10
Mar 3, 2020 02:59:33.324238062 CET 6667 49206 91.236.182.1 192.168.2.2 NOTICE AUTH :*** Looking up your hostname
Mar 3, 2020 02:59:33.638245106 CET 6667 49206 91.236.182.1 192.168.2.2 NOTICE AUTH :*** Checking IdentNOTICE AUTH :*** No ident response
Mar 3, 2020 02:59:33.822849989 CET 49204 6667 192.168.2.2 108.61.240.240 USER frCViUr 8 * :Evef1CV
Mar 3, 2020 02:59:33.823105097 CET 49204 6667 192.168.2.2 108.61.240.240 NICK Ivana12
Mar 3, 2020 02:59:35.445885897 CET 49205 6667 192.168.2.2 104.196.117.31 USER qtDlvjRw 8 * :NaomiqtDl2
Mar 3, 2020 02:59:35.566081047 CET 49205 6667 192.168.2.2 104.196.117.31 NICK Maia10
Mar 3, 2020 02:59:35.686002016 CET 6667 49205 104.196.117.31 192.168.2.2 PING :3249942162
Mar 3, 2020 02:59:35.686332941 CET 49205 6667 192.168.2.2 104.196.117.31 PONG 3249942162-Maia10
Mar 3, 2020 02:59:35.806415081 CET 6667 49205 104.196.117.31 192.168.2.2 :magnet.rizon.net NOTICE Maia10 :*** Banned until Fri Mar 6 01:58:46 2020: [G][netsec] [[email protected]:EmilycpD1l] has been matched to a known bot pattern r#35 (compromised host id#rb5d - see kline.rizon.net) - Visit http://abuse.rizon.net/akills/lookup?ip=84.17.52.24&drone for more information. (Akill ID: RT7V8S2N1B) (2020/3/3 01.58)
Mar 3, 2020 02:59:35.806442022 CET 6667 49205 104.196.117.31 192.168.2.2 ERROR :Closing Link: 84.17.52.24 (Banned)
Mar 3, 2020 02:59:36.088155031 CET 6667 49208 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** Couldn't look up your hostname (cached)
Mar 3, 2020 02:59:36.088191986 CET 6667 49208 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** Checking Ident
Mar 3, 2020 02:59:36.118148088 CET 6667 49208 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** No Ident response
Mar 3, 2020 02:59:36.206425905 CET 49206 6667 192.168.2.2 91.236.182.1 USER ghbMOimi 8 * :Beckygh3MO
Mar 3, 2020 02:59:36.322153091 CET 49206 6667 192.168.2.2 91.236.182.1 NICK Myra23
Mar 3, 2020 02:59:36.437805891 CET 6667 49206 91.236.182.1 192.168.2.2 PING :240592157
Mar 3, 2020 02:59:36.438122988 CET 49206 6667 192.168.2.2 91.236.182.1 PONG 240592157MMyra23
Mar 3, 2020 02:59:37.037763119 CET 49207 6667 192.168.2.2 194.14.236.50 USER txinQuhu 8 * :Kassiat17nQ
Mar 3, 2020 02:59:37.037992001 CET 49207 6667 192.168.2.2 194.14.236.50 NICK Mimi22
Mar 3, 2020 02:59:37.400521040 CET 6667 49209 154.35.138.250 192.168.2.2 NOTICE * :*** You are banned from DALnetNOTICE * :*** Reason: [exp/dm2] Compromised host, go to http://kline.dal.net/exploits/akills.htm [ID: DM-75] [AKILL ID: OS21583200725-100] (2020/03/02 19.58)NOTICE * :*** Connection info: <unnamed>([-][email protected]) [84.17.52.24]NOTICE * :*** Ban contact: [email protected] * :*** When contacting DALnet, please include all of the information shown above:halcyon.il.us.dal.net 465 * :A-banned: [exp/dm2] Compromised host, go to http://kline.dal.net/exploits/akills.htm [ID: DM-75] [AKILL ID: OS21583200725-100] (2020/03/02 19.58)ERROR :Closing Link: 0.0.0.0 (A-banned: [exp/dm2] Compromised host, go to http://kline.dal.net/exploits/akills.htm [ID: DM-75] [AKILL ID: OS21583200725-100] (2020/03/02 19.58))
Mar 3, 2020 02:59:38.990075111 CET 49208 6667 192.168.2.2 80.65.57.18 USER NcegRThc 8 * :ZilyaNc0gR
Mar 3, 2020 02:59:39.031718016 CET 49208 6667 192.168.2.2 80.65.57.18 NICK Rita27
Mar 3, 2020 02:59:39.073071003 CET 6667 49208 80.65.57.18 192.168.2.2 PING :46455941
Mar 3, 2020 02:59:39.073399067 CET 49208 6667 192.168.2.2 80.65.57.18 PONG 46455941-Rita27
TimestampSourcePort
DestPort Source IP Dest IP Commands
Copyright Joe Security LLC 2020 Page 70 of 79
Mar 3, 2020 02:59:39.114797115 CET 6667 49208 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE Rita27 :*** Banned until Fri Mar 6 02:58:46 2020: [G][netsec] [[email protected]:EmilycpD1l] has been matched to a known bot pattern r#35 (compromised host id#rb5d - see kline.rizon.net) - Visit http://abuse.rizon.net/akills/lookup?ip=84.17.52.24&drone for more information. (Akill ID: RT7V8S2N1B) (2020/3/3 02.58)
Mar 3, 2020 02:59:39.114834070 CET 6667 49208 80.65.57.18 192.168.2.2 ERROR :Closing Link: 84.17.52.24 (Banned)
Mar 3, 2020 02:59:39.330832958 CET 6667 49210 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** Couldn't look up your hostname (cached)
Mar 3, 2020 02:59:39.330866098 CET 6667 49210 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** Checking Ident
Mar 3, 2020 02:59:39.360644102 CET 6667 49210 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** No Ident response
Mar 3, 2020 02:59:40.282908916 CET 49209 6667 192.168.2.2 154.35.138.250 USER gehgqPlu 8 * :Julietge350
Mar 3, 2020 02:59:40.283962011 CET 49209 6667 192.168.2.2 154.35.138.250 NICK Katrina19
