Author Topic: A little mix  (Read 55303 times)

0 Members and 1 Guest are viewing this topic.

April 28, 2009, 09:21:35 pm
Read 55303 times

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
old-partner.com      Promotes installs of malware
3xlvip.com      Promotes installs of malware
bestsoftlive.com         Exploits
astrofonix.com         Exploits
astrofonix.com/zui_files/system.exe        Trojan-Spy.Zbot.psx
1st.abdulabah.cn/index.php         Exploits
tesenmir.ru         Exploits
whenudownloads.com/vvsn/prod/AdVantageInstallerInst.exe       AdWare.SurfAccuracy.ar
video-go.net/go/go.php?sid=1        FakeRean
xxxtube.freehostia.com/        FakeRean
mp3diary.com/tds/go.php?sid=1        FakeRean
tubemov.com        FakeRean
movfree.com        FakeRean
uploadmoviez.com/codec/140.exe        FakeRean
popka-klass.net        Worm.Koobface
burumba.net/go.php?sid=9        Worm.Koobface
hxviewworldmy1.com/view/1/1244/0        Worm.Koobface
billingpayment.net/pp/?id=         Rogue
videoadobe.ru/forum/        Exploits
xcount.cc/ads/in.cgi?13        Exploits
sandiiegoexpo.ru/expocity.html        Exploits




inactive/remove

lafi.babjr.cn/index.php
www.fifa.babjr.cn/index.php

April 29, 2009, 04:02:22 pm
Reply #1

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
fuse4scan.info/22/?uid=keyin       Rogue
fuse4scan.info/download/install.php       Rogue
antiviruspowerfulscannerv2.com        Rogue, multiple IPs  78.47.91.153, 38.99.170.209, 94.102.48.28
proantivirusscanv2.com        Rogue
ns1.proantivirusscanv2.com         NameServer for Rogue sites
ns2.proantivirusscanv2.com         NameServer for Rogue sites
advancedpcscanner.com          Rogue
secure.trustedsoftstore.com/billing/indexSCT.php          Billing for Rogue software
deleteallspyware.com           Rogue
adware-removal-tool.com        Rogue
secure.goldsoftwarestore.com/billing/?product=ADR          Billing for Rogue software
systemguard2009.com        Rogue
gomaldef09.com        Rogue
84.16.251.222/maldef09/setup.php?track_id=10001        Rogue
dlmaldef092.com/maldef09/setup.php?track_id=10001        Rogue
malwaredefender2009.com/download/?track_id=10001        Rogue
secure-data-group.com       Rogue
secure.pnm-software.com/software.php        Rogue

April 29, 2009, 09:34:44 pm
Reply #2

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
download.web-mediaplayer.com/Web-MediaPlayer_setup.php?grpid=2055&tag_id=718&nums=FFjxahBAOb&popt1=1188&popt2=0       NaviPromo / Wintrim
em.pc-on-internet.com/eas?camp=22769&cu=923&ty=ct&popt1=1188&popt2=0       NaviPromo / Wintrim
porntubxxx.com/view.php?r=1188       NaviPromo / Wintrim
runinyour.cn       NaviPromo / Wintrim
refagonhid.cn       NaviPromo / Wintrim
ligevideo.cn       NaviPromo / Wintrim
porno-movies.name/PLAY-MOVIES/PS3-IPOD-MPG5/play.cgi       NaviPromo / Wintrim
fuck-my-dau.com         NaviPromo / Wintrim
myfreeporncash.com        Exploits

