« previous next »
Pages: [1]   Go Down

Author Topic: Maldomains by cr4shm0ney  (Read 8234 times)

0 Members and 1 Guest are viewing this topic.

September 24, 2010, 12:39:17 pm
Read 8234 times

cr4shm0ney

  • Jr. Member
  • Offline
  • **
  • 27
Maldomains by cr4shm0ney
I am creating a thread to keep it tidy..

Code: [Select]
google-stats49.info/ur.php
http://www.google.com/support/forum/p/Google+Analytics/thread?tid=1eeb5a87312caace&hl=en
Logged
October 04, 2010, 03:45:21 pm
Reply #1

cr4shm0ney

  • Jr. Member
  • Offline
  • **
  • 27
Re: Maldomains by cr4shm0ney
Code: [Select]
http://qudeteyuj.cn/gbot/p.php?q=tTwvw20r0bjtf3GTYF7Xxep7c5BmL9WwmG0vw21d07bq4WSFynu7XGw%3D
http://www.virustotal.com/file-scan/report.html?id=bf507567ee0d35d6a7caa6954e022070a78e110d0bb5472884a4090e3f9d6fe2-1286205220
Logged
October 07, 2010, 02:32:55 pm
Reply #2

cr4shm0ney

  • Jr. Member
  • Offline
  • **
  • 27
Re: Maldomains by cr4shm0ney
Logged
November 09, 2010, 04:07:58 pm
Reply #3

cr4shm0ney

  • Jr. Member
  • Offline
  • **
  • 27
Re: Maldomains by cr4shm0ney
 mqovmpovqxzrsolr.biz/news <- Zbot config file perhaps? :D
Logged
March 10, 2011, 04:30:46 am
Reply #4

cr4shm0ney

  • Jr. Member
  • Offline
  • **
  • 27
Re: Maldomains by cr4shm0ney
Zeus sites


 
ratemeshea.info      
aniseinwoozin.info      
ariadtall.info      
arthroestalab.info      
biguarebonyel.info      
bowlerfo.info      
butteersecu.info      
chinosiverned.info      
coburneretenne.info      
conjubian.info      
contacoupanieta.info      
cyclogyro.info      
dangliman.info      
darleanzanthi.info      
dauptabbyi.info      
deftnescanc.info      
dermermysion.info      
ephedntilla.info      
equalitypenonm.info      
exclureha.info      
faculuringefer.info      
flashadro.info      
gestephi.info      
headlvyan.info      
hydradepric.info      
ineadinglycher.info      
kartarettavolt.info      
lorimpoinuo.info      
snardy.info      
stancytemp.info      
yeshisman.info   

Logged
March 10, 2011, 01:17:22 pm
Reply #5

SysAdMini

  • Administrator
  • Hero Member
  • Offline
  • *****
  • 3335
Re: Maldomains by cr4shm0ney
Quote from: cr4shm0ney on March 10, 2011, 04:30:46 am
Zeus sites


Can you provide complete urls ? Domain name only doesn't help. We can only add those domains to our list if we have an evidence for malicious activity.
Logged
Ruining the bad guy's day
March 10, 2011, 07:39:46 pm
Reply #6

cr4shm0ney

  • Jr. Member
  • Offline
  • **
  • 27
Re: Maldomains by cr4shm0ney
Here is what we have found


