Author Topic: A little mix  (Read 55319 times)

0 Members and 2 Guests are viewing this topic.

May 07, 2009, 09:39:22 pm
Reply #15

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
New
freescreensaversx.com        Directs to sites with Zango / MyWebSearch.fh
ak.exe.imgfarm.com/images/nocache/funwebproducts/2.3.50.45/PopularScreensaversSetup2.3.50.45.ZRman000.exe        MyWebSearch.fh
young-e.net/_count/check_ip.php?ip=       Exploits
ciancia.org/help/z/static.php       Exploits
trustedwebsecurity.com/page.php?id=85         FraudTool.SystemSecurity.ic
trustedwebsecurity.com/index.php?affid=08085         FraudTool.SystemSecurity.ic
trustedwebsecurity.com/download.php?affid=08085         FraudTool.SystemSecurity.ic
pixtube.net/play/        Zlob
luglios.net/in.php?ref=live        Rogue
comitta.cn        Exploits
cutheatergroup.cn/fl/index.php       Exploits
cutheatergroup.cn/fl/load.php?id=0     Trojan-Dropper.Wlord.sv / Bredolab
file-system.biz       Exploits
turokgame.cn/bm/controller.php?action=bot&entity_list=&uid=1&first=1&guid=1824245000&rnd=981633         Malware calls home
turokgame.cn/bm/controller.php?action=report&guid=0&rnd=981633&uid=1&entity=1239400597:unique_start;1241428497:unique_start        Malware calls home
megobir.info        Exploits
asspardon.com          Exploits
porn-tube-movies.com/promo2/?aid=1451&vname=wmcodec        FraudTool.PrivacyCenter.t
porn-tube-movies.com/promo2/2.php?aid=1451&vname=wmcodec       FraudTool.PrivacyCenter.t
porn-tube-movies.com/promo2/get.php?aid=1451&vname=wmcodec       FraudTool.PrivacyCenter.t
hotbdsmsex.com       Zlob
fullsecurityaction.com        Rogue



Modify
useitall.info/in.cgi?3&ur=1&se=search&parameter=Polliciy22.info&HTTP_REFERER=gremmioti.cn         80.87.199.13/in.cgi?3&ur=1&se=search&parameter=Polliciy22.info&HTTP_REFERER=gremmioti.cn
useitall.info/in.cgi?2&meter=Polliciy22.info&se=search&ur=1&HTTP_REFERER=gremmioti.cn        80.87.199.13/in.cgi?2&meter=Polliciy22.info&se=search&ur=1&HTTP_REFERER=gremmioti.cn
nutsmpegs.com/free-porn/show_young.php?video=        Description FraudTool.PrivacyCenter.t
nutsmpegs.com/free-porn/young_girl_getting_fucked_by_big_cock.wmv.exe        Description FraudTool.PrivacyCenter.t
great2008x.com/great/index.php        IP 67.212.80.125
thefreecompany.net/red/in.cgi?default        IP 67.212.80.125



Inactive/Remove
206.51.233.130/iexplore.exe
208.66.194.180/40e8001430303030303030303030303030303030303031306c0000003c66000000007600000002
208.66.194.180/40e8001430303030303030303030303030303030303031306c0000004d66000000007600000002
208.66.194.232/40E8000842CFEBBCE21EFAC86C0000006866000000007600000147EB0005306A70777F
208.66.194.232/40E800085879928BAC9B53916C0000015766000000007600000146EB000530501C79C
208.66.194.232/40E8001430303030303030303030303030303030303031306C0000018366000000007600000642EB000530C8D5DCE4
208.66.194.234/s_18_3232235904?m=3&a=1&hdd=3030&gen=0&os=940000
208.66.194.234/s_88_3232235910?m=3&a=1&hdd=3030&fs=1&gen=0&os=940000
208.66.194.241/s_18_3232235904?m=3&a=1&hdd=3030&gen=0&os=940000
208.66.194.241/s_46_0?m=3&a=1&r=1&hdd=202&os=940
208.66.194.241/s_88_3232235910?m=3&a=1&hdd=3030&fs=1&gen=0&os=940000
208.66.195.15/40E800142020202057202D444D574D414C393644383133376C0000003266000000017600000064EB00053013181A1
208.66.195.15/40E8001430303030303030303030303030303030303031306C0000002A66000000007600000644EB0005306490A5B9
208.66.195.15/40E8001430303030303030303030303030303030303031306C0000002A66000000007600000644EB000530B0CFE3F7
208.66.195.15/40E8001430303030303030303030303030303030303031306C0000002A66000000007600000644EB000530E1FF132
208.66.195.15/40e8001430303030303030303030303030303030303031306c0000003c66000000007600000002
208.66.195.15/40e8001430303030303030303030303030303030303031306c0000004d66000000007600000002
208.66.195.15/40e8001430303030303030303030303030303030303031306c0000006866000000007600000002
83.19.144.26/id.txt
debime.net/in.cgi?4&parameter=yung+porn+videos
194.54.90.246/kkq2.gif
fddporn.net/6007_1.exe

May 08, 2009, 03:38:43 pm
Reply #16

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
tube-library.com       Trojan-Downloader.Small.jro
video.xmancer.org/go.php?sid=1&name=1       Trojan-Downloader.Small.jro
my-tube-zone.com/xplays.php?id=40014&name=1       Trojan-Downloader.Small.jro
cls-softwares.com/softwarefortubeview.40014.exe        Trojan-Downloader.Small.jro
cls-softwares.com/file.exe
livestockfeed.cn/mov/r/index.html        Koobface
greatscansecurity.com/page.php?id=30        Rogue
greatscansecurity.com/index.php?affid=08030        Rogue
94.178.79.30/pid=1000/?ch=&ea=         Koobface
74.160.196.69/pid=8047/type=videxp/setup.exe        Koobface
redir2404.com/the/?pid=8047&type=videxp        Koobface


