Author Topic: Honeynet.CZ - malware url list  (Read 17043 times)

0 Members and 2 Guests are viewing this topic.

November 11, 2008, 10:58:11 am
Read 17043 times

nirgil

  • Special Access
  • Newbie

  • Offline
  • *

  • 4
Hi all,

HN.CZ deployed scope of client honeypots for analyse web servers, they have success in finding some threats.

More information here:

http://www.honeynet.cz/?mmenu=malware&smenu_int=3&lang=cz&vmetr=1

November 11, 2008, 10:36:37 pm
Reply #1

pnuemo

  • Jr. Member

  • Offline
  • **

  • 11
thanks for the link!

November 12, 2008, 04:17:14 pm
Reply #2

alta

  • Newbie

  • Offline
  • *

  • 3
Nice Malware section, thank you  ;)

November 25, 2008, 02:41:31 pm
Reply #3

nirgil

  • Special Access
  • Newbie

  • Offline
  • *

  • 4
Update:

hxxp://193.111.244.157/30/ loader
hxxp://193.111.244.157/30/load.php exe
hxxp://195.2.252.138/wrr/s1/bin/default.exe exe
hxxp://195.2.252.138/wrr/s1/cache/doc.pdf loader
hxxp://2.dirty-boy.cn/design.cn/bin/xloader.exe exe
hxxp://2.dirty-boy.cn/design.cn/cache/doc.pdf loader
hxxp://202.143.171.228/ iframe
hxxp://517891.cn/in.cgi loader
hxxp://58.65.234.163/e/count.php loader
hxxp://58.65.234.163/e/ii.php exe
hxxp://58.65.234.163/t/ loader
hxxp://58.65.234.163/t/ii.php iframe
hxxp://5foot.org/t/ iframe
hxxp://61.155.8.157/iframe/good.php exe
hxxp://61.155.8.157/iframe/wp-stats.php loader
hxxp://69.69.94.3/1.html loader
hxxp://70.47.53.32/ld/index.php loader
hxxp://70.47.53.32/ld/soft.exe exe
hxxp://78.157.142.58/cp/ loader
hxxp://7addition.org/t/ iframe
hxxp://7speed.info/t/ iframe
hxxp://91.203.92.63/txx/ loader
hxxp://91.203.92.63/txx/getexe.php exe
hxxp://91.203.92.63/txx/getfile.php loader
hxxp://91.203.93.61/25/2/ iframe
hxxp://91.203.93.61/in.cgi loader
hxxp://91.207.117.254/gpacktest/index.php loader
hxxp://91.207.117.254/gpacktest/load.php exe
hxxp://add-content-filter.net/t/ loader
hxxp://adsense.google.com.server.main.update.dirty-boy.cn/design.cn/index.php loader
hxxp://adsense.google.com.server.main.update.dirty-boy.cn/design.cn/load.php exe
hxxp://adultworld.name/003.html loader
hxxp://adultworld.name/100.html iframe
hxxp://adultworld.name/227.html loader
hxxp://adwords.google.com.index.main.update.qwertycn.cn/myspace.cn/javac.php loader
hxxp://adwords.google.com.index.main.update.qwertycn.cn/myspace.cn/load.php exe
hxxp://adwords.google.com.upload.main.update.kliauj.cn/myspace.cn/com.php loader
hxxp://adwords.google.com.upload.main.update.kliauj.cn/myspace.cn/index.php iframe
hxxp://adwords.google.com.upload.main.update.kliauj.cn/myspace.cn/javac.php iframe
hxxp://adwords.google.com.upload.main.update.kliauj.cn/myspace.cn/load.php exe
hxxp://analys.in/stat/in.cgi iframe
hxxp://analystic.org/default.cgi loader
hxxp://analystic.org/in.cgi loader