 
193.22.81.72   ratemeshea.info/usa.bin      
69.43.160.145   equalitypenonm.info/usa.bin      
69.43.160.145   deftnescanc.info/usa.bin      
69.43.160.145   conjubian.info/usa.bin      
69.43.160.145   coburneretenne.info/usa.bin      
69.43.160.145   aniseinwoozin.info/usa.bin      
67.228.81.180   hyternes.info/usa.bin      
194.0.245.71   addaxonahacko.info/usa.bin      
50.16.214.154   coacinin.info/usa.bin      
193.22.81.72   furzest.info/usa.bin      
69.43.160.145   welliantil.com/usa.bin      
69.43.160.145   tuffbasehosexi.com/usa.bin      
69.43.160.145   titermerra.com/usa.bin      
69.43.160.145   thirdaniece.com/usa.bin      
69.43.160.145   ridgentumpt.com/usa.bin      
69.43.160.145   regremism.com/usa.bin      
69.43.160.145   neoplettern.com/usa.bin      
69.43.160.145   mandavers.com/usa.bin      
69.43.160.145   jottertusquenc.com/usa.bin      
69.43.160.145   jilledlena.com/usa.bin      
69.43.160.145   hypallyse.com/usa.bin      
69.43.160.145   goalidereduc.com/usa.bin      
69.43.160.145   girdectyl.com/usa.bin      
69.43.160.145   gardelith.com/usa.bin      
69.43.160.145   comembernioneq.com/usa.bin      
69.43.160.145   bitureworket.com/usa.bin      
69.43.160.145   beseerlinnytate.com/usa.bin      
69.43.160.145   autykeention.com/usa.bin      
69.43.160.145   aridnescourie.com/usa.bin      
69.43.160.145   terrieldaraft.com/usa.bin      
69.43.160.145   stbonnello.com/usa.bin      
69.43.160.145   shantaliateut.com/usa.bin      
69.43.160.145   roqueneumonan.com/usa.bin      
69.43.160.145   rewontal.com/usa.bin      
69.43.160.145   prutantilba.com/usa.bin      
69.43.160.145   oleumence.com/usa.bin      
69.43.160.145   obulriseme.com/usa.bin      
69.43.160.145   midstonrule.com/usa.bin      
69.43.160.145   mestordi.com/usa.bin      
69.43.160.145   loaffert.com/usa.bin      
69.43.160.145   izoosionic.com/usa.bin      
69.43.160.145   guitestion.com/usa.bin      
69.43.160.145   eleaseedup.com/usa.bin      
69.43.160.145   doculastan.com/usa.bin      
69.43.160.145   crusieziff.com/usa.bin      
69.43.160.145   crunome.com/usa.bin      
69.43.160.145   brideralog.com/usa.bin      
69.43.160.145   titangepotactor.com/usa.bin      
69.43.160.145   supperereticer.com/usa.bin      
69.43.160.145   stamparnemetzin.com/usa.bin      
69.43.160.145   shortinesumbi.com/usa.bin      
69.43.160.145   prodrusebu.com/usa.bin      
69.43.160.145   pittashel.com/usa.bin      
69.43.160.145   nutrisernadist.com/usa.bin      
69.43.160.145   marsefishaw.com/usa.bin      
69.43.160.145   lynnellholing.com/usa.bin      
69.43.160.145   liftbedsogaloru.com/usa.bin      
69.43.160.145   ikebargertion.com/usa.bin      
69.43.160.145   humissordago.com/usa.bin      
69.43.160.145   hoodshtgarch.com/usa.bin      
69.43.160.145   gaddistoc.com/usa.bin      
69.43.160.145   execresen.com/usa.bin      
69.43.160.145   discamirent.com/usa.bin      
69.43.160.145   billeredbarick.com/usa.bin      
69.43.160.145   amenesheli.com/usa.bin      
69.43.160.145   hybalmettask.com/usa.bin      
69.43.160.145   gornellandiche.com/usa.bin      
69.43.160.145   dioxaneanet.com/usa.bin      
69.43.160.145   diettensto.com/usa.bin      
69.43.160.145   cohobsele.com/usa.bin      
69.43.160.145   chiggeratfawnes.com/usa.bin      
69.43.160.145   chicomppo.com/usa.bin      
69.43.160.145   brookrandav.com/usa.bin      
69.43.160.145   bearisalik.com/usa.bin      
69.43.160.145   workflycentha.com/usa.bin      
69.43.160.145   pothuskiverbi.com/usa.bin      
69.43.160.145   palismancytion.com/usa.bin      