Mar 3, 2020 02:59:40.612673044 CET 6667 49211 108.61.240.240 192.168.2.2 NOTICE * :*** You are banned from DALnetNOTICE * :*** Reason: [exp/dm2] Compromised host, go to http://kline.dal.net/exploits/akills.htm [ID: DM-75] [AKILL ID: OS21583200725-100] (2020/03/02 20.58)NOTICE * :*** Connection info: <unnamed>([-][email protected]) [84.17.52.24]NOTICE * :*** Ban contact: http://www.dal.net/admin/contactkline.php3NOTICE * :*** When contacting DALnet, please include all of the information shown above:choopa.nj.us.dal.net 465 * :A-banned: [exp/dm2] Compromised host, go to http://kline.dal.net/exploits/akills.htm [ID: DM-75] [AKILL ID: OS21583200725-100] (2020/03/02 20.58)ERROR :Closing Link: 0.0.0.0 (A-banned: [exp/dm2] Compromised host, go to http://kline.dal.net/exploits/akills.htm [ID: DM-75] [AKILL ID: OS21583200725-100] (2020/03/02 20.58))
Mar 3, 2020 02:59:41.672310114 CET 6667 49206 91.236.182.1 192.168.2.2 NOTICE AUTH :*** Couldn't look up your hostname
Mar 3, 2020 02:59:41.672432899 CET 6667 49206 91.236.182.1 192.168.2.2 :Chicago.IL.US.Undernet.Org 465 Myra23 :AUTO [0] (84.17.52.24) Infected with a virus or trojan, please clean your system. (P64).ERROR :Closing Link: Myra23 by Chicago.IL.US.Undernet.Org (G-lined)
Mar 3, 2020 02:59:41.869467020 CET 6667 49212 185.117.74.172 192.168.2.2 NOTICE AUTH :*** Looking up your hostname
Mar 3, 2020 02:59:42.095926046 CET 6667 49212 185.117.74.172 192.168.2.2 NOTICE AUTH :*** Checking IdentNOTICE AUTH :*** Couldn't look up your hostnameNOTICE AUTH :*** No ident response
Mar 3, 2020 02:59:42.285382986 CET 49210 6667 192.168.2.2 80.65.57.18 USER MGykjvUo 8 * :MaryMG26j
Mar 3, 2020 02:59:42.327127934 CET 49210 6667 192.168.2.2 80.65.57.18 NICK Olga28
Mar 3, 2020 02:59:42.368566990 CET 6667 49210 80.65.57.18 192.168.2.2 PING :272814716
Mar 3, 2020 02:59:42.368993044 CET 49210 6667 192.168.2.2 80.65.57.18 PONG 272814716-Olga28
Mar 3, 2020 02:59:42.410747051 CET 6667 49210 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE Olga28 :*** Banned until Fri Mar 6 02:58:46 2020: [G][netsec] [[email protected]:EmilycpD1l] has been matched to a known bot pattern r#35 (compromised host id#rb5d - see kline.rizon.net) - Visit http://abuse.rizon.net/akills/lookup?ip=84.17.52.24&drone for more information. (Akill ID: RT7V8S2N1B) (2020/3/3 02.58)
Mar 3, 2020 02:59:42.410792112 CET 6667 49210 80.65.57.18 192.168.2.2 ERROR :Closing Link: 84.17.52.24 (Banned)
Mar 3, 2020 02:59:42.633430004 CET 6667 49213 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** Couldn't look up your hostname (cached)
Mar 3, 2020 02:59:42.633476973 CET 6667 49213 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** Checking Ident
Mar 3, 2020 02:59:42.663281918 CET 6667 49213 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** No Ident response
Mar 3, 2020 02:59:43.516777992 CET 49211 6667 192.168.2.2 108.61.240.240 USER egrjxnqx 8 * :Aretinaegrj1
Mar 3, 2020 02:59:43.517255068 CET 49211 6667 192.168.2.2 108.61.240.240 NICK Haley13
Mar 3, 2020 02:59:46.168517113 CET 49212 6667 192.168.2.2 185.117.74.172 USER xxTweqGI 8 * :Ebonyx1T3e
Mar 3, 2020 02:59:46.168768883 CET 49213 6667 192.168.2.2 80.65.57.18 USER xxTweqGI 8 * :Ebonyx1T3e
Mar 3, 2020 02:59:46.199920893 CET 6667 49212 185.117.74.172 192.168.2.2 :Capelle.NL.EU.Undernet.Org 465 * :AUTO [0] (84.17.52.24) Infected with a virus or trojan, please clean your system. (P64).ERROR :Closing Link: by Capelle.NL.EU.Undernet.Org (G-lined)
Mar 3, 2020 02:59:46.200007915 CET 49212 6667 192.168.2.2 185.117.74.172 NICK Gilda28
Mar 3, 2020 02:59:46.210159063 CET 49213 6667 192.168.2.2 80.65.57.18 NICK Gilda28
Mar 3, 2020 02:59:46.251693964 CET 6667 49213 80.65.57.18 192.168.2.2 PING :515577974
Mar 3, 2020 02:59:46.251787901 CET 49213 6667 192.168.2.2 80.65.57.18 PONG 515577974-Gilda28
Mar 3, 2020 02:59:46.293241978 CET 6667 49213 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE Gilda28 :*** Banned until Fri Mar 6 02:58:46 2020: [G][netsec] [[email protected]:EmilycpD1l] has been matched to a known bot pattern r#35 (compromised host id#rb5d - see kline.rizon.net) - Visit http://abuse.rizon.net/akills/lookup?ip=84.17.52.24&drone for more information. (Akill ID: RT7V8S2N1B) (2020/3/3 02.58)
Mar 3, 2020 02:59:46.293279886 CET 6667 49213 80.65.57.18 192.168.2.2 ERROR :Closing Link: 84.17.52.24 (Banned)
Mar 3, 2020 02:59:46.382316113 CET 6667 49216 45.58.183.18 192.168.2.2 NOTICE AUTH :*** Looking up your hostname
Mar 3, 2020 02:59:46.514780045 CET 6667 49217 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** Couldn't look up your hostname (cached)
Mar 3, 2020 02:59:46.514811993 CET 6667 49217 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** Checking Ident
Mar 3, 2020 02:59:46.544605970 CET 6667 49217 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** No Ident response
Mar 3, 2020 02:59:46.618583918 CET 6667 49216 45.58.183.18 192.168.2.2 NOTICE AUTH :*** Checking IdentNOTICE AUTH :*** Couldn't look up your hostnameNOTICE AUTH :*** No ident response
Mar 3, 2020 02:59:46.791309118 CET 49214 6667 192.168.2.2 154.35.138.250 USER LyiWmDqj 8 * :KaceyL81W5