hxxp://autolugojana.ro/images/swf/exe.php exe
hxxp://autolugojana.ro/images/swf/index.php loader
hxxp://bandlyrics.cbolbat.com/ hacked
hxxp://barbarahershey.byethost7.com/ hacked
hxxp://bestial.sk/ hacked
hxxp://bestofasia.info/m/t loader
hxxp://bestofasia.info/p/o/o.php loader
hxxp://big.ff-freehosting.com/all/index.php loader
hxxp://big.ff-freehosting.com/all/load.php exe
hxxp://bigtopescorts.cn/in.cgi loader
hxxp://bigtoplotto.cn/all/index.php loader
hxxp://bigtoplotto.cn/all/load.php exe
hxxp://biohaz.awardspace.info/safe.js loader
hxxp://biznes-rus.awardspace.biz/ hacked
hxxp://biztraff.eu/in.cgi iframe
hxxp://bloggxz.com/xp/index.php iframe
hxxp://blonde.ff-freehosting.com/all/index.php loader
hxxp://blonde.ff-freehosting.com/all/load.php exe
hxxp://blow-brutal-job-limewire-porn.nvi.pl/ hacked
hxxp://blufda.com/ loader
hxxp://bugzilla.highlevel.biz/forum/Lasna iframe
hxxp://busyhere.ru/in.cgi loader
hxxp://buy-propecia-online.4-all.org/ hacked
hxxp://casinobigtop.cn/all/index.php loader
hxxp://casinobigtop.cn/all/load.php exe
hxxp://chanchoi.cn/bin/default.exe exe
hxxp://chanchoi.cn/bin/kakalabra4.exe exe
hxxp://chanchoi.cn/cache/doc.pdf loader
hxxp://chanchoi.cn/index.php loader
hxxp://chatandgame.sforum.dk/modules.php hacked
hxxp://cherkassy.name/ hacked
hxxp://choskygol.com.ar/ hacked
hxxp://chtest.gooanal.net/ loader
hxxp://chtest.gooanal.net/getexe.php exe
hxxp://chtest.gooanal.net/getfile.php iframe
hxxp://chubbuck.net/ hacked
hxxp://cialis-online.beam2.de/ hacked
hxxp://cirip.ru/ hacked
hxxp://cognamit.sitesled.com/ hacked
hxxp://coheed.ifastnet.com/ hacked
hxxp://contadores-de-visitas.imitable.com/contav3/106869/1 iframe
hxxp://coriendaso.com/adsl/index.php loader
hxxp://cortesiavip.com/astro/pass.html loader
hxxp://dispozicia.ru/ hacked
hxxp://divinets.cn/z/1.htm loader
hxxp://dns-stat.com/stats/index.php loader
hxxp://dortumosio.com/adsl/index.php loader
hxxp://dortumosio.com/adsl/load.php exe
hxxp://educationbigtop.cn/in.cgi iframe
hxxp://egyptgood.cn/luba.html loader
hxxp://egyptgood.cn/maria.html iframe
hxxp://filmmultimediaonline.cn/id112.html iframe
hxxp://ftalyl.cn/m/l/12/ exe
hxxp://ftalyl.cn/p/o/o.php loader
hxxp://gate4clicks.net/t/ iframe
hxxp://geltraffic.com/in.cgi loader
hxxp://golpii.com/25/2/ loader
hxxp://golpii.com/s/in.cgi loader
hxxp://gomovs.com/movie1.php loader
hxxp://google-analystic.net/in.cgi loader
hxxp://google-analyze.cn/exploits/x12c.php loader
hxxp://google-analyze.cn/getexe.exe exe
hxxp://google-analyze.org/count.php iframe
hxxp://google-moogle.net/fiesta/index.php loader
hxxp://google-moogle.net/fiesta/load.php exe
hxxp://great2008x.com/great/index.php loader
hxxp://great2008x.com/great/load.php exe
hxxp://gundabad.net/forum/exe.php exe
hxxp://gundabad.net/forum/index.php loader
hxxp://hosttracker.net/ iframe