April 29, 2009, 10:19:47 pm
Reply #3

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
vids-online.net/video.php?id=Candace_Michelle       Falder
vids-online.net/go.php?sid=4       Falder
vids-online.net/video.php       Falder
sp-files.com/download/6f4c534833673d3decebbc42/VideoCodec.exe       Falder
91.212.65.17/cgi-bin/generator        Malware (Falder) calls home and posts data
adultbeerparty.com        Exploits
cheapslotplay.cn/in.cgi?income47        Exploits
lotbetworld.cn/in.cgi?income36        Exploits
goooogleadsence.biz/?click=124B4BD        Exploits
nanoautofinest.cn/index.php        Exploits
alldrivecleaning.com       Rogue
uplcodecset3.com/codec/228.exe         FakeRean / FraudLoad.ehp
66.36.241.191/_getf_/g.php?q=xxx&id=28362       FakeRean / FraudLoad.ehp
66.36.241.191/_getf_/xxx.html?id=28362       FakeRean / FraudLoad.ehp
66.36.241.191/__counter/go.php?sid=2&tds-sekey=xxx&tds-id=28362       FakeRean / FraudLoad.ehp
24media.org/search.php?q=xxx         Results lead to FakeRean / FraudLoad.ehp
batva.net/in.cgi?2&parameter=xxx      FakeRean / FraudLoad.ehp
trusted-dns.com/nfcleaner.exe       DNSChanger / ATRAPS

May 02, 2009, 07:41:04 pm
Reply #4

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
freshcinemaonline.net/tds/go.php?sid=5        NaviPromo
crackfind.org/install.exe        ZSearch
trafcity.com/in.cgi?4       Exploits
porntubetv.us       Exploits
teenstube.us/one.js       Exploits
insane-teens.com       Exploits

Already in database, but new IP address needs modifying.
visual-porn.com   209.67.210.242   sauron.hostworkz.com
allvidz.net   64.92.169.74   host-64.92.169.74.static.reverse.anchorvps.com

The four below are not currently directing to any malware that I can find, but they have associations with malware sites, and in some cases have links inside to malicious sites which are no longer alive. Such as the pornogurman.com urls.
adultsyoutube.com
mov2ns.net
handsporn.com
sistagirl.com

May 03, 2009, 10:35:30 pm
Reply #5

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
ugochaves.com/in.cgi?2&parameter=24apr        NaviPromo
banarasmalayalamfilm.com       Exploits
idunpop.com       Exploits
yourlitetop.cn/ts/in.cgi?mozila8       Exploits
alliteautolamps.cn/index.php       Exploits
meghalayadigitals.com       Exploits
specialneedstoday.org       Exploits
jinisethnicgourmet.com/courses.shtml        Exploits
marketakshya.com       Exploits
nipkelo.net        Exploits
nipkelo.net/liloadercdi.php?id=1934464      Sality
a.94saomm.com/js.js        Exploits
58.211.81.143:365/360.cn/rs.htm        Exploits
58.211.81.143:365/360.cn/fff.swf        Exploits
58.211.81.143:365/360.cn/iie.swf        Exploits
58.211.81.143:365/360.cn/x.htm        Exploits
58.211.81.143:365/360.cn/all.css        Exploits
58.211.81.143:365/360.cn/1.htm        Exploits
58.211.81.143:365/360.cn/1.css        Exploits
58.211.81.143:365/360.cn/2.htm        Exploits
58.211.81.143:365/360.cn/2.css        Exploits
58.211.81.143:365/360.cn/3.htm        Exploits
58.211.81.143:365/360.cn/3.css        Exploits
58.211.81.143:365/360.cn/4.htm        Exploits
58.211.81.143:365/360.cn/7.htm        Exploits
58.211.81.143:365/360.cn/7.css        Exploits
58.211.81.143:365/360.cn/newlz.htm        Exploits
58.211.81.143:365/360.cn/newlz.css        Exploits
58.211.81.143:365/360.cn/s.htm        Exploits
58.211.81.143:365/360.cn/office.css        Exploits
58.211.81.143:365/360.cn/office.htm        Exploits
58.211.81.143:365/360.cn/bf.htm        Exploits
58.211.81.143:365/360.cn/bf.css        Exploits
58.211.81.143:365/360.cn/cx.htm        Exploits
58.211.81.143:365/360.cn/uuss.htm        Exploits
58.211.81.143:365/360.cn/bff.htm        Exploits
58.211.81.143:365/360.cn/bff.css        Exploits
61.164.108.99/a.css      Malware
peskostruikaz.com/auq.php?d29f4e=1971906&id=21314263354893       Malware calls home
johnsonbodyshop.com/images/logo.gif?d4ce91=1992359&id=21314263354893       Malware calls home
sunandsea.co.kr/upload/rey.jpg        RFI

