Malware Domain List

Malware Related => Malicious Domains => Topic started by: SpiderLover on April 23, 2010, 09:27:44 pm

Title: Malicious Domains By SpiderLover
Post by: SpiderLover on April 23, 2010, 09:27:44 pm

Fake Scanner Page.

Code: [Select]

http://91.188.59.191/main.php?land=20&affid=12400

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on April 23, 2010, 09:31:58 pm

NeoSploit.

Code: [Select]

http://img.k0n.in/cgi-bin/engine.aspx

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on April 24, 2010, 01:39:43 pm

Fake Scanner Page.

Code: [Select]

http://91.188.59.192/main.php?land=20&affid=12400

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on April 24, 2010, 01:52:43 pm

Trojan Bredolab.

Code: [Select]

http://netvion.co.tv/components/flash_installer.exeVirusTotal: 15/40
http://www.virustotal.com/analisis/793b1e729dc01f1e1d508a17b09a8472057bba559df3d47d3a37e99ff1ecfff9-1272116932

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on April 25, 2010, 01:50:26 am

NeoSploit.

Code: [Select]

http://sun.akkei.com/cgi-bin/engine.aspx

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on April 25, 2010, 02:19:15 am

Fake AV Scanner Page/FakeVimes.

Code: [Select]

http://www2.burnvirusnow28.xorg.pl/?p=p52dcWpkaWuHjsbIo216h3de0KCfYWCdU9LXoKitioaLw8ydb5aYfX1qXq3VmaHIYmRhl2lplmSWZFbZocTY2KR0Y1zWnomtm6ilmXVanqLNkqGMp5mSq29ezZ2fZmmUX5qSnGFlaWqL08ifb5ytqKhuZ2jUksXYlJiWoplsxZnOXpPVmpLXyJKplZ6T0cupcZ2dcW1qa3CHjtHWbKGecaihyJLRVqTZapSWmmNoaGeZkpRfpqdrcWlmb2uSY5WaYmFTl5V1uYCIp5nKapuclQ%3D%3D

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on April 25, 2010, 02:21:52 am

Fake AV Scanner Page/Personal Security.

Code: [Select]

http://fastantivirusscanner15.com.xorg.pl/a4af85a36e1/?ezyzy=xQTO&arap=NjkuMjcuOQ3LjA%3DT&ajere=ramarorikx

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on April 25, 2010, 02:29:08 am

Fake AV Scanner Page/FakeVimes.

Code: [Select]

http://www2.trueguardscaner43-p.xorg.pl/?p=p52dcWlqbF%2FCj8bYbn2AeVik12qTYGeMnNah2qePglzHysd2lJOCeW5arK3NasaXZWSQa2Nqm2GWVqPajtfZ1m5oWKeih9eipqCecV6aoaXGaorcmpWkcVih1GqYaV6YZJGdk19uZlzXxsl2mqitpHJjZ6zGjtbJmZmbm2aZ0JmQk5%2FTXNbJxKOammTVydN4m5h2aW5nb1%2FCmtShpJGWmG9exZrSa6HXasfT2p%2BjoZfJh9esb2Vra2plbmuVZZyMpaNfcWNqm1%2BTZmKaZZuKxpR0h4mL2Mydb2xpaw%3D%3D

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on April 25, 2010, 11:51:28 am

Fake Scanner Page.

Code: [Select]

http://91.188.59.193/main.php?land=20&affid=12400

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on April 25, 2010, 01:01:45 pm

Code: [Select]

http://free-tunes-club.comAll downloads contain Win32/Adware.Antipiracy.
Example:

Code: [Select]

http://free-tunes-club.com/download.php?affid=820&id=8837&type=music

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on April 27, 2010, 03:43:40 am

Fake Scanner Page.

Code: [Select]

http://91.188.59.195/main.php?land=20&affid=12400

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on April 27, 2010, 04:25:45 am

Fake AV/FakeVimes.

Code: [Select]

http://update2.windowssystemdefender.com/?pid=3&abbr=MSE&uid=7&controller=microinstaller&ttl=21205704a2a&setupType=trial

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on April 27, 2010, 11:48:11 pm

NeoSploit.

Code: [Select]

http://1165802610.zalip.net/cgi-bin/engine.aspx

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on April 28, 2010, 12:03:41 am

NeoSploit/Payload Fake AV.

