API tools faq
paste
Advertisement
MalwareMustDie

#MalwareMustDie - Cool Exploit Infectors Full Disclosure

MalwareMustDie
Jan 15th, 2013
1,942
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.69 KB | None | 0 0
raw download clone embed print report
  1. ===================================================
  2. #MalwareMustDie - Cool Exploit Kit Infectors
  3. Crusade Research Data -
  4. Shared for the Blocking Purpose ONLY
  5. Checked by :
  6. @unixfreaxjp /malware]$ date
  7. Tue Jan 15 19:48:40 JST 2013
  8. ===================================================
  9.  
  10. ===================
  11. 72.46.132.214
  12. ===================
  13. 50f2e82b777c7.bobfaith.com/news/ARCHBISHOP/OPERATION.PHP5
  14. 50f2e0e1f35ef.azhypnotistbob.com/news/ARCHBISHOP/OPERATION.PHP5
  15. 50f2cb535212f.azhypno.com/news/ARCHBISHOP/OPERATION.PHP5
  16. 50f2e82b777c7.bobfaith.com/news/Sun_Relinquish.aspx
  17. 50f2e0e1f35ef.azhypnotistbob.com/news/Bible.phps
  18.  
  19. // with additional possibilities:
  20. 50f337d06c182.mentalfocus.org
  21. 50f3ec90cd3e0.sportsfocus.org
  22. 50f2a2c25a1f4.arizonareptheatre.com
  23. 50f2a86714d29.azreptheatre.com
  24. 50f289732df55.arizonarepertorytheatre.com
  25. 50f2b63491312.buyliftem.com
  26. 50f2cb535212f.azhypno.com
  27. 50f39fe3d7007.socialmediahypnotist.com
  28. 50f34d99e5ea9.quitsmokingaz.com
  29. 50f30c7628d58.hypnoaz.com
  30. 50f2f6b923593.healthhypnosisaz.com
  31. 50f2fdf67d0ad.healthhypnosisaz.com
  32. 50f33f178173a.mentalfocusaz.com
  33. 50f3294603c37.loseweightaz.com
  34. 50f322095740b.loseweightaz.com
  35. 50f3138673ee9.hypnotherapyaz.com
  36. 50f2bd7964ae8.buyliftem.net
  37. 50f282b40a901.bestbridalregistry.net
  38.  
  39. ===================
  40. 64.120.190.183
  41. ===================
  42. 50f31ac55ce66.hypnotherapyaz.com/news/Guilt.phtm
  43. 50f2d9ddf1471.azhypnotistbob.com/news/Bible.phps
  44. 50f2d9ddf1471.azhypnotistbob.com/news/Guilt.phtm
  45.  
  46. ===================
  47. 46.165.209.218
  48. ===================
  49. geto.mysuperwelfare.net/contacts/Sale.Dilute.jsp
  50. viagra.pharmacylegasy.com/contacts/electron_turn.php3
  51. umyaovatet.dewaserto.com/public/Fury.phtm
  52. goel.mysuperwelfare.net/contacts/Sale.Dilute.jsp
  53. gula.mysuperhealthinfo.com/contacts/Sale.Dilute.jsp
  54. cialis.pharma-services.com/contacts/economics.shtml
  55. levitra.pharmaparty.com/contacts/economics.shtml
  56. foru.superhealthye.com/contacts/Sale.Dilute.jsp
  57. hope.mysuperhealthinfo.com/contacts/Sale.Dilute.jsp
  58. scor.superhealthye.com/contacts/Sale.Dilute.jsp
  59.  
