Recent Posts

Pages: 1 2 [3] 4 5 ... 10
21
Tools of the trade / Internet News / Load malware domains easy
« Last post by camp0 on October 08, 2016, 08:34:52 pm »
Hi All,

Here is a small script in python for detect malware domains
Hope will be usefull

L
22
Hi,

Do you have FP/FN results for that ip lists? I was wondering if some of them are part of amazonws or other cloud services, so the IP aproach will be weak.
Anyway, good job! ;)

L
23
Malicious Domains / Re: MSE-looking Talking Malicious Fake Scan Site
« Last post by molan1998oif on October 07, 2016, 11:45:47 pm »
I apologize for not deactivating the links to begin this thread... I've fixed it though.
24
Malicious Domains / Re: MSE-looking Talking Malicious Fake Scan Site
« Last post by molan1998oif on October 07, 2016, 11:41:06 pm »
Quick update, the actual address is a long base64 thing, but by using the hosts list to block the popup, we were able to successfully back out of the site and close things.
25
Malicious Domains / MSE-looking Talking Malicious Fake Scan Site
« Last post by molan1998oif on October 07, 2016, 10:49:56 pm »
http://z5x7k18k-virus.com/report.php?
http://z5x7k18k-virus.com/?id=KzEgKDg1NSkgNjI1LTA3OTA
http://z5x7k18k-virus.com/up.php?done=veidzz
This came up when a user of ours was on Pinterest looking up recipes for stuff.
She had clicked a link to a cocktail recipe for some kind of Suicide Squad drink, and it redirected to some "allmommywants.com" site, then this came up.
The links above were various versions of it that I found in some .js files that were bringing her previous Firefox sessions back up with the tabs she was last viewing.  I managed to prevent the pop-up from coming back, even though the rest of the site came up, by adding: http://z5x7k18k-virus.com to the hosts file, preceded by 127.0.0.1
Attaching a screenshot of the page:
26
Malicious Domains / Re: Trojan Ransom
« Last post by Joukahainen on August 27, 2016, 07:54:06 pm »
Another mail based ransomware distribution.

http://www.saumi.jazztel.es/jkGYYU03gd Ransomware
27
Malicious Domains / Re: Trojan Ransom
« Last post by dlipman on August 26, 2016, 01:27:36 pm »
28
Malicious Domains / Re: Trojan Ransom
« Last post by Joukahainen on August 26, 2016, 07:07:49 am »
Locky distribution site.

hxxp://www.halloweenparty.go.ro/4GBrdf6 Ransomware

Ditributed by email (word macro downloader)
29
Malicious Domains / Reporting a phishing site
« Last post by Malis2007 on July 12, 2016, 08:24:54 pm »
Site link:
http://fast-internets.com/

Why?
Quote
it claims to be the official WhatsApp site, and asks users to share its link in the real/official whatsapp app to at least 15 contacts so that they gain fake access and advantage on thier fake site by allowing them to download an altered version of whatsapp that they claim that it makes people able to chat offline (pure scam and non-sense)
(Note: site content might be in arabic language.. and my poor irl friends were victims of it)

Thanks for reading, and your help in advance.
30
Malicious Domains / Phish Links
« Last post by iamCody on June 07, 2016, 01:16:38 am »
This link has been going around on Facebook, causing people to lose their accounts.

acct-service12.at.ua/help_recovery4/check/

When their account gets compromised, they changed their name to "Facebook Security" and change their profile image.

I'm not entirely sure that link has been submitted here...
Pages: 1 2 [3] 4 5 ... 10