Modify
jii.be/fds/in.cgi?20         New IP 78.159.112.200
jii.be/s116/in.cgi?16       New URL and IP jii.be/s116/in.cgi?9&group=g14922639        78.159.112.200

May 08, 2009, 11:50:04 pm
Reply #17

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
wvg0.cn         Exploits
iwdown.com        Exploits
mmwwrrqq.3322.org/a/a7.htm        Exploits
mmwwrrqq.3322.org/a/cnzz.htm        Exploits
mmwwrrqq.3322.org/a/yy.htm        Exploits
mmwwrrqq.3322.org/a/14.js        Exploits
mmwwrrqq.3322.org/a/flash.htm        Exploits
mmwwrrqq.3322.org/a/qb.htm        Exploits
mmwwrrqq.3322.org/a/qb.js        Exploits
mmwwrrqq.3322.org/a/ippp.htm        Exploits
mmwwrrqq.3322.org/a/ip.htm        Exploits
mmwwrrqq.3322.org/a/02.htm        Exploits
mmwwrrqq.3322.org/a/set.js        Exploits
mmwwrrqq.3322.org/a/lz.htm        Exploits
mmwwrrqq.3322.org/a/lz.js        Exploits
mmwwrrqq.3322.org/a/office.htm        Exploits
mmwwrrqq.3322.org/a/office.js        Exploits
mmwwrrqq.3322.org/a/xl.htm        Exploits
mmwwrrqq.3322.org/a/xl.js        Exploits
mmwwrrqq.3322.org/a/real.htm        Exploits
mmwwrrqq.3322.org/a/real.js        Exploits
mmwwrrqq.3322.org/a/real.html        Exploits
mmwwrrqq.3322.org/a/re11.js        Exploits
mmwwrrqq.3322.org/a/bf.htm
        Exploits
mmwwrrqq.3322.org/a/bf.js        Exploits
mmwwrrqq.3322.org/a/iggg.html        Exploits
mmwwrrqq.3322.org/a/i16.swf        Exploits
mmwwrrqq.3322.org/a/i28.swf        Exploits
mmwwrrqq.3322.org/a/i45.swf        Exploits
mmwwrrqq.3322.org/a/i47.swf        Exploits
mmwwrrqq.3322.org/a/i64.swf        Exploits
mmwwrrqq.3322.org/a/i115.swf        Exploits
mmwwrrqq.3322.org/a/fgg.html        Exploits
mmwwrrqq.3322.org/a/f16.swf        Exploits
mmwwrrqq.3322.org/a/f28.swf        Exploits
mmwwrrqq.3322.org/a/f45.swf        Exploits
mmwwrrqq.3322.org/a/f47.swf        Exploits
mmwwrrqq.3322.org/a/f64.swf        Exploits
mmwwrrqq.3322.org/a/f115.swf        Exploits
wm5588.com/love/windoss.css         Trojan-Downloader.Geral.kq / Trojan.Killav.PN
a22.7766.org/hf/x/y.js        Exploits
a22.7766.org/hf/x/ie.htm        Exploits
a22.7766.org/hf/x/ieee.htm        Exploits
a22.7766.org/hf/x/ireal.htm        Exploits
k70.9966.org/hf/x/pp.exe         Backdoor.Hupigon.gtww / Trojan-GameThief.WOW
tourdo.net/download/5876596c6e513d3d4236703120090505/flash.exe        Trojan.Alureon
trffc2.info/stds/go.php?sid=1       Rogue
j-set.cn/stech/go.php?sid=1        Trojan.Alureon




Modify
goodsite.in/good/in.cgi?18       New URL, IP, Description      goodsite.in/good/in.cgi?7      212.98.162.59       Rogue

May 09, 2009, 01:36:30 am
Reply #18

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
Inactive/Remove

www.hairbyerin.net/TotalCalendar_2.4/alba.txt
141.84.238.34/.../cmd
cgd-k25.org/forum/includes/error/id.txt
xx.getenjoyment.net/id.txt
asyacan.info/tool20.dat
rusrezina.ru/img/test.txt
eurotandem2008.free.fr/id.txt
home.kookmin.ac.kr/~law/board/id.txt
lba.cptec.inpe.br/images/mercury/id.txt
neobit.simset.net/cache/cache_94afbfb2f291e0bf253fcf222e9d238e_d44d7fb098dd72c08c79c2dd4df809x0
216.120.252.101/~newdayn/pix/id1.txt
gujewear.com/bemarket/goods/qmono/Q-MoNoR57.txt
gujewear.com/bemarket/goods/qmono/Q-MoNoR6.txt
indicce.com/admin/r57.txt
kukekaw.fileave.com/id.txt
niceplace.biz/media/id.txt
niceplace.biz/mambots/id.txt
los-chamos.com/arab.txt
imperialfutar.hu/on.txt
h1.ripway.com/atsoe/bot/safe.txt
lankawe.com/ioncube/readme.txt
los-chamos.com/Fungky/id2.txt
parkliv.nu/mambots/%20%20%20/id.txt
trosken.com/test.txt
guardmusic.com/echo.txt
wechselgroup.com/cache/test.txt
www.anje.pt/www
61.100.228.37/img/02.jpg
www.haiagaros.info/hugs.txt




