Author Topic: 5webs.net  (Read 3074 times)

0 Members and 1 Guest are viewing this topic.

June 28, 2009, 05:01:12 pm
Read 3074 times

Malware-Web-Threats

  • Special Members
  • Hero Member

  • Offline
  • *

  • 354
    • MalwareURL
if you set the referer to be "google.com" you will be redirected to a new rogue antivirus domain served by struckyorluck[.]cn

Code: [Select]
bingb.5webs.net
checknews.5webs.net
day27s.5webs.net
day27x.5webs.net
hittoday.5webs.net
keepnews.5webs.net
news28.5webs.net
nextzz4.5webs.net
nextzz5.5webs.net
realnews.5webs.net
topnews.5webs.net
fournews.5webs.net
readynews.5webs.net
hittoday2.5webs.net
safenews.5webs.net
highnews.5webs.net



Anubis
Quote
From ANUBIS:1033 to 83.133.124.81:80 - [msncoreupdate.com] 
Request: GET /?act=fb&1=0&2=1192706791&3=5.1.3.0.2600&4=IEXPLORE.EXE&5=20&6=4&7=31&8=95&9=0&10=11-18 
Response: 200 "OK" 

VirusTotal - 1/41 (2.44%)

June 29, 2009, 04:31:52 pm
Reply #1

Malware-Web-Threats

  • Special Members
  • Hero Member

  • Offline
  • *

  • 354
    • MalwareURL
we continue with 007webs[.]com ?

Code: [Select]
27news.007webs.com
babysl.007webs.com
coming1.007webs.com
coming2.007webs.com
coming3.007webs.com
coming4.007webs.com
coming5.007webs.com
day27.007webs.com
epos29.007webs.com
etnonv.007webs.com
europe12.007webs.com
europe14.007webs.com
europe15.007webs.com
europe19.007webs.com
europe20.007webs.com
europe4.007webs.com
europe6.007webs.com
europe7.007webs.com
finalnews.007webs.com
fournews.007webs.com
jackson-rip.007webs.com
june29.007webs.com
june29th.007webs.com
keepnews.007webs.com
mike-jackson.007webs.com
news29.007webs.com
poemstv.007webs.com
realnews.007webs.com
safenews.007webs.com
topbooks.007webs.com
topbooks1.007webs.com
topbooks2.007webs.com
topbooks3.007webs.com
truenews.007webs.com

malicious js file

"/images/ads.js"

which redirects to videoxporno[.]ru
then spacefunk[.]cn
then folderantispywarescanner[.]com

Wepawet
Wepawet

June 29, 2009, 05:38:27 pm
Reply #2

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
we continue with 007webs[.]com ?

Most of those subdomains redirect to a 404 page.

007webs