Code: [Select]

http://thecubebar.com/news/alpha.html

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on April 28, 2010, 01:25:38 am

Fake AV.

Code: [Select]

http://sbnews.co.tv/components/flash_installer.exe

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on April 28, 2010, 12:51:58 pm

Fake Scanner Page.

Code: [Select]

http://91.188.59.198/main.php?land=20&affid=12400

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on April 28, 2010, 08:34:03 pm

Fake Scanner Page.

Code: [Select]

http://91.188.59.199/main.php?land=20&affid=12400

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on April 28, 2010, 08:39:56 pm

Fake AV/Personal Security.

Code: [Select]

http://sbnews.co.tv/update/RunAV_201.exe

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on April 28, 2010, 11:38:45 pm

All downloads contain Win32/Adware.Antipiracy.

Code: [Select]

http://mytunesclubs.com/Example.

Code: [Select]

http://mytunesclubs.com/download.php?affid=849&id=1075747&type=movie

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on April 29, 2010, 01:50:36 pm

Fake Scanner Page.

Code: [Select]

http://91.188.59.200/main.php?land=20&affid=42000

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on April 29, 2010, 01:58:26 pm

Fake AV Main Site/My Security Engine.

Code: [Select]

http://www5.my-security-engine.net/

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on April 29, 2010, 05:12:45 pm

Fake AV.

Code: [Select]

http://www2.secure-pcscan7.xorg.pl/ehk107_2012.php?p=p52dcWpkaWuHjsbIo216h3de0KCfYWCdU9LXoKitioaLw8ydb5aYfX1qXq3VmaGdYpFhZWmblpCallbZocTY2KR0Y1zWnomtm6ilmXVanqLNkqGMp5mSq29ezZ2fZmmUX5qSnGFlaWqL08ifb5ytqKhuZ2jUksXYlJiWoplsxZnOXpPVmpLXyJKplZ6T0cupcZ2dcW1qa3CHjtHWbKOOnZZ1io7PoGvXnqDI0qilnqXGxYmtpXFqZm9mbW%2BSXpSaV6SgZm9plmSUZWaXXpOYiZSab4u4h9qilnFxbGpaq67DcNHKbqOSopZ%2BzZnH

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on April 29, 2010, 10:03:54 pm

Fake Scanner Page.

Code: [Select]

http://91.188.59.201/main.php?land=20&affid=12400

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on April 30, 2010, 01:39:37 pm

Fake Scanner Page.

Code: [Select]

http://91.188.59.202/main.php?land=20&affid=42000

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on April 30, 2010, 03:54:54 pm

NeoSploit?

Code: [Select]

http://searchleaup.org/cgi-bin/146?ID=105637&fb=WVRveU9udHpPamc2SW5WelpYSmtZWFJoSWp0aE9qTTZlM002TWpvaWFXUWlPM002T0RvaU1UYzVNVGMzTlRBaU8zTTZNVEk2SW1Ga2RtVnlkR2x6WlY5cFpDSTdjem8yT2lJeE1ESXhNakFpTzNNNk5Eb2lhM0J3YVNJN1RqdDljem96T2lKdFpEVWlPM002TXpJNkltTXpPR1V5T1RCa01tVTNNbUptWWpGbVpqSTBPRGcxTTJNeFlUYzRPRGd5SWp0OQ%3D%3D

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on April 30, 2010, 07:23:00 pm

Fake AV.

Code: [Select]

http://defencelab.com/downloads/DefenceLab_Personal_Scanner.exe

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 01, 2010, 05:33:25 pm

Fake Scanner Page.

Code: [Select]

http://91.188.59.204/main.php?land=20&affid=42000

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 01, 2010, 05:41:11 pm

All downloads contain Rogue.APManager.Gen.

Code: [Select]

http://myitunesclub.com/Example Download Link.

Code: [Select]

http://myitunesclub.com/download.php?affid=820&id=2723&type=softVirusTotal: 3/41
http://www.virustotal.com/analisis/4c7b6155d132bdd4afbfabb5b127a3bf989c06f8aa9f131880f38bc83e416a8c-1272735491

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 02, 2010, 11:31:07 am

Fake AV Scanner Page.

Code: [Select]

91.188.59.206/main.php?land=20&affid=12400

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 02, 2010, 11:34:10 am

Fake AV/FakeVimes.