Mar 3, 2020 02:59:46.791651011 CET 49214 6667 192.168.2.2 154.35.138.250 NICK Doris14
TimestampSourcePort
DestPort Source IP Dest IP Commands
Copyright Joe Security LLC 2020 Page 71 of 79
Mar 3, 2020 02:59:49.079066038 CET 6667 49166 83.140.172.212 192.168.2.2 :[email protected] MODE #jakarta +l 158
Mar 3, 2020 02:59:49.355098009 CET 49216 6667 192.168.2.2 45.58.183.18 USER rQuKhkvn 8 * :XandrarQuK3
Mar 3, 2020 02:59:49.382353067 CET 6667 49216 45.58.183.18 192.168.2.2 :tulip.eu.ix.undernet.org 465 * :AUTO [0] (84.17.52.24) Infected with a virus or trojan, please clean your system. (P64).ERROR :Closing Link: by tulip.eu.ix.undernet.org (G-lined)
Mar 3, 2020 02:59:49.382637024 CET 49216 6667 192.168.2.2 45.58.183.18 NICK Lynn14
Mar 3, 2020 02:59:49.475742102 CET 49217 6667 192.168.2.2 80.65.57.18 USER stflQwWw 8 * :Alysias3f1Q
Mar 3, 2020 02:59:49.517230034 CET 49217 6667 192.168.2.2 80.65.57.18 NICK Mary20
Mar 3, 2020 02:59:49.558639050 CET 6667 49217 80.65.57.18 192.168.2.2 PING :4133068078
Mar 3, 2020 02:59:49.558974028 CET 49217 6667 192.168.2.2 80.65.57.18 PONG 4133068078-Mary20
Mar 3, 2020 02:59:49.600379944 CET 6667 49217 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE Mary20 :*** Banned until Fri Mar 6 02:58:46 2020: [G][netsec] [[email protected]:EmilycpD1l] has been matched to a known bot pattern r#35 (compromised host id#rb5d - see kline.rizon.net) - Visit http://abuse.rizon.net/akills/lookup?ip=84.17.52.24&drone for more information. (Akill ID: RT7V8S2N1B) (2020/3/3 02.58)
Mar 3, 2020 02:59:49.600405931 CET 6667 49217 80.65.57.18 192.168.2.2 ERROR :Closing Link: 84.17.52.24 (Banned)
Mar 3, 2020 02:59:49.775437117 CET 6667 49219 104.149.232.242 192.168.2.2 ERROR :Your host is trying to (re)connect too fast -- throttled
Mar 3, 2020 02:59:49.818393946 CET 6667 49220 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** Couldn't look up your hostname (cached)
Mar 3, 2020 02:59:49.818449974 CET 6667 49220 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** Checking Ident
Mar 3, 2020 02:59:49.848247051 CET 6667 49220 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** No Ident response
Mar 3, 2020 02:59:50.016211987 CET 49218 6667 192.168.2.2 108.61.240.240 USER jbsktYve 8 * :Clarissajbs6t
Mar 3, 2020 02:59:50.016633034 CET 49218 6667 192.168.2.2 108.61.240.240 NICK Bridget16
Mar 3, 2020 02:59:50.303996086 CET 6667 49221 194.68.45.50 192.168.2.2 NOTICE * :*** You are banned from DALnetNOTICE * :*** Reason: [exp/dm2] Compromised host, go to http://kline.dal.net/exploits/akills.htm [ID: DM-75] [AKILL ID: OS21583200725-100] (2020/03/03 03.58)NOTICE * :*** Connection info: <unnamed>([-][email protected]) [84.17.52.24]NOTICE * :*** Ban contact: http://www.dal.net/admin/contactkline.php3NOTICE * :*** When contacting DALnet, please include all of the information shown above:nonstop.ix.me.dal.net 465 * :A-banned: [exp/dm2] Compromised host, go to http://kline.dal.net/exploits/akills.htm [ID: DM-75] [AKILL ID: OS21583200725-100] (2020/03/03 03.58)ERROR :Closing Link: 0.0.0.0 (A-banned: [exp/dm2] Compromised host, go to http://kline.dal.net/exploits/akills.htm [ID: DM-75] [AKILL ID: OS21583200725-100] (2020/03/03 03.58))
Mar 3, 2020 02:59:52.639975071 CET 49219 6667 192.168.2.2 104.149.232.242 USER mDUXYllm 8 * :EvelynmDUXY
Mar 3, 2020 02:59:52.640392065 CET 49219 6667 192.168.2.2 104.149.232.242 NICK Carmen23
Mar 3, 2020 02:59:52.780591965 CET 49220 6667 192.168.2.2 80.65.57.18 USER juwUwkqg 8 * :Zilyaj1wUw
Mar 3, 2020 02:59:52.822129011 CET 49220 6667 192.168.2.2 80.65.57.18 NICK Danielle12
Mar 3, 2020 02:59:52.834177017 CET 6667 49222 45.58.183.18 192.168.2.2 ERROR :Your host is trying to (re)connect too fast -- throttled
Mar 3, 2020 02:59:52.863557100 CET 6667 49220 80.65.57.18 192.168.2.2 PING :2218619957
Mar 3, 2020 02:59:52.863976002 CET 49220 6667 192.168.2.2 80.65.57.18 PONG 2218619957-Danielle12
Mar 3, 2020 02:59:52.905430079 CET 6667 49220 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE Danielle12 :*** Banned until Fri Mar 6 02:58:46 2020: [G][netsec] [[email protected]:EmilycpD1l] has been matched to a known bot pattern r#35 (compromised host id#rb5d - see kline.rizon.net) - Visit http://abuse.rizon.net/akills/lookup?ip=84.17.52.24&drone for more information. (Akill ID: RT7V8S2N1B) (2020/3/3 02.58)
Mar 3, 2020 02:59:52.905468941 CET 6667 49220 80.65.57.18 192.168.2.2 ERROR :Closing Link: 84.17.52.24 (Banned)
Mar 3, 2020 02:59:53.221514940 CET 49221 6667 192.168.2.2 194.68.45.50 USER qrywHjve 8 * :Idaqry3H
Mar 3, 2020 02:59:53.221838951 CET 49221 6667 192.168.2.2 194.68.45.50 NICK Vicky22
Mar 3, 2020 02:59:53.297751904 CET 6667 49223 104.196.117.31 192.168.2.2 :magnet.rizon.net NOTICE * :*** Couldn't look up your hostname (cached)
Mar 3, 2020 02:59:55.804729939 CET 49222 6667 192.168.2.2 45.58.183.18 USER cwfHoCwR 8 * :IdonacwfHo
