Malware Domain List

Malware Related => Malicious Domains => Topic started by: pcaccent on October 30, 2010, 11:48:05 pm

Title: arp cache poisoning
Post by: pcaccent on October 30, 2010, 11:48:05 pm

now(GMT+9)

Quote

hxxp://www.jdcmmc.com/images/img.js
   hxxp://www.jdcmmc.com/images//kol.html
      hxxp://www.nexcomexpo.com/upload/s.exe // xor : BD
   hxxp://www.jdcmmc.com/images/sky.html
      hxxp://www.nexcomexpo.com/Upload/s.exe
   hxxp://www.jdcmmc.com/images/count.html

2010.10.30

Quote

hxxp://www.dachannels.com/images/img.js
   hxxp://www.dachannels.com/images/kol.htm
      hxxp://www.freeholiday.com.cn/images/s.exe // xor : BD
   hxxp://www.dachannels.com/images/sky.html
      hxxp://www.freeholiday.com.cn/images/s.exe
   hxxp://www.dachannels.com/images/count.html

2010.10.29

Quote

hxxp://www.96363.com/upfiles/img.js
   hxxp://www.96363.com/upfiles/kol.html
      hxxp://www.xsedu.zJ.cn/images/s.exe // xor : BD
   hxxp://www.96363.com/upfiles/sky.html
      hxxp://www.xsedu.zj.cn/images/s.exe
   hxxp://www.96363.com/upfiles/count.html

2010.10.25

Quote

hxxp://www.shrono.com/js/img.js
   hxxp://www.shrono.com/js/kol.htm
      hxxp://www.bizdak.com/images/s.exe
   hxxp://www.shrono.com/js/sky.html
      hxxp://www.bizdak.com/images/s.exe
   hxxp://www.shrono.com/js/count.html

2010.10.23

Quote

hxxp://www.zzyaya.com/js/img.js
   hxxp://www.zzyaya.com/js/kol.htm
      hxxp://www.zzyaya.com/images/s.exe // xor : BD
   hxxp://www.zzyaya.com/js/sky.html
      hxxp://www.zzyaya.com/images/s.exe
   hxxp://www.zzyaya.com/js/count.html

2010.10.22

Quote

hxxp://www.3emath.com/js/img.js
   hxxp://www.3emath.com/js/kol.htm
      hxxp://www.3emath.com/images/s.exe
   hxxp://www.3emath.com/js/sky.html
      hxxp://www.3emath.com/images/s.exe
   hxxp://www.3emath.com/js/count.html

2010.10.21

Quote

hxxp://www.thwg08.com/js/img.js (v3 2010.10.21.02(이하 v3)로 진단 불가)
   hxxp://www.thwg08.com/js/kol.htm
      hxxp://www.yunsheng.com/images/s.exe // xor : BD
   hxxp://www.thwg08.com/js/sky.html
      hxxp://www.yunsheng.com/images/s.exe
   hxxp://www.thwg08.com/js/count.html

Title: Re: arp cache poisoning
Post by: pcaccent on November 02, 2010, 11:29:29 pm

Quote

hxxp://www.cqgj.net/images/img.js
   hxxp://www.cqgj.net/images/kol.htm
      hxxp://www.nexcomexpo.com/upload/s.exe // xor : BD
   hxxp://www.cqgj.net/images/sky.html
      hxxp://www.nexcomexpo.com/Upload/s.exe
   hxxp://www.cqgj.net/images/count.html

Title: Re: arp cache poisoning
Post by: pcaccent on November 05, 2010, 11:33:35 am

Quote

hxxp://www.fjzzfm.com/js/img.js
   hxxp://www.fjzzfm.com/js/kol.htm
      hxxp://www.freeholiday.com.cn/css/s.exe // xor : BD
   hxxp://www.fjzzfm.com/js/sky.html
      hxxp://www.freeholiday.com.cn/css/s.exe
   hxxp://www.fjzzfm.com/js/count.html

Title: Re: arp cache poisoning
Post by: pcaccent on November 05, 2010, 10:16:38 pm