Code: [Select]

http://www2.formofguard64-pd.xorg.pl/pqd107_2012.php?p=p52dcWpkaWuHjsbIo216h3de0KCfYWCdU9LXoKitioaLw8ydb5aYfX1qXq3VmaHKYmRhmmmel2STZlbZocTY2KR0Y1zWnomtm6ilmXVanqLNkqGMp5mSq29ezZ2fZmmUX5qSnGFlaWqL08ifb5ytqKhuZ2jUksXYlJiWoplsxZnOXpPVmpLXyJKplZ6T0cupcZ2dcW1qa3CHjtHWbKOOnZZ1io7PoGvXnqDazKOspWHYxMSnoJmrWqyndWqTZJadamlmbGde2KCUbWGYZJWbnGpwamuLxMZ2h4dfq6GYdXGZX4rZppJwoZZ115LQlHbPmcg%3D

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 02, 2010, 05:31:41 pm

Exploit/Not sure if they're using a kit.

Code: [Select]

http://def.ignorelist.com/info/us1.html/s002106203317r0409Rb28b2372X01bf1f30Y4a624ce5Z0100f060Edit: Forgot to check the database, many apologies.

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 04, 2010, 02:13:38 pm

Code: [Select]

194.8.250.43/main.php?land=20&affid=12400Fake Scanner Page.

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 04, 2010, 02:16:44 pm

Code: [Select]

http://download-hosting-now.com/get.php?sc=1&id=neonFake AV.

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 04, 2010, 04:43:32 pm

Fake Scanner Page.

Code: [Select]

194.8.250.160/main.php?land=20&affid=12400

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 04, 2010, 04:58:15 pm

Fake Scanner Page.

Code: [Select]

http://download-hosting-now.com/secure2/?id=neon

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 04, 2010, 05:45:22 pm

Any idea as to what this is?

Code: [Select]

abidin.ab.funpic.de/ActiveX.exeVirusTotal: 6/40
http://www.virustotal.com/analisis/0bfb3a97357c16608d5f00c0ec588ba2ea5228944e923452ba0f8d6b18b244f7-1272994347

Something interesting I noticed when running it in Sandboxie, perhaps making it a keylogger...
Location of the file: "C:\Sandbox\Windows_XP\DefaultBox\drive\C\Windows\Temp\downloadfromweb.txt"

Quote

[VirusTotal - Free Online Virus and Malware Scan - Result - Microsoft Internet E]-[1:35:43 PM]

[Sandboxie Control]-[1:35:46 PM]

[Windows Explorer]-[1:35:51 PM]

[DefaultBox]-[1:35:52 PM]

[user]-[1:35:53 PM]

[current]-[1:35:54 PM]

[Cookies]-[1:35:54 PM]

[current]-[1:35:55 PM]

[Local Settings]-[1:35:56 PM]

[History]-[1:35:57 PM]

[History.IE5]-[1:35:58 PM]

[Sandboxie Control]-[1:36:00 PM]

[VirusTotal - Free Online Virus and Malware Scan - Result - Microsoft Internet E]-[1:36:13 PM]

[Sandboxie Control]-[1:36:19 PM]

[VirusTotal - Free Online Virus and Malware Scan - Result - Microsoft Internet E]-[1:36:21 PM]
 [Ctrl] c
[Sandboxie Control]-[1:36:41 PM]

[VirusTotal - Free Online Virus and Malware Scan - Result - Microsoft Internet E]-[1:36:44 PM]

[Sandboxie Control]-[1:37:11 PM]

[Windows Explorer]-[1:37:26 PM]

[DefaultBox]-[1:37:26 PM]

[user]-[1:37:27 PM]

[current]-[1:37:28 PM]

[Cookies]-[1:37:29 PM]

[current]-[1:37:30 PM]

[Local Settings]-[1:37:30 PM]

[Temporary Internet Files]-[1:37:32 PM]

[Sandboxie Control]-[1:37:33 PM]

[VirusTotal - Free Online Virus and Malware Scan - Result - Microsoft Internet E]-[1:37:35 PM]

[Start Menu]-[1:38:22 PM]

[Microsoft Internet Explorer]-[1:38:23 PM]

[http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome - Microsoft I]-[1:38:24 PM]

[No page to display - Microsoft Internet Explorer]-[1:38:27 PM]
threatexpert.com [Enter]

[ThreatExpert - Automated Threat Analysis - Microsoft Internet Explorer]-[1:38:34 PM]

