A new list of malicious domains was released, all with marijuana related content. The domains all point to the same server and include marijuana related terms in the domains. A spot check shows these domains have been registered for some time, and no recent changes so the sites and server have likely been compromised.
Examples include marijuanause.com, purethc.com and gasmaskbong.com. Below is the full list of domains and associated IPs.
85.17.35.27
trafficgrowth.com
typeofmarijuana.com
thcvaporizer.com
roorbong.com
thcextractor.com
purethc.com
potvaporizer.com
portablevaporizer.com
medicalmarijuanablog.com
marijuanawallpaper.com
marijuanavaporizers.com
marijuana-tea.com
marijuanawallpaper.com
marijuanause.com
marijuanascreensavers.com
marijuanarecipe.com
marijuanaart.com
legalizationofmarijuana.com
homemadebong.com
hashmaking.com
growingmarijuanaoutdoors.com
growingmarijuanaindoors.com
gasmaskbong.com
effects-of-marijuana.com
cookingwithmarijuana.com
cannabisvodka.com
cannabisvaporizer.com
cannabisrecipe.com
cannabispicture.com
cannabislyric.com
cannabisbeer.com
85.17.35.246
marijuanavaporizer.com
On each of the sites, there is some suspicious javascript (which wepawet finds benign) and a hidden iframe. The iframes link to hxxp://imgnode.cn/script/in.cgi and unfortunately now results in a timeout. The URL has been listed on malwareurl.com since the 15th and is detected by Avast as malicious.
Twitter Updates
Labels
- banking (1)
- blackhat seo (1)
- blogger (1)
- botnets (5)
- compromised sites (1)
- cybersecurity (1)
- firefox (1)
- fraud (1)
- malicious sites (2)
- malware (4)
- misc (1)
- phishing (1)
- scam (3)
- security apps (3)
- twitter (1)
- web security (3)
- websense (2)