Quote

hxxp://www.womenzz.com/images/img.js
   hxxp://www.womenzz.com/images/kol.htm
      hxxp://www.Jxcgc.com/images/s.exe // xor : BD
   hxxp://www.womenzz.com/images/sky.html
      hxxp://www.jxcgc.com/images/s.exe
   hxxp://www.womenzz.com/images/count.html

someting

Quote

hxxp://tv.sbs.co.kr/docu/docu.html // 그것이 알고싶다
   hxxp://wizard2.sbs.co.kr/w3/common/common_js.js
      hxxp://mini.kbs.co.kr/i.asp
         hxxp://mini.kbs.co.kr/css/k.asp
            hxxp://mini.kbs.co.kr/Rookie/h.exe // xor : BD

Title: Re: arp cache poisoning
Post by: pcaccent on November 10, 2010, 09:31:25 am

Quote

http://jsunpack.jeek.org/dec/go?report=ac0bbde392ef78a184ae9ba527b8700c8af01153#www.qpbay.com/DictData/img.js

hxxp://www.qpbay.com/DictData/img.js
   hxxp://www.qpbay.com/DictData/kol.htm
      hxxp://www.platinumchina.com/images/s.exe
   hxxp://www.qpbay.com/DictData/sky.html
      hxxp://www.platinumchina.com/images/s.exe
   hxxp://www.qpbay.com/DictData/count.html

Title: Re: arp cache poisoning
Post by: pcaccent on November 10, 2010, 12:43:17 pm

something......

Quote

hxxp://180.69.254.230/main.asp // CVE-2010-3962-B
   hxxp://www.amcdrrkorea.org/3/sm.exe

Title: Re: arp cache poisoning
Post by: pcaccent on November 13, 2010, 09:36:13 am

Quote

hxxp://www.zyxyfy.com/images/pic.js
   hxxp://www.zyxyfy.com/images/sos.htm
      hxxp://www.platinumchina.com/images/s.exe
   hxxp://www.zyxyfy.com/images/ner.html
      hxxp://www.platinumchina.com/images/s.exe
   hxxp://www.zyxyfy.com/images/count.html

Title: Re: arp cache poisoning
Post by: pcaccent on November 13, 2010, 01:12:36 pm

something.....

Quote

hxxp://wizard2.sbs.co.kr/w3/common/common_js.js
   hxxp://www.bugo24.com/letter/
      hxxp://www.bugo24.com/letter/k.jpg
         hxxp://www.bugo24.com/letter/o.exe

Title: Re: arp cache poisoning
Post by: pcaccent on November 14, 2010, 10:21:25 am

something

Quote

hxxp://www.cgaretes.com/
   hxxp://www.dukjung.es.kr/PageDesign/teacher.exe

MD5 : 567d98f804e4dfb754035f2e03a9c600
virustotal : http://www.virustotal.com/file-scan/report.html?id=27df465afb4d2669cf2a94974a63c4badb0e916e6cb8564ceaf0c16a42e79828-1289728366

Title: Re: arp cache poisoning
Post by: pcaccent on November 16, 2010, 12:13:57 pm

something

Quote

hxxp://wizard2.sbs.co.kr/w3/common/common_js.js
   hxxp://esolestudy.co.kr/css/
      hxxp://esolestudy.co.kr/css/a.jpg
         hxxp://esolestudy.co.kr/css/xx.exe

Title: Re: arp cache poisoning
Post by: pcaccent on November 17, 2010, 01:33:05 pm

something

Quote

hxxp://www.cineseoul.com/common/swfiles.js
   hxxp://110.45.144.95/S.asp
      hxxp://cyberorchid.net/bbs/icon/c.exe
      hxxp://110.45.144.95/S2.asp
         hxxp://cyberorchid.net/bbs/icon/c.exe

Title: Re: arp cache poisoning
Post by: pcaccent on November 20, 2010, 12:12:28 am

something

Quote

hxxp://www.libro.co.kr/html/2008/js/common.js
   hxxp://114.203.87.195/id.asp
      hxxp://114.203.87.195/help.asp
         hxxp://121.254.145.212/w3c/ad.exe
      hxxp://114.203.87.195/top.asp
[/quoted]

Title: Re: arp cache poisoning
Post by: pcaccent on November 21, 2010, 05:48:04 am

something

Quote

hxxp://www.breaknews.com/
   hxxp://www10.breaknews.com/js/ins_js.js
      hxxp://www.breaknews.com/data/tv.htm
         hxxp://www.breaknews.com/data/tvx.html
            hxxp://128.134.30.87/w.exe
         hxxp://www.breaknews.com/data/tvj.html
            hxxp://128.134.30.87/s.exe