  60. // PoC of activated domains:
  61. $ date
  62. Tue Jan 15 18:18:24 JST 2013
  63. $ bash check.sh
  64. $ cat details.csv
  65. geto.mysuperwelfare.net,46.165.209.218,
  66. viagra.pharmacylegasy.com,46.165.209.218,
  67. umyaovatet.dewaserto.com,46.165.209.218,
  68. goel.mysuperwelfare.net,46.165.209.218,
  69. gula.mysuperhealthinfo.com,46.165.209.218,
  70. cialis.pharma-services.com,46.165.209.218,
  71. levitra.pharmaparty.com,46.165.209.218,
  72. foru.superhealthye.com,46.165.209.218,
  73. hope.mysuperhealthinfo.com,46.165.209.218,
  74.  
  75. // the possibilities of this IP is very huge... can't paste it here.. hundreds!
  76.  
  77. ================
  78. 46.28.71.85
  79. ================
  80. 50ed011e85acc.bobbi-starr-tube.com/news/Budget_Focus.html 46.28.71.85
  81. 50ec62f02c992.ashlynn-brooke-tube.com/news/Violent/Lengthy.php5 46.28.71.85
  82. 50ec4d638626f.aria-giovanni-tube.com/news/Punch/Valuable.jsp 46.28.71.85
  83. 50eee51b7f359.createlivingwater.org/news/SLEEVE.PHP3 46.28.71.26
  84. ( still updating...)
  85.  
  86. ================
  87. 188.120.230.142
  88. ================
  89. 50f233ebe3465.bridalregistry4adownpayment.net/news/ARCHBISHOP/OPERATION.PHP5 188.120.230.142
  90. 50f1de9962a55.barrynemet.com/news/STATEMENT.PRESENT.HTML 188.120.230.142
  91. 50f2500414440.ourdownpayment.biz/news/Bible.phps 188.120.230.142
  92. ( still updating...)
  93.  
  94. ================
  95. 193.150.0.202
  96. ================
  97. 50f1f97a16de5.serenedentalaz.com/news/ARCHBISHOP/OPERATION.PHP5 193.150.0.202
  98. 50f257570ee2f.ourdownpayment.com/news/Bible.phps 193.150.0.202
  99. 50f066e4da692.virtueelectric.com/news/CONVENE.PHP4 193.150.0.201
  100. ( still updating...)
  101.  
  102. ================
  103. 173.237.198.25
  104. ================
  105. 50f1a4b606e1f.allinonecontracting.biz/news/ARCHBISHOP/OPERATION.PHP5 173.237.198.25
  106. 50f17ac105471.airreducer1.com/news/ray.dhtml 173.237.198.25
  107. 50f1d0136ff36.allinonemaintenance.info/news/Bible.phps 173.237.198.25
  108. ( still updating...)
  109.  
  110.  
  111. ================
  112. 178.63.150.225
  113. ================
  114. 50ee9b85f0fbe.iswatertheanswer.com/news/wise.php4 178.63.150.225
  115. 50eebf5c6c4e0.antijesus.com/news/COMBINE.RETIRED.PHP 178.63.150.225
  116. ( still updating...)
  117.  
  118. ================
  119. 31.131.27.114
  120. ================
  121. 50ec9a3dc6911.bbw-streaming.com/news/thermal_fellow.htm 31.131.27.114
  122. 50eda9734eecf.thewateruniversity.com/news/Connection.php5 31.131.27.114
  123. ( still updating...)
  124.  
  125. ================
  126. 184.82.27.130
  127. ================
  128. 50ee3baab1dd6.pandorasantan.biz/news/COSTLY-PROCURE.PHTML 184.82.27.130
  129. 50edcab2d9c86.themarketdisruption.com/news/LINGER.CGI 184.82.27.130
  130. ( still updating...)
  131.  
  132. // some just popped ups...
  133.  
  134. fiqaturhalwoaenu.myftp.org/read/offer-canvas.jsp 67.211.197.32
  135. 50ef0ba01bb78.educationandskills.com/news/CUTTING.CGI 185.10.211.11
  136. drls.info/news/CUTTING.CGI 5.199.135.103
  137. ( still updating...)
  138.  
  139.  
  140. -----
  141. #MalwareMustDie
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!