Malware Domain List

Malware Related => Malicious Domains => Eurohost LLC => Topic started by: MarcusB on May 08, 2009, 09:57:13 pm

Title: 91.212.65.19
Post by: MarcusB on May 08, 2009, 09:57:13 pm
hdtvxvid.org (174.132.114.98)
This site claims to play HDTV.

If you click the download button you are taken to (91.212.65.19)
Quote
http ://tourdo.net/download/654a635066413d3df111c253/HDTVPlayerv3.5.dmg
http ://tourdo.net/download/654a635066413d3df111c253/HDTVPlayerv3.5.exe

If you have an OSX user agent then you will be served an OSX version of DNSChanger. Windows user agent will give you Windows version.

Malware calls home to 91.212.65.20 for OSX version to download a shell script.
(http://www.malwaredomainlist.com/forums/index.php?topic=2838.0)
Title: Re: 91.212.65.19
Post by: MarcusB on May 08, 2009, 10:21:53 pm
Another one, same md5 hash though

Quote
http ://shotdro.com/download/3776694945673d3d03635c6c/play-video.exe
http ://shotdro.com/download/3776694945673d3d03635c6c/play-video.dmg
Title: Re: 91.212.65.19
Post by: MarcusB on May 10, 2009, 07:19:57 pm
Quote
http ://amoretour.net/download/654a635066413d3df111c253/HDTVPlayerv3.5.exe
http ://amoretour.net/download/654a635066413d3df111c253/HDTVPlayerv3.5.dmg

NS
Quote
ns1.amoretour.net
Title: Re: 91.212.65.19
Post by: MarcusB on May 12, 2009, 01:35:09 pm
Quote
http ://kauitour.com/download/654a635066413d3df111c253/HDTVPlayerv3.5.dmg
http ://kauitour.com/download/654a635066413d3df111c253/HDTVPlayerv3.5.exe

NS
Quote
ns1.kauitour.com