Title: Re: arp cache poisoning
Post by: pcaccent on November 21, 2010, 02:31:54 pm

something

Quote

hxxp://www.filei.co.kr/index.php
   hxxp://kmbao.com/index.htm
      hxxp://gms.kmbao.com/audi.exe

Title: Re: arp cache poisoning
Post by: pcaccent on November 26, 2010, 12:21:21 am

Quote

hxxp://www.yiqicall.com/images/pic.js
   hxxp://www.yiqicall.com/images/ner.html
      hxxp://www.zhuti138.cn/images/s.exe
   hxxp://www.yiqicall.com/images/sos.htm
      hxxp://www.zhuti138.cn/images/s.exe
   hxxp://www.yiqicall.com/images/count.html

Title: Re: arp cache poisoning
Post by: pcaccent on November 26, 2010, 02:35:37 pm

something

Quote

hxxp://www.toshare.kr/
   hxxp://www.toshare.kr/addons/resize_image/js/resize_image.min.js
      hxxp://www.fd521.com/ad.htm
         hxxp://www.fd521.com/521.exe

Quote

hxxp://www.gameangel.com/
   hxxp://www.gameangel.com/System/html/js/html.js
      hxxp://fd521.com/ads.htm
         hxxp://fd521.com/fd.exe

Title: Re: arp cache poisoning
Post by: pcaccent on November 27, 2010, 10:20:18 am

someting

Quote

hxxp://www.gamemeca.com/script/common.js
   hxxp://fd521.com/ads.htm
      hxxp://fd521.com/fd.exe // xor : BD

Title: Re: arp cache poisoning
Post by: pcaccent on November 28, 2010, 12:20:09 am

something

Quote

hxxp://worldhyo.com/xx.jpg
   hxxp://worldhyo.com/link/4.exe

Quote

hxxp://www.121ma.info/2/2.htm
   hxxp://www.121ma.info/2/iee.jpg
      hxxp://www.dnf7q.info/1/ceshi1.exe

Quote

hxxp://pressian.com/books/common/js/supersized.1.0.js
   hxxp://211.234.117.137/index.htm
      hxxp://210.124.107.3/log/x/T.exe

Quote

hxxp://www.yonhapnews.co.kr/siteoverlay2.js
   hxxp://211.234.117.137/index.htm
      hxxp://210.124.107.3/log/x/T.exe

Title: Re: arp cache poisoning
Post by: pcaccent on November 30, 2010, 11:17:28 pm

Quote

hxxp://www.defacto.or.kr/css/style.css
   hxxp://www.alahb.com/Images/pic.js
      hxxp://www.alahb.com/Images/ner.html
         hxxp://www.kemosi.com/images/s.exe
      hxxp://www.alahb.com/Images/sos.htm
         hxxp://www.kemosi.com/images/s.exe
      hxxp://www.alahb.com/Images/count.html

Quote

hxxp://www.pkupe.com/images/pic.js
   hxxp://www.pkupe.com/images/ner.html
      hxxp://www.kemosi.com/images/s.exe
   hxxp://www.pkupe.com/images/sos.htm
      hxxp://www.kemosi.com/images/s.exe
   hxxp://www.pkupe.com/images/count.html

something

Quote

hxxp://www.breaknews.com/
   hxxp://www.breaknews.com/data/breaknews_com/ho_img/2008090391j.jpg // HTML:CVE-2010-3962-B
      hxxp://www.vipup.com/dll/dll.exe

Title: Re: arp cache poisoning
Post by: pcaccent on December 03, 2010, 10:04:34 pm

something

Quote

hxxp://www.gamemeca.com/script/GamemecaScroll.js
   hxxp://ay521.com/ad.htm
      hxxp://ay521.com/ay.exe

Title: Re: arp cache poisoning
Post by: pcaccent on December 04, 2010, 12:47:50 pm

something

Quote

hxxp://www.cnews.co.kr/uhtml/main.html
   hxxp://www.momonala.com/images/common.js
      hxxp://www.momonala.com/images/kr1.html
         hxxp://www.momonala.com/images/pic0000.jpg // suspicious binary file
      hxxp://www.momonala.com/images/kr2.html
      hxxp://www.momonala.com/images/flh/flh.html
         hxxp://www.momonala.com/images/flh/cosplay.swf

