jdsiwiqweiqwyreqwi.com(Phishing malware hosted in Bosnia And Herzegovina Banja Luka Blicnet D.o.o.)

By Pig, April 6, 2015

Domains used by the malware:

34324325kgkgfkgf.com
dsffdsk323721372131.com
fdshjfsh324332432.com
jdsiwiqweiqwyreqwi.com 80.242.123.208

HTTP Requests:

URI:
http://jdsiwiqweiqwyreqwi.com/dffgbDFGvf465/YYf.php

DATA:
POST /dffgbDFGvf465/YYf.php HTTP/1.0
Host: jdsiwiqweiqwyreqwi.com
Accept: */*
Accept-Encoding: identity, *;q=0
Accept-Language: en-US
Content-Length: 272
Content-Type: application/octet-stream
Connection: close
Content-Encoding: binary
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

samples:
80.242.123.211:888/darky.exe
80.242.123.211:888/1.exe
80.242.123.211:888/run.exe

Hosting infos:
http://whois.domaintools.com/80.242.123.208

Categories: Uncategorized

Tags: malwarephishing

Previous post89.248.172.240(30k botnet hosted in Netherlands Amsterdam Ecatel Ltd)

Next post191.235.178.122(Modified Kaiten+STD hosted in Ireland Dublin Microsoft Informatica Ltda)

icanhazip.com(Malware Using Tor Hosted In United States Matawan Choopa Llc)

86.105.33.1025(HTTP Malware Hosted In Romania Constanta Data Net Srl)

pltd.myjino.ru(HTTP Malware Hosted In Russian Federation Moscow Avguro Technologies Ltd. Hosting Service Provider)