« previous next »
Pages: 1 [2]   Go Down

Author Topic: urlquery.net  (Read 65324 times)

0 Members and 1 Guest are viewing this topic.

June 28, 2011, 01:42:00 pm
Reply #15

MysteryFCM

  • Administrator
  • Hero Member
  • Offline
  • *****
  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
Re: urlquery.net
Ah, cheers :)

May be an idea to make that a little clearer, yes.
Logged
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net
June 28, 2011, 02:11:29 pm
Reply #16

SysAdMini

  • Administrator
  • Hero Member
  • Offline
  • *****
  • 3335
Re: urlquery.net
I would like to see a column "Host" in http request table. I don't like that I have to click on each request line to see the host.
You could make the "Reponse" column smaller, but add a host column.
Logged
Ruining the bad guy's day
June 28, 2011, 02:29:47 pm
Reply #17

tyriel

  • Jr. Member
  • Offline
  • **
  • 14
    • urlQuery
Re: urlquery.net
Quote from: SysAdMini on June 28, 2011, 02:11:29 pm
I would like to see a column "Host" in http request table. I don't like that I have to click on each request line to see the host.
You could make the "Reponse" column smaller, but add a host column.

I can add the "Host" row from the http request header to the default text before you expand it. Sounds ok?
Logged
June 28, 2011, 02:39:08 pm
Reply #18

SysAdMini

  • Administrator
  • Hero Member
  • Offline
  • *****
  • 3335
Re: urlquery.net
Quote from: tyriel on June 28, 2011, 02:29:47 pm
Quote from: SysAdMini on June 28, 2011, 02:11:29 pm
I would like to see a column "Host" in http request table. I don't like that I have to click on each request line to see the host.
You could make the "Reponse" column smaller, but add a host column.

I'll can add the "Host" row from the http request header to the default text before you expand it. Sounds ok?

Sounds good.
Logged
Ruining the bad guy's day
September 08, 2011, 04:48:15 pm
Reply #19

SysAdMini

  • Administrator
  • Hero Member
  • Offline
  • *****
  • 3335
Re: urlquery.net
Let's start with reporting about missing detections.

Incognito exploit kit
example
Code: [Select]
buyaion.cu.cc/showthread.php?t=82651514
New Blackhole kit version
Code: [Select]
dreth543rwfdegrhjt.cz.cc/t/b56696ed19ad9fdfd35260d0a21bf00f
Logged
Ruining the bad guy's day
September 09, 2011, 07:00:50 am
Reply #20

SysAdMini

  • Administrator
  • Hero Member
  • Offline
  • *****
  • 3335
Re: urlquery.net
No detection for exploits of CrimePack

Code: [Select]
greatyoutubevideos.info/nolock/index.php
vb6protected.com/nolock/index.php
Logged
Ruining the bad guy's day
September 12, 2011, 03:18:24 pm
Reply #21

tyriel

  • Jr. Member
  • Offline
  • **
  • 14
    • urlQuery
Re: urlquery.net
Quote from: SysAdMini on September 09, 2011, 07:00:50 am
No detection for exploits of CrimePack

Code: [Select]
greatyoutubevideos.info/nolock/index.php
vb6protected.com/nolock/index.php

I'll have a closer look at those URL, not sure if they contain CrimePack tho, as one seems to use some Java code and the other seems to be dead at time of visit.

I'll update the BlackHole and Incognito signatures tonight with new patterns.


Thanks for feedback MDL! :)

Logged
September 13, 2011, 04:50:37 pm
Reply #22

tyriel

  • Jr. Member
  • Offline
  • **
  • 14
    • urlQuery
Re: urlquery.net
Quote from: SysAdMini on September 08, 2011, 04:48:15 pm
Let's start with reporting about missing detections.

Incognito exploit kit
example
Code: [Select]
buyaion.cu.cc/showthread.php?t=82651514


Anyone know what version of incognito this is?

I remember the old format from v2.0 was:

Code: [Select]
/in.php?a=QQkFBwQHBAEABQQMEkcJBQcEBwYABQcHDA==

Logged
Pages: 1 [2]   Go Up
« previous next »