Author Topic: another Luckysploit IP  (Read 44325 times)

0 Members and 1 Guest are viewing this topic.

February 12, 2009, 12:39:02 pm
Read 44325 times

phenom

  • Newbie

  • Offline
  • *

  • 1
Code: [Select]
http://hello-to-you.net/rttz/?t=6
Its IP is 78.109.30.48, already in the MDL database, but does not yet list Luckysploit or the domain name.

Looks pretty similar to the fuck-lady version.

Wepawet link:
http://wepawet.iseclab.org/view.php?hash=c616a15254aa57bb0035ecce05633557&type=js

February 12, 2009, 01:46:53 pm
Reply #1

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
I have seen many Luckyploits urls in the last days, but they work only one time from the same ip.

Example:
Code: [Select]
http://85.17.189.183/opis2/?h=
Ruining the bad guy's day

February 12, 2009, 03:36:59 pm
Reply #2

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Another one
Code: [Select]
http://202.73.57.6/tomi
Ruining the bad guy's day

February 14, 2009, 05:18:55 am
Reply #3

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Ruining the bad guy's day

February 15, 2009, 07:13:55 pm
Reply #4

GmG

  • Special Members
  • Full Member

  • Offline
  • *

  • 92
Code: [Select]
http://94.247.2.157/.lck/?t=3
http://dvlorg.net/parus/?t=25
http://rodexcom.org/parus/?t=5
http://superioradz.info/opis2/?t=2
http://superioradz.info/opis3/?t=2

http://92.62.100.66/bm/?t=5
http://92.62.100.66/wait/?t=5
http://directlink0.cn/bm/?t=15
http://directlink0.cn/wait/?t=15
http://directlink1.cn/bm/?t=15
http://directlink1.cn/wait/?t=15
http://directlink2.cn/bm/?t=15
http://directlink2.cn/wait/?t=15
http://directlink4.cn/bm/?t=15
http://directlink4.cn/wait/?t=15
http://directlink9.cn/bm/?t=15
http://directlink9.cn/wait/?t=15
http://trafffive.cn/bm/?t=15
http://trafffive.cn/wait/?t=15

February 15, 2009, 09:47:42 pm
Reply #5

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Thanks, GmG. Nice collection.
Ruining the bad guy's day

February 18, 2009, 02:49:11 pm
Reply #6

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Another url. Thanks to our new member Bang.

Code: [Select]
http://deinglaube.com/images/
redirects to Luckysploit url
Code: [Select]
http://statclick.net/main/?t=1
Ruining the bad guy's day

February 18, 2009, 03:28:30 pm
Reply #7

Micha

  • Special Members
  • Newbie

  • Offline
  • *

  • 9
The other domains are also not very kosher:

http://www.trustedsource.org/query/ns1.globo-meds.com?m=ns

Code: [Select]
Domains on Nameserver ns1.globo-meds.com

statclick.net
sei-keine.com
globo-meds.com
google-analitic.com
deinglaube.com
verzeih.com
auf-jeder.com
chiburashko.com
xryndel.com

Already listed as bad since last year: http://www.malwaredomainlist.com/mdl.php?search=verzeih.com

February 18, 2009, 06:50:34 pm
Reply #8

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Code: [Select]
http://verzeih.com/state/?t=1
redirects to another Luckysploit

Code: [Select]
top.sei-keine.com/u-store/?t=1
Ruining the bad guy's day

February 24, 2009, 06:10:13 pm
Reply #9

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Ruining the bad guy's day

February 27, 2009, 09:11:31 am
Reply #10

Micha

  • Special Members
  • Newbie

  • Offline
  • *

  • 9
Another example: (watch the hidden IFRAME to DummySploit)

Code: [Select]
hxxp://ustreasury.usbanknet.net
Code: [Select]
ns1.frb-network.com A 220.196.59.26
ns1.usbanknetwork.com A 220.196.59.26
ns1.fedwirenetworks.com A 220.196.59.26
ns1.e-banknetworks.com A 220.196.59.26
ns1.ebanknetworks.com A 220.196.59.26
ns1.usbanknetworks.com A 220.196.59.26
ns1.federalreservebanks.us A 220.196.59.26
ns1.fedwirenetworks.us A 220.196.59.26
ns1.e-banknetworks.us A 220.196.59.26
ns1.banknetworks.us A 220.196.59.26
ns1.ebanknetworks.us A 220.196.59.26
ns1.usbanknetworks.us A 220.196.59.26
ns1.banknets.us A 220.196.59.26
ns1.frb-network.net A 220.196.59.26
ns1.ebanknetwork.net A 220.196.59.26
ns1.usbanknetwork.net A 220.196.59.26
ns1.e-banknetworks.net A 220.196.59.26
ns1.banknetworks.net A 220.196.59.26
ns1.ebanknetworks.net A 220.196.59.26
ns1.usbanknetworks.net A 220.196.59.26
ns1.usbanknet.net A 220.196.59.26
ns1.dnscore.ru A 220.196.59.26
ns1.dnshoster.ru A 220.196.59.26
ns1.cheapdns.ru A 220.196.59.26

February 28, 2009, 02:24:47 pm
Reply #11

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Ruining the bad guy's day

March 01, 2009, 02:21:28 pm
Reply #12

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Code: [Select]
analytics.pl.ua/scripts/?t=4
Ruining the bad guy's day

March 02, 2009, 02:10:49 pm
Reply #13

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Ruining the bad guy's day

March 06, 2009, 07:35:39 pm
Reply #14

GmG

  • Special Members
  • Full Member

  • Offline
  • *

  • 92
Code: [Select]
http://idealadvertising.org/clicksagent2/?t=2