Mar 3, 2020 02:59:55.805084944 CET 49222 6667 192.168.2.2 45.58.183.18 NICK Emily26
Mar 3, 2020 02:59:56.001370907 CET 6667 49225 45.58.183.18 192.168.2.2 ERROR :Your host is trying to (re)connect too fast -- throttled
Mar 3, 2020 02:59:56.175251007 CET 49223 6667 192.168.2.2 104.196.117.31 USER ioyEhLME 8 * :Evelyni45Eh
Mar 3, 2020 02:59:56.295814991 CET 49223 6667 192.168.2.2 104.196.117.31 NICK Lynn28
Mar 3, 2020 02:59:56.416300058 CET 6667 49223 104.196.117.31 192.168.2.2 PING :387599654
Mar 3, 2020 02:59:56.416527987 CET 49223 6667 192.168.2.2 104.196.117.31 PONG 387599654-Lynn28
Mar 3, 2020 02:59:56.455897093 CET 49224 6667 192.168.2.2 108.61.240.240 USER hxsHwnik 8 * :Novahx8H0
Mar 3, 2020 02:59:56.456265926 CET 49224 6667 192.168.2.2 108.61.240.240 NICK Chelsea11
Mar 3, 2020 02:59:56.537122011 CET 6667 49223 104.196.117.31 192.168.2.2 :magnet.rizon.net NOTICE Lynn28 :*** Banned until Fri Mar 6 01:58:46 2020: [G][netsec] [[email protected]:EmilycpD1l] has been matched to a known bot pattern r#35 (compromised host id#rb5d - see kline.rizon.net) - Visit http://abuse.rizon.net/akills/lookup?ip=84.17.52.24&drone for more information. (Akill ID: RT7V8S2N1B) (2020/3/3 01.58)
Mar 3, 2020 02:59:56.537182093 CET 6667 49223 104.196.117.31 192.168.2.2 ERROR :Closing Link: 84.17.52.24 (Banned)
Mar 3, 2020 02:59:56.907530069 CET 6667 49227 104.196.117.31 192.168.2.2 :magnet.rizon.net NOTICE * :*** Couldn't look up your hostname (cached)
Mar 3, 2020 02:59:57.606751919 CET 6667 49166 83.140.172.212 192.168.2.2 :[email protected] QUIT :Signed off
TimestampSourcePort
DestPort Source IP Dest IP Commands
Copyright Joe Security LLC 2020 Page 72 of 79
Mar 3, 2020 02:59:58.969100952 CET 49225 6667 192.168.2.2 45.58.183.18 USER iiewjvpW 8 * :Daniellei43wj
Mar 3, 2020 02:59:58.969536066 CET 49225 6667 192.168.2.2 45.58.183.18 NICK Nora13
Mar 3, 2020 02:59:59.362067938 CET 6667 49228 91.236.182.1 192.168.2.2 ERROR :Your host is trying to (re)connect too fast -- throttled
Mar 3, 2020 02:59:59.660295963 CET 49226 6667 192.168.2.2 194.14.236.50 USER rxjtocgY 8 * :Arar4j34
Mar 3, 2020 02:59:59.660456896 CET 49226 6667 192.168.2.2 194.14.236.50 NICK Lynn22
Mar 3, 2020 02:59:59.789951086 CET 49227 6667 192.168.2.2 104.196.117.31 USER siCYifnd 8 * :Naomis7CY4
Mar 3, 2020 02:59:59.910295010 CET 49227 6667 192.168.2.2 104.196.117.31 NICK Becky15
Mar 3, 2020 03:00:00.030560970 CET 6667 49227 104.196.117.31 192.168.2.2 PING :2847580865
Mar 3, 2020 03:00:00.030852079 CET 49227 6667 192.168.2.2 104.196.117.31 PONG 2847580865-Becky15
Mar 3, 2020 03:00:00.161772013 CET 6667 49227 104.196.117.31 192.168.2.2 :magnet.rizon.net NOTICE Becky15 :*** Banned until Fri Mar 6 01:58:46 2020: [G][netsec] [[email protected]:EmilycpD1l] has been matched to a known bot pattern r#35 (compromised host id#rb5d - see kline.rizon.net) - Visit http://abuse.rizon.net/akills/lookup?ip=84.17.52.24&drone for more information. (Akill ID: RT7V8S2N1B) (2020/3/3 01.58)
Mar 3, 2020 03:00:00.161792040 CET 6667 49227 104.196.117.31 192.168.2.2 ERROR :Closing Link: 84.17.52.24 (Banned)
Mar 3, 2020 03:00:00.389578104 CET 6667 49230 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** Couldn't look up your hostname (cached)
Mar 3, 2020 03:00:00.389611006 CET 6667 49230 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** Checking Ident
Mar 3, 2020 03:00:00.419445038 CET 6667 49230 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** No Ident response
Mar 3, 2020 03:00:02.892712116 CET 49228 6667 192.168.2.2 91.236.182.1 USER pfddforn 8 * :Carlap48df
Mar 3, 2020 03:00:02.892863035 CET 49228 6667 192.168.2.2 91.236.182.1 NICK Vanessa23
Mar 3, 2020 03:00:02.893032074 CET 49229 6667 192.168.2.2 194.68.45.50 USER pfddforn 8 * :Carlap48df
Mar 3, 2020 03:00:02.893162966 CET 49229 6667 192.168.2.2 194.68.45.50 NICK Vanessa23
Mar 3, 2020 03:00:03.110960960 CET 6667 49232 94.125.182.255 192.168.2.2 NOTICE AUTH :*** Looking up your hostname
Mar 3, 2020 03:00:03.335335970 CET 6667 49232 94.125.182.255 192.168.2.2 NOTICE AUTH :*** Looking up your hostname
Mar 3, 2020 03:00:03.336371899 CET 6667 49232 94.125.182.255 192.168.2.2 NOTICE AUTH :*** Checking IdentNOTICE AUTH :*** No ident responseNOTICE AUTH :*** Couldn't look up your hostname
Mar 3, 2020 03:00:03.345679998 CET 49230 6667 192.168.2.2 80.65.57.18 USER tqwcDxsU 8 * :Damitatq6cD
Mar 3, 2020 03:00:03.387619019 CET 49230 6667 192.168.2.2 80.65.57.18 NICK Laura16
Mar 3, 2020 03:00:03.429563999 CET 6667 49230 80.65.57.18 192.168.2.2 PING :3200620332
Mar 3, 2020 03:00:03.429877043 CET 49230 6667 192.168.2.2 80.65.57.18 PONG 3200620332-Laura16
Mar 3, 2020 03:00:03.471997976 CET 6667 49230 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE Laura16 :*** Banned until Fri Mar 6 02:58:46 2020: [G][netsec] [[email protected]:EmilycpD1l] has been matched to a known bot pattern r#35 (compromised host id#rb5d - see kline.rizon.net) - Visit http://abuse.rizon.net/akills/lookup?ip=84.17.52.24&drone for more information. (Akill ID: RT7V8S2N1B) (2020/3/3 02.58)
