boom.mine.nu

By Pig, May 17, 2009
Uncategorized

– DNS Queries: Name Query Type Query Result Successful Protocol boom.mine.nu DNS_TYPE_A 91.62.237.94 1 – IRC Conversations: 91.62.237.94:6667 Nick: WoRK6401887Username: yfnkrhrJoined Channel: #new with Password cyber-terrorChannel Topic for Channel #new: “.scanall -s” WoRK3411756: scan »» Random Port Scan started on 92.115.x.x:139 with a delay of 7 seconds for 600 minutes using 20 threads.WoRK3411756: scan »»Read more...

portablesdownloads.com

By Pig, May 17, 2009
Uncategorized

* Outgoing Connections o Transport Protocol: TCP o Remote Address: 208.98.47.7 o Remote Port: 6667 o Connection Established: 0 o Socket: 1364 NICK W3-bg[]USER sqmpqji “fo9.net” “lol” :sqmpqjiNICK W3-56aeUSER oukhbhbk “fo3.net” “lol” :oukhbhbk Now talking in #ghostTopic On: [ #ghost ] [ .scan 75 1 200.x.x.x 2 1 200.x.x.x ]Topic By: [ gh0st ]Modes On:Read more...

1.sdhjiww.com

By Pig, May 16, 2009
Uncategorized

Remote Host Port Number1.sdhjiww.com:449 and 19,998Resolved : [1.sdhjiww.com] To [218.61.7.9] PASS h4xg4ngNICK i00-USA-XP-6862073iUSER SP2-fop * 0 :COMPUTERNAME Discovered open port 22/tcp on 218.61.7.9Discovered open port 955/tcp on 218.61.7.9Discovered open port 111/tcp on 218.61.7.9Discovered open port 449/tcp on 218.61.7.9Discovered open port 998/tcp on 218.61.7.9Discovered open port 19/tcp on 218.61.7.9The SYN Stealth Scan took 12.06s to scanRead more...

trotinet.cjb.net

By Pig, May 15, 2009
Uncategorized

– IRC Conversations: 190.41.252.100:6667 Nick: USA|0064737Username: iycpimhdiJoined Channel: ##ddos## – DNS Quer:trotinet.cjb.net Initiating SYN Stealth Scan against 190.41.252.100 [1680 ports] at 03:21Discovered open port 25/tcp on 190.41.252.100Discovered open port 21/tcp on 190.41.252.100Discovered open port 31337/tcp on 190.41.252.100Discovered open port 3128/tcp on 190.41.252.100SYN Stealth Scan Timing: About 25.01% done; ETC: 03:23 (0:01:30 remaining)Discovered open port 427/tcpRead more...

dci.sinip.es

By Pig, May 13, 2009
Uncategorized

* The following Host Name was requested from a host database: o dci.sinip.esRemote Host Port Numberdci.sinip.es 20000 NICK W3-0c9c[USER uuoio “fo0.net” “lol” :uuoioNICK W3-`u5bhUSER dgqaqp “fo9.net” “lol” :dgqaqp * Outgoing Connections o Transport Protocol: TCP o Remote Address: 98.174.174.76 o Remote Port: 20000 o Connection Established: 0 o Socket: 1372

irc2.revo-studios.com

By Pig, May 12, 2009
Uncategorized

Analysis of the file resources indicate the following possible country of origin:Russian FederationRemote Host Port Number irc2.revo-studios.com 1034 Resolved irc2.revo-studios.com To 212.95.59.116Resolved irc2.revo-studios.com To 72.8.167.148Resolved irc2.revo-studios.com To 216.25.44.118Resolved irc2.revo-studios.com To 72.20.24.9

78.109.16.250(ssl conection port 443)

By Pig, May 8, 2009
Uncategorized

[ DetectionInfo ] * Filename: C:analyzerscanphoto1226.jpeg-www.myspace.com. * Sandbox name: W32/Malware. * Signature name: W32/Smalltroj.IBZS. * Compressed: YES. * TLS hooks: NO. * Executable type: Application. * Executable file structure: OK. * Filetype: PE_I386. [ General information ] * Drops files in %WINSYS% folder. * File length: 19968 bytes. * MD5 hash: 2e65abd884a33faac83805de140a7ef6. [ Changes toRead more...

mail.fucuzzy.com

By Pig, May 6, 2009
Uncategorized

– DNS Queries: Name Query Type Query Result Successful Protocol mail.fucuzzy.com DNS_TYPE_A 209.205.196.2 1 – IRC Conversations: 209.205.196.2:80 Nick: [P00|USA|08114398]Username: XP-1867Joined Channel: #q47 with Password ^B^B^B^BChannel Topic for Channel #q47: “.asc -S -s |.j #br |.j #de |.j #dk |.j #fr |.j #it |.j #jp |.j #kr |.j #mx |.j #pl |.j #ru |.j #twRead more...

t3ch.hqirc.com

By Pig, May 6, 2009
Uncategorized

– DNS Queries: Name Query Type Query Result Successful Protocolt3ch.hqirc.com DNS_TYPE_A 66.252.24.30 1 + Opened Listening Ports: – IRC Conversations: 66.252.24.30:6667Nick: USA|152381Username: xynbvlJoined Channel: ##HQz##Joined Channel: #eeeChannel Topic for Channel #eee: “^socks4”Channel Topic for Channel ##HQz##: “^j #eee”Private Message to Channel #eee: “[SOCKS4]: Server started on: 192.168.0.2:11244.”