hxxp://hostverify.net/ loader
hxxp://hxxp://pinoc.org/count.php iframe
hxxp://hxxp://pinoc.org/count.php loader
hxxp://hxxp://svinushka.net/forum/exe.php exe
hxxp://hu1-hu1.cn/counter/getexe.php exe
hxxp://hu1-hu1.cn/counter/index.php loader
hxxp://iasacct.com/files/2984/71e085cfe1f9c8147e405fe451c557dd/ exe
hxxp://ilshatvsamare.info/spl/forum/index.php iframe
hxxp://imagefolder.us/TDS/out.php loader
hxxp://imagefolder.us/upload/load.php exe
hxxp://kierodentos.com/in.cgi loader
hxxp://libra.gooanal.net/getexe.php exe
hxxp://libra.gooanal.net/getfile.php loader
hxxp://life-tablets.cn/tds/index.php iframe
hxxp://litebest.cn/in.cgi iframe
hxxp://live-counter.net/ iframe
hxxp://live-counter.net/load.php exe
hxxp://ltds.cc/go.php loader
hxxp://mangust32.cn/pod/index.php loader
hxxp://mangust32.cn/pod/load.php exe
hxxp://maxstart020108.fr33webhost.com/ hacked
hxxp://MediaHouseNameBuyPicture.cn/in/ iframe
hxxp://medwaste.ru/talks/ hacked
hxxp://mmcounter.com/in.cgi loader
hxxp://msn-analytics.net/count.php loader
hxxp://my-football-team.com/forum/viewtopic.php hacked
hxxp://my3server.net/gsm/count.php loader
hxxp://my3server.net/gsm/getexe.exe exe
hxxp://no0k.com/uno/count.php loader
hxxp://no0k.com/uno/getexe.exe exe
hxxp://nolistol.com/load.php loader
hxxp://nude-pic-of-celebrity.zzw.pl hacked
hxxp://omc-how-bizarre.cej.pl hacked
hxxp://onlinestat.cn/forum/file1.exe exe
hxxp://onlinestat.cn/forum/in.php iframe
hxxp://onlinestat.cn/forum/sploits/test.pdf loader
hxxp://oral.4-all.org hacked
hxxp://oral.axspace.com hacked
hxxp://orentraff.cn/default.cgi loader
hxxp://orentraff.cn/in.cgi iframe
hxxp://overkillgame.com hacked
hxxp://pacinoclub.com hacked
hxxp://pantie-picture-amateur.zly.pl hacked
hxxp://pcmsproject.com/ hacked
hxxp://pechkin.rinet.ru hacked
hxxp://pecksworld.com/ hacked
hxxp://pfizer.onlinewebshop.net hacked
hxxp://picture-amateur-fucking.zly.pl hacked
hxxp://picture-of-girl-boob.zzw.pl hacked
hxxp://pinoc.org/count.php iframe
hxxp://plotfive.cn/bin/default.exe exe
hxxp://plotfive.cn/cache/doc.pdf loader
hxxp://plottwo.cn/index.php iframe
hxxp://plottwo.cn/load.php loader
hxxp://plus44.hu hacked
hxxp://pluscount.net/dl/190/win32.exe exe
hxxp://pluscount.net/strong/190/mp9.html loader
hxxp://pornfat.net/img/cmd.php exe
hxxp://pornwigwam.com/ iframe
hxxp://pregnant.redhead.axspace.com hacked
hxxp://prevedvsem123.cn/25/index.php iframe
hxxp://prevedvsem123.cn/25/index.php loader
hxxp://qkasui.100freemb.com hacked
hxxp://raisinghappybabies.com/ hacked
hxxp://reddii.ru/traffic/sploit1/getexe.php exe
hxxp://reddii.ru/traffic/sploit1/getfile.php loader
hxxp://ron950.freehostia.com hacked
hxxp://ronnie950.go2net.ws hacked
hxxp://ronniensel.00freehost.com hacked
hxxp://ronniensel.1sweethost.com hacked
hxxp://ronniensel.freehostia.com hacked