69.43.160.145   miradreterrilar.com/usa.bin      
69.43.160.145   mickisserni.com/usa.bin      
69.43.160.145   mationga.com/usa.bin      
69.43.160.145   marobehamony.com/usa.bin      
69.43.160.145   linedoisterer.com/usa.bin      
69.43.160.145   iteraphyrsuck.com/usa.bin      
69.43.160.145   ffleri.com/usa.bin      
69.43.160.145   existignotypeat.com/usa.bin      
69.43.160.145   dalthearmane.com/usa.bin      
69.43.160.145   criserpegolder.com/usa.bin      
69.43.160.145   conscringle.com/usa.bin      
69.43.160.145   cavielandelerwo.com/usa.bin      
69.43.160.145   captallynnya.com/usa.bin      
69.43.160.145   bleeducif.com/usa.bin      
69.43.160.145   vimagent.com/usa.bin      
69.43.160.145   vaside.com/usa.bin      
69.43.160.145   undererme.com/usa.bin      
69.43.160.145   talition.com/usa.bin      
69.43.160.145   strurang.com/usa.bin      
69.43.160.145   sofargush.com/usa.bin      
69.43.160.145   sirockinevule.com/usa.bin      
69.43.160.145   shikilablygate.com/usa.bin      
69.43.160.145   remiserfoxi.com/usa.bin      
69.43.160.145   pyhenikkie.com/usa.bin      
69.43.160.145   nullionidererti.com/usa.bin      
69.43.160.145   leenerry.com/usa.bin      
69.43.160.145   huckerbitstrib.com/usa.bin      
69.43.160.145   eyrirshelcy.com/usa.bin      
69.43.160.145   eptnikines.com/usa.bin      
69.43.160.145   curaji.com/usa.bin      
69.43.160.145   commhosh.com/usa.bin      
69.43.160.145   charlouseptic.com/usa.bin      
69.43.160.145   canthreyec.com/usa.bin      
69.43.160.145   uphorationgy.com/usa.bin      
69.43.160.145   tunicersiteff.com/usa.bin      
69.43.160.145   studigabr.com/usa.bin      
69.43.160.145   stenote.com/usa.bin      
69.43.160.145   stealdacy.com/usa.bin      
69.43.160.145   shahaccurefusi.com/usa.bin      
69.43.160.145   proentirica.com/usa.bin      
69.43.160.145   nylghauristoc.com/usa.bin      
69.43.160.145   mollustcollia.com/usa.bin      
69.43.160.145   loideryl.com/usa.bin      
69.43.160.145   extoneryphon.com/usa.bin      
69.43.160.145   eurymbil.com/usa.bin      
69.43.160.145   coriumenneag.com/usa.bin      
69.43.160.145   cobuyingre.com/usa.bin      
69.43.160.145   camportrugg.com/usa.bin      
69.43.160.145   cadanementoxid.com/usa.bin      
69.43.160.145   buckwetnesth.com/usa.bin      
69.43.160.145   blerdenter.com/usa.bin      
69.43.160.145   bitterercyteau.com/usa.bin      
212.7.194.51   yeshisman.info/usa.bin      
69.43.160.145   lorimpoinuo.info/usa.bin      
69.43.160.145   hydradepric.info/usa.bin      
69.43.160.145   headlvyan.info/usa.bin      
69.43.160.145   gestephi.info/usa.bin      
69.43.160.145   flashadro.info/usa.bin      
69.43.160.145   ephedntilla.info/usa.bin      
69.43.160.145   dermermysion.info/usa.bin      
69.43.160.145   cyclogyro.info/usa.bin      
69.43.160.145   contacoupanieta.info/usa.bin      
69.43.160.145   butteersecu.info/usa.bin      
69.43.160.145   biguarebonyel.info/usa.bin      
69.43.160.145   ariadtall.info/usa.bin      
69.43.160.145   kartarettavolt.info/usa.bin      
69.43.160.145   ineadinglycher.info/usa.bin      
69.43.160.145   faculuringefer.info/usa.bin      
69.43.160.145   exclureha.info/usa.bin      
69.43.160.145   dauptabbyi.info/usa.bin      
69.43.160.145   darleanzanthi.info/usa.bin      
69.43.160.145   dangliman.info/usa.bin      
69.43.160.145   chinosiverned.info/usa.bin      
69.43.160.145   bowlerfo.info/usa.bin      
69.43.160.145   arthroestalab.info/usa.bin      
68.178.232.100   stancytemp.info/usa.bin      
68.178.232.100   snardy.info/usa.bin   
Logged
March 10, 2011, 07:45:13 pm
Reply #7