Mar 3, 2020 03:00:03.472040892 CET 6667 49230 80.65.57.18 192.168.2.2 ERROR :Closing Link: 84.17.52.24 (Banned)
Mar 3, 2020 03:00:03.697036982 CET 6667 49233 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** Couldn't look up your hostname (cached)
Mar 3, 2020 03:00:03.697068930 CET 6667 49233 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** Checking Ident
Mar 3, 2020 03:00:03.729944944 CET 6667 49233 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** No Ident response
Mar 3, 2020 03:00:06.083275080 CET 49232 6667 192.168.2.2 94.125.182.255 USER WvjQRpro 8 * :KassiaW55QR
Mar 3, 2020 03:00:06.114456892 CET 49232 6667 192.168.2.2 94.125.182.255 NICK Nina17
Mar 3, 2020 03:00:06.114561081 CET 6667 49232 94.125.182.255 192.168.2.2 :Budapest.Hu.Eu.Undernet.org 465 * :AUTO [0] (84.17.52.24) Infected with a virus or trojan, please clean your system. (P64).ERROR :Closing Link: by Budapest.Hu.Eu.Undernet.org (G-lined)
Mar 3, 2020 03:00:06.119597912 CET 49231 6667 192.168.2.2 194.68.45.50 USER WvjQRpro 8 * :KassiaW55QR
Mar 3, 2020 03:00:06.119790077 CET 49231 6667 192.168.2.2 194.68.45.50 NICK Nina17
Mar 3, 2020 03:00:06.309279919 CET 6667 49234 45.58.183.18 192.168.2.2 ERROR :Your host is trying to (re)connect too fast -- throttled
Mar 3, 2020 03:00:06.405179024 CET 6667 49235 194.68.45.50 192.168.2.2 NOTICE * :*** You are banned from DALnetNOTICE * :*** Reason: [exp/dm2] Compromised host, go to http://kline.dal.net/exploits/akills.htm [ID: DM-75] [AKILL ID: OS21583200725-100] (2020/03/03 03.58)NOTICE * :*** Connection info: <unnamed>([-][email protected]) [84.17.52.24]NOTICE * :*** Ban contact: http://www.dal.net/admin/contactkline.php3NOTICE * :*** When contacting DALnet, please include all of the information shown above:nonstop.ix.me.dal.net 465 * :A-banned: [exp/dm2] Compromised host, go to http://kline.dal.net/exploits/akills.htm [ID: DM-75] [AKILL ID: OS21583200725-100] (2020/03/03 03.58)ERROR :Closing Link: 0.0.0.0 (A-banned: [exp/dm2] Compromised host, go to http://kline.dal.net/exploits/akills.htm [ID: DM-75] [AKILL ID: OS21583200725-100] (2020/03/03 03.58))
Mar 3, 2020 03:00:06.650253057 CET 49233 6667 192.168.2.2 80.65.57.18 USER Fdwwuyqu 8 * :MaryFdwwu
Mar 3, 2020 03:00:06.691963911 CET 49233 6667 192.168.2.2 80.65.57.18 NICK Barbra13
Mar 3, 2020 03:00:06.733666897 CET 6667 49233 80.65.57.18 192.168.2.2 PING :2767044698
Mar 3, 2020 03:00:06.733935118 CET 49233 6667 192.168.2.2 80.65.57.18 PONG 2767044698-Barbra13
TimestampSourcePort
DestPort Source IP Dest IP Commands
Copyright Joe Security LLC 2020 Page 73 of 79
Mar 3, 2020 03:00:06.775368929 CET 6667 49233 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE Barbra13 :*** Banned until Fri Mar 6 02:58:46 2020: [G][netsec] [[email protected]:EmilycpD1l] has been matched to a known bot pattern r#35 (compromised host id#rb5d - see kline.rizon.net) - Visit http://abuse.rizon.net/akills/lookup?ip=84.17.52.24&drone for more information. (Akill ID: RT7V8S2N1B) (2020/3/3 02.58)
Mar 3, 2020 03:00:06.775404930 CET 6667 49233 80.65.57.18 192.168.2.2 ERROR :Closing Link: 84.17.52.24 (Banned)
Mar 3, 2020 03:00:07.000005960 CET 6667 49236 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** Couldn't look up your hostname (cached)
Mar 3, 2020 03:00:07.000044107 CET 6667 49236 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** Checking Ident
Mar 3, 2020 03:00:07.030009985 CET 6667 49236 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** No Ident response
Mar 3, 2020 03:00:09.284079075 CET 49234 6667 192.168.2.2 45.58.183.18 USER uwuDYmwj 8 * :CamilleuwuDY
Mar 3, 2020 03:00:09.284419060 CET 49234 6667 192.168.2.2 45.58.183.18 NICK Kara20
Mar 3, 2020 03:00:09.334527969 CET 49235 6667 192.168.2.2 194.68.45.50 USER qmmxNGsr 8 * :OliviaqmmxN
Mar 3, 2020 03:00:09.334916115 CET 49235 6667 192.168.2.2 194.68.45.50 NICK Kassia23
Mar 3, 2020 03:00:09.481520891 CET 6667 49238 45.58.183.18 192.168.2.2 ERROR :Your host is trying to (re)connect too fast -- throttled
Mar 3, 2020 03:00:09.662734032 CET 6667 49239 108.61.240.240 192.168.2.2 NOTICE * :*** You are banned from DALnetNOTICE * :*** Reason: [exp/dm2] Compromised host, go to http://kline.dal.net/exploits/akills.htm [ID: DM-75] [AKILL ID: OS21583200725-100] (2020/03/02 20.58)NOTICE * :*** Connection info: <unnamed>([-][email protected]) [84.17.52.24]NOTICE * :*** Ban contact: http://www.dal.net/admin/contactkline.php3NOTICE * :*** When contacting DALnet, please include all of the information shown above:choopa.nj.us.dal.net 465 * :A-banned: [exp/dm2] Compromised host, go to http://kline.dal.net/exploits/akills.htm [ID: DM-75] [AKILL ID: OS21583200725-100] (2020/03/02 20.58)ERROR :Closing Link: 0.0.0.0 (A-banned: [exp/dm2] Compromised host, go to http://kline.dal.net/exploits/akills.htm [ID: DM-75] [AKILL ID: OS21583200725-100] (2020/03/02 20.58))
