Malware Domain List

Malware Related => Malicious Domains => Topic started by: foks on January 05, 2012, 02:42:38 pm

Title: Shell scripts used in Timthumb attacks
Post by: foks on January 05, 2012, 02:42:38 pm
The below urls contain shell script that has been used in TimThumb attacks. More information about the attack on http://www.theregister.co.uk/2011/08/02/wordpress_zero_day/.

Code: [Select]
IP Url MD5
111.68.116.165 http://blogger.com.indnique.com/bot.php bb9d8b839bd18f7fba6757f218c7f58d
111.68.116.165 http://blogger.com.indnique.com/mini.php 9688fc24d1a78e34d7e1e10ec026ca1b
111.68.116.165 http://blogger.com.indnique.com/news.php 45c2ae03d4e2d3a942d9c17c089d98f7
111.68.116.165 http://blogger.com.indnique.com/sp.php d142814df2aaf35b4e457b333c0908cc
111.68.116.166 http://picasa.com.wirelesskita.com/index.php 19a3f6d3ebd8a22027c53f771b6a741e
124.158.158.1 http://picasa.com.sienbity.com/sample.php a1002075ef781f3998c3b4222c85bbfe
151.22.198.6 http://blogger.com.nutrizionistacosenza.it/404.php 467042ac3199561815d14223be979531
151.22.198.6 http://picasa.com.torneosalemicapitale.it/air.php c04deb865f61f19212a5dd83830c2939
174.120.192.157 http://picasa.com.bestofgreater.com/lc.php 20ac6f01553b73a5c45f2ecdc99bf5dd
174.121.14.122 http://picasa.com.deporteairsoft.es/yahoo.php 27dd92fe3f7ba5ef82b8266dd47680de
174.121.14.122 http://picasa.com.diglaw.org/...php 27dd92fe3f7ba5ef82b8266dd47680de
174.121.78.194 http://blogger.com.sydneyveteranshockey.com.au/vegetable.php 27dd92fe3f7ba5ef82b8266dd47680de
175.107.130.121 http://picasa.com.arkvets.com.au/logIN.php 6c0cea25970433147c3d98ab832c824b
184.173.243.4 http://picasa.com.elpoderdelapalabra.com/...php 27dd92fe3f7ba5ef82b8266dd47680de
187.110.226.136 http://picasa.com.amplarh.com.br/stun.php c8fe421a938a509784657a7496ce3281
190.208.17.143 http://blogger.com.kenpoleon.cl/404.php c55342d96d99ae1178986be46ed926ab
190.208.17.143 http://blogger.com.kenpoleon.cl/bot.php 313030ca45936714bf13900e01596e4c
190.208.17.143 http://blogger.com.kenpoleon.cl/sp.php 51e38d43ce680b2bb841c37a88992ce7
190.208.17.143 http://blogger.com.kenpoleon.cl/xx.php 4c8763f2266a2456d4af6b97e2c51dbc
199.16.130.101 http://picasa.com.irene-de-beausse.com/cybercrime.php 27dd92fe3f7ba5ef82b8266dd47680de
202.69.110.158 http://blogger.com.perpustakaan-pusdiklataparatur.net/diamall.php c9af793fe3d0cbbb95a5416d0885de61
202.69.110.158 http://blogger.com.perpustakaan-pusdiklataparatur.net/forms.php e96893c05d5e8faef25e441586b1384e
203.170.87.185 http://blogger.com.start-thegame.com/404.php 1fdbc4fcb5655b48c2b85e9d47d44176
