Malware Domain List

Malware Related => Malicious Domains => Topic started by: MysteryFCM on June 18, 2009, 02:13:59 am

Title: PDF exploit + Koobface
Post by: MysteryFCM on June 18, 2009, 02:13:59 am
Ref: http://forum.hosts-file.net/viewtopic.php?p=11777#p11777

Bog standard PDF exploit;

updatedb87.cn/out/index.php
-> updatedb87.cn/out/pdf.php
--> updatedb87.cn/out/load.php <--Koobface

Domain resolves to: 83.133.123.139 - t492.1paket.com

Code: [Select]
inetnum: 83.133.96.0 - 83.133.127.255
netname: LNCDE-GREATNET-NEWMEDIA
descr: Greatnet New Media.
country: DE
admin-c: FL1331-RIPE
tech-c: FL1331-RIPE
status: ASSIGNED PA
mnt-by: LNC-MNT
mnt-lower: LNC-MNT
source: RIPE # Filtered

person: Frazzetta Lindner
address: Greatnet New Media
address: Brentenstrasse 4a
address: D-83734 Hausham
address: Germany
phone: +49 1805 47328638
fax-no: +49 1805 444894696
nic-hdl: FL1331-RIPE
abuse-mailbox: abuse@greatnet.de
mnt-by: LNC-MNT
source: RIPE # Filtered

:: Information related to '83.133.0.0/16AS13237'

route: 83.133.0.0/16
descr: Lambdanet Operations - German region
origin: AS13237
mnt-by: LNC-MNT
source: RIPE # Filtered

Relations:
http://hosts-file.net/?s=83.133.123.139&view=matches