[VirusTotal - Free Online Virus and Malware Scan - Result - Microsoft Internet E]-[1:39:13 PM]

[ThreatExpert - Automated Threat Analysis - Microsoft Internet Explorer]-[1:39:16 PM]

[ThreatExpert - Submit Your Sample Online - Microsoft Internet Explorer]-[1:39:39 PM]

[Open]-[1:40:25 PM]

[Choose file]-[1:40:25 PM]

[ThreatExpert - Submit Your Sample Online - Microsoft Internet Explorer]-[1:40:27 PM]
EMAIL REMOVED [Shift] 'yah [Back]  [Back]  [Back] yahoo.com
[Sandboxie Control]-[1:40:42 PM]

[Windows Explorer]-[1:40:46 PM]

[DefaultBox]-[1:40:46 PM]

[drive]-[1:40:49 PM]

[C]-[1:40:49 PM]

[Windows]-[1:40:50 PM]

[Temp]-[1:40:51 PM]

[Untitled - Notepad]-[1:40:53 PM]

[downloadfromweb - Notepad]-[1:40:53 PM]

[Temp]-[1:41:10 PM]

[Untitled - Notepad]-[1:41:11 PM]

[downloadfromweb - Notepad]-[1:41:11 PM]

[Temp]-[1:41:17 PM]

[ThreatExpert - Submit Your Sample Online - Microsoft Internet Explorer]-[1:41:20 PM]

[Temp]-[1:41:34 PM]

[downloadfromweb Properties]-[1:41:37 PM]
 [Ctrl] c
[Temp]-[1:41:42 PM]

Will get a ThreatExpert report up soon.

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 04, 2010, 05:56:02 pm

ThreatExpert report:
http://www.threatexpert.com/report.aspx?md5=08e3c3ecc51953f345399be107438d5b

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 05, 2010, 10:17:37 pm

Fake AV.

Code: [Select]

http://www.rtsantivirus2010.com/SetupRSTAV2010.msi

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 06, 2010, 12:55:04 am

Fake AV/Security Tool.

Code: [Select]

http://www.claribell.pl/sklep/images/news/hd_codec.exe

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 06, 2010, 01:35:53 am

Code: [Select]

http://clinicanaja.net/robots.phpTR/Dldr.Delphi.Gen
VirusTotal: 12/41
http://www.virustotal.com/analisis/7759ddd335696f03bf9b6fc3609d5b8d3b74b905246322b68daab01c2df3d604-1273109452

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 06, 2010, 03:04:50 am

Fake AV Scanner Page/Download.

Code: [Select]

lemanu1f1duo.com/go/

Code: [Select]

lemanu1f1duo.com/go/avs.exe

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 06, 2010, 03:21:20 am

Fake AV Downloads.

Code: [Select]

http://hyper-security5.com/download/RunAV_15.exe

Code: [Select]

http://hyper-security5.com/download/RunAV_369s2.exe

Code: [Select]

http://hyper-security5.com/download/RunAV_103s1.exe

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 07, 2010, 01:16:04 am

Fake AV Scanner Page/Download.

Code: [Select]

http://grahscansecurity.org/

Code: [Select]

http://grahscansecurity.org:81/download.php?q=bd6744c31329d8a1090105d6dd355393&load_counter=1

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 07, 2010, 04:11:24 pm

VirTool:Win32/CeeInject.gen!DN

Code: [Select]

http://s25-ac.photosharebox.com/cache/2437657/IMAGEN029.JPG/get.phpVirusTotal: 9/41
http://www.virustotal.com/analisis/3448f183c509eab2047409d0b8d25d51f95eb50ecfd424bdfd01adbc51cdf8f4-1273248526

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 08, 2010, 12:18:31 am

Fake AV.

Code: [Select]

download-hosting-now.org/get.php

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 08, 2010, 01:41:11 am

Trojan Banload.

Code: [Select]

http://www.mynewstrategy.com/Arquivo_ID=04746109246291.cplVirusTotal: 16/41
http://www.virustotal.com/analisis/24a430f07055e29a0dacc3f59db22dfb4e362f3a15a58e1c0ee1d13768dae753-1273282741

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 08, 2010, 02:14:07 am

Exploit.

Code: [Select]

http://trelomna.com/b/index.php
http://jsunpack.jeek.org/dec/go?report=743448da32634fdb63c4b0760e4b90261ab72252

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 08, 2010, 02:36:25 am

Trojan Renos.