New

terihatchernecklace.aboutauts.info         Exploits
greatds.su/in.cgi?2        Exploits
megasearch.coolwebsearch.us/search.php        Exploits
i1match361.biz/html/2440/f8ae8aedaf494548b681dedb37dd3d5f/        Exploits
asusdisp.org/page/2440/f8ae8aedaf494548b681dedb37dd3d5f/05090020496166425/        Exploits
asusdisp.org/file/2440/f8ae8aedaf494548b681dedb37dd3d5f/05090020496166425/0.gif        Rootkit.Podnuha.byf
pornovideosxxx-01.com/images/pvideo.html        Zlob
pornovideosxxx-01.com/rs/go.php?sid=1        Zlob
xxxwomenfucksuck.com/images/videos.html       Zlob
gogoalscan.com         Rogue
fanscan4.com        Rogue
goscanfix.com        Rogue
goworkscan.com        Rogue
goscanmeta.com        Rogue
scan4atom.info        Rogue
daset.darktech.org        Rogue
goscanmeta.com/?uid=12404        Rogue

May 10, 2009, 03:27:39 am
Reply #19

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
total-virusprotection.com/xpprot/2/?a=ks157&s=2         Rogue
total-virusprotection.com/secure/661f3fc130277a5847bcb0102ff6122f/4a060e75/setupfiles/totalvirusprotections.exe        Rogue
teamerblog.com/blog/       Exploits
teamerblog.com/wiki/Ms06014.htm       Exploits
teamerblog.com/wiki/MS06042.htm       Exploits
teamerblog.com/wiki/MS07004.htm       Exploits
teamerblog.com/wiki/office.htm       Exploits
jetclickvip.com/in.cgi?2        WinTrim / NaviPromo
reliable007.com/take.php?id=3&r=1211&s=1365        WinTrim / NaviPromo
reliable007.com/take.php?id=4&r=1202        WinTrim / NaviPromo
reliable007.com/movie2.php?r=1202&s=        WinTrim / NaviPromo
reliable007.com/movies.php?r=1211&s=1365        WinTrim / NaviPromo
reliable007.com/view.php?r=1211&s=1365        WinTrim / NaviPromo
download.live-player.com/Live-Player_setup.php?grpid=2566&tag_id=718&nums=FGFBbtPAOb&popt1=1211&popt2=1365&popt3=3        WinTrim / NaviPromo
stolnik.net/888/_ts/?s=ka&sid=euGB1&q=spyware+remover&affid=15555&ref=klikcentral.com&fullref=http%3A%2F%2Fklikcentral.com       Trojan.Dropper.NaviPromo.qke
velinta.net/redirpost/?qq=Spyware+Remover&url=&source=ka&sid=euGB1&affid=15555       Trojan.Dropper.NaviPromo.qke
zeis.org.ua/eu/GB/k1/       Trojan.Dropper.NaviPromo.qke
216.12.161.18/download/download.php?camp=22769&f=Spyware%20Remover       Trojan.Dropper.NaviPromo.qke
kernelseo.com/in.cgi?5&parameter=spyware+remover&se=15555         NaviPromo
videotoolsfree.com/installation/update/        NaviPromo
seventhdayslubmer.com/WebMediaPlayerInstallation/        NaviPromo
cavle-online.com/play.exe       Backdoor.PcClient.aldh
rusuchki.com/go/freevideo2/       FraudPack.mmw / FakeAlert
xvirusdescan.com/index.php?affid=08041       FraudPack.mmw / FakeAlert
xvirusdescan.com/download.php?affid=08041       FraudPack.mmw / FakeAlert
uniqfind.net/?q=xxx      Results direct to malware
aeroads.net/?sub=6&id=15555&q=xxx        FraudPack.mmw / FakeAlert
klikcentral.com/search.php         Results direct to Malware
huangsidai.net/jyly/index.asp         Exploits
s51.cnzz-c.cn/stat.js?id=872651&web_id=872651       Exploits
wr.jrt46.cn/1/19/index.htm?20       Exploits
wr.jrt46.cn/1/19/index2.htm       Exploits
wr.jrt46.cn/1/19/ccqm.htm       Exploits
wr.jrt46.cn/1/19/js.css       Exploits
wr.jrt46.cn/1/19/hk14.htm       Exploits
wr.jrt46.cn/1/19/14.css       Exploits
wr.jrt46.cn/1/19/15.css       Exploits
wr.jrt46.cn/1/19/16.css       Exploits
wr.jrt46.cn/1/19/hkfl.htm       Exploits
wr.jrt46.cn/1/19/cc11.htm       Exploits
wr.jrt46.cn/1/19/cc22.htm       Exploits
wr.jrt46.cn/1/19/hkvod.htm       Exploits
wr.jrt46.cn/1/19/ccvod.css       Exploits