203.170.87.185 http://blogger.com.start-thegame.com/bot.php 1fdbc4fcb5655b48c2b85e9d47d44176
203.170.87.185 http://blogger.com.start-thegame.com/sp.php 1fdbc4fcb5655b48c2b85e9d47d44176
203.170.87.185 http://blogger.com.start-thegame.com/xx.php 1fdbc4fcb5655b48c2b85e9d47d44176
203.88.117.57 http://blogger.com.v2training.com.au/rei/byroe.php 3b1a206b1e3689563e14037c1d705b2d
207.234.208.167 http://blogger.com.anaski.net/anaski/ask.php 1567eb3d176d2c57d16bdd7b09d49d1b
207.234.208.167 http://blogger.com.anaski.net/anaski/shx 5b172bd70c319e55ea4f4963dcd875e4
207.234.208.167 http://blogger.com.pasbar.com/anaski/ask.php 1567eb3d176d2c57d16bdd7b09d49d1b
207.234.208.167 http://blogger.com.pasbar.com/anaski/zens.php 93a4809869cb628d41d88c9d98d1ada1
207.58.189.249 http://picasa.com.fiwe-sdi.org/yahoo.php 27dd92fe3f7ba5ef82b8266dd47680de
208.101.21.82 http://picasa.com.florabeauty.com.ar/no2.php 693621c2455c2380827d312b0a99a7f9
208.101.21.82 http://picasa.com.florabeauty.com.ar/number.php 70a9f269d24067ecd420e8d5f9da4471
210.245.80.53 http://blogger.com.mesco.com.vn/ikhy.php 331281ce74bd32a31cc4de4699616ff5
210.245.80.53 http://blogger.com.mesco.com.vn/login.php 0bb7c0a4bff26ecaaf01bff4c19c167a
212.36.74.150 http://blogger.com.artchemist.es/xuxa.php cb7ddb63faa7733faaaff323901dbbd4
213.157.185.2 http://img.youtube.com.dekofilm.ro/protected.php f42e63123f17e6692ff5bb67ed793aad
41.86.104.183 http://picasa.com.thsconsulting.co.za/drwxrwxrwt.php 776a83840b4f7ff1741913965189195f
46.105.113.64 http://picasa.com.atelierdelaclairiere.fr/google.php f42e63123f17e6692ff5bb67ed793aad
50.97.102.50 http://blogger.com.arestoscosmeticos.com.br/byroe.php fb77e27119b29b859c7c2521cf7fab0e
64.247.180.213 http://picasa.com.wildtiger.info/...php 27dd92fe3f7ba5ef82b8266dd47680de
65.60.53.58 http://picasa.com.uyn.com.au/yahoo.php f42e63123f17e6692ff5bb67ed793aad
65.75.130.50 http://picasa.com.webbags.org/yahoo.php 27dd92fe3f7ba5ef82b8266dd47680de
65.75.162.222 http://picasa.com.f5y.info/yahoo.php 27dd92fe3f7ba5ef82b8266dd47680de
66.7.214.104 http://img.youtube.com.rosters-zone.com.ar/cok.php 12127b9d2b2fa84d8116d6faa0838328
66.7.214.192 http://blogger.com.nilgirisrealty.com/cok.php 59941b78e40ad1e9808c7d0b8b74e350
66.7.214.192 http://blogger.com.nilgirisrealty.com/sp.php 8188a682df183053870ad63d28715769
67.227.185.153 http://picasa.com.loancharlie.com/yahoo.php 27dd92fe3f7ba5ef82b8266dd47680de
67.23.239.244 http://blogger.com.shuttupkitty.net/cumi.php 4de561cac8294b810afe3b3aa7de10bf
69.175.120.122 http://blogger.com.shalomsalaam.net/shell.php 99ab05010507514a2c19f1357ca3ebb2
