Author Topic: 72.47.221.40 techndu.com AS31815 (MEDIATEMPLE)  (Read 3375 times)

0 Members and 1 Guest are viewing this topic.

June 15, 2009, 07:07:03 am
Read 3375 times

Malware-Web-Threats

  • Special Members
  • Hero Member

  • Offline
  • *

  • 354
    • MalwareURL
Code: [Select]
bobmassa.com
filmbridgelife.cn
head-concussion.com
netbob.com
shopfilmexistence.cn
shopfilmlifeforce.cn
thenoble-locker.com
worldbob.com
1st-credit-cards-issuers.com
1st-mesothelioma-asbestos-lawyer.com
1st-mortgage-leads.com
1st-texas-holdem-poker.com
1stbest-online-casino.com
1stchoice-hoists.com
1stfree-domain-hosting.com
1stmaterials-handlingsystems.com
4sale-spanishproperties.com
a1-adipex-4sale.com
a1-mortgage-finder.com
a1-online-masters-degree.com
a1-thesisdissertation.com
a1-tramadol-online.com
a1hearing-aid.com
a1plastic-storagebins.com
abigailkathryn.com
adipex-for-sale.com
adipex-weightloss-online.com
allsurveillance.com
alternativeviagra4u.com
americangrants-4u.com
antianxiety-clonazepam.com
anxietymigraines.com
backstats.com
best-life-insurance-4-u.com
best-mortgage-leads-4-u.com
best-poker-tournament.com
best-texasholdem.com
best-online-masters-degrees-4-u.com
bextrasideeffect.net
bingo-babes.com
blackjackbeauties.com
bradykeith.net
business-grants4-u.com
buy-adipex-prescription.com
buy-levitra-cheap-4u.com
buy-life-insurance-cheap.com
cartsandhandtrucks.com
chadandkimi.com
cheap-clonazepam.com
cheap-levitra-4sale-online.com
cheap-levitra-4u.com
cheapest-car-insurance-available.com
cheapo-flights.com
cheapo-flightsdirect.com
computerjobsportal.com
ercdebts.com
exclusive-mortgage-leads-online-4-u.com
fast-mortgage-4-u.com
find-u-that-mortgage.com
free-blackjack-4-u.com
free-webhosting-plus.com
generic-tramadol.com
get-acnefree.com
give-u-the-perfect-mortgage.com
hotel-centralclub.com
hotel-wizardcenter.com
insurance-4-your-car.com
internet-mortgage-loan.com
jackofspades.net
join-the-poker-room.com
katibeth.com
keno-chance-game.com
kooloo.com
levitra-4-sale.com
mesothelioma-abestos.com
mesothelioma-settlementnow.com
myonline-casino-guide.com
narcotictramadol.com
natural-barleygreen.com
netbusinessmarketing.com
netfetch.com
netflyer.net
offsiteoptimization.com
online-cheap-car-insurance.com
online-masters-degrees-4-u.com
online-tramadol-pharmacy.com
pain-relief-tramadol.com
parade-float-supplies.com
people-rank.com
pharmacyforwomen.com
poker24seven.com
purchase-clonazepam.com
refinance-lead-online.com
rofl-wedding-speeches.com
rofl-wedding-toasts.com
the-best-poker-online.com
tradeshow-displaysystems.com
tradeshowdisplaysystem.com
twoserver.com
undergroundseo.com
uneekhosting.com
webbob.com
weightloss-pills-4sale.com
wild-online-poker.com
wild-texas-holdem.com
wildgad-poker.com
world-class-online-casino-gambling.com
rouletterosie.com
signmakingequipmentandsupplies.com
slot-sluts.com
soma-4-sale.com
studentcreditcardissuers.com
threeserver.com
filmoflife.cn
mixwager.cn
1stwebsitehost.com
24-7-free-online-casino.com
24-7-gambling.com
adultacnecure.info
aplusmatting.com
aplusworkbenches.com
best-debt-consolidation-online.com
bextralawsuitattorney.com
bobjokes.com
butalbital-is-fioricet.com
buy-car-insurance-4-us.com
creditcardsunsecured.com
depressionstresspain.com
ez-master-degrees-online.com
fastnofaxpaydayloans.com
greatlakesdry.com
head-trauma-resource.com
hotelgoldcard.es
industrial-drum-equipment.com
industrial-storage-cabinets.com
industrialsteelshelving.com
inkjetkarts.com
kathichesnut.com
keyworddelivery.com
northpole2000.com
offsiteoptimization.info
okapt.org
onejob4you.com
order-forms.com
perfect-mortgage-lead-4-u.com
phurious-george.com
pie-maker.com
place4u.co.uk
portal-help.com
ppcmachine.com
ravelbabel.com
reading-ease.com
rooftopsfordollars.com
structuredannuity.com
teflonhealthhazard.com
teflonlawsuitattorney.com
textnchat.com
tissuetransplant.info
tropicalplantparadise.com
tuggingonapronstrings.com
vegas-vixen.com
visacardpoorcredit.com
womenlosingweight.com
worldscheapestwebhost.com
yesonamendment3.com
yourfirstpaydayloan.com

See this for an example:
http://www.malwareurl.com/search.php?domain=&s=72.47.221.40&match=0&rp=50&urls=on&redirs=on&ip=on&reverse=on&as=on
http://www.malwareurl.com/listing.php?ip=72.47.221.40

Payload structure:

:8080/load.php
:8080/cache/readme.pdf
:8080/cache/flash.swf

load trojan on gianttoplocate[.]cn

http://www.virustotal.com/analisis/2de855939085500e72da3771edf480f06b062cbd265721f4d19437d0c8cf4d0c-1244951433
http://www.virustotal.com/analisis/8199f57b7fdb051aa5adb285177bf688c87409a70b0f63442938fb1710bcb546-1244967765
http://www.virustotal.com/analisis/a49e6af1e8ce1314d5950ec4085271f230dcaf6e6250bef3cab48cb5fa760faa-1244967578

botnet CC on 78.109.29.116

http://www.threatexpert.com/report.aspx?md5=01d64a809d532320f4c5f666a7c64db6

June 15, 2009, 08:08:27 am
Reply #1

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Have you verified all those domains ?
Ruining the bad guy's day

June 15, 2009, 08:38:38 am
Reply #2

Malware-Web-Threats

  • Special Members
  • Hero Member

  • Offline
  • *

  • 354
    • MalwareURL
Yes, just 50 in queue for VT reports. I can post wepawet links here if needed

June 16, 2009, 01:42:40 am
Reply #3

Malware-Web-Threats

  • Special Members
  • Hero Member

  • Offline
  • *

  • 354
    • MalwareURL
Code: [Select]
hxxp://spzr.in:8080/load.php
hxxp://spzr.in:8080/cache/readme.pdf
Wepawet
Wepawet

VirusTotal - 1/39 (2.56%)

72.47.221.40 - AS31815
77.37.14.18 - AS44146
82.109.45.51 - AS4589
87.106.220.76 - AS8560