cr4shm0ney

  • Jr. Member
  • Offline
  • **
  • 27
Re: Maldomains by cr4shm0ney
Can I get some points or something?
Logged
March 10, 2011, 08:56:37 pm
Reply #8

SysAdMini

  • Administrator
  • Hero Member
  • Offline
  • *****
  • 3335
Re: Maldomains by cr4shm0ney
Quote from: cr4shm0ney on March 10, 2011, 07:39:46 pm
Here is what we have found

Did you check those urls ?

Only the first one works. Allmost all return 403.
Code: [Select]
200|ratemeshea.info/usa.bin - ok
403|equalitypenonm.info/usa.bin
403|deftnescanc.info/usa.bin
403|conjubian.info/usa.bin
403|coburneretenne.info/usa.bin
403|aniseinwoozin.info/usa.bin
404|hyternes.info/usa.bin
0|addaxonahacko.info/usa.bin
200|coacinin.info/usa.bin - 0 byte length
403|welliantil.com/usa.bin
403|tuffbasehosexi.com/usa.bin
403|titermerra.com/usa.bin
403|thirdaniece.com/usa.bin
403|ridgentumpt.com/usa.bin
403|regremism.com/usa.bin
403|neoplettern.com/usa.bin
403|mandavers.com/usa.bin
403|jottertusquenc.com/usa.bin
403|jilledlena.com/usa.bin
403|hypallyse.com/usa.bin
403|goalidereduc.com/usa.bin
403|girdectyl.com/usa.bin
403|gardelith.com/usa.bin
403|comembernioneq.com/usa.bin
403|bitureworket.com/usa.bin
403|beseerlinnytate.com/usa.bin
403|autykeention.com/usa.bin
403|aridnescourie.com/usa.bin
403|terrieldaraft.com/usa.bin
403|stbonnello.com/usa.bin
403|shantaliateut.com/usa.bin
403|roqueneumonan.com/usa.bin
403|rewontal.com/usa.bin
403|prutantilba.com/usa.bin
403|oleumence.com/usa.bin
403|obulriseme.com/usa.bin
403|midstonrule.com/usa.bin
403|mestordi.com/usa.bin
403|loaffert.com/usa.bin
403|izoosionic.com/usa.bin
403|guitestion.com/usa.bin
403|eleaseedup.com/usa.bin
403|doculastan.com/usa.bin
403|crusieziff.com/usa.bin
403|crunome.com/usa.bin
403|brideralog.com/usa.bin
403|titangepotactor.com/usa.bin
403|supperereticer.com/usa.bin
403|stamparnemetzin.com/usa.bin
403|shortinesumbi.com/usa.bin
403|prodrusebu.com/usa.bin
403|pittashel.com/usa.bin
403|nutrisernadist.com/usa.bin
403|marsefishaw.com/usa.bin
403|lynnellholing.com/usa.bin
403|liftbedsogaloru.com/usa.bin
403|ikebargertion.com/usa.bin
403|humissordago.com/usa.bin
403|hoodshtgarch.com/usa.bin
403|gaddistoc.com/usa.bin
403|execresen.com/usa.bin
403|discamirent.com/usa.bin
403|billeredbarick.com/usa.bin
403|amenesheli.com/usa.bin
403|hybalmettask.com/usa.bin
403|gornellandiche.com/usa.bin
403|dioxaneanet.com/usa.bin
403|diettensto.com/usa.bin
403|cohobsele.com/usa.bin
403|chiggeratfawnes.com/usa.bin
403|chicomppo.com/usa.bin
403|brookrandav.com/usa.bin
403|bearisalik.com/usa.bin
403|workflycentha.com/usa.bin
403|pothuskiverbi.com/usa.bin
403|palismancytion.com/usa.bin
403|miradreterrilar.com/usa.bin
403|mickisserni.com/usa.bin
403|mationga.com/usa.bin
403|marobehamony.com/usa.bin
403|linedoisterer.com/usa.bin
403|iteraphyrsuck.com/usa.bin
403|ffleri.com/usa.bin
403|existignotypeat.com/usa.bin
403|dalthearmane.com/usa.bin
403|criserpegolder.com/usa.bin
403|conscringle.com/usa.bin