Title: Re: arp cache poisoning
Post by: pcaccent on December 12, 2010, 05:26:47 am

something

Quote

hxxp://www.artsnews.co.kr/paper/main.php
   hxxp://211.234.117.132/index.htm
      hxxp://210.124.107.3/log/x/T.exe

Quote

hxxp://cutyline.zuzunza.joins.com/illust/data/1212/2.html
   hxxp://down.playdns.info/1210.exe

Title: Re: arp cache poisoning
Post by: pcaccent on December 18, 2010, 02:46:47 pm

something

Quote

hxxp://www.gamedonga.co.kr/abtt.asp
   hxxp://211.234.117.132/index.htm
      hxxp://210.124.107.3/log/x/T.exe

Title: Re: arp cache poisoning
Post by: pcaccent on December 19, 2010, 03:24:16 am

something

(http://blogfile.paran.com/BLOG_559899/201012/1292729412_00000.JPG)

Quote

hxxp://ad.hankooki.com/js.kti/250180/main@por
   hxxp://www.vastsea.com/js/script.js
      hxxp://www.vastsea.com/js/dfk.htm
         hxxp://www.cnpt.com.cn/images/c0de/img.exe // xor : BD
      hxxp://www.vastsea.com/js/hkl.htm
         hxxp://www.cnpt.com.cn/images/C0DE/img.exe
      hxxp://www.vastsea.com/js/count.html

Quote

hxxp://gall.dcinside.com/js/comment.js
   hxxp://cutyline.zuzunza.joins.com/illust/data/0805/1/index.html
      hxxp://cutyline.zuzunza.joins.com/illust/data/0805/1/load.html
         hxxp://cutyline.zuzunza.joins.com/illust/data/0805/1/1.html
            hxxp://down.sslplus.info/1217.exe
         hxxp://cutyline.zuzunza.joins.com/illust/data/0805/1/2.htm
            hxxp://down.sslplus.info/1217.exe

Quote

hxxp://www.dip.kr/H.asp
   hxxp://www.topchild.co.kr/include/top.exe

Title: Re: arp cache poisoning
Post by: pcaccent on December 19, 2010, 10:26:05 am

something

Quote

hxxp://www.trdftygo.com/
   hxxp://www.dseyuio.com/msppd/usndfid.exe
.
hxxp://www.gfhhkip.com/
   hxxp://www.dseyuio.com/msppd/usndfid.exe

via NATEON messenger

Title: Re: arp cache poisoning
Post by: pcaccent on December 25, 2010, 12:41:16 am

something

Quote

hxxp://www.geto.co.kr/state/x.js
   hxxp://www.geto.co.kr/state/b1.asp
      hxxp://www.castnet.co.kr/db/shell/cmd.exe
   hxxp://www.geto.co.kr/state/b2.asp
      hxxp://www.castnet.co.kr/db/shell/cmd.exe
   hxxp://www.geto.co.kr/state/b3.asp
      hxxp://www.k1newsleader.co.kr/k1/cmd.exe

Title: Re: arp cache poisoning
Post by: pcaccent on December 25, 2010, 10:38:35 pm

something

(http://blogfile.paran.com/BLOG_559899/201012/1293316405_00001.JPG)

Quote

hxxp://www.yonhapnews.co.kr/weather/weather.html
   hxxp://211.234.117.47/b.js
      hxxp://211.234.117.47/index.htm
         hxxp://210.124.107.3/log/x/T.exe

Quote

hxxp://gall.dcinside.com/js/comment.js
   hxxp://www.shopportal.co.kr/data/banner/1225/index.html
      hxxp://www.shopportal.co.kr/data/banner/1225/load.html
         hxxp://www.shopportal.co.kr/data/banner/1225/1.html
            hxxp://down.playboyshop.info/1224.exe
         hxxp://www.shopportal.co.kr/data/banner/1225/2.html
            hxxp://down.playboyshop.info/1224.exe

Quote

hxxp://gall.dcinside.com/js/gallog_script.js
   hxxp://www.edupam.com/comm/news_files/111.html
      hxxp://image20.dyndns.info:8989/index1.asp
         hxxp://image20.dyndns.info:8989/3.html
            hxxp://image20.dyndns.info:8989/01.exe

Quote

hxxp://wizard2.sbs.co.kr/resource/common/common.js
   hxxp://maplehey.com/rss/
      hxxp://maplehey.com/rss/k.jpg
         hxxp://maplehey.com/rss/K.Js
            hxxp://maplehey.com/rss/n.exe