hxxp://ronsel2.freehostia.com hacked
hxxp://ronsel570.freehostia.com hacked
hxxp://ronseller.freehostia.com hacked
hxxp://ropeswingfilms.com hacked
hxxp://russianbrideagency.net/ iframe
hxxp://sc0rp.info/atds/out.php iframe
hxxp://serodo.com/pro/index.php loader
hxxp://serodo.com/pro/load.php exe
hxxp://sexinform.com/forum/viewtopic.php hacked
hxxp://sokurovclub.com hacked
hxxp://sonyeericsson.fr33webhost.com/ hacked
hxxp://sortenat.com/admin/ loader
hxxp://southeastshowscene.com/ hacked
hxxp://spcteck.com/ hacked
hxxp://spyware.thebestantivirus.axspace.com/ hacked
hxxp://store16.looneytoons.cc/forum loader
hxxp://store16.looneytoons.cc/forum/d/ exe
hxxp://subsuelo.org hacked
hxxp://sucking-big-boob-and-dick.zzw.pl hacked
hxxp://svankmajerclub.com/ hacked
hxxp://svinushka.net/forum/exe.php exe
hxxp://svinushka.net/forum/index.php loader
hxxp://tainted-dawn.com/ hacked
hxxp://taraftarcafe.com/ hacked
hxxp://teen-amateur-audition.zly.pl hacked
hxxp://teen-blow-job-trailer.nvi.pl hacked
hxxp://teen-free.cn/out_c.php loader
hxxp://teen-sex-blow-job.nvi.pl hacked
hxxp://teen-with-big-boob-porn.zzw.pl hacked
hxxp://teen.axspace.com hacked
hxxp://terjes.net/ hacked
hxxp://testyourbalance.com hacked
hxxp://texas-amateur-boxing.zly.pl hacked
hxxp://thaifingerstyle.com/ hacked
hxxp://thebigtoplite.cn/all/index.php loader
hxxp://thebigtoplite.cn/all/load.php exe
hxxp://theclan.com.hk/ hacked
hxxp://thefilmmusic.cn/in iframe
hxxp://thelegion74.com/yu5/index.php loader
hxxp://thelegion74.com/yu5/load.php exe
hxxp://thewebbfamily.org hacked
hxxp://time4holiday.freesuperhost.com hacked
hxxp://tolchok.com.ua/ hacked
hxxp://ton71.com/images/karma/exe.php exe
hxxp://ton71.com/images/karma/index.php loader
hxxp://top100-counter.com/top100/index.php iframe
hxxp://trafficroup.com/go.php loader
hxxp://traffok.cn/out.php loader
hxxp://traffone.cn/in.cgi loader
hxxp://traffthree.cn/webpage1/ loader
hxxp://traffthree.cn/webpage1/exe.php exe
hxxp://uct.hu hacked
hxxp://ulspin.70mb.ru hacked
hxxp://upgrade.kaluga.ru hacked
hxxp://ustechservic.com.cn/package/getexe.php exe
hxxp://ustechservic.com.cn/package/getfile.php loader
hxxp://utevox.site90.com/f/index.php iframe
hxxp://v2statscount.net/cgi-bin/loader.pl exe
hxxp://v2statscount.net/in/46/mp9.html loader
hxxp://valium-online.beam2.de/ hacked
hxxp://vcbc.ru hacked
hxxp://vegittablesanal.stsland.ru hacked
hxxp://verdades.awardspace.info/pass.php loader
hxxp://verzeih.com/state/2/bin/default.exe exe
hxxp://verzeih.com/state/2/index2.php loader
hxxp://vetteservice.com/ hacked
hxxp://vie-passion.com hacked
hxxp://vietczech.webz.cz/ hacked
hxxp://vip-rm.info/ hacked
hxxp://virgin-amateur-teen.zly.pl hacked
hxxp://vistaantivirus.thebestantivirus.axspace.com/ hacked
hxxp://vitia.fren.jp/es/iframe.php iframe
hxxp://voyagemongolie.com hacked