May 04, 2009, 04:48:43 am
Reply #6

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
aaaimmigration.com        Exploits
hostads.cn        Exploits
divinets.cn/z/5.htm        Exploits
rifnasax.cn/nuc/index.php        Exploits
sotville.ru        Exploits
sexy-zone.ru/mix/beta/        Exploits
extraspray.com/in.php?        Exploits
cacbuhub.cn/pa.html        Exploits
myrurrly.com/su/in.cgi?3        Exploits
porgacig.cn/sss/in.cgi?7        Exploits
netporn-tube.com/123/27/FFFFFF/48742b6265773d3dddc1b009/FlashCodec/FlashVideo/        DNSChanger
youwillenjoythis.info/x/21.fistin_gay.html       DNSChanger
173.29.235.190/YouTube/setup.exe         Net-Worm.Koobface.he
173.29.235.190/pid=8820/type=videxp/         Net-Worm.Koobface.he
24.23.98.38/YouTube/setup.exe         Koobface.BE
173.32.104.128/YouTube/setup.exe        Koobface.he
69.146.209.162/YouTube/setup.exe        Koobface.he
70.236.74.228/YouTube/Setup.exe        Trojan-Spy.Agent.anap / Koobface
76.99.238.201/YouTube/setup.exe        Koobface.he
82.43.153.137/YouTube/setup.exe        Trojan.Agent2.hgm / Koobface
youtubealert.com/movie.php        Virtumonde / Vundo / Virtum
youtubealert.com/setup.exe      Virtumonde / Vundo / Virtum
ralcofic.cn/3g/        Exploits
uswsw.com/8888/real.html        Exploits
antivirus.vc/?        Exploits
bizoplata.ru/pay.html        Exploits
bizoplata.ru/moun.html        Exploits
bizoplata.ru/palast.html        Exploits
beelposttraning.ru/s/in.cgi?2        Exploits
dolchepopka.ru/ol/in.php        Exploits
teyrebuf.cn/s/in.cgi?2        Exploits
quicksearchnet.com/in.cgi?3&meter=girls+fingering       NaviPromo
findnolimits.com/go.php?sid=1        NaviPromo
0576sf.com/88xz/win.exe       GameOL.yqw
tozxiqud.cn/in.cgi?8        Exploits
cximnik.cn/img1/index.php        Exploits
idealadvertising.org/clicksagent2/        Exploits
divinets.cn/out.php?s_id=1        Exploits
divinets.cn/xts/in.cgi?9        Exploits
karavan.us/bon/index.php        Exploits
91.212.65.138/a/in.php        Exploits
91.212.65.138/a/pdf.php        Exploits
lsiu.info/evo/count.php?o=2        Exploits
lsiu.info/evo/count.php?o=5        Exploits
lsiu.info/evo/count.php?o=7        Exploits
lsiu.info/evo/exploits/x19.php?o=2&t=1241403746&i=1365814122        Exploits
lsiu.info/evo/exploits/x18.php?o=2&t=1241403746&i=1365814122        Exploits
lsiu.info/evo/getexe.exe?o=2&t=1241403746&i=1365814122&e=1        Rabbit.ac / Wigon / Pushdo / Kobcka / Pandex
tixwagoq.cn/in.cgi?12        Exploits
gukgifoc.cn/nuc/index.php        Exploits
gukgifoc.cn/nuc/spl/pdf.pdf        Exploits
teenchickas.com        Exploits
teenchickas.com/pjs.html        Exploits
teenchickas.com/mininova.html        Exploits
teenchickas.com/us.pdf        Exploits
teenchickas.com/0.gif         TaskDisabler
girlteenxxxfreemov.com         Trojan-Downloader.Small.jqz
blogsexnakedgirlxxx.com         Trojan-Downloader.Small.jqz
megacooltubes2009.com/teens/xmovie.php?id=40013         Trojan-Downloader.Small.jqz
kvm-softwares.com/softwarefortubeview.40013.exe         Trojan-Downloader.Small.jqz
antivirus-remote.com        Rogue
lkmpmlm.com/fff9999.php?aid=0&uid=6cbbc5081e7548e276611ff5059df6ed30c8f8f1&os=513        Malware calls home
lkmpmlm.com/ccc_2.php?uid=6cbbc5081e7548e276611ff5059df6ed30c8f8f1&aid=&os=513        Malware calls home
lkmpmlm.com/eee9999.php?aid=0&uid=00cd1a40d41d8cd98f00b204e9800998ecf8427e&os=512         Malware calls home
imageempires.com/perce/064c5b7bbc854008e18e97e54448fea26776e621b10f2f35f025196defd65efd23a07ce83fb8ef114/80f/perce.jpg       Trojan-Downloader.FraudLoad.ehz / TrojanDownloader.FakeAlert.ZI
picturesoffline.com/item/86ccfb2b2c651048211e775514986e728746d681618fff45b0b539ddffb6de8d73c0aca83fc8ef51e/50a/item.gif        Trojan-Downloader.FraudLoad.eil / Renos / TrojanDownloader.FakeAlert.ABF
74.50.104.76/werber/903/216.jpg        Zlob.DGB
200.35.151.36/werber/903/216.jpg       Zlob.DGB
imagesrepository.com/resolution.php        Malware calls home
zone-searching.com/borders.php        Malware calls home
gdfshgfh.com/promo.exe        Waledac / FraudLoad.eeb
cls-softwares.com/suc.php        Malware calls home
rscserv.cn/service/      Malware calls home
findmorepill.com/klik/search.php?q=xxx        Results lead to malware
hottestfiles.com/search/search.php?q=xxx        Results lead to malware
italiavideoclip.com/~fcfcfc/zlzlzlz.exe        FakeAlert.KH
netporn-tube.com/?t_type=teens&id=4a4b4e5151773d3d2ca18652       DNSChanger
bestxmovs.info       DNSChanger
mac-videos.com/play/mac-video.php       (needs Macintosh user-agent)
mac-videos.com/start.html       (needs Macintosh user-agent)
part-owner.net/download/6b72504756673d3d397ccafd/macvideo.dmg       (needs Macintosh user-agent)
cleandownloaded.com/download/6f342f6248773d3dc4e28452/keygen-elite_proxy_switcher_1_07.exe         DNSChanger
uniquexsoftware.com/elite-proxy-switcher-107.html        DNSChanger
infodist1.com/in.cgi?11&parameter=404           <------ Already in the database but the IP needs modifying, new IP is 64.27.5.163