Code: [Select]

http://bigredtools.com/New-Video-Addon.48034.exeVirusTotal: 14/41.
http://www.virustotal.com/analisis/8703c83ca2b601d2b55a863c4c88f7c571837268e0fff89a0ae5e4933df3f80f-1273286011

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 08, 2010, 01:23:36 pm

Trojan.

Code: [Select]

http://wwww.86wen.com/bobo.exeVirusTotal: 14/41.
http://www.virustotal.com/analisis/4d39998c6e3b3d1eb92fe009c9312533ee830edddcd04038c95e1b04cdb8983e-1273324808

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 08, 2010, 01:32:29 pm

Fake Scanner Page.

Code: [Select]

http://194.8.250.153/main.php?land=20&affid=12400

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 10, 2010, 09:03:48 pm

Code: [Select]

http://vip-1107.com/cgi-bin/access.aspxNeoSploit.

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 10, 2010, 09:30:20 pm

Fake AV/IronProtect/FakeSmoke.

Code: [Select]

http://downloadscomplete.in/down/d59fa28df0061732b91f895090d31c5fe0ef75077d3b495b69cca7827c9e9dd4a67d717ccec891add232c44d826a6ddb46aefbb055d8becfacff3bba58547a0debe2c2b3e59b1711bdfc9db0f1cbaf72eae187a71e9c8fc9da86733c5184206ad0388ace2c8ff4a5262e7a09a522d894617e5ee4e5b1dc31c3b10bfb074bba35943ec5c011abba32309654b19fef3755383a3f2fd5617b95db7fd200be690a49

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 12, 2010, 12:10:15 am

Fake AV.

Code: [Select]

http://remove15spyware.com/download/SecurIns_257.exe

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 12, 2010, 11:49:28 pm

Fake AV.

Code: [Select]

http://power3-scanner.com/download/SecurIns_149.exe

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 13, 2010, 12:25:39 am

Code: [Select]

http://searchfunes.org/cgi-bin/163NeoSploit.

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 13, 2010, 12:33:50 am

Backdoor.Win32.Wuca.nt

Code: [Select]

http://abr.bee.pl:78/d/ce.exe VirusTotal: 32/40
http://www.virustotal.com/analisis/1d241d8d42f10dc5b8939eafc59798bbd36bd6c8b80f5d0a1940972ce5c045fe-1273710602

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 13, 2010, 12:38:40 am

Fake AV.

Code: [Select]

http://seucre-zone50.com/download/SecurIns_99.exe

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 13, 2010, 12:50:31 am

Directs to fake AV.

Code: [Select]

http://myclearhouse.pl.ua/9/zzz.php

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 13, 2010, 02:02:43 pm

Possible exploit.

Code: [Select]

http://95.211.130.101//index.php?spl=3&br=MSIE&vers=6.0

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 13, 2010, 06:50:31 pm

Trojan.

Code: [Select]

http://nesoan.net/fdr/exe.php?6067178d6665bcfeVirusTotal: 14/41
Email: nilliediaz4@aol.com
IP: 112.137.162.176
Name: Migdalia

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 14, 2010, 11:35:24 pm

Code: [Select]

http://w3a-defence.com/download/SecurIns_149.exeRogue AV/Personal Security.

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 15, 2010, 01:22:49 pm

Fake AV/Personal Security.

Code: [Select]

ibm-scanner1v.com/download/SecurIns_149.exe

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 16, 2010, 03:28:09 am

Redirects to fake AV.

Code: [Select]

http://keroblogusus.pl.ua/33/zzz.php

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 16, 2010, 01:25:44 pm

Fake AV Scanner Page.

Code: [Select]

http://www.lakobhoons.com/to/Fake AV.

Code: [Select]

http://www.lakobhoons.com/to/avs.exe

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 16, 2010, 01:27:16 pm

Code: [Select]

http://microantivirus1d.com/download/MalvRem_99s5.exeFake AV.

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 16, 2010, 03:41:50 pm

Fake AV/Personal Security.

Code: [Select]

http://microantivirus1a.com/download/MalvRem_149s1.exe

Code: [Select]

http://microantivirus1c.com/download/MalvRem_149s1.exe

Code: [Select]

http://microantivirus1e.com/download/MalvRem_149s1.exe

Code: [Select]

http://microantivirus1g.com/download/MalvRem_149s1.exe

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 16, 2010, 04:25:08 pm

Fake AV/Personal Security.

