Monday, August 3, 2009

LuckySploit ** xorg.pl, mfjk.net,xyzfy.3322.org


Level 0:http://tes557.xorg.pl/x.js?google_ad10x30_ad
Level 1:http://www.mfjk.net/ad/360.htm
Level 2:http://www.mfjk.net/ad/xie.htm
Level 3:http://www.mfjk.net/ad/av1.swf
Level 3:http://www.mfjk.net/ad/av3.swf
Level 3:http://www.mfjk.net/ad/av2.swf
Level 2:http://www.mfjk.net/ad/iie.swf
Level 2:http://www.mfjk.net/ad/fff.swf
Level 2:http://www.mfjk.net/ad/yt.htm
Level 3:http://www.mfjk.net/ad/yt.css
Level 4:http://www.mfjk.net/ad/3.htm
Level 5:http://www.mfjk.net/ad/3.css
Level 4:http://www.mfjk.net/ad/4.htm
Level 5:http://www.mfjk.net/ad/2.css
Level 6:http://xyzfy.3322.org/msn.css (Trojan)
Level 3:http://www.mfjk.net/ad/1.htm
Level 5:http://xyzfy.3322.org/msn.css (Trojan)
Level 5:http://www.mfjk.net/ad/1.css
Level 5:http://xyzfy.3322.org/msn.css (Trojan)
Level 5:http://www.mfjk.net/ad/15.js
Level 5:http://www.mfjk.net/ad/16.js
Level 3:http://www.mfjk.net/ad/office.htm
Level 5:http://www.mfjk.net/ad/office.css
Level 5:http://xyzfy.3322.org/msn.css (Trojan)
Level 3:http://www.mfjk.net/ad/newlz.htm
Level 5:http://www.mfjk.net/ad/newlz.css
Level 3:http://www.mfjk.net/ad/of.htm
Level 5:http://www.mfjk.net/ad/of.css
Level 3:http://www.mfjk.net/ad/bf.htm
Level 5:http://www.mfjk.net/ad/bf.js
Level 5:http://www.mfjk.net/ad/2.css
Level 5:http://xyzfy.3322.org/msn.css (Trojan)
Level 3:http://www.mfjk.net/ad/cx.htm
Level 5:http://www.mfjk.net/ad/cx.js
Level 5:http://www.mfjk.net/ad/2.css
Level 5:http://xyzfy.3322.org/msn.css (Trojan)
Level 3:http://www.mfjk.net/ad/f.htm
Level 5:http://www.mfjk.net/ad/f.css
Level 5:http://xyzfy.3322.org/msn.css (Trojan)
Level 2:http://js.tongji.linezing.com/806392/tongji.js
Level 2:http://www.linezing.com
Level 2:http://img.tongji.linezing.com/806392/tongji.gif

Malicious file "msn.css" was submitted to Virustotal


and binary analysis from Anubis report




test556.xorg.pl (121.10.115.40 - Blacklisted)


www.mfjk.net (58.30.225.70 - Blacklisted)



Other Domains that hosted with same IP address 58.30.225.70

chinaunion-coffee.com
gq.hx68.com.cn
www.120jz.cn
www.acrdt.com
www.bjtongdaotang.com
www.bjtxmd.cn
www.bjyongquan.com
www.bjzr168.com
www.ccwang.net.cn
www.chinajipiao.net.cn
www.chinaunion-coffee.com
www.dlwer.com.cn
www.ds111.com.cn
www.fjjiashun.com
www.gps1023.com
www.gps1023.com.cn
www.gwp.cn
www.jkdh.net.cn
www.maifu.net
www.mfjk.net
www.nfjpw.com
www.sagcctv.com
www.shmzf.com.cn
www.siyatu.com


xyzfy.3322.org (61.164.108.99 - Blacklisted)

Other Domains that hosted with same IP address 61.164.108.99
*.360.be.ma
*.cnnic.ch.ma
*.cnnic.zik.dj
360.be.ma
a.94saomm.com
cnnic.ch.ma
cnnic.ht.cx
cnnic.qc.cx
cnnic.zik.dj
test2a1f.ch.ma
xyzfy.3322.org
www.360.be.ma
www.cnnic.ch.ma
www.cnnic.zik.dj
x.ccd6.com


--X0end
at 8:51 AM
Labels: ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)