69.73.173.227 http://picasa.com.syscommx.com/bodat.php 58570af11e18cba98c138585cf4690a6
74.206.160.17 http://picasa.combo.kimkardashiantapes.org/byroe.php 4a748847fa0cb95538d02961c4e6bdd6
77.109.111.66 http://socialhostpicasa.com/upload/thumbs/avatar3.php 69068b14c51d17596a905d0e2adf8cd9
80.179.155.7 http://blogger.com.bcornix.com/image.php 9c0b9e4706d2cf0684f6c44b305cd133
80.244.168.4 http://blogger.com.tamir-law.co.il/i.php 61668034517c2d5d6ecd16a5279715a5
87.19.42.90 http://blogger.com.55.lt/dark.php 049f65bd0db25f43c21626b2aae0a6d5
87.19.42.90 http://blogger.com.55.lt/tim.php c8fe421a938a509784657a7496ce3281
87.98.169.216 http://blogger.com.steam-evolution.fr/count.php 637f951cfde873e907fb3639c1d5c714
91.223.216.63 http://bloggerecom.vx8.ru/sp.php 4884e3bff901d1dcbae0c5a6ffe8c6c4
94.23.68.169 http://blogger.com.nettunoresidence.it/pl.php 5c8b72d75fb5224ffbfe1b00bc8c3d08
94.75.243.86 http://a3gipicasa.comaz3p.johncoughlan.net/c/ad.php c0a54e157f396e5b0ba37c5916d59c0b
94.75.243.86 http://a6bqcpicasa.comjqwmw.johncoughlan.net/c/ad.php ab51fb22bff8adef331878f9f2016bb0
94.75.243.86 http://a7vxpicasa.comkxfrg.johncoughlan.net/c/ad.php bbed8004efcace9b0ab04cba7950a2fb
94.75.243.86 http://bbrpicasa.come80v.johncoughlan.net/c/ad.php 416e78ce5778148d435996252f6d0ba8
94.75.243.86 http://bfpicasa.como75lo.johncoughlan.net/c/ad.php ab51fb22bff8adef331878f9f2016bb0
94.75.243.86 http://bfpicasa.comxxg.johncoughlan.net/c/ad.php 17e00cfc3602c25c561de05b33510b38
94.75.243.86 http://bwjspicasa.comz0d.johncoughlan.net/c/ad.php 7b9eef14649b9396da2e37ea7ce5fc52
94.75.243.86 http://c1q98vpicasa.comca6sn.johncoughlan.net/c/ad.php c0a54e157f396e5b0ba37c5916d59c0b
94.75.243.86 http://c6mpicasa.comywnl.johncoughlan.net/c/ad.php c0a54e157f396e5b0ba37c5916d59c0b
94.75.243.86 http://chp7epicasa.comnvs.johncoughlan.net/c/ad.php 7b9eef14649b9396da2e37ea7ce5fc52
94.75.243.86 http://d27hpicasa.comu9a.johncoughlan.net/c/ad.php 1d859e679fa89a36868c7ce640e47b85
94.75.243.86 http://dapicasa.comw323fe.johncoughlan.net/c/ad.php 7b9eef14649b9396da2e37ea7ce5fc52
94.75.243.86 http://dc1blspicasa.comgkxfr.johncoughlan.net/c/ad.php 416e78ce5778148d435996252f6d0ba8
94.75.243.86 http://ds0yjpicasa.comsp887s.johncoughlan.net/c/ad.php ab51fb22bff8adef331878f9f2016bb0
94.75.243.86 http://eipicasa.comwv7g.johncoughlan.net/c/ad.php f54008536e85ce957d9134931bc6326a
94.75.243.86 http://elpicasa.comgr.johncoughlan.net/c/ad.php bbed8004efcace9b0ab04cba7950a2fb
94.75.243.86 http://f580skpicasa.comro8a.johncoughlan.net/c/ad.php c0a54e157f396e5b0ba37c5916d59c0b
94.75.243.86 http://f9hpicasa.come3533s.johncoughlan.net/c/ad.php 416e78ce5778148d435996252f6d0ba8