Code: [Select]

http://hyperantivirus0.com/download/MalvRem_149s1.exe

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 16, 2010, 05:27:57 pm

Fake AV/Personal Security.

Code: [Select]

http://hyperantivirus9.com/download/MalvRem_99s5.exe

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 16, 2010, 10:37:20 pm

Fake AV/Personal Security.

Code: [Select]

http://hyperantivir5.com/download/MalvRem_99.exe

Code: [Select]

http://hyperantivir4.com/download/MalvRem_99.exe

Code: [Select]

http://hyperantivir3.com/download/MalvRem_99.exe

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 16, 2010, 10:47:43 pm

Fake Scanner Page.

Code: [Select]

http://dating.searchresult.in/?8fa37fbad415d6e9bd7ec4578a177071
FakeSmoke/TrustAgent.

Code: [Select]

http://downloadfiles.in/down/e67266e7cddc1cf3d962575a49679d3b808d7f01887ed37916b831787405112538fbdf16fe31899e0d632867a54996ee6a7de2f9edb467e8ae05bb5ec877adeadbd94963426536a8858f059f952da17d8b111768950cb05d13de50cc1c1c5d8c187a842fce12ac7a140d8244f606e511b4c5d3139b8c6e6415babb06ed77a6c57b7feb542a5148b84b5c8fa438d7d8486de62c0bd0a8a880ad6441100aea2809

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 17, 2010, 06:32:37 pm

Fake AV/Personal Security.

Code: [Select]

http://50gb-antivirus.com/download/MalvRem_149s1.exe

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 17, 2010, 07:44:57 pm

Fake AV/Personal Security.

Code: [Select]

http://20gb-antivirus.com/download/MalvRem_149s1.exe

Code: [Select]

http://30gb-antivirus.com/download/MalvRem_149s1.exe

Code: [Select]

http://40gb-antivirus.com/download/MalvRem_149s1.exe

Code: [Select]

http://60gb-antivirus.com/download/MalvRem_149s1.exe

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 18, 2010, 12:26:53 am

Fake AV/Personal Security.

Code: [Select]

http://0web-antispyware.com/download/MalvRem_149s1.exe

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 18, 2010, 12:46:22 am

Fake AV/Personal Security.

Code: [Select]

http://3web-antispyware.com/download/MalvRem_149s1.exe
http://7web-antispyware.com/download/MalvRem_149s1.exe

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 18, 2010, 09:35:18 pm

NeoSploit.

Code: [Select]

http://vip-1117.com/cgi-bin/cooler.aspxFake AV.

Code: [Select]

http://vip-1117.com/cgi-bin/cooler.aspx/n0

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 18, 2010, 09:43:04 pm

Fake AV Main Site.

Code: [Select]

http://antispy-tool.net/

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 19, 2010, 05:45:14 pm

Trojan.

Code: [Select]

http://filmvideodata.com/crack.45155.exe

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on May 27, 2010, 03:10:52 am

NeoSploit.

Code: [Select]

vip-1127.com/cgi-bin/cooler.aspx
Fake AV.

Code: [Select]

vip-1127.com/cgi-bin/cooler.aspx/n0

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on June 02, 2010, 07:22:29 pm

Fake scanner page.

Code: [Select]

scanner-interface.com
Fake AV.

Code: [Select]

scanner-interface.com:81/download.php?q=bd6744c31329d8a1090105d6dd355393&load_counter=1

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on June 03, 2010, 02:37:18 pm

Fake Scanner Page.

Code: [Select]

http://porntube-fast.com/pr.cgi?id=2950
Fake AV.

Code: [Select]

http://core2950.porntube-fast.com/d_advare_all.cgi?id=2950

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on June 03, 2010, 08:19:57 pm

Fake Scanner Page.

Code: [Select]

http://porntube-todayx.com/pr.cgi?id=2950
Fake AV.

Code: [Select]

http://core2950.porntube-todayx.com/d_advare_all.cgi?id=2950

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on June 03, 2010, 10:32:07 pm

Fake codec page:

Code: [Select]

http://real-tube.org/watch.php

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on June 04, 2010, 01:12:20 am

Fake Scanner Page.

Code: [Select]

http://www.lenduuorowe.com/ha/
Fake AV.

Code: [Select]

http://www.lenduuorowe.com/ha/avs.exe

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on June 04, 2010, 02:14:58 am

Fake scanner page.

