Author: Pig

Remote Host Port Number irandy.info 8160 NICK {USA-XP}481463 USER yjmpomf * 0 :COMPUTERNAME * The following ports were open in the system: Port Protocol Process 1033 TCP svhost.exe (%Windir%svhost.exe) 1034 TCP svhost.exe (%Windir%svhost.exe) * The following Host Name was requested from a host database: o irandy.info Other details * To mark the presence in theRead more...

# Remote Address: 82.114.87.46 # Host Name: stores.dellhp.net # Transport Protocol: TCP # Remote Address: 82.114.87.46 # Remote Port: 1234 # Protocol: IRC * IRC Data o User Name: 3052 o Host Name: “” o Server Name: o Real Name: 3052 o Nick Name: n[USA|XP]8081698 o Non RFC Conform: 1 + Channel # Name: #dl#Read more...

Remote Host Port Number 173.201.179.47 8016 NICK [00|USA|492539] PONG sv.privatenetwork.pv USER XP-0542 * 0 :COMPUTERNAME MODE [00|USA|492539] +su JOIN #private MODE #private +su NICK [00|USA|890609] USER XP-0460 * 0 :COMPUTERNAME MODE [00|USA|890609] +su * The following port was open in the system: Port Protocol Process 1054 TCP service.exe (%Windir%service.exe) Registry Modifications * The following RegistryRead more...

electric-servers.com 217.23.7.121 C&C Server: 217.23.7.121:6667 Server Password: Username: XP-0733 Nickname: [DEU-[L]-65709]NEW Channel: #Cracker (Password: none) Channeltopic: Registry Changes by all processes Create or Open Changes HKEY_CURRENT_USERSoftwareMicrosoftGDIPlus “FontCachePath” = C:Dokumente und EinstellungenAdministratorLokale EinstellungenAnwendungsdaten HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “Micrososft Omg” = taskmgrr.exe HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTerminal ServerInstallSoftwareMicrosoftWindowsCurrentVersionRun “Micrososft Omg” = taskmgrr.exe HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “C:Dokumente und EinstellungenAdministratorLokale EinstellungenTempfile1.exe” = C:Dokumente und EinstellungenAdministratorLokale EinstellungenTempfile1.exe:*:Enabled:Micrososft OmgRead more...

just.addsyrup.net 174.120.225.25 C&C Server: 174.120.225.25:6667 Server Password: Username: 9273 Nickname: [9273|DEU|XP] Channel: ##syrup## (Password: da32rga4a) Channeltopic: :http://teamwaffle.net/bots/syrup.exe Registry Changes by all processes Create or Open Changes HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “Microsoft Windows Hosting Service Login” = C:DOKUME~1ADMINI~1LOKALE~1Tempexplorer.exe HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “Microsoft Windows Hosting Service Login” = C:DOKUME~1ADMINI~1LOKALE~1Tempexplorer.exe HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “Microsoft Windows Hosting Service Login” = C:DOKUME~1ADMINI~1LOKALE~1Tempexplorer.exe Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS” HKEY_CURRENT_USERKeyboard LayoutToggleRead more...

und.shkumbimi.net 122.183.243.48 Opened listening TCP connection on port: 559 C&C Server: 122.183.243.48:12351 Server Password: Username: pdndt Nickname: pdndt Channel: (Password: ) Channeltopic: Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “Windows System Configuration” = C:WINDOWSwinupdates.exe Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS” HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey” HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey” HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext” HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIMM “Ime File” HKEY_CURRENT_USERSoftwareMicrosoftCTFRead more...

www.MSNAREA.COM 173.208.34.249 membres.lycos.fr membres.lycos.fr 213.131.252.251 membres.multimania.fr membres.multimania.fr 213.131.252.251 Download URLs http://213.131.252.251/proxyworld/azenv.php (membres.lycos.fr) http://213.131.252.251/proxyworld/azenv.php (membres.lycos.fr) http://213.131.252.251/proxyworld/azenv.php (membres.lycos.fr) http://213.131.252.251/proxyworld/azenv.php (membres.lycos.fr) http://213.131.252.251/proxyworld/azenv.php (membres.lycos.fr) http://213.131.252.251/proxyworld/azenv.php (membres.lycos.fr) http://213.131.252.251/proxyworld/azenv.php (membres.lycos.fr) http://213.131.252.251/proxyworld/azenv.php (membres.lycos.fr) C&C Server: 173.208.34.249:80 Server Password: Username: SP3-943 Nickname: [N00_DEU_XP_7839707]_CHAR(0x08)_ë@ Channel: (Password: ) Channeltopic: C&C Server: 173.208.34.249:81 Server Password: Username: SP3-720 Nickname: [00_DEU_XP_4068211] Channel: #xx32 (Password: ) Channeltopic: :.asc -SRead more...

Again JimyGJ botnet another lamer from kuksi the land of pidhi arushes – DNS Queries: Name Query Type Query Result Successful Protocol wiss.lulzimehodza.com DNS_TYPE_A 122.183.243.42 YES udp 122.183.243.42:12351 Nick: `tsnugx Username: `tsnugx Joined Channel: #.serve1 with Password kr Joined Channel: #.a with Password -s Channel Topic for Channel #.serve1: “.join #.dc |`adv.start lsass 75 3Read more...

Username: XP-4316 Nickname: [DEU|00|P|67741] Channel: #Amzo (Password: pakie) Channeltopic: :.msn.msg OMG! Who the fuck uploaded this of you? http://amzo.escriptirc.com/DSC120394.com C&C Server: 217.23.7.121:6667 Server Password: Username: XP-5137 Nickname: [DEU|00|P|97851] Channel: #Amzo (Password: pakie) Channeltopic: :.msn.msg OMG! Who the fuck uploaded this of you? http://amzo.escriptirc.com/DSC120394.com amzo.no-ip.biz 217.23.7.121 Opened listening TCP connection on port: 113 C&C Server: 217.23.7.121:6667Read more...