94.75.243.86 http://fettpicasa.comvhc.johncoughlan.net/c/ad.php ab51fb22bff8adef331878f9f2016bb0
94.75.243.86 http://gqxopicasa.coma4o.johncoughlan.net/c/ad.php ab51fb22bff8adef331878f9f2016bb0
94.75.243.86 http://gspicasa.compk9b.johncoughlan.net/c/ad.php ab51fb22bff8adef331878f9f2016bb0
94.75.243.86 http://h799jlpicasa.comw6krm.johncoughlan.net/c/ad.php f54008536e85ce957d9134931bc6326a
94.75.243.86 http://hqdpicasa.comsd1w.johncoughlan.net/c/ad.php c0a54e157f396e5b0ba37c5916d59c0b
94.75.243.86 http://ht8bpicasa.comq4l69r.johncoughlan.net/c/ad.php ab51fb22bff8adef331878f9f2016bb0
94.75.243.86 http://hxpicasa.comqd5rm.johncoughlan.net/c/ad.php 7b9eef14649b9396da2e37ea7ce5fc52
94.75.243.86 http://i7tpicasa.comcd.johncoughlan.net/c/ad.php f54008536e85ce957d9134931bc6326a
94.75.243.86 http://igwpicasa.comkr.johncoughlan.net/c/ad.php 416e78ce5778148d435996252f6d0ba8
94.75.243.86 http://izpicasa.comvs7s.johncoughlan.net/c/ad.php 7b9eef14649b9396da2e37ea7ce5fc52
94.75.243.86 http://k1sd0jpicasa.comti.johncoughlan.net/c/ad.php 416e78ce5778148d435996252f6d0ba8
94.75.243.86 http://kj482wpicasa.comt0j.johncoughlan.net/c/ad.php f54008536e85ce957d9134931bc6326a
94.75.243.86 http://kmpicasa.comaek8zg.johncoughlan.net/c/ad.php bbed8004efcace9b0ab04cba7950a2fb
94.75.243.86 http://krpicasa.comumzu.johncoughlan.net/c/ad.php c0a54e157f396e5b0ba37c5916d59c0b
94.75.243.86 http://l008upicasa.comj7dm2c.johncoughlan.net/c/ad.php 17e00cfc3602c25c561de05b33510b38
94.75.243.86 http://lipicasa.comak.johncoughlan.net/c/ad.php 416e78ce5778148d435996252f6d0ba8
94.75.243.86 http://lp5yspicasa.comn94f9w.johncoughlan.net/c/ad.php c0a54e157f396e5b0ba37c5916d59c0b
94.75.243.86 http://m7fpicasa.comuok.johncoughlan.net/c/ad.php 17e00cfc3602c25c561de05b33510b38
94.75.243.86 http://mjpicasa.comqxco.johncoughlan.net/c/ad.php 7b9eef14649b9396da2e37ea7ce5fc52
94.75.243.86 http://mtpicasa.comxs.johncoughlan.net/c/ad.php 7b9eef14649b9396da2e37ea7ce5fc52
94.75.243.86 http://mytpicasa.comf6007w.johncoughlan.net/c/ad.php c0a54e157f396e5b0ba37c5916d59c0b
94.75.243.86 http://mzjp2bpicasa.comnx.johncoughlan.net/c/ad.php 416e78ce5778148d435996252f6d0ba8
94.75.243.86 http://mzpicasa.comv7l.johncoughlan.net/c/ad.php 7b9eef14649b9396da2e37ea7ce5fc52
94.75.243.86 http://n43vpicasa.comt2p.johncoughlan.net/c/ad.php 416e78ce5778148d435996252f6d0ba8
94.75.243.86 http://n6w7epicasa.comg9y.johncoughlan.net/c/ad.php bbed8004efcace9b0ab04cba7950a2fb
94.75.243.86 http://n8gpicasa.comdxp8w.johncoughlan.net/c/ad.php c0a54e157f396e5b0ba37c5916d59c0b