hxxp://watnoinanghong.webwat.net/ hacked
hxxp://webdirector-y.com/ hacked
hxxp://wendy-amateur-page.zly.pl/ hacked
hxxp://wetbabes.yoll.net hacked
hxxp://worldfirefighter.com/wellstonfd/attachments/exp.php loader
hxxp://worldfirefighter.com/wellstonfd/attachments/l.exe exe
hxxp://wsxhost.net/count.php loader
hxxp://ww.elgame.ru hacked
hxxp://www-fighe-porc.ldksnnef.cn/ iframe
hxxp://www.112-webdesign.nl/ hacked
hxxp://www.777nodeposit.kokoom.com hacked
hxxp://www.7fabrika.ru hacked
hxxp://www.airsoftsegovia.com/ hacked
hxxp://www.anarchykingdom.com hacked
hxxp://www.aopassaredopetshop.com.br/ hacked
hxxp://www.atlascs.hussar4u.com/ hacked
hxxp://www.australiancomputers.com.au hacked
hxxp://www.bajard.eu/ hacked
hxxp://www.businessandmanagement.nl hacked
hxxp://www.carredas.freesurf.fr hacked
hxxp://www.caryshields.com/ hacked
hxxp://www.caryshields.com/index2.html loader
hxxp://www.chem-tec.com/ hacked
hxxp://www.chosky.com.ar/ hacked
hxxp://www.chubbuck.net hacked
hxxp://www.clinicalbodyworkers.com/ hacked
hxxp://www.comersant.com.ua hacked
hxxp://www.cortesiavip.com/astro/pass.exe exe
hxxp://www.ctomkins.co.uk/ hacked
hxxp://www.curler.de/ hacked
hxxp://www.davki.info hacked
hxxp://www.debsirin.or.th hacked
hxxp://www.delum.net/ hacked
hxxp://www.demoteam.de/ hacked
hxxp://www.diomiraperche.net/ hacked
hxxp://www.dnmarket.ru/ hacked
hxxp://www.dominicanparty.net/ hacked
hxxp://www.dreamside.de/ hacked
hxxp://www.drorkey.co.il hacked
hxxp://www.ecm.org.pl/ hacked
hxxp://www.ecomwebd.net hacked
hxxp://www.excaliburmetal.net hacked
hxxp://www.featherdesign.co.uk/ hacked
hxxp://www.flashinfo.fr/ hacked
hxxp://www.flexhealthcare.net hacked
hxxp://www.forum.esearchlogic.com/ hacked
hxxp://www.franconomic.org/ hacked
hxxp://www.friendsoftau.com/ hacked
hxxp://www.friseur-infonet.de/ hacked
hxxp://www.friseursuche.de hacked
hxxp://www.frontlinespb.ru/ hacked
hxxp://www.ftnco.com/ hacked
hxxp://www.geomatrix360.com.br/ hacked
hxxp://www.globus.rv.ua/ hacked
hxxp://www.goldfaenge.de hacked
hxxp://www.googleanalitics.net/__utb.js loader
hxxp://www.goreanedge.com/ hacked
hxxp://www.grimcity.com/ hacked
hxxp://www.hermacop.cl/ hacked
hxxp://www.hhs.ic.cz/ hacked
hxxp://www.hotelveneziabardolino.jdfkdkslkww.cn hacked
hxxp://www.howard-donald.com/ hacked
hxxp://www.hyerpower.com.au/ hacked
hxxp://www.jaratak.com/ hacked
hxxp://www.khairulanuar.com hacked
hxxp://www.kolaescocesa.com/ hacked
hxxp://www.kwanjangnim.com/ hacked
hxxp://www.lanbrew.com hacked
hxxp://www.lecturer.eng.chula.ac.th/feelwt/phpBB2/viewtopic.php hacked
hxxp://www.loanpayment.biz/ hacked
hxxp://www.luxevent.de/cms/ hacked
hxxp://www.madura-webcam-casa.vld-wuustwezel.be hacked
hxxp://www.mcelectronic-th.com/ hacked
hxxp://www.medli.org hacked
hxxp://www.miedzylesie.org.pl hacked
