Obfuscated HTTP URL
Detected 7 occurrence(s) of ‘h[x]{2}p[s]*:\/\/[a-z0-9\-\./]+': Default\Extensions\hnkkehjnlfplmdnallbjjdnokolhblgb [2015-11-10] CHR Extension: (Windows Media Player Extension for HTML5) -...
View ArticleObfuscated HTTP URL
Detected 7 occurrence(s) of ‘h[x]{2}p[s]*:\/\/[a-z0-9\-\./]+': Default\Extensions\hnkkehjnlfplmdnallbjjdnokolhblgb [2015-11-10] CHR Extension: (Windows Media Player Extension for HTML5) -...
View ArticleHacking Notification
Detected 1 occurrence(s) of ‘(h[a4]ck[e3]d|[p0]wn[e3]d|d[e3]f[a4]c[e3]d) by': </font> </head><body><font color="gray"><font size="5" color="red"> Hacked By F147 &...
View ArticleSimple Password
Detected 1 occurrence(s) of ‘\s*pass[word]+\s*[:=]\s*[“‘][a-z0-9\-_\!\$]+[“‘]': {$i srl/srl.simba} const USERNAME = 'parabot'; PASSWORD = '6135284495'; Var X,Y, tree,DTM_black, count, water:Integer;...
View ArticleSimple Password
Detected 1 occurrence(s) of ‘\s*pass[word]+\s*[:=]\s*[“‘][a-z0-9\-_\!\$]+[“‘]’: : true User: 'email' Senha: 'senha' Signature: 'signature' MySQL: #Modo para ser registrada as keys. #Modo 1 = Arquivo.db...
View ArticleURL with Credentials
Detected 1 occurrence(s) of ‘[ht|f]tp[s]*:\/\/\w+\:.*\@\w*\.\w*’: #!/bin/sh rm -rf /0x && mkdir /0x && wget...
View ArticleCertificate
Detected 1 occurrence(s) of ‘^—–BEGIN CERTIFICATE—–‘: ons panel # if you have more than one. On XP SP2, # you may need to disable the firewall # for the TAP adapter. ;dev-node MyTap proto udp remote...
View ArticlepgSQL Connection Information
Detected 1 occurrence(s) of ‘(postgres|pgsql|pq)\:\/\/.*\:.*\@’: DATABASE_URL=postgres://USERNAME:PASSWORD@127.0.0.1/DATABASE MEMCACHE_SERVERS=127.0.0.1:11211...
View ArticleShellcode
Detected 5 occurrence(s) of ‘\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}\\x[0-9a-f]{2}’:...
View ArticleAnonymous Message
Detected 2 occurrence(s) of ‘^we do not forg(ive|et)+[\!]*’: stions. See you next Friday. We will be watching closely. Operation Right To Rest has focused on Denver and you are rapidly approaching our...
View ArticleURL with Credentials
Detected 181 occurrence(s) of ‘[ht|f]tp[s]*:\/\/\w+\:.*\@\w*\.\w*’: ::GetImageHash(const string&) - unable to stat url...
View ArticleSimple Password
Detected 1 occurrence(s) of ‘\s*pass[word]+\s*[:=]\s*[“‘][a-z0-9\-_\!\$]+[“‘]’: ($res); //$sql = "SELECT rank FROM vouchers WHERE code=$code"; $rank = mysqli_query(dbConnect(), $row);...
View ArticleSimple Password
Detected 1 occurrence(s) of ‘\s*pass[word]+\s*[:=]\s*[“‘][a-z0-9\-_\!\$]+[“‘]’: var irc = require('irc'); var authnick = 'felixfire619'; // Create the configuration var config = { channels:...
View ArticleEmail Addresses List
Detected 188 occurrence(s) of ‘[\s\|,;’]+[a-z0-9\-\._]+@[a-z0-9\-\.]+\.[a-z]{2,4}[\s\|,;:’]+’: /DXD-ID Live [DE] Germany | davidschmidt_1991@yahoo.de | ./DXD-ID Live [ID] Indonesia |...
View ArticleCVE Reference
Detected 6 occurrence(s) of ‘CVE\-20[0-1]{1}[0-9]{1}\-[0-9]{4}’: fix CVE-2016-2106 - possible overflow in EVP_EncryptUpdate() - fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC - fix...
View ArticleSuspicious JavaScript Code
Detected 5 occurrence(s) of ‘var\d+\s*=’: "wps"; s.prop40="f536bd5dc191d"; s.prop50="fr_XC"; s.prop64="6c9b0cabd5d98"; s.eVar25="main\x3awps\x3aux\x3abutton\x3astart\x3asignup\x3a4\x3a";...
View ArticleLeaked Data
Detected 1 occurrence(s) of ‘leaked (by|from)’: he forced the mask over his nose and mouth, buckling it in place. The stream of vituperation pouring from Eight’s mouth was cut off, muffled curses...
View ArticleCertificate
Detected 1 occurrence(s) of ‘^—–BEGIN CERTIFICATE—–‘: ncapsula Inc/CN=incapsula.com i:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign CloudSSL CA - SHA256 - G3 1 s:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign...
View ArticleNmap Scan Report
Detected 1 occurrence(s) of ‘Nmap scan report for’: mapping): nmap_report = self.report for host in nmap_report.hosts: #print if len(host.hostnames): tmp_host = host.hostnames.pop() else: tmp_host =...
View ArticleShellcode
Detected 1 occurrence(s) of ‘shellcode’: used to hide (Registry Keys) Process is injected so no need to hide it & no files are dropped on Disk,the password grabber has it’s own rootkit to hide...
View Article