Recent malicious URLs analyzed #2

Posted by on Monday, March 28th, 2011  |  3,388 views

Report containing malicious urls logged:

POST /msql.php HTTP/1.0
Content-Type: application/x-www-form-urlencoded
Host: www.adamplus. com
 
GET /coldman.bin HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: www.lostyear. ru
 
GET /czl/zlo.cl HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: casualhopperois. com
 
POST /zumboo.php HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: www.lameedge. ru
 
GET /files/454483969/usb.exe HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: rapidshare. com
 
GET /files/454483969/usb.exe HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: rs851tl2.rapidshare. com
 
GET /exe/4910b18a623c549e2e1bc53f6cc0682a4579fbf6/setup.exe HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: get.zdropp.co. cc
 
GET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: image4msn. com
 
GET /install.48208.exe HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: efirst-data. in
 
POST /djcash.php?ini=XXX HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: talkwire. in
 
GET /download.php?token=4910b18a623c549e2e1bc53f6cc0682a4579fbf6 HTTP/1.0
User-Agent: NSIS_Inetc (Mozilla)
Host: 5630.zdropp.co. cc
 
POST /trackstats.php HTTP/1.0
User-Agent: NSIS_Inetc (Mozilla)
Host: 6199.zdropp.co. cc
 
POST /application.php HTTP/1.0
User-Agent: NSIS_Inetc (Mozilla)
Host: 6199.zdropp.co. cc
 
GET /download.php?bundle=1 HTTP/1.0
User-Agent: NSIS_Inetc (Mozilla)
Host: s6199.wdropp.co. cc
 
GET /list.php?c=XXX&v=2&t=0,2486841 HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0.2900.2096; Windows NT 5.1.2600)
Host: justoldleft. ru
 
GET /tm/crypt.exe?t=0,6011011 HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0.2900.2096; Windows NT 5.1.2600)
Host: www.derquda. com
 
GET /sn.php?c=XXX&t=0,8542902 HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0.2900.2096; Windows NT 5.1.2600)
Host: justoldleft. ru

URLVoid domain analysis:

http://www.urlvoid.com/scan/justoldleft.ru
http://www.urlvoid.com/scan/derquda.com
http://www.urlvoid.com/scan/s6199.wdropp.co.cc
http://www.urlvoid.com/scan/wdropp.co.cc
http://www.urlvoid.com/scan/6199.zdropp.co.cc
http://www.urlvoid.com/scan/zdropp.co.cc
http://www.urlvoid.com/scan/5630.zdropp.co.cc
http://www.urlvoid.com/scan/talkwire.in
http://www.urlvoid.com/scan/efirst-data.in
http://www.urlvoid.com/scan/image4msn.com
http://www.urlvoid.com/scan/get.zdropp.co.cc
http://www.urlvoid.com/scan/rs851tl2.rapidshare.com
http://www.urlvoid.com/scan/lameedge.ru
http://www.urlvoid.com/scan/casualhopperois.com
http://www.urlvoid.com/scan/adamplus.com
http://www.urlvoid.com/scan/lostyear.ru

Posted by on Monday, March 28th, 2011 at 12:14 pm and filed under Security with tags , , . Both comments and pings are currently closed.

Random Posts

Previous Posts

Comments are closed.