hxxp://www.modernvikings.dk hacked
hxxp://www.movimientobalear.com hacked
hxxp://www.nadirroma.juvenalo.cn hacked
hxxp://www.nashite.org/ hacked
hxxp://www.nbcogdor.org hacked
hxxp://www.nuhammad-abi.de hacked
hxxp://www.offshore-loans.avel.com.ua/ hacked
hxxp://www.okduo.borec.cz/ hacked
hxxp://www.old.ecopolice.ru/ hacked
hxxp://www.onalik44.phpnet.us/index.php loader
hxxp://www.onalik44.phpnet.us/load.php exe
hxxp://www.originalphotogallery.com/ hacked
hxxp://www.palexplorer.com/ hacked
hxxp://www.panmaionline.com/ hacked
hxxp://www.peoplesvoiceuk.com/ hacked
hxxp://www.pitnet.ro/ hacked
hxxp://www.pleasurebeachpostcards.org/ hacked
hxxp://www.pokeritiedot.com hacked
hxxp://www.poralviv.org hacked
hxxp://www.pornchaipochana.com/ hacked
hxxp://www.pptorrejondevelasco.com/ hacked
hxxp://www.puetz-motorsport.de/ hacked
hxxp://www.raisinghappybabies.com/ hacked
hxxp://www.raytor-d.ru/ hacked
hxxp://www.ricoontheradio.com hacked
hxxp://www.riendeneuf.com hacked
hxxp://www.rkdrums.com/ hacked
hxxp://www.rodedwardsmusic.co.uk hacked
hxxp://www.rombin.net/ hacked
hxxp://www.rosconstrucciones.org/ hacked
hxxp://www.rsggrafica.com.br/ hacked
hxxp://www.sabinastar.com hacked
hxxp://www.showsstandup.com.ar hacked
hxxp://www.smithhomecenter.com/ hacked
hxxp://www.southpark.cc hacked
hxxp://www.staroflebanon.net hacked
hxxp://www.studmat.com/ hacked
hxxp://www.suomenmaaseutumatkailu.fi hacked
hxxp://www.surpluscasino.com/ hacked
hxxp://www.taitolaji.fi hacked
hxxp://www.thebackupplan.com/ hacked
hxxp://www.toolscript.com/ hacked
hxxp://www.touristfromhell.com/ hacked
hxxp://www.trokat.tvn.hu hacked
hxxp://www.trueranger.com hacked
hxxp://www.ufatalk.ru hacked
hxxp://www.ulicnaolimpijada.si/ hacked
hxxp://www.uni-pr.edu/ hacked
hxxp://www.utahprime.com hacked
hxxp://www.utpedia.com hacked
hxxp://www.vanet.ro/ hacked
hxxp://www.virtualclan.com/ hacked
hxxp://www.worldvedro.com/lz/bin/default.exe exe
hxxp://www.worldvedro.com/lz/cache/doc.pdf loader
hxxp://www.worldvedro.com/lz/index.php iframe
hxxp://www.zyssetd.ch/moodle/user/view.php hacked
hxxp://xdrv.info/uno/count.php loader
hxxp://xdrv.info/uno/getexe.exe exe
hxxp://xmanages.cn/in iframe
hxxp://xxxmovies.jpn.ph/5/js_go_f1.php iframe
hxxp://yahoo-analytics.net/count.php loader
hxxp://yanndex.su/index.php loader
hxxp://znakomstva24.w-ru.com/ iframe



Source is also HoneyNet.CZ

http://www.honeynet.cz/?mmenu=malware&smenu_int=3&lang=en&vmetr=1

December 09, 2008, 11:32:41 pm
Reply #4

nirgil

  • Special Access
  • Newbie

  • Offline
  • *

  • 4
And finally, here is daily updated list of domains/IP for web malware (as for other modules, like botnets/rfi/etc.. are lists available too)

http://www.honeynet.cz/bl/WMD.txt.gz



http://www.honeynet.cz/?mmenu=home&smenu_int=0&lang=en&vmetr=1&news_id=80