wr.jrt46.cn/1/19/b.css       Exploits
wr.jrt46.cn/1/19/d.css       Exploits
wr.jrt46.cn/1/19/hkbb.htm       Exploits
wr.jrt46.cn/1/19/bff1.css       Exploits
wr.jrt46.cn/1/19/bff.css       Exploits
wr.jrt46.cn/1/19/hkzzx.htm       Exploits
wr.jrt46.cn/1/19/091.css       Exploits
wr.jrt46.cn/1/19/092.css       Exploits
wr.jrt46.cn/1/19/hkff.htm       Exploits
wr.jrt46.cn/1/19/ff.css       Exploits
wr.jrt46.cn/1/19/hk122121.htm       Exploits
wr.jrt46.cn/1/19/Turl.css       Exploits
wr.jrt46.cn/1/19/real.css       Exploits
wr.jrt46.cn/1/19/real1.css       Exploits
wr.jrt46.cn/1/19/ci115.swf       Exploits
wr.jrt46.cn/1/19/ci47.swf       Exploits
wr.jrt46.cn/1/19/ci45.swf       Exploits
wr.jrt46.cn/1/19/ci64.swf       Exploits
wr.jrt46.cn/1/19/ci28.swf       Exploits
wr.jrt46.cn/1/19/cf115.swf       Exploits
wr.jrt46.cn/1/19/cf47.swf       Exploits
wr.jrt46.cn/1/19/cf45.swf       Exploits
wr.jrt46.cn/1/19/cf64.swf       Exploits
wr.jrt46.cn/1/19/cf28.swf       Exploits
100xx.com.cn/tj.htm       Exploits
shaduzhe.com/head.htm       Exploits
aqbo.cn/top.htm       Exploits
bizme.com.cn       Exploits
3b3.org/c.js       Exploits
59ukjff.9966.org/a/a100.htm       Exploits
59ukjff.9966.org/a/cnzz.htm       Exploits
59ukjff.9966.org/a/yy.htm       Exploits
59ukjff.9966.org/a/14.js       Exploits
59ukjff.9966.org/a/flash.htm       Exploits
59ukjff.9966.org/a/iggg.html       Exploits
59ukjff.9966.org/a/fgg.html       Exploits
59ukjff.9966.org/a/qb.htm       Exploits
59ukjff.9966.org/a/ippp.htm       Exploits
59ukjff.9966.org/a/ip.htm       Exploits
59ukjff.9966.org/a/02.htm       Exploits
59ukjff.9966.org/a/lz.htm       Exploits
59ukjff.9966.org/a/office.htm       Exploits
wr437jt.3322.org/a/a100.htm       Exploits
electric.cn/cp_view.asp?id=16842       Exploits
hjtshop.com       Exploits
wr.jkt57.cn/1/04/index.htm?05       Exploits
f1.hf3y5.com/1/aivticx.exe        AntiAV
www.gxxwgc.com.cn       Exploits
wr.kug78.cn/1/20/index.htm       Exploits
a1.igr5s.com/1/avticnx.exe        AntiAV
gdcb-h.com/xx.asp?id=2565       Exploits
w3og.cn/s.js       Exploits
h1.dgfg4.com/19/AeX.exe       Trojan.AntiAV
h1.dgfg4.com/a/AivtieX.exe        Trojan.AntiAV
www.adobeus.com/go/getflashplayer/flashplayer.exe        Trojan-GameThief.WOW.iif
gm.adsl8899.cn/nl1.exe        Trojan.Downloader
jx.kkwyx.com/sie/udw.rar      AdWare.BHO
kcs.cn/web6/images/down.txt        Malware calls home
kcs.cn/web6/images/dl_205423.exe        Koutodoor
kcs.cn/web6/images/nl1.exe          OnLineGames.NZF / Trojan-GameThief.WOW.msp
kcs.cn/web6/images/serverB.exe         BackDoor.VB.gtw
www.ppggg.com.cn/www.exe          AutoRun
219.139.81.6/news/image.jpg         Backdoor.Koutodoor
www.xzwrn.cn/nba/image.jpg        Backdoor.Koutodoor
chj771277.3322.org/qq.txt?14        Malware calls home
alan.p9555.cn/images/web/2/ie7_new.html         Exploits
baidusib.cn/06/ytxxz.htm         Exploits
baidusib.cn/06/091.js         Exploits
baidusib.cn/06/092.js         Exploits
pornotubxxx.com/updater.php?id=1222&rep=1        WinTrim / NaviPromo
celeb.pornotubxxx.com/view.php?video=9196&r=1198&s=        WinTrim / NaviPromo
google-anlacc.cn/pagead/show_ads.js         Exploits
ljstengfei.h45.f5w.net/cstj/cstj.htm         Exploits
qy.fn6k.cn/1/19/index.htm?07         Exploits
onewedhost.com/qdring1/themes/902.htm         Exploits
product4.cn/tcoun/ss.htm         Exploits
vkjfijfpowpo.3322.org/fsdfsdfw/news.htm         Exploits
vkjfijfpowpo.3322.org/fsdfsdfw/js.css         Exploits
166pp.com/w/ss.htm         Exploits