Mar 3, 2020 03:00:09.975214005 CET 49236 6667 192.168.2.2 80.65.57.18 USER YxjDixIk 8 * :IsabelYx2Di
Mar 3, 2020 03:00:10.016714096 CET 49236 6667 192.168.2.2 80.65.57.18 NICK Gloria25
Mar 3, 2020 03:00:10.305397034 CET 6667 49236 80.65.57.18 192.168.2.2 PING :2805294516
Mar 3, 2020 03:00:10.305711031 CET 49236 6667 192.168.2.2 80.65.57.18 PONG 2805294516-Gloria25
Mar 3, 2020 03:00:10.347228050 CET 6667 49236 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE Gloria25 :*** Banned until Fri Mar 6 02:58:46 2020: [G][netsec] [[email protected]:EmilycpD1l] has been matched to a known bot pattern r#35 (compromised host id#rb5d - see kline.rizon.net) - Visit http://abuse.rizon.net/akills/lookup?ip=84.17.52.24&drone for more information. (Akill ID: RT7V8S2N1B) (2020/3/3 02.58)
Mar 3, 2020 03:00:10.347268105 CET 6667 49236 80.65.57.18 192.168.2.2 ERROR :Closing Link: 84.17.52.24 (Banned)
Mar 3, 2020 03:00:10.729074001 CET 6667 49240 104.196.117.31 192.168.2.2 :magnet.rizon.net NOTICE * :*** Couldn't look up your hostname (cached)
Mar 3, 2020 03:00:12.458435059 CET 49238 6667 192.168.2.2 45.58.183.18 USER kreDoliN 8 * :Dianak4eDo
Mar 3, 2020 03:00:12.458842993 CET 49238 6667 192.168.2.2 45.58.183.18 NICK Naomi14
Mar 3, 2020 03:00:12.568808079 CET 49239 6667 192.168.2.2 108.61.240.240 USER lundyyJW 8 * :Galelu6d8
Mar 3, 2020 03:00:12.569022894 CET 49239 6667 192.168.2.2 108.61.240.240 NICK Rachel21
Mar 3, 2020 03:00:12.656277895 CET 6667 49241 45.58.183.18 192.168.2.2 ERROR :Your host is trying to (re)connect too fast -- throttled
Mar 3, 2020 03:00:13.611133099 CET 49240 6667 192.168.2.2 104.196.117.31 USER wKdoNVwx 8 * :NicolewKd7N
Mar 3, 2020 03:00:13.731883049 CET 49240 6667 192.168.2.2 104.196.117.31 NICK Laura21
Mar 3, 2020 03:00:13.852199078 CET 6667 49240 104.196.117.31 192.168.2.2 PING :3774194067
Mar 3, 2020 03:00:13.852854013 CET 49240 6667 192.168.2.2 104.196.117.31 PONG 3774194067-Laura21
Mar 3, 2020 03:00:13.973208904 CET 6667 49240 104.196.117.31 192.168.2.2 :magnet.rizon.net NOTICE Laura21 :*** Banned until Fri Mar 6 01:58:46 2020: [G][netsec] [[email protected]:EmilycpD1l] has been matched to a known bot pattern r#35 (compromised host id#rb5d - see kline.rizon.net) - Visit http://abuse.rizon.net/akills/lookup?ip=84.17.52.24&drone for more information. (Akill ID: RT7V8S2N1B) (2020/3/3 01.58)
Mar 3, 2020 03:00:13.973248005 CET 6667 49240 104.196.117.31 192.168.2.2 ERROR :Closing Link: 84.17.52.24 (Banned)
Mar 3, 2020 03:00:14.217607021 CET 6667 49243 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** Couldn't look up your hostname (cached)
Mar 3, 2020 03:00:14.217643976 CET 6667 49243 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** Checking Ident
Mar 3, 2020 03:00:14.249034882 CET 6667 49243 80.65.57.18 192.168.2.2 :irc.rizon.no NOTICE * :*** No Ident response
TimestampSourcePort
DestPort Source IP Dest IP Commands
Copyright Joe Security LLC 2020 Page 74 of 79
Mar 3, 2020 03:00:14.726502895 CET 6667 49165 170.178.184.37 192.168.2.2 :irc.us.ircnet.net 001 Carla14 :Welcome to the Internet Relay Network [email protected]:irc.us.ircnet.net 002 Carla14 :Your host is irc.us.ircnet.net, running version 2.11.2p3+po+spoof:irc.us.ircnet.net 003 Carla14 :This server was created Sun Jan 26 2020 at 16:57:16 UTC:irc.us.ircnet.net 004 Carla14 irc.us.ircnet.net 2.11.2p3+po+spoof aoOirw abeiIklmnoOpqrRstv:irc.us.ircnet.net 005 Carla14 RFC2812 PREFIX=(ov)@+ CHANTYPES=#&!+ MODES=3 CHANLIMIT=#&!+:42 NICKLEN=15 TOPICLEN=255 KICKLEN=255 MAXLIST=beIR:64 CHANNELLEN=50 IDCHAN=!:5 CHANMODES=beIR,k,l,imnpstaqr :are supported by this server:irc.us.ircnet.net 005 Carla14 PENALTY FNC EXCEPTS=e INVEX=I CASEMAPPING=ascii NETWORK=IRCnet :are supported by this server:irc.us.ircnet.net 042 Carla14 0PNUAE08O :your unique ID:irc.us.ircnet.net 251 Carla14 :There are 23615 users and 2 services on 23 servers:irc.us.ircnet.net 252 Carla14 74 :operators online:irc.us.ircnet.net 253 Carla14 45 :unknown connections:irc.us.ircnet.net 254 Carla14 14097 :channels formed
Mar 3, 2020 03:00:14.726581097 CET 6667 49165 170.178.184.37 192.168.2.2 :irc.us.ircnet.net 255 Carla14 :I have 1101 users, 0 services and 1 servers:irc.us.ircnet.net 265 Carla14 1101 1209 :Current local users 1101, max 1209:irc.us.ircnet.net 266 Carla14 23615 27947 :Current global users 23615, max 27947:irc.us.ircnet.net 375 Carla14 :- irc.us.ircnet.net Message of the Day - :irc.us.ircnet.net 372 Carla14 :- 3/3/2020 1:01:irc.us.ircnet.net 372 Carla14 :- Welcome to open IRCnet server::irc.us.ircnet.net 372 Carla14 :- ::: :::==== :::===== ::: === :::===:irc.us.ircnet.net 372 Carla14 :- ::: ::: === ::: ::: === ::::irc.us.ircnet.net 372 Carla14 :- === ======= === === === =====:irc.us.ircnet.net 372 Carla14 :- === === === === === === ===:irc.us.ircnet.net 372 Carla14 :- === === === ======= ====== ======:irc.us.ircnet.net 372 Carla14 :- irc.us.ircnet.net:irc.us.ircnet.net 372 Carla14 :- Open to all users on IPv4 ports 6665-6669,7000:irc.us.ircnet.net 372 Carla14 :- ----------------------------------------------------------:irc.us.ircnet.net 372 Carla14 :- - We scan for open proxies on connect. If you do not wish:irc.us.ircnet.net 372 Carla14 :- to be scanned, please do not connect to this server.:irc.us.ircnet.net 372 Carla14 :- - IRCnet provides no nick/channel