May 04, 2009, 05:30:10 pm
Reply #7

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
litefinestdirect.cn/ts/in.cgi?mozila5         Exploits
featherlitecarcare.cn/index.php         Exploits
adulttopzone.com         Exploits
fremoperka.com/embded/zend.php         Delf
fenomen-games.com/dfiles/WildTribe_dwn.exe      Adware FenomenGame.pxg
goasi.cn/ex/0032.exe       Trojan-Downloader.Injecter.cqd
goasi.cn/update/fix.txt       Kobcka / Wigon / Pandex / Cutwail / Pushdo
goasi.cn/sys/index.php?id=0005        Exploits
goasi.cn/mega/lgate.php?n=EA6FA0FF48DE8001       Malware calls home
goasi.cn/dll/cs.txt         Backdoor.IEbooot.brr / Rootkit.Otlard.A
goasi.cn/dll/abb.txt        Backdoor.Small.hwc
goasi.cn/update/licence.txt        Backdoor.Agent.pbt / Phdet.G / Finanz.J
goasi.cn/update/readme.txt        Srizbi / Rootkit.Qandr.ji
goasi.cn/update/toolbar.txt       Zhelatin.agg
goasi.cn/met/ge.txt         <---- Already in database, but needs description modified, Joleee.nh / Tedroo
goasi.cn/ex/a.php       Trojan-Downloader.Injecter.cqd
goasi.cn/dok/doc.txt        IEbooot.iz / Rlsloup
www.upononjob.cn/in.cgi?0032         <<---- Already in the database but IP needs modifying, 211.95.79.6
ns2.terns.org        NameServer for malware sites