Modify
lineacount.info/cgi-bin/search?id=169205&k=ar15+stock&ref=undefined        <<--- Domain already in the database but needs new IP 91.207.61.48, and this is a new URL


Inactive/Remove
al-horno.com.ar/blog/wrwrwrwr.txt

May 10, 2009, 05:00:07 pm
Reply #20

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
injek.by.ru/download/source/klr-id.txt       RFI
antivirusbestscannerv1.com         78.47.91.153        Rogue
antivirusbestscannerv1.com         69.4.230.204        Rogue
antivirusbestscannerv1.com         212.117.165.126        Rogue
antivirusbestscannerv1.com         38.99.170.210        Rogue
antivirusbestscannerv1.com         78.47.132.216        Rogue
antivirusbestscannerv1.com         94.102.48.28        Rogue
usa-antispy.com        Rogue
antiviruslivescanv3.com        38.99.170.9        Rogue
antiviruslivescanv3.com        212.117.165.126        Rogue
antiviruslivescanv3.com        78.47.91.153        Rogue
adware-removal-tool.com        Rogue
antivirusquickscanv1.com         69.4.230.204
antivirusquickscanv1.com         212.117.165.126
antivirusquickscanv1.com         38.99.170.210
antivirusquickscanv1.com         83.133.123.140
antivirusquickscanv1.com         94.102.48.28
antivirusquickscanv1.com         78.47.91.153
2qnews.07x.net/images/menu.js        Rogue
sexerotika2009.ru/admin/red/en.php        Rogue
liveavantbrowser2.cn/go.php?id=2022&key=4c69e59ac&p=1        Rogue
safeinternettoolv1.com/1/?id=2022&smersh=7b2559944&back=%3DDQ1zTT5MYQNMI%3DO        212.117.165.126        Rogue
safeinternettoolv1.com/1/?id=2022&smersh=7b2559944&back=%3DDQ1zTT5MYQNMI%3DO        38.99.170.9        Rogue
safeinternettoolv1.com/1/?id=2022&smersh=7b2559944&back=%3DDQ1zTT5MYQNMI%3DO        69.4.230.204        Rogue
safeinternettoolv1.com/1/?id=2022&smersh=7b2559944&back=%3DDQ1zTT5MYQNMI%3DO        78.47.91.153        Rogue
ns1.s-hosting.biz         NameServer for Rogue sites
ns2.s-hosting.biz         NameServer for Rogue sites
softsupportmail.com        Rogue
pcantimalware.com/download.php        Rogue
www.accaddeoggi.it         Exploits
91.207.61.32/.r/.fi/index.php        Exploits
91.207.61.32/.r/.fi/load.php        Trojan-Spy.Zbot
www.medicidigruppo.it        Exploits
guardav.com/index.html        Rogue
coreguard2009.com        Rogue
guardlab2009.net/index.html        Rogue
coreguardlab2009.net        Rogue
errorstool.com/downloads/setup.exe         Rogue
fixupdates.com        Rogue
evidenceeraser.com        Rogue
errorsweeper.com        Rogue
adultelitiest.ru        Exploits
paytraff.biz/ts/in.cgi?prokop        Exploits
wuhwasum.cn/s/in.cgi?9        Exploits
cakpapaz.cn/nuc/index.php        Exploits
sex.xxx19.org/285/name.jar       Trojan-SMS.J2ME.Boxer.c
sextraf.cn       Trojan-SMS.J2ME.Boxer.c
8i0c.cn/14.htm       Exploits
nvi3.cn/ss.exe       Trojan-GameThief.Magania.bavl
deabak.com/z.js       Exploits
xin89221.com/love/windoss.css        Trojan-Downloader.Geral.kq
best-av-scanner.com         Rogue
av-antivir-check.com         Rogue
online-av-scan2008.net         Rogue
litecarfinestsite.cn        Exploits

May 11, 2009, 12:56:37 am
Reply #21

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
Inactive/Remove
secret-admirer.info/scan/id.txt
replicanew.com/more/kid.txt
bluewaterrunning.com/setan.txt
ds5vxk.com/board/id.txt
121.254.140.55/~shinapt/upload/File_Dir/safe
hanbol.es.kr/indo.txt
125.250.78.194/rgboard/manual/.../sistem.txt
cia.uabc.mx/images/raid.txt
163.27.96.5/~s92106/id.txt
septimamaipu.cl/septima/mambots/idar.txt
hydrocomp.com/phpmyfaq/attachments/id
computraining.nl/img/tool20.dat
freenet.am/~h4ck1nf0/sistem.gif
emmaperquin.nl/components/com_akobook/safeon.txt
posmac.nl/templates/sistem.gif
memex.c3.hu/~tata/limesurvey/tmp/alb
luoghidellacultura.it/www/components/com_joomla-visites/cmd.txt
naparstki.pl/mediagallery/maint/README
emuleapocalypse.nuxit.net/site/skins/advanced/id.txt
fo-saverne.com/images/temp/install.txt
fo-saverne.com/images/temp/readme.txt
dpsg-waldsee.de/dpsg/idv6.txt
elettrostudio.ch/fr/id.txt
elettrostudio.ch/fr/ids.txt
poko.pokol.hu/id5.txt
poko.club.hu/id1.txt
www.lammer.xpg.com.br/enviar3.php
www.webshell.xpg.com.br/TT
www.alb3rt0.xpg.com.br/hospedagem.txt
paginas.terra.com.br/lazer/xfatalityx/id3.txt
paginas.terra.com.br/lazer/fatalzinh0/id3.txt
cepeduc.com/cepa/images/M.images/idscan3
buenosairesidiomas.com/centro/idv6.txt
buenosairesidiomas.com/centro/xuxuon.txt
cinepopbrasil.com.br/sistem.txt
xvascainox7.sites.uol.com.br/v6.txt
brguild.t5.com.br/forum/id2.txt
hyoga.kit.net/idv6.txt
h4x0rs.kit.net/cmd.php
h4x0rs.kit.net/r57.php