Code: [Select]

scanner-tips.com

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on June 04, 2010, 02:55:48 am

Fake AV.

Code: [Select]

http://soldierantivirus.com/install/setup.exe
Fake Scanner Page.

Code: [Select]

http://qikafojuc.cn/pr.cgi?id=2979
Fake AV.

Code: [Select]

http://core2979.qikafojuc.cn/d_advare_all.cgi?id=2979

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on June 04, 2010, 10:57:49 pm

Fake scanner page.

Code: [Select]

http://cheap-scanner.com

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on June 04, 2010, 11:11:03 pm

Fake scanner page.

Code: [Select]

http://gunovuyej.cn/pr.cgi?id=2979
Fake AV.

Code: [Select]

http://core2979.gunovuyej.cn/d_advare_all.cgi?id=2979

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on June 04, 2010, 11:12:24 pm

Redirects to fake scanner page.

Code: [Select]

http://mikkipauls.pl.ua/77/rrr.php

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on June 05, 2010, 12:41:28 am

NeoSploit.

Code: [Select]

vip-1137.com/cgi-bin/cooler.aspx
vip-1147.com/cgi-bin/cooler.aspx
Fake AV.

Code: [Select]

vip-1137.com/cgi-bin/cooler.aspx/n0
vip-1147.com/cgi-bin/cooler.aspx/n0

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on June 05, 2010, 01:49:59 pm

Fake AV.

Code: [Select]

http://update1.free-guard.com/in​dex.php?def387=kdjf0tXm1J2ay%2BSi​0pbK59Db0qHX0Nnh1daH1ceToKPFsqaDj​ejG5tmet%2Bjd2q3c0ZrZpZqjmNXOkaSZ
http://update2.protect-helper.co​m/index.php?def387=kdjf0tXm1J6a1e​Ss4c7G5pzR09%2Fkxt6ayOGT1tLG07G4f​2%2FGmOLZ2djkgeHV0a3d4lTX49myltTK​2KJW

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on June 06, 2010, 02:50:38 pm

Fake scanner pages.

Code: [Select]

http://davirijan.cn/pr.cgi?id=2979
http://scanner-maintenance.com
Fake AV.

Code: [Select]

http://core2979.davirijan.cn/d_advare_all.cgi?id=2979

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on June 06, 2010, 02:55:26 pm

Exploit.

Code: [Select]

http://dkdofbexwcjq.com/ber/bab.php

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on June 06, 2010, 03:02:51 pm

Fake AV.

Code: [Select]

http://core2979.mylivejournalchanel.com/stget2.cgi?host=host&id=2979


Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on June 06, 2010, 03:11:33 pm

Trojan TDSS.

Code: [Select]

http://finderdea.org/ms03/adVT: 21/40
http://www.virustotal.com/analisis/5c8ca36c02f3df5b9f3068a6df2bda48a0fa7abce5fb573dac7c4e038519fc4c-1275837012

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on June 07, 2010, 02:46:59 pm

Fake scanner page.

Code: [Select]

http://scanner-master.com

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on June 07, 2010, 02:53:47 pm

Trojan TDSS?

Code: [Select]

http://finderdea.org/any/370-direct.exhttp://www.virustotal.com/analisis/a86c8a3a5c514fcc9ec234fd5204036fa6ca789bacb0f6d45475b28207cd2e57-1275922197

Rogue main file.

Code: [Select]

http://www.rekoplis.com/ms03/ad

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on June 10, 2010, 07:02:59 pm

Directs to fake scanner page.

Code: [Select]

http://best-online1.com/tds_yamba_ss.php?ID=1

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on June 10, 2010, 07:14:46 pm

Fake scanner page.

Code: [Select]

http://scanner-programming.com
Rogue AV main file.

Code: [Select]

http://www.bigsecurityscan.com/ms03/ad
Trojan TDSS.

Code: [Select]

http://finderwid.org/any/402-direct.ex
http://finderwid.org/any/370-direct.ex

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on June 11, 2010, 12:47:53 am

Fake AV.

Code: [Select]

http://www.fast-scanneronline.org/installer.0022.exe

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on June 11, 2010, 01:42:25 am

Fake scanner page.

Code: [Select]

http://firtullgone.com/uy/
Fake AV

Code: [Select]

http://firtullgone.com/uy/avs.exe

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on June 11, 2010, 02:54:33 pm

Exploit?