May 05, 2009, 12:20:53 am
Reply #8

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
onlinetube.info/tds/go.php?sid=1      Fakealert / FraudLoad    <------- Already listed (as zlob) but needs the IP modifying 82.146.50.202
mp3diary.com/tds/go.php?sid=1      Fakealert / FraudLoad
xxxtube.freehostia.com/video.html      Fakealert / FraudLoad
truepornupload.com/codec/140.exe      Fakealert / FraudLoad
lovemp3world.cn/get/0/Madonna_-_Bedtime_Stories_(Thomas_Penton).mp3.exe      Trojan-Dropper.Agent.agit
lovemp3world.cn/go/0/Madonna/Bedtime+Stories+%28Thomas+Penton%29      Trojan-Dropper.Agent.agit
lovemp3world.cn/album.php?aid=79      Trojan-Dropper.Agent.agit
lovemp3world.cn/search.php?q=madonna      Trojan-Dropper.Agent.agit
whitetrack.net/zepaniah/1487340203/1/player.php?m=bW92MS53bXY=&id=3543        DNSChanger
winpcdown9.com/pcdef.exe       FakeRean / FakeAlert
porntubenew.com/getCodec.php       DNSChanger
xxxvideopussy.com/images/autoplay.php       DNSChanger
shotdro.com/download/3776694945673d3d03635c6c/play-video.exe       Trojan-Dropper.Win32.NSIS.bt
shotdro.com/download/3776694945673d3d03635c6c/play-video.dmg       Mac DNSChanger
tubeporn09.com       DNSChanger
flashgamezonline.net/video.php       DNSChanger
hdvideocenter.org/continue.php       DNSChanger
all-softfree.com/1/path.txt       DNSChanger
all-softfree.com/1/pathexe.php?id=3180&name=codec       DNSChanger
individualpeople.biz/go.php?sid=1       Exploits
tds.smallsexvids.info/go.php?sid=1       Phdet / Koobface
mxviewworldmy1.com/view/1/1193/0       Phdet / Koobface

May 05, 2009, 09:17:07 pm
Reply #9

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
webfreescan.cn/id/4912933/3/1/        Rogue
wn20090504.com/achcheck.php        Malware calls home
aksajans.com/1/6244.exe       Trojan-Dropper.BHO.bh
aksajans.com/1/nfr.exe        Phdet / Koobface
aksajans.com/1/pp.06.exe         Koobface
google-forum.biz        Exploits
sd9-forum.biz        Exploits
xssipforum.biz        Exploits
files932435.net/b2b/load/         Unknown malware
dglcxlcfmk.net/progs/bexdde/ahurebocmi.php       Virut.n
cezqtessjo.com/progs/bexdde/ahurebocmi.php       Virut.n
freewareseach.com       FraudLoad.eh / Fakeinit / FakeAlert.YV
free-webscaners.com/disk/?code=229       FraudLoad.eh / Fakeinit / FakeAlert.YV
trucount3000.com/cgi-bin/install.pl?adv=229       FraudLoad.eh / Fakeinit / FakeAlert.YV



Inactive/Remove
files250362.net/b2b/
dablyt.cn/update/fix.txt
dablyt.cn/update/licence.txt
dablyt.cn/update/readme.txt
dablyt.cn/update/toolbar.txt