New
webfo.biz/fxid1.txt

May 11, 2009, 10:33:56 pm
Reply #22

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
New
sexbases.cn/in.cgi?16&b84b77        Exploits
sexbases.cn/com.html        Exploits
firstgate.ru/33/link.php        Exploits
firstgate.ru/33/load.php?id=0        Trojan-Downloader.Murlo.awx / Branvine.A
lsiu.info/evo/count.php?o=10        Exploits
lsiu.info/evo/getexe.exe?o=10&t=1242070079&i=1365814122&e=1        Trojan.Win32.Agent.cfwe / Wigon / Pushdo
8addition.info        Exploits
fayst.com        Exploits
systemsecuritytool.com/downloadsetup.php        Trojan-Downloader.Agent.bqbu / Trojan-Downloader.Agent.blct
videoporntrue.com/tube/?id=157&title=Girls+Fucked       FakeRean / FakeAlert
videoporntrue.com/codec/157.exe       FakeRean / FakeAlert
freetubemov.com       FraudTool.PrivacyCenter.w
tubemoviez.com       FraudTool.PrivacyCenter.w
yourporn-xmovies.com/promo4/?aid=851       FraudTool.PrivacyCenter.w
yourporn-xmovies.com/promo4/get.php?aid=851&vname=flash_player_plugin       FraudTool.PrivacyCenter.w
pornitube.net/new/index.htm          Rogue
firesearch.sc/search.php?keyword=xxx        Results direct to malware
ngjxcs7b5.votrecv.com          Rogue
namazdu6.biz/str/in.cgi?default&parameter=glavmed          Rogue
totalvirusshield.com/page.php?id=44          Rogue
antivirus-xppro-2009.com         Rogue
antivirusxppro-2009.com         Rogue
websecuritybureau.com/hitin.php?land=30&affid=02086         Rogue
coqhecup.cn/pa.html        Exploits
hotxasib.cn/su/in.cgi?18        Exploits
profi-tooltip.biz/pro/page.html        Exploits
advanced-uninstaller.com         Rogue




Modify
www.hqualityporn.com/ethnic/     New IP 85.17.103.104   (Also, doesn't need www.)
www.hqualityporn.com/in.js       New IP 85.17.103.104   (Also, doesn't need www.)
adultvidsportal.info/go.php?ref=        (currently marked inactive, needs marking active), new IP  85.17.103.104
sutra2s.info           Domain already exists in database, IP needs modifying 75.102.24.14




Inactive/Remove
85.17.92.42/cgi-bin/index.cgi?user4
85.17.92.42/cgi-bin/index.cgi?user7
osteklen.org

May 11, 2009, 11:19:43 pm
Reply #23

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
Inactive/Remove
logistics.vec.go.th/r57.txt
gsis.bogo.net/bbs/tes.txt
www.haiagaros.info/x/id.txt
internetwonderful.com/r57.txt
freewebs.com/scanspread/include.c
bjork.name.md/id.txt
lechess.com/a.php
geocities.com/tandry87/test/id.txt
jeffery.wewokawoods.org/components/wing.jpg
lernservicecenter.de/lsc/administrator/components/com_rss/ini/id.txt
tp.klokan.sk/help/css/hello.txt
aranytoll.csillagszemek.hu/test.gif
naturopathic.org/images/bulletins/mic22.txt
topgas.co.uk/forum/succes
art-chrome.no-ip.org:16080/administrator/templates/%20%20%20/3.txt
geocities.com/siskagita/test.txt
lexikus.com/t/r1.txt
lexikus.com/t/stnc.php
yavuzselimlisesi.com/components/com_kanbankasi/language/id.txt
tnwnepal.org/id.txt
foolishmovies.helloweb.eu/fastidio_id.txt
perevorot.org/cache/tits.txt
free-news.nl/joomla/components/com_messages/id.txt
lun4.serveirc.com/bigdoz1.txt
xat.co.kr/xatboard/data/pds/id.txt
201.70.9.109/www

May 12, 2009, 09:51:58 pm
Reply #24

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
New
foto4foto.com/gallery/        Exploits
total-virusprotection.com/xpprot/2/?a=ks125&s=        Rogue
total-malwareprotection.com        Rogue
directdownloadcenter.net/search.php?q=xxx          Results direct to malware
bestspices.biz/search.php?aff=&saff=&q=screw+my+wife+please         Results direct to malware
searchpoint3.com/search.php?q=porn%20free         Results direct to malware
cvghrte3ergre.com/search.php?q=pussy         Results direct to malware
66.36.241.191/_getf_/screw%20my%20wife%20please.html?id=31370        FakeAlert-CM / FakeRean
pornproductions09.net/codec/228.exe        FakeAlert-CM / FakeRean
xml.klikvip.com/js.php?pin=2963121788257090953394199662910&num=3&saff=0&q=g-spot+vibrators&view=1&queue=3-1-2&ref=         Results direct to malware
ultimatecrack.biz/test/WebVideoX_live.exe         Trojan.Downloader.Loadadv.ACE
aaqkweoslz.com/progs/royyl/fcppddma.php?adv=adv413        Malware calls home
aaqkweoslz.com/progs/royyl/lvreefo.php         Virus.Virut.n
aaqkweoslz.com/progs/royyl/ggcqqdde.php         Trojan.Winwebsec / Ertfor.A
aaqkweoslz.com/progs/royyl/kqddj.php         Virus.Virut.n
aaqkweoslz.com/progs/royyl/wspcpq.php         Tobssod.A
aaqkweoslz.com/progs/royyl/clmvviwj.php         Virus.Virut.n
aaqkweoslz.com/progs/royyl/cyiivvvjjw.php         Virus.Virut.n
aaqkweoslz.com/progs/royyl/yhrrrrsfob         Trojan.Downloader.Loadadv.ACA / Harnig
aaqkweoslz.com/progs/royyl/dranobool.php?adv=adv413&code1=LNLD&code2=3115&id=1824245000&p=1         Malware calls home
aaqkweoslz.com/uniq.php?id=1824245000&p=1        Malware calls home
bazrvxedfe.net/aasuper0.php        Trojan-Downloader.Boltolog / Backdoor.Rustock.NFM
bazrvxedfe.net/aasuper1.php        Virus.Virut.ce
bazrvxedfe.net/aasuper2.php        Trojan-Downloader.FraudLoad.eiu / Wigon / Cutwail
bazrvxedfe.net/aasuper3.php        Net-Worm.Koobface
boscumix.com/optima/index.php?uid=483650&ver=2.03a       Malware calls home
boscumix.com/optima/control/bot.exe         Obfuscator.ER




