Author: Pig

Server : FBI.GoV [Crew]

Uncategorized

Remote Host Port Number82.146.52.236 6667 MODE [solo][USA|XP|LAN|71546] -ixJOIN #nes# usbPONG FBI.GoV * The following port was open in the system: Port Protocol Process1050 TCP winsvc32.exe (%Windir%winsvc32.exe) Registry Modifications * The newly created Registry Value is: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + winsvc32 = “winsvc32.exe” so that winsvc32.exe runs every time Windows starts Memory Modifications * There was aRead more...

67.43.226.242(big ruski botnet)

Uncategorized

Remote Host Port Number67.43.226.242 808067.43.232.37 186391.207.7.116 80 USER pmawga pmawga pmawga :ymfiwtkaatzcxdhrNICK RGqbPVQeMODE RGqbPVQe +xiJOIN #las6USERHOST RGqbPVQeMODE #m +smntuMODE #las6 +smntuNICK gYZaluELEMODE gYZaluELE +xiJOIN #rrrrrUSERHOST gYZaluELEMODE ##xddc +smntuMODE #xddc1 +smntuMODE #xddc2 +smntuMODE #rrrrr +smntuUSER ixaexy ixaexy ixaexy :dpsqkauvusrtzeaz Other details * The following ports were open in the system: Port Protocol Process1052 TCP spoolsvc.exe (%System%spoolsvc.exe)2335Read more...

snipa.gov( big net)

Uncategorized

Remote Host Port Number174.133.63.91 51987 NICK pLagUe{USA}56265MODE pLagUe{USA}56265 -ixJOIN #H1N1PRIVMSG #H1N1 :USER pLagUe * okTeaM UniX b0at 0.4PC has been ~iNfEctEd~ Other details * The following port was open in the system: Port Protocol Process1051 TCP raidhost.exe (%Windir%raidhost.exe) Registry Modifications * The newly created Registry Value is: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + raidhost = “raidhost.exe” so thatRead more...

64.89.27.36(6k net)

Uncategorized

Remote Host Port Number 64.89.27.36 51987 NICK pLagUe{USA}{LAN}27954 MODE pLagUe{USA}{LAN}27954 -ix JOIN #trees PRIVMSG #trees : PONG irc.lulz.ee USER pLagUe * ok TeaM UniX b0at 0.4 New Infection – Morpheous Stub Other details * The following port was open in the system: Port Protocol Process 1050 TCP raidhost.exe (%Windir%raidhost.exe) Registry Modifications * The newly createdRead more...

69.16.172.40

Uncategorized

Remote Host Port Number69.16.172.40 7000 NICK marthanUSER roland “” “69.16.172.40” :kendrickPONG :2613115303PONG :1661756035PONG :1971802411 Registry Modifications * The following Registry Keys were created: o HKEY_LOCAL_MACHINESOFTWAREClasses.cha o HKEY_LOCAL_MACHINESOFTWAREClasses.chat o HKEY_LOCAL_MACHINESOFTWAREClassesChatFile o HKEY_LOCAL_MACHINESOFTWAREClassesChatFileDefaultIcon o HKEY_LOCAL_MACHINESOFTWAREClassesChatFileShell o HKEY_LOCAL_MACHINESOFTWAREClassesChatFileShellopen o HKEY_LOCAL_MACHINESOFTWAREClassesChatFileShellopencommand o HKEY_LOCAL_MACHINESOFTWAREClassesChatFileShellopenddeexec o HKEY_LOCAL_MACHINESOFTWAREClassesChatFileShellopenddeexecApplication o HKEY_LOCAL_MACHINESOFTWAREClassesChatFileShellopenddeexecifexec o HKEY_LOCAL_MACHINESOFTWAREClassesChatFileShellopenddeexecTopic o HKEY_LOCAL_MACHINESOFTWAREClassesirc o HKEY_LOCAL_MACHINESOFTWAREClassesircDefaultIcon o HKEY_LOCAL_MACHINESOFTWAREClassesircShell o HKEY_LOCAL_MACHINESOFTWAREClassesircShellopen o HKEY_LOCAL_MACHINESOFTWAREClassesircShellopencommandRead more...

hot.jatajoo.ru

Uncategorized

Remote Host Port Number174.133.222.172 445195.190.13.188 7272222.231.29.29 727289.149.244.22 80 * The data identified by the following URL was then requested from the remote web server: o http://hot.jatajoo.ru/hot.php NICK [N00_USA_XP_5605087]USER SP2-366 * 0 :COMPUTERNAMEJOIN #nit openPRIVMSG #modes2 :HTTP SET http://rapidshare.com/files/315648191/rostPRIVMSG #nit :scan// Random Port Scan started on 174.133.x.x:445 with a delay of 3 seconds for 0 minutesRead more...

baca.no-ip.org

Uncategorized

Name Query Type Query Result Successful Protocol baca.no-ip.org DNS_TYPE_A 94.23.234.102 1 94.23.234.102:9876 Nick: :{00-AUT-XP-pc8-4662}Username: blazeServer Pass: uline131.Joined Channel: #ulineChannel Topic for Channel #uline: “!scan 90 1 85.x.x.x 3 1 85.x.x.x 3 16kkj”Private Message to User {iNF-00-AUT-XP-p`xf6’yxf6’x80xf6’xa0xf8’xb4x84@: “SC// Sequential Port Scan started on 1:90 with a delay of 60 seconds for 3 minutes using 1 threads.”Read more...

fatalz.net

Uncategorized

Remote Host Port Number200.74.240.149 8094.23.121.227 7000 * The data identified by the following URL was then requested from the remote web server: o http://facebook.freephphosting.biz/illusion/?act=online&s4=25580&s5=0&nickname=Q29tcHV0ZXJOYW1lWzExNDcwM10= Registry Modifications * The following Registry Keys were created: o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionConsoleNameSpace o HKEY_LOCAL_MACHINESYSTEMControlSet001EnumRootLEGACY_NTNDIS o HKEY_LOCAL_MACHINESYSTEMControlSet001EnumRootLEGACY_NTNDIS000 o HKEY_LOCAL_MACHINESYSTEMControlSet001Servicesntndis o HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesntndisSecurity * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionConsoleNameSpace] +Read more...

Server : FederalBereauofInvestigation [1.2.1546]

Uncategorized

Remote Host Port Number72.184.197.176 6667 NICK XP|00|USA|SP2|7921USER aqxt 0 0 :XP|00|USA|SP2|7921USERHOST XP|00|USA|SP2|7921MODE XP|00|USA|SP2|7921 +x+iBJOIN #eckoPONG :FederalBereauofInvestigation Other details * The following ports were open in the system: Port Protocol Process113 TCP msconfig.exe (%System%msconfig.exe)1052 TCP msconfig.exe (%System%msconfig.exe) Registry Modifications * The following Registry Keys were created: o [pathname with a string SHARE]MSConfig o [pathname with aRead more...

buli.burimche.net(50k bots)

Uncategorized

buli.burimche.net:4244chanel:##bb## email from this guy in case u want to ask him about his bots lolburimi@nerashti.com Resolved : [nerashti.com] To [68.180.151.76]