Mar 3, 2020 03:00:14.726628065 CET 6667 49165 170.178.184.37 192.168.2.2 egistration services.:irc.us.ircnet.net 372 Carla14 :- - To avoid opless channels, you are encouraged to use the:irc.us.ircnet.net 372 Carla14 :- channel reop mode +R (otherwise unfixable).:irc.us.ircnet.net 372 Carla14 :- - Usage of /list for listing all channels is deprecated.:irc.us.ircnet.net 372 Carla14 :- Please use "/squery alis help" instead.:irc.us.ircnet.net 372 Carla14 :- :irc.us.ircnet.net 372 Carla14 :- - Rules::irc.us.ircnet.net 372 Carla14 :- - We reserve the right to deny service to anyone at any:irc.us.ircnet.net 372 Carla14 :- time and for any reason.:irc.us.ircnet.net 372 Carla14 :- - Mass advertizing and trojan link spam is not allowed.:irc.us.ircnet.net 372 Carla14 :- - Clients connected for the purpose of stealing:irc.us.ircnet.net 372 Carla14 :- nicknames are not allowed.:irc.us.ircnet.net 372 Carla14 :- - General limits (request changes via /admin)::irc.us.ircnet.net 372 Carla14 :- - 3 clients per host (without ident):irc.us.ircnet.net 372 Carla14 :- - 3 clients per person (with ident):irc.us.ircnet.net 372 Carla14 :- - 20 clients per /24 (IPv4):irc.us.ircnet.net 372 Carla14 :- - If your IP range offers services to other people:irc.us.ircnet.net 372 Carla14 :- (e.g., shell providers) you must let us know.:irc.us.ircnet.net 372 Carla
Mar 3, 2020 03:00:14.727227926 CET 49165 6667 192.168.2.2 170.178.184.37 USERIP Carla14
TimestampSourcePort
DestPort Source IP Dest IP Commands
Copyright Joe Security LLC 2020 Page 75 of 79
Code Manipulations
Statistics
Behavior
• b4aMzNNBss.exe
• SysDrefIWv2.exe
• SysDrefIWv2.exe
Mar 3, 2020 03:00:14.889983892 CET 6667 49165 170.178.184.37 192.168.2.2 4 :- - Limits and rules for shell providers::irc.us.ircnet.net 372 Carla14 :- - 3 clients per person:irc.us.ircnet.net 372 Carla14 :- - identd is required and no ident spoofing, no:irc.us.ircnet.net 372 Carla14 :- changing an ident after a ban, and no giving a:irc.us.ircnet.net 372 Carla14 :- person multiple usernames:irc.us.ircnet.net 372 Carla14 :- - Breaking these rules will result in a ban from ALL:irc.us.ircnet.net 372 Carla14 :- open servers.:irc.us.ircnet.net 372 Carla14 :- :irc.us.ircnet.net 372 Carla14 :- - Random open server (dns round-robin): open.ircnet.net:irc.us.ircnet.net 372 Carla14 :- - Webchat available at: https://webchat.ircnet.net/:irc.us.ircnet.net 372 Carla14 :- - If you require any further information, join #ircnet:irc.us.ircnet.net 372 Carla14 :- ----------------------------------------------------------:irc.us.ircnet.net 372 Carla14 :- IRC is a privilege, not a right!:irc.us.ircnet.net 372 Carla14 :- Respect others and enjoy your stay on IRCnet.:irc.us.ircnet.net 372 Carla14 :- ----------------------------------------------------------:irc.us.ircnet.net 376 Carla14 :End of MOTD command.:Carla14 MODE Carla14 :+i
Mar 3, 2020 03:00:14.890326023 CET 49165 6667 192.168.2.2 170.178.184.37 LIST >63
Mar 3, 2020 03:00:15.053363085 CET 6667 49165 170.178.184.37 192.168.2.2 :irc.us.ircnet.net 421 Carla14 USERIP :Unknown command
Mar 3, 2020 03:00:15.415590048 CET 6667 49165 170.178.184.37 192.168.2.2 :irc.us.ircnet.net 323 Carla14 :End of LIST
Mar 3, 2020 03:00:15.633980036 CET 49241 6667 192.168.2.2 45.58.183.18 USER uRExwyw 8 * :LaurauRExw
Mar 3, 2020 03:00:15.634390116 CET 49241 6667 192.168.2.2 45.58.183.18 NICK Clarissa25
Mar 3, 2020 03:00:15.793697119 CET 49242 6667 192.168.2.2 108.61.240.240 USER Vbmuytnx 8 * :EbonyVb27y
Mar 3, 2020 03:00:15.794003963 CET 49242 6667 192.168.2.2 108.61.240.240 NICK Mary18
Mar 3, 2020 03:00:15.838793993 CET 6667 49244 94.125.182.255 192.168.2.2 NOTICE AUTH :*** Looking up your hostname
Mar 3, 2020 03:00:16.063401937 CET 6667 49244 94.125.182.255 192.168.2.2 NOTICE AUTH :*** Looking up your hostname
Mar 3, 2020 03:00:16.064765930 CET 6667 49244 94.125.182.255 192.168.2.2 NOTICE AUTH :*** Checking IdentNOTICE AUTH :*** Couldn't look up your hostnameNOTICE AUTH :*** No ident response
Mar 3, 2020 03:00:45.041342974 CET 6667 49243 80.65.57.18 192.168.2.2 ERROR :Closing Link: 84.17.52.24 (Registration timed out)
Mar 3, 2020 03:00:45.774447918 CET 6667 49166 83.140.172.212 192.168.2.2 :[email protected] JOIN #jakarta
Mar 3, 2020 03:01:45.031083107 CET 6667 49244 94.125.182.255 192.168.2.2 ERROR :Closing Link: by Budapest.Hu.Eu.Undernet.org (Registration Timeout)