Inactive/Remove
www.tramiche.org/l33tb1t.txt
www.ustaska.pl/editor/idid.txt
www.v8rx7forum.com/includes/paymentapi/log.txt
yallaweb.net/images/grey/tbl/DEVILS/help.txt
atventure.de/images/idid.txt
mamolar.com/~reloj/id.txt
myplaceol.org/photos/echo.txt
cardimg.info/test.txt

May 12, 2009, 11:30:54 pm
Reply #25

CM_MWR

  • Special Members
  • Hero Member

  • Offline
  • *

  • 319
Code: [Select]
aaqkweoslz.com/progs/royyl/fcppddma.php?adv=adv413        Malware calls home
aaqkweoslz.com/progs/royyl/lvreefo.php         Virus.Virut.n
aaqkweoslz.com/progs/royyl/ggcqqdde.php         Trojan.Winwebsec / Ertfor.A
aaqkweoslz.com/progs/royyl/kqddj.php         Virus.Virut.n
aaqkweoslz.com/progs/royyl/wspcpq.php         Tobssod.A
aaqkweoslz.com/progs/royyl/clmvviwj.php         Virus.Virut.n
aaqkweoslz.com/progs/royyl/cyiivvvjjw.php         Virus.Virut.n
aaqkweoslz.com/progs/royyl/yhrrrrsfob         Trojan.Downloader.Loadadv.ACA / Harnig
aaqkweoslz.com/progs/royyl/dranobool.php?adv=adv413&code1=LNLD&code2=3115&id=1824245000&p=1         Malware calls home
aaqkweoslz.com/uniq.php?id=1824245000&p=1        Malware calls home
bazrvxedfe.net/aasuper0.php        Trojan-Downloader.Boltolog / Backdoor.Rustock.NFM
bazrvxedfe.net/aasuper1.php        Virus.Virut.ce
bazrvxedfe.net/aasuper2.php        Trojan-Downloader.FraudLoad.eiu / Wigon / Cutwail
bazrvxedfe.net/aasuper3.php        Net-Worm.Koobface
boscumix.com/optima/index.php?uid=483650&ver=2.03a       Malware calls home
boscumix.com/optima/control/bot.exe         Obfuscator.ER


You could make iframedollar gang thread out whats been in DB over past year or more.  :D

May 13, 2009, 12:38:38 am
Reply #26

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
Perhaps we should follow them even more closely :) I remember I used to list some of their nameservers aswell, I should probably do that again.

New
sgh-topprograms.com/softwarefortubeview.45013.exe        Trojan
yesey.net/play/video.php        Trojan
2todays.com/in.cgi?default        Trojan
freegirla.com/4831/h85224.html        Trojan
yourko.com/8644/n72651.html        Trojan
mekind.com/download/6b72504756673d3d397ccafd/MacTubePlayer.dmg       Jahlav.D
mac-videos.com/play/mac-video.php       Jahlav.D



Inactive
members.lycos.co.uk/zolahacker/id.txt
ncku.net/images/var.txt
quickshare.ru/upload/8374/tool25.html
russianinterpreter.ru/administrator/templates/joomla
shorttrackwarriors.com/backup/romid.txt
dragondyne.com/modules/cmd.txt
verinet.com.tr/id.txt
vririf.verificas01.pochta.ru/verifica.txt
wichtl.at/files/echo.txt

May 13, 2009, 12:23:20 pm
Reply #27

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
New
tm34.info/st/in.cgi?default        Rogue
hd.sbells.info/pcxp.php        Rogue
axmell.info/out.php?p=pcxp        Rogue
futureinternetsecurity.com/hitin.php?land=20&affid=09300        Rogue
quickscanpcv1.com       93.174.93.34        Rogue
quickscanpcv1.com       88.198.41.170        Rogue
savemypcnowv1.com       38.99.170.9        Rogue
savemypcnowv1.com       78.47.91.153        Rogue
savemypcnowv1.com       69.4.230.204        Rogue

May 15, 2009, 07:46:21 pm
Reply #28

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
New
rlamba.biz/in.cgi?5&d=33       Navipromo / Wintrim
1tubexxx.com       Navipromo / Wintrim
innovavids.com/take.php?id=3&r=1197       Navipromo / Wintrim
advanedmalwarescanner.com/go.php?id=2019&key=572c78987&p=1       Rogue
your-guide-online.com/page/fuck-slut       Rogue
get-mega-tube.com/teens/xindex.php?id=45024       Unknown
sextds.com/in.cgi?3&parameter=teen       Unknown
1k.pl/inlkir       Unknown
1k.pl/klnk.php?url=inlkir       Unknown
kor-programms.com/softwarefortubeview.40000.exe       Unknown


Modify
2009/05/13_00:00  85.17.136.137         (Domain is missing '-')