Code: [Select]

http://korvet.in/4/index.php

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on June 12, 2010, 01:43:29 pm

Fake AV.

Code: [Select]

http://clubshirts.info/images/news/download.php
NeoSploit?

Code: [Select]

http://qgwyinsxlox.com/tre/GENA.py

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on June 14, 2010, 06:44:33 pm

Fake scanner page.

Code: [Select]

http://scanner-supplies.com/
Rogue main file.

Code: [Select]

http://www.zuklonma.com/ms04/ad
Trojan TDSS.

Code: [Select]

http://Traffic-Crash.com/any2/402-direct.ex
http://Traffic-Crash.com/any/402-direct.ex
http://Traffic-Crash.com/any2/370-direct.ex
http://Traffic-Crash.com/any/370-direct.ex

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on June 17, 2010, 08:57:57 pm

Fake Scanner Page.

Code: [Select]

http://real-antivir-4pc.com/?id=​453492FYnaNqo6SfkprRqpnSmcSeyJ9kh​4mf0Mmfm5eilaRamabRaMfSmpWbqG%2Be​zZ%2FHlp%2FeWsSK16R0Y2icl5psam1qa​F6oq2ueXpadZ2dgbGtpmFPFk227gInbzJ​V0amuc

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on August 25, 2010, 10:50:13 pm

Fake AV.

Code: [Select]

http://a7e4c531df612cf917e9e99e1417e1d8.co.cc/pipec/setup_rca.exe
http://a7e4c531df612cf917e9e99e1417e1d8.co.cc/pipec/setup_pst.exe
http://a7e4c531df612cf917e9e99e1417e1d8.co.cc/pipec/setup_ass.exe
http://a7e4c531df612cf917e9e99e1417e1d8.co.cc/pipec/setup_ppr.exe
http://a7e4c531df612cf917e9e99e1​417e1d8.co.cc/pipec/setup_mdk.exe

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on August 26, 2010, 01:57:56 pm

Fake AV.

Code: [Select]

http://updateservdomain1.com/a32.exe
http://onlinesecurescan1.com/?do=getexe&id=896

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on August 30, 2010, 05:23:36 pm

Exploit kit.

Code: [Select]

http://www.freep2p2.com/exchange1/mdac.php
http://www.freep2p2.com/exchange1/files/asshole.pdf
Trojan.

Code: [Select]

http://www.freep2p2.com/exchange1/mothersdarlingcross.php?ids=MDAC

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on September 08, 2010, 02:39:40 pm

Fake scanner page.

Code: [Select]

http://rtwer.in/scaner/?id=02937

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on September 14, 2010, 07:19:15 pm

Exploit.

Code: [Select]

http://adultosss.co.cc/capt/index.php?ID=1&fb=WVRveU9udHpPamc2SW5WelpYSmtZWFJoSWp0aE9qTTZlM002TWpvaWFXUWlPM002TnpvaU1UQTBPVE0zTlNJN2N6b3hNam9pWVdSMlpYSjBhWE5sWDJsa0lqdHpPalk2SWpFd01qRXlOQ0k3Y3pvME9pSnJjSEJwSWp0T08zMXpPak02SW0xa05TSTdjem96TWpvaU56VTFOMlkzTlRkaFltSTNPVEUxWldFNFpqQmlabUV3Wm1SbE1UYzNObVFpTzMwPQ%3D%3D
Zeus trojan.

Code: [Select]

http://adultosss.co.cc/capt/exe.exe
Zeus drop zone/config file.

Code: [Select]

http://plecerfluent.net/chan/bril/server.php
http://plecerfluent.net/chan/cfg.bin


Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on September 15, 2010, 06:17:25 pm

Fake scanner page.

Code: [Select]

http://onlinesite-u2.co.cc/scan/?key=jy5xXZigGnRni3cL_OgHpcEDvJANkJAWDq5-wUToWNU~
Fake AV.

Code: [Select]

http://onlinesite-u2.co.cc/get_file.php?id=24

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on October 03, 2010, 02:33:10 pm

NeoSploit.

Code: [Select]

http://mysoftmart.net/tre/VENA.py

Title: Re: Malicious Domains By SpiderLover
Post by: SpiderLover on October 04, 2010, 09:37:32 pm

Possible malware.

Code: [Select]

http://preview.licenseacquisition.org/48/1056327118.82636/Xvid.exe