Author Topic: Malicious Domains - eoin.miller  (Read 13359 times)

0 Members and 1 Guest are viewing this topic.

March 21, 2011, 06:43:19 pm
Reply #30

eoin.miller

  • Sr. Member

  • Offline
  • ****

  • 179
More Phoenix:

www.zanupoits.com
http://www.zanupoits.com/722quoct6k.php?s=IBCCM

Looks to be fluxing.

March 24, 2011, 10:48:30 pm
Reply #31

eoin.miller

  • Sr. Member

  • Offline
  • ****

  • 179
174.127.87.104 - various host names


This is redirectiong to lots of fake scanner pages like freeantiagencyxp.com. Definately needs to be listed. Doing some more intel on this now....

Code: [Select]
GET /?s=18 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-e
xcel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-
flash, */*
Referer: http://getmediacontent.com/145/40brands/banner.html
Accept-Language: en-us
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.1; .NET C
LR 2.0.50727)
Host: 30kuil1.iodelivery.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Thu, 24 Mar 2011 13:53:28 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Content-Length: 861
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
  <head>
  <meta http-equiv="content-type" content="text/html; charset=uft8">
  <title>404 Not Found</title>
  <script>
if (window.top != window.parent.parent) window.top.location.href="http://xpscanan
tiviruscentral.com/index2.php?06abQDU9QUDBV2v7rCw7i8WveTo6MHVmLVpZeCOrV1lTN5AlQy2
K";
</script>
  </head>
  <body>
<h1>Not Found</h1>
<p>The requested URL /index.html was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.
</p>
<hr>
<address>Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_p
assthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Port 80</address>
  </body>
</html>