May 16, 2009, 10:10:03 pm
Reply #29

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
New
advanedpromalwarescanner.com Rogue
advanedmalwarescanner.com Rogue
search2007.info/sutra/in.cgi?28 Rogue
indoirc.go.ro/idscan.txt RFI
koal4.com/fx29id.txt RFI
nw.or.kr/bbs/icon/tukulid.txt RFI
208.98.22.241/id.txt RFI
lwamus.com/fx29id.txt RFI
lwamus.com/fx29id2.txt RFI
r-shooter.com/bbs/data/test.txt RFI
treffuns.de/img/icons/tabs/id.txt RFI
wizard.com.br/fx29id.txt RFI
wizard.com.br/fx29id2.txt RFI
www.bernardyni.ofm.pl/organy2/tmp/temp/id1.txt RFI
sherif-dudulz.ucoz.com/id1.txt RFI
sherif-dudulz.ucoz.com/id.txt RFI
sherif-dudulz.ucoz.com/id2.txt RFI
80.24.176.145/time/appserv/file.txt RFI
jeta.co.kr/bbs/component/.jpg/fx29id.txt RFI
rgbclub.net/bbs/icon/fx29id.txt RFI
theblythes.net/cal/mydb RFI
gsmch.org/club/chi.txt RFI
quetzal1.innsz.mx/components/com_joomlalib/standalone/fx29id.txt RFI
juarteakorea.co.kr/board/rgboard/include/w.txt RFI
elitewheels.ru/nopage Exploits
qwehost.com/count.php?o=2 Exploits
sc0field.info Exploits
sc0field.info/Icepack/index.php Exploits
sc0field.info/Icepack/exe.php Trojan.Dropper
202.73.57.11/arwe/?736361acd09ca9717c9462514beb5205 Exploits
202.73.57.11/tomi/?t=2 Exploits
casien.net/eu/GB/k1/ NaviPromo / Skintrim.BAY
216.12.161.18/download/download.php?camp=22769&f=slut NaviPromo / Skintrim.BAY
raindrip.com/cms/baner.txt RFI
barracuda-antivirus.com Rogue
4utraffic.com/tp1.tv Malware calls home
4utraffic.com/misterpresident/s.php Malware calls home
1stempirefinancial.com Exploits
mcdisseny.com/tmp/copyright.txt RFI
tugaspeed.info/idpriv8.txt RFI
sk8sunabe.heteml.jp/mt/mt-static/numpang/fx29id2.txt RFI
www.rainbowofdiamonds.com/scripts/test RFI
212.227.74.68/catalog/fx29id.txt RFI
www.hetjongeschaap.nl/site/images/response.txt RFI
masuccessguy.com/docs/book RFI
rsh.kiev.ua/images/idfx1.txt RFI
shababek.de/baner.txt RFI
srcdirc.my-php.net/fxtool/fxtool/fx29id.txt RFI
home.covenantberks.org/images/kampret.jpg RFI
deutsch-online.pl/films/video/ Exploits
aladin-online.com/new/components/com_virtuemart/shop_image/vendor/test.txt RFI
www.sysweb.it/user/1.txt RFI
tactitrans.com/b1ttletX1.txt RFI
driji.wap.sh/id.txt RFI
pallmall4.fileave.com/id.txt RFI
kcaer.re.kr/zboard/icon/id.txt RFI
mybcpc.org/bcpcchoi/technote7/skin_shop/standard/2_view_body/idfx1.txt RFI
stonemac.com/bbs/g/id1.txt RFI
geocities.com/coracore99/r0bot.txt RFI
qigong-club.ru/bitrix/admin/vid.txt RFI
nw.or.kr/bbs/icon/idxx.txt RFI
www.info-design.fr/language/fonts/id1.txt RFI
geocities.com/valent_45/id1.txt RFI
ssdnb.net/bbs/data/vo RFI
4-floor.com/css/z1 RFI
laskar.mw.lt/id.txt RFI
laxestereo.com/parranda/copyright.txt RFI
kq-china.com/web/templates/ja_purity/id1.txt RFI
triton-friendlyclub.com/2009/id.txt RFI
cocoking.com/upload/gallery/id.txt RFI
h1.ripway.com/lupa121/makan.txt RFI
h1.ripway.com/adi121/id1.txt RFI
kenniscentrumgemeenten.nl/assets/export/id.txt RFI
flyozoneusa.com/tmp/id1.txt RFI
flyozoneusa.com/tmp/rfi.txt RFI
steannareptile.it/administrator/id1.txt RFI
asistek.cl:443/accounts/inc/chid.txt RFI
nw.or.kr/bbs/icon/v6.txt RFI
tmt.org.ru/readme.txt RFI
e-blacklist.net/alditor/bin1.txt RFI
colegiopenacorada.com/xoops_lib/modules/pw.txt RFI
ladyboss.com.ua/fx29id2.txt RFI
angelcitytrading.com/css/1.txt RFI
ambient-arts.co.uk/media/id.txt RFI
lanaalaadi.com/gallery/data/media/2/3/db.txt RFI
nw.or.kr/bbs/icon/gie.txt RFI
diga-pro.es/r57/test.txt RFI








Modify
nospam-ns.com/google/index.php        New IP 203.116.63.113







Inactive
nkdb.org/AsaMall/makeup/id.txt
fun-tour.ru/netcat_files/error.txt
cosmickls.net/bruno.bin
201.76.183.2/ids.txt
soesy.barcah.web.id/readme.txt
hashiriya.jp/upload/source/up16019.txt
203.113.6.34/adu/special.txt
emachine.com.hk/.z/okk.txt
203.253.145.192/zb41/skin/zero_vote/ruschmasik.txt
bbwonlinepersonals.com/groups/gallery/did.txt
bbwonlinepersonals.com/groups/gallery/id.txt
keycell.webs.com/IDscan.txt
bpec-english.com/test.txt
freewebs.com/lostmind7/idv6.txt
freewebs.com/brutusman/id.txt
lamarguerite.ca/mraneti.txt
sunter.us/a.txt
barancennet.getmyip.com/id.txt
kavirestan.ir/templates/siteground74/images/Za/bot.txt
pet-ijmond.nl/images/prc.gif
xddddd.webcindario.com/id.txt
elitewheels.ru/images/cnn
elitewheels.ru/images/inc
secondlive24.de/help/sql.txt
4utraffic.com/boom1.tv