Author Topic: Blackhole PDF Exploit Urls  (Read 6047 times)

0 Members and 1 Guest are viewing this topic.

September 05, 2011, 10:35:26 am
Read 6047 times

DnlMrx

  • Newbie

  • Offline
  • *

  • 9
alazarwin.info/games/1fdp.php
v4fh.co.cc/games/1fdp.php
piggidon.info/games/1fdp.php
hopetrade.info/games/1fdp.php
1sg1np.com/games/1fdp.php
veof.co.cc/games/1fdp.php
rkianria.co.cc/games/1fdp.php
lolololo.dyndns.tv/games/1fdp.php
ringshop.info/games/1fdp.php
idiosyncraticwin.info/games/1fdp.php
ahhq.co.cc/games/1fdp.php
argl.co.cc/games/1fdp.php
plan.shelfstyle.net/games/1fdp.php
top.ayankeecraftman.com/games/1fdp.php
jaksd.co.cc/games/1fdp.php
ham.allfood.co/games/1fdp.php
crytome.in/games/1fdp.php
colland.ru/gg/games/1fdp.php
tartget.info/games/1fdp.php
dfax.co.cc/games/1fdp.php
ivqb.co.cc/games/1fdp.php
s16.zeg.cc/games/1fdp.php
1xthem.com/games/1fdp.php
www.tagbeat71.info/games/1fdp.php
worldwide.solomontg.com/games/1fdp.php
2c8a.co.cc/games/1fdp.php
74w19v35.cz.cc/access7/games/1fdp.php


This Urls give gen malicious pdf file as response

September 05, 2011, 10:44:54 am
Reply #1

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
alazarwin.info/games/1fdp.php
...


This Urls give gen malicious pdf file as response

Thank you for submission, but I won't add those url to our database.
I don't add each possible exploit url for exploit kits. Usually I only add the entry point url and 1 payload url.

If you have entry point urls for those domains , please post them.

Update: I checked all urls. All are offline or don't contain pdf exploit.
Ruining the bad guy's day

September 05, 2011, 10:48:31 am
Reply #2

DnlMrx

  • Newbie

  • Offline
  • *

  • 9
okay.

But in this case, the payload switched a lot of time.

September 06, 2011, 08:33:28 am
Reply #3

DnlMrx

  • Newbie

  • Offline
  • *

  • 9
alazarwin.info/games/1fdp.php
...


This Urls give gen malicious pdf file as response

Thank you for submission, but I won't add those url to our database.
I don't add each possible exploit url for exploit kits. Usually I only add the entry point url and 1 payload url.

If you have entry point urls for those domains , please post them.

Update: I checked all urls. All are offline or don't contain pdf exploit.

Did you checked with parameters? try php?f={randomnumbers}

So youŽll get 100 kybte pdf file w/ enc javascript inside