May 05, 2009, 10:17:17 pm
Reply #10

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
Inactive/Remove
gradesitesled.sitesled.com/cmd1.txt
system-tuner.com
202.72.194.21/card.exe
freewebs.com/robospy/keylogger/PKLOGG.exe


New
systemsecurityline.com/download.php        Trojan-Downloader.Agent.blct / Rogue
systemsecurityline.com/downloadsetup.php        Trojan-Downloader.Agent.blct / Rogue
extrantivirus.com/setup/install.exe          FakeAlert.BW / Rogue
gdq4hevif.com/j.js           Mebroot
31c0ffd0.org/a/null           Mebroot
javascript-analytics.com/j.php          Mebroot


Modify
javacsript.biz/in/in.cgi?2         New IP 213.163.91.244

May 05, 2009, 10:26:07 pm
Reply #11

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
files932435.net/b2b/load/         Unknown malware

http://www.threatexpert.com/report.aspx?md5=6c527bbb73438d33487a6425d740b06b

No hits for it at Jotti though, and VT is down atm.
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

May 06, 2009, 12:27:37 am
Reply #12

RS-232

  • Special Access
  • Sr. Member

  • Offline
  • *

  • 165
iky2hevif.com as well (on same ip - 67.18.208.28)

hxxp://www.ghcaxmesp.com/j.php
hxxp://www.jhddxqebf.com/j.php
hxxp://www.rhclxqarm.com/j.php
hxxp://www.xhirxtarm.com/j.php
hxxp://www.yhhsx6anj.com/j.php

Edit: Seems that both robtex+bfk.de are not fully updated with newer records currently,arghh...
ie.for example,at the moment,i don't get any useful results over there for ghcaxmesp.com
Anyway - all domains in that ip over there redirect over to mebroot...
Alternatively,until services above are fully updated,the quick-dirty-and-unreliable way...  ;)
http://www.google.com/search?hl=en&lr=&num=100&q=allintitle%3A++%22javascript-analytics%22&btnG=Search
Only for the "fun" of it...rs-232 aka sowhat-x aka younameit ;-)
http://www.youtube.com/watch?v=fADjY97_KTw

May 06, 2009, 04:37:26 am
Reply #13

RS-232

  • Special Access
  • Sr. Member

  • Offline
  • *

  • 165
Quote
hxxp://onlinescanxpp.com/land/eurl/1.php?code=
hxxp://antivirus-xppro-2009.com/cgi-bin/download.pl?code=00000001
http://www.virustotal.com/analisis/b48e04e62fbabf49a3ceef96f4cd949c
Only for the "fun" of it...rs-232 aka sowhat-x aka younameit ;-)
http://www.youtube.com/watch?v=fADjY97_KTw

May 06, 2009, 07:29:40 pm
Reply #14

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
wantfinest.com/tds/in.cgi?default&seoref=        FraudLoad.ehs / Rogue
porntube4u.com/?uid=60b12dd602ca88e931e562f4b3ea3d0c         FraudLoad.ehs / Rogue
porntube4u.com/install.php?uid=60b12dd602ca88e931e562f4b3ea3d0c        FraudLoad.ehs / Rogue
sameshitasiteverwas.com/traf/tds/in.cgi?2       Trojan-Dropper.Agent.anpy
85.17.138.60/update/media_codec_setup.exe       Trojan-Dropper.Agent.anpy
94.75.234.35/html/b874550815x19         Malware calls home
94.75.234.35/data/u583x625302070         Malware calls home
nolagtime.com/conn/?JKV_1RWbUUdIfRUWUaITfdIfbREdYEYdfTTRI-6XBB_1WQR-6GF5_1AU-6LC6_1Y-gW-gEUQQ-gE-tsDF6K5D_rpX51_rR-t-66FC_1Q_fQ_fQ_fQ_fQ_fQ_fQ_fQ-62BG_1Q-672V_1YOR-6N8J_1Q-6252_1WQRR-69LV_1-65GZ_1W-6        Malware calls home
nolagtime.com/gwc.txt       Malware calls home