Title: Re: arp cache poisoning
Post by: pcaccent on December 26, 2010, 11:53:49 am

Quote

hxxp://67.21.76.6/pic.js
   hxxp://67.21.76.6/zhk.htm
      hxxp://user5211314.inster.in/img/p0cd/img.exe
   hxxp://67.21.76.6/zfc.htm
      hxxp://user5211314.inster.in/img/p0cd/img.exe
   hxxp://67.21.76.6/count1.html

something

Quote

hxxp://www.trdftygo.com/
   hxxp://www.xunfhd.com/youn/repari.exe

hxxp://www.gfhjvdel.com/
   hxxp://www.xunfhd.com/youn/repari.exe

via NATEON messenger

Title: Re: arp cache poisoning
Post by: pcaccent on December 28, 2010, 10:53:04 pm

something

Quote

hxxp://myhappybaby.co.kr/bbs/board.php?bo_table=notice
   hxxp://myhappybaby.co.kr/js/common.js
      hxxp://61.57.227.5/js/b1.asp
         hxxp://www.k1newsleader.co.kr/k1/cmd.exe
      hxxp://61.57.227.5/js/b2.asp
      hxxp://61.57.227.5/js/b3.asp
         hxxp://www.castnet.co.kr/ad/msn/cmd.exe

Title: Re: arp cache poisoning
Post by: pcaccent on December 31, 2010, 09:43:37 pm

something

Quote

hxxp://www.soriaudio.com/zboard/zboard.php?id=m_audio
   hxxp://125.141.196.59/A.asp
      hxxp://125.141.196.59/b.exe

Title: Re: arp cache poisoning
Post by: pcaccent on January 08, 2011, 12:04:21 am

Quote

hxxp://www.bbsi.co.kr/js/common.js
   hxxp://www.zhqycm.com/img/ads.htm
      hxxp://www.zhqycm.com/img/script.js
         hxxp://www.zhqycm.com/img/kol.htm
            hxxp://www.ucsanya.com/Js/user/users.exe
         hxxp://www.zhqycm.com/img/sky.html
            hxxp://www.ucsanya.com/js/user/users.exe
         hxxp://www.zhqycm.com/img/count.html

Title: Re: arp cache poisoning
Post by: pcaccent on January 08, 2011, 05:16:53 pm

Quote

hxxp://minibar.cyworld.com/html.kti/nate/news@text_bottom2?age=&gender=
   hxxp://218.36.120.30/38843.js
      hxxp://173.192.136.92/pic.js
         hxxp://173.192.136.92/tow.htm
            hxxp://pic.kongfun.in/pictures/p1c/p1c.exe // xor : BD
         hxxp://173.192.136.92/sdh.htm
            hxxp://pic.kongfun.in/pictures/p1c/p1c.exe // xor : BD
         hxxp://173.192.136.92/mpiss.html

Quote

hxxp://www.grgbkdsd.com/
   hxxp://www.rnalcase.com/goohe/nsdk.jpg.exe

via NATEON messanger

Title: Re: arp cache poisoning
Post by: pcaccent on January 18, 2011, 10:31:08 pm

Quote

hxxp://www.cdpkorea.com/_js/js_hotkey_1.cko
   hxxp://115.68.21.132/left.asp
      hxxp://tgong.co.kr/mall/updir/md/pds.exe

Title: Re: arp cache poisoning
Post by: pcaccent on January 31, 2011, 11:12:23 pm

Quote

hxxp://67.21.76.33/js.jpg
   hxxp://67.21.76.33/fvp.htm
      hxxp://up.crez1o.com/uploadfiles/56326512.Jpg
   hxxp://67.21.76.33/rcf.htm
      hxxp://up.crez1o.com/uploadfiles/56326512.Jpg
   hxxp://67.21.76.33/count.html

Title: Re: arp cache poisoning
Post by: pcaccent on February 02, 2011, 05:13:45 am

something

Quote

hxxp://www.kcta.or.kr/
   hxxp://www.kcta.or.kr/js/json.js
      hxxp://incas.co.kr/image/k.jpg
         hxxp://www.spris.com/images/
            hxxp://www.spris.com/images/log.txt
               hxxp://www.spris.com/images/log.Js
                  hxxp://spris.co.kr/images/m.exe