SHARE
TWEET

#MalwareMustDie - Cool Exploit Infectors Full Disclosure

MalwareMustDie Jan 15th, 2013 186 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ===================================================
  2. #MalwareMustDie - Cool Exploit Kit Infectors
  3. Crusade Research Data -
  4. Shared for the Blocking Purpose ONLY
  5. Checked by :
  6. @unixfreaxjp /malware]$ date
  7. Tue Jan 15 19:48:40 JST 2013
  8. ===================================================
  9.  
  10. ===================
  11. 72.46.132.214
  12. ===================
  13. 50f2e82b777c7.bobfaith.com/news/ARCHBISHOP/OPERATION.PHP5
  14. 50f2e0e1f35ef.azhypnotistbob.com/news/ARCHBISHOP/OPERATION.PHP5
  15. 50f2cb535212f.azhypno.com/news/ARCHBISHOP/OPERATION.PHP5
  16. 50f2e82b777c7.bobfaith.com/news/Sun_Relinquish.aspx
  17. 50f2e0e1f35ef.azhypnotistbob.com/news/Bible.phps
  18.  
  19. // with additional possibilities:
  20. 50f337d06c182.mentalfocus.org
  21. 50f3ec90cd3e0.sportsfocus.org
  22. 50f2a2c25a1f4.arizonareptheatre.com
  23. 50f2a86714d29.azreptheatre.com
  24. 50f289732df55.arizonarepertorytheatre.com
  25. 50f2b63491312.buyliftem.com
  26. 50f2cb535212f.azhypno.com
  27. 50f39fe3d7007.socialmediahypnotist.com
  28. 50f34d99e5ea9.quitsmokingaz.com
  29. 50f30c7628d58.hypnoaz.com
  30. 50f2f6b923593.healthhypnosisaz.com
  31. 50f2fdf67d0ad.healthhypnosisaz.com
  32. 50f33f178173a.mentalfocusaz.com
  33. 50f3294603c37.loseweightaz.com
  34. 50f322095740b.loseweightaz.com
  35. 50f3138673ee9.hypnotherapyaz.com
  36. 50f2bd7964ae8.buyliftem.net
  37. 50f282b40a901.bestbridalregistry.net
  38.  
  39. ===================
  40. 64.120.190.183
  41. ===================
  42. 50f31ac55ce66.hypnotherapyaz.com/news/Guilt.phtm
  43. 50f2d9ddf1471.azhypnotistbob.com/news/Bible.phps
  44. 50f2d9ddf1471.azhypnotistbob.com/news/Guilt.phtm
  45.  
  46. ===================
  47. 46.165.209.218
  48. ===================
  49. geto.mysuperwelfare.net/contacts/Sale.Dilute.jsp       
  50. viagra.pharmacylegasy.com/contacts/electron_turn.php3
  51. umyaovatet.dewaserto.com/public/Fury.phtm
  52. goel.mysuperwelfare.net/contacts/Sale.Dilute.jsp
  53. gula.mysuperhealthinfo.com/contacts/Sale.Dilute.jsp
  54. cialis.pharma-services.com/contacts/economics.shtml
  55. levitra.pharmaparty.com/contacts/economics.shtml
  56. foru.superhealthye.com/contacts/Sale.Dilute.jsp
  57. hope.mysuperhealthinfo.com/contacts/Sale.Dilute.jsp
  58. scor.superhealthye.com/contacts/Sale.Dilute.jsp
  59.  
  60. // PoC of activated domains:
  61. $ date
  62. Tue Jan 15 18:18:24 JST 2013
  63. $ bash check.sh
  64. $ cat details.csv
  65. geto.mysuperwelfare.net,46.165.209.218,
  66. viagra.pharmacylegasy.com,46.165.209.218,
  67. umyaovatet.dewaserto.com,46.165.209.218,
  68. goel.mysuperwelfare.net,46.165.209.218,
  69. gula.mysuperhealthinfo.com,46.165.209.218,
  70. cialis.pharma-services.com,46.165.209.218,
  71. levitra.pharmaparty.com,46.165.209.218,
  72. foru.superhealthye.com,46.165.209.218,
  73. hope.mysuperhealthinfo.com,46.165.209.218,
  74.  
  75. // the possibilities of this IP is very huge... can't paste it here.. hundreds!
  76.  
  77. ================
  78. 46.28.71.85
  79. ================
  80. 50ed011e85acc.bobbi-starr-tube.com/news/Budget_Focus.html       46.28.71.85
  81. 50ec62f02c992.ashlynn-brooke-tube.com/news/Violent/Lengthy.php5 46.28.71.85
  82. 50ec4d638626f.aria-giovanni-tube.com/news/Punch/Valuable.jsp    46.28.71.85
  83. 50eee51b7f359.createlivingwater.org/news/SLEEVE.PHP3            46.28.71.26
  84. ( still updating...)
  85.  
  86. ================
  87. 188.120.230.142
  88. ================
  89. 50f233ebe3465.bridalregistry4adownpayment.net/news/ARCHBISHOP/OPERATION.PHP5    188.120.230.142
  90. 50f1de9962a55.barrynemet.com/news/STATEMENT.PRESENT.HTML                        188.120.230.142
  91. 50f2500414440.ourdownpayment.biz/news/Bible.phps                                188.120.230.142
  92. ( still updating...)
  93.  
  94. ================
  95. 193.150.0.202
  96. ================
  97. 50f1f97a16de5.serenedentalaz.com/news/ARCHBISHOP/OPERATION.PHP5         193.150.0.202
  98. 50f257570ee2f.ourdownpayment.com/news/Bible.phps                        193.150.0.202
  99. 50f066e4da692.virtueelectric.com/news/CONVENE.PHP4                      193.150.0.201
  100. ( still updating...)
  101.  
  102. ================
  103. 173.237.198.25
  104. ================
  105. 50f1a4b606e1f.allinonecontracting.biz/news/ARCHBISHOP/OPERATION.PHP5    173.237.198.25
  106. 50f17ac105471.airreducer1.com/news/ray.dhtml                            173.237.198.25
  107. 50f1d0136ff36.allinonemaintenance.info/news/Bible.phps                  173.237.198.25
  108. ( still updating...)
  109.  
  110.  
  111. ================
  112. 178.63.150.225
  113. ================
  114. 50ee9b85f0fbe.iswatertheanswer.com/news/wise.php4               178.63.150.225
  115. 50eebf5c6c4e0.antijesus.com/news/COMBINE.RETIRED.PHP            178.63.150.225
  116. ( still updating...)
  117.  
  118. ================
  119. 31.131.27.114
  120. ================
  121. 50ec9a3dc6911.bbw-streaming.com/news/thermal_fellow.htm         31.131.27.114
  122. 50eda9734eecf.thewateruniversity.com/news/Connection.php5       31.131.27.114
  123. ( still updating...)
  124.  
  125. ================
  126. 184.82.27.130
  127. ================
  128. 50ee3baab1dd6.pandorasantan.biz/news/COSTLY-PROCURE.PHTML       184.82.27.130
  129. 50edcab2d9c86.themarketdisruption.com/news/LINGER.CGI           184.82.27.130
  130. ( still updating...)
  131.  
  132. // some just popped ups...
  133.  
  134. fiqaturhalwoaenu.myftp.org/read/offer-canvas.jsp                67.211.197.32
  135. 50ef0ba01bb78.educationandskills.com/news/CUTTING.CGI           185.10.211.11
  136. drls.info/news/CUTTING.CGI                                      5.199.135.103
  137. ( still updating...)
  138.  
  139.  
  140. -----
  141. #MalwareMustDie
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top