Mar 3, 2020 03:01:55.037420988 CET 6667 49166 83.140.172.212 192.168.2.2 PING :port80c.se.quakenet.org
Mar 3, 2020 03:02:16.856204987 CET 6667 49165 170.178.184.37 192.168.2.2 PING :irc.us.ircnet.net
Mar 3, 2020 03:02:18.358369112 CET 6667 49166 83.140.172.212 192.168.2.2 :[email protected] PRIVMSG #surabaya :[InspiRJ] 0,2 Sheryl Sheinafia - Rasa Sunyi - inspiradio
Mar 3, 2020 03:04:16.681130886 CET 6667 49165 170.178.184.37 192.168.2.2 ERROR :Closing Link: Carla14[[email protected]] (Ping timeout)
TimestampSourcePort
DestPort Source IP Dest IP Commands
Copyright Joe Security LLC 2020 Page 76 of 79
Click to jump to process
System Behavior
File ActivitiesFile Activities
Start time: 02:58:53
Start date: 03/03/2020
Path: C:\Users\user\Desktop\b4aMzNNBss.exe
Wow64 process (32bit): false
Commandline: 'C:\Users\user\Desktop\b4aMzNNBss.exe'
Imagebase: 0x400000
File size: 127725 bytes
MD5 hash: 71974F830E49D506714C4162368B3A26
Has administrator privileges: false
Programmed in: C, C++ or other language
Reputation: low
File Path Access Attributes Options Completion CountSourceAddress Symbol
C:\Windows\system32\SysDrefIWv2.exe read data or list directory | read attributes | delete | synchronize | generic write
device sequential only | non directory file
success or wait 1 404428 CopyFileA
C:\Windows\System32\SysDrefIWv2.exe\:Zone.Identifier:$DATA read data or list directory | synchronize | generic write
device sequential only | synchronous io non alert
success or wait 1 404428 CopyFileA
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
Analysis Process: b4aMzNNBss.exe PID: 4024 Parent PID: 3388Analysis Process: b4aMzNNBss.exe PID: 4024 Parent PID: 3388
General
File CreatedFile Created
File WrittenFile Written
Copyright Joe Security LLC 2020 Page 77 of 79
Registry ActivitiesRegistry Activities
C:\Windows\System32\SysDrefIWv2.exe 0 65536 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 3d 48 7a 27 79 29 14 74 79 29 14 74 79 29 14 74 fa 35 1a 74 7b 29 14 74 16 36 1e 74 72 29 14 74 16 36 10 74 7b 29 14 74 fa 21 49 74 72 29 14 74 79 29 15 74 22 29 14 74 7f 0a 1f 74 75 29 14 74 be 2f 12 74 78 29 14 74 52 69 63 68 79 29 14 74 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 8a 43 bb 42 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 06 00 00 00 00 00 00 e0 01 00 00 00 00
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......=Hz'y).ty).ty).t.5.t{).t.6.tr).t.6.t{).t.!Itr).ty).t").t...tu).t./.tx).tRichy).t........PE..L....C.B...........................
success or wait 2 404428 CopyFileA
C:\Windows\System32\SysDrefIWv2.exe:Zone.Identifier 0 26 5b 5a 6f 6e 65 54 72 61 6e 73 66 65 72 5d 0d 0a 0d 0a 5a 6f 6e 65 49 64 3d 30
[ZoneTransfer]....ZoneId=0 success or wait 1 404428 CopyFileA
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
File Path Offset Length Completion CountSourceAddress Symbol
Key Path Name Type Data Completion CountSourceAddress Symbol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DrefIW unicode C:\Windows\system32\SysDrefIWv2.exe................................................................................................................................................................................................................................
success or wait 1 404517 RegSetValueExA
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
DrefIW unicode C:\Windows\system32\SysDrefIWv2.exe................................................................................................................................................................................................................................
success or wait 1 404517 RegSetValueExA
Start time: 02:59:03
Start date: 03/03/2020
Path: C:\Windows\System32\SysDrefIWv2.exe
Wow64 process (32bit): false
Commandline: 'C:\Windows\system32\SysDrefIWv2.exe'
Imagebase: 0x400000
File size: 127725 bytes
MD5 hash: 71974F830E49D506714C4162368B3A26
Has administrator privileges: false
Key Value CreatedKey Value Created
Analysis Process: SysDrefIWv2.exe PID: 1736 Parent PID: 1216Analysis Process: SysDrefIWv2.exe PID: 1736 Parent PID: 1216
General
Copyright Joe Security LLC 2020 Page 78 of 79
Disassembly
Code Analysis
Programmed in: C, C++ or other language
Antivirus matches: Detection: 100%, AviraDetection: 100%, Joe Sandbox MLDetection: 89%, Virustotal, BrowseDetection: 92%, Metadefender, BrowseDetection: 86%, ReversingLabs
Reputation: low
Start time: 02:59:13
Start date: 03/03/2020
Path: C:\Windows\System32\SysDrefIWv2.exe
Wow64 process (32bit): false
Commandline: 'C:\Windows\system32\SysDrefIWv2.exe'
Imagebase: 0x400000
File size: 127725 bytes
MD5 hash: 71974F830E49D506714C4162368B3A26
Has administrator privileges: false
Programmed in: C, C++ or other language
Reputation: low
Analysis Process: SysDrefIWv2.exe PID: 2044 Parent PID: 1216Analysis Process: SysDrefIWv2.exe PID: 2044 Parent PID: 1216
General
Copyright Joe Security LLC 2020 Page 79 of 79