94.75.243.86 http://nkwlpicasa.comtx788n.johncoughlan.net/c/ad.php 416e78ce5778148d435996252f6d0ba8
94.75.243.86 http://nthpicasa.commz.johncoughlan.net/c/ad.php c0a54e157f396e5b0ba37c5916d59c0b
94.75.243.86 http://oq54hnpicasa.comqd.johncoughlan.net/c/ad.php f54008536e85ce957d9134931bc6326a
94.75.243.86 http://ossgpicasa.comk7vfcc.johncoughlan.net/c/ad.php f54008536e85ce957d9134931bc6326a
94.75.243.86 http://p3kcenpicasa.comy1455d.johncoughlan.net/c/ad.php ab51fb22bff8adef331878f9f2016bb0
94.75.243.86 http://popicasa.comxwz5j.johncoughlan.net/c/ad.php f54008536e85ce957d9134931bc6326a
94.75.243.86 http://qc81vpicasa.compknt.johncoughlan.net/c/ad.php f54008536e85ce957d9134931bc6326a
94.75.243.86 http://qx137opicasa.come155ng.johncoughlan.net/c/ad.php bbed8004efcace9b0ab04cba7950a2fb
94.75.243.86 http://r0hspicasa.comkceyby.johncoughlan.net/c/ad.php bbed8004efcace9b0ab04cba7950a2fb
94.75.243.86 http://rjpicasa.comftviy.johncoughlan.net/c/ad.php 7b9eef14649b9396da2e37ea7ce5fc52
94.75.243.86 http://rkcpicasa.comg5lu.johncoughlan.net/c/ad.php bbed8004efcace9b0ab04cba7950a2fb
94.75.243.86 http://s8cnrjpicasa.comhr.johncoughlan.net/c/ad.php 1d859e679fa89a36868c7ce640e47b85
94.75.243.86 http://snpicasa.comzr.johncoughlan.net/c/ad.php 1d859e679fa89a36868c7ce640e47b85
94.75.243.86 http://t07ppicasa.comtw.johncoughlan.net/c/ad.php 7b9eef14649b9396da2e37ea7ce5fc52
94.75.243.86 http://t09fpicasa.comc650a.johncoughlan.net/c/ad.php 416e78ce5778148d435996252f6d0ba8
94.75.243.86 http://tbgqypicasa.commx5j.johncoughlan.net/c/ad.php 416e78ce5778148d435996252f6d0ba8
94.75.243.86 http://twlpicasa.comq49g.johncoughlan.net/c/ad.php 416e78ce5778148d435996252f6d0ba8
94.75.243.86 http://vcpicasa.comyy.johncoughlan.net/c/ad.php bbed8004efcace9b0ab04cba7950a2fb
94.75.243.86 http://w0fibppicasa.comos.johncoughlan.net/c/ad.php 17e00cfc3602c25c561de05b33510b38
94.75.243.86 http://wca46qpicasa.comks.johncoughlan.net/c/ad.php ab51fb22bff8adef331878f9f2016bb0
94.75.243.86 http://wfpicasa.commppp.johncoughlan.net/c/ad.php ab51fb22bff8adef331878f9f2016bb0
94.75.243.86 http://x2gnjlpicasa.comol9gp.johncoughlan.net/c/ad.php ab51fb22bff8adef331878f9f2016bb0
94.75.243.86 http://xu8c6upicasa.comsr.johncoughlan.net/c/ad.php 17e00cfc3602c25c561de05b33510b38
94.75.243.86 http://ygtopicasa.comx58wk.johncoughlan.net/c/ad.php ab51fb22bff8adef331878f9f2016bb0
94.75.243.86 http://z03gmpicasa.comt4ygv.johncoughlan.net/c/ad.php 416e78ce5778148d435996252f6d0ba8
94.75.243.86 http://zwpicasa.comcoz5p.johncoughlan.net/c/ad.php 17e00cfc3602c25c561de05b33510b38
98.158.186.250 http://picasa.com.snap-u.com/yahoo.php 27dd92fe3f7ba5ef82b8266dd47680de