403|cavielandelerwo.com/usa.bin
403|captallynnya.com/usa.bin
403|bleeducif.com/usa.bin
403|vimagent.com/usa.bin
403|vaside.com/usa.bin
403|undererme.com/usa.bin
403|talition.com/usa.bin
403|strurang.com/usa.bin
403|sofargush.com/usa.bin
403|sirockinevule.com/usa.bin
403|shikilablygate.com/usa.bin
403|remiserfoxi.com/usa.bin
403|pyhenikkie.com/usa.bin
403|nullionidererti.com/usa.bin
403|leenerry.com/usa.bin
403|huckerbitstrib.com/usa.bin
403|eyrirshelcy.com/usa.bin
403|eptnikines.com/usa.bin
403|curaji.com/usa.bin
403|commhosh.com/usa.bin
403|charlouseptic.com/usa.bin
403|canthreyec.com/usa.bin
403|uphorationgy.com/usa.bin
403|tunicersiteff.com/usa.bin
403|studigabr.com/usa.bin
403|stenote.com/usa.bin
403|stealdacy.com/usa.bin
403|shahaccurefusi.com/usa.bin
403|proentirica.com/usa.bin
403|nylghauristoc.com/usa.bin
403|mollustcollia.com/usa.bin
403|loideryl.com/usa.bin
403|extoneryphon.com/usa.bin
403|eurymbil.com/usa.bin
403|coriumenneag.com/usa.bin
403|cobuyingre.com/usa.bin
403|camportrugg.com/usa.bin
403|cadanementoxid.com/usa.bin
403|buckwetnesth.com/usa.bin
403|blerdenter.com/usa.bin
403|bitterercyteau.com/usa.bin
200|yeshisman.info/usa.bin -> html file
403|lorimpoinuo.info/usa.bin
403|hydradepric.info/usa.bin
403|headlvyan.info/usa.bin
403|gestephi.info/usa.bin
403|flashadro.info/usa.bin
403|ephedntilla.info/usa.bin
403|dermermysion.info/usa.bin
403|cyclogyro.info/usa.bin
403|contacoupanieta.info/usa.bin
403|butteersecu.info/usa.bin
403|biguarebonyel.info/usa.bin
403|ariadtall.info/usa.bin
403|kartarettavolt.info/usa.bin
403|ineadinglycher.info/usa.bin
403|faculuringefer.info/usa.bin
403|exclureha.info/usa.bin
403|dauptabbyi.info/usa.bin
403|darleanzanthi.info/usa.bin
403|dangliman.info/usa.bin
403|chinosiverned.info/usa.bin
403|bowlerfo.info/usa.bin
403|arthroestalab.info/usa.bin
302|stancytemp.info/usa.bin
302|snardy.info/usa.bin


Logged
Ruining the bad guy's day
March 18, 2011, 01:29:13 pm
Reply #9

cr4shm0ney

  • Jr. Member
  • Offline
  • **
  • 27
Re: Maldomains by cr4shm0ney
I understand that you have requirements and no doubt for good reason, I wanted to get this information out as soon as possible considering that even if these hosts are not active at this exact moment there is good reason to believe these domains will soon be a threat at the very least I did not spent an hour coming up with bogus domain names to submit to the MDL for fun.

CM
Logged
July 06, 2011, 06:25:23 pm
Reply #10

cr4shm0ney

  • Jr. Member
  • Offline
  • **
  • 27
Re: Maldomains by cr4shm0ney
aboutaminute.com appears to be a zues config file server.

aboutaminute.com/mysxxxsqlupdate.dtld
Logged
July 07, 2011, 08:13:43 am
Reply #11

CkreM

  • Special Access
  • Hero Member
  • Offline
  • *
  • 567
Re: Maldomains by cr4shm0ney
the URL you mentioned is not online anymore, this one replaced him:
Code: [Select]
http://aboutaminute.com/ban.dtld
Logged
Mal-Aware
Pages: [1]   Go Up
« previous next »