Author Topic: Malicious Domains by Lelenina  (Read 83074 times)

0 Members and 2 Guests are viewing this topic.

September 08, 2010, 11:23:14 pm
Reply #150

lelenina

  • Sr. Member

  • Offline
  • ****

  • 239
Code: [Select]
http://pleasing-tube.com/xplays.php?id=45031
Directs to trojan
Code: [Select]
http://loadmediameans.com/video-plugin.45031.exe
Trojan

September 12, 2010, 10:23:04 pm
Reply #151

lelenina

  • Sr. Member

  • Offline
  • ****

  • 239
Code: [Select]
http://merlion3oll.com/in.cgi?20&parameter=jonn4b&ur=1&HTTP_REFERER=nnn1
Redirects to fake scanner page
Code: [Select]
http://uikou.in/scaner/?id=02909
Fake scanner page
Code: [Select]
http://zestrsooots.com/aa/index.php
Exploit kit

September 17, 2010, 03:32:20 am
Reply #152

lelenina

  • Sr. Member

  • Offline
  • ****

  • 239
Code: [Select]
http://nojtul.co.cc/c/index.php
Phoenix Exploit Kit
Code: [Select]
http://nojtul.co.cc/c/statistics.php
Control panel of Phoenix Exploit Kit
Code: [Select]
http://nojtul.co.cc/c/l.php
http://nojtul.co.cc/c/exe.exe
Trojan

September 25, 2010, 02:31:30 am
Reply #153

lelenina

  • Sr. Member

  • Offline
  • ****

  • 239
Code: [Select]
http://buyshieldec.com/dimesis.php?ID=19776
Redirects to fake scanner page

September 25, 2010, 02:57:31 pm
Reply #154

lelenina

  • Sr. Member

  • Offline
  • ****

  • 239
Code: [Select]
http://jewertlins.com/stars/index.php
Exploit kit
Code: [Select]
http://jewertlins.com/stars/l.php
Trojan

September 27, 2010, 02:45:35 am
Reply #155

lelenina

  • Sr. Member

  • Offline
  • ****

  • 239
Code: [Select]
http://titolutis.cn/1/index.php
Phoenix Exploit kit
Code: [Select]
http://titolutis.cn/1/statistics.php
Control panel of Phoenix Exploit Kit
Code: [Select]
http://titolutis.cn/1/l.php
http://titolutis.cn/1/exe.exe
Swisyn trojan

October 11, 2010, 03:55:35 pm
Reply #156

lelenina

  • Sr. Member

  • Offline
  • ****

  • 239
Code: [Select]
http://huzytaj.co.cc/get/index.php
Exploit kit?

October 11, 2010, 04:01:27 pm
Reply #157

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Code: [Select]
http://huzytaj.co.cc/get/index.php
Exploit kit?

Do you receive any content from this url ? I don't get anything.

Special referer ?
Ruining the bad guy's day

October 11, 2010, 05:59:24 pm
Reply #158

GmG

  • Special Members
  • Full Member

  • Offline
  • *

  • 92
Code: [Select]
http://huzytaj.co.cc/get/?pg=171&action=italynew&e=post

same as
http://www.malwaredomainlist.com/mdl.php?search=jabylat.co.cc&colsearch=All&quantity=50


but

/get/?pg=171&action=italynew&e=post

works only with ip from italy





October 13, 2010, 03:41:40 am
Reply #159

lelenina

  • Sr. Member

  • Offline
  • ****

  • 239
Code: [Select]
http://goupdates.is.com/
Redirects to exploit kit.

October 15, 2010, 07:54:12 pm
Reply #160

lelenina

  • Sr. Member

  • Offline
  • ****

  • 239
Code: [Select]
http://vobuzmgsy.ru/wint2/
Redirects to fake scanner page

October 16, 2010, 07:07:29 pm
Reply #161

lelenina

  • Sr. Member

  • Offline
  • ****

  • 239
Code: [Select]
http://eveninglottery.cz.cc/index.php?s=2&u=4cb83405e1f594cb83405e2342
Exploit kit?

October 16, 2010, 07:49:23 pm
Reply #162

GmG

  • Special Members
  • Full Member

  • Offline
  • *

  • 92
Code: [Select]
http://eveninglottery.cz.cc/index.php?s=1&u=4cb83405e1f594cb83405e2342
http://eveninglottery.cz.cc/index.php?s=2&u=4cb83405e1f594cb83405e2342
http://eveninglottery.cz.cc/d.jar
http://eveninglottery.cz.cc/java.php?jar=1
http://eveninglottery.cz.cc/pdf3.php
http://eveninglottery.cz.cc/loadd.php
http://eveninglottery.cz.cc/load.php?sploit=JAVASMB

http://www.virustotal.com/file-scan/report.html?id=643c9528038b7f0202cc07c18536beca7004849aa2c9dbfc1dd2dcd9313937ba-1287242215

October 16, 2010, 08:35:48 pm
Reply #163

lelenina

  • Sr. Member

  • Offline
  • ****

  • 239
Code: [Select]
http://eveninglottery.cz.cc/index.php?s=1&u=4cb83405e1f594cb83405e2342
http://eveninglottery.cz.cc/index.php?s=2&u=4cb83405e1f594cb83405e2342
http://eveninglottery.cz.cc/d.jar
http://eveninglottery.cz.cc/java.php?jar=1
http://eveninglottery.cz.cc/pdf3.php
http://eveninglottery.cz.cc/loadd.php
http://eveninglottery.cz.cc/load.php?sploit=JAVASMB

http://www.virustotal.com/file-scan/report.html?id=643c9528038b7f0202cc07c18536beca7004849aa2c9dbfc1dd2dcd9313937ba-1287242215
Thanks.  How did you find all of those URLS?  Wepawet did not work for me.

October 16, 2010, 09:14:35 pm
Reply #164

GmG

  • Special Members
  • Full Member

  • Offline
  • *

  • 92
I tried index.php?s=1&u=4cb83405e1f594cb83405e2342
1 instead of 2
and decoded the page with malzilla

http://wepawet.iseclab.org/view.php?hash=f4a5bbcd8cd803d4184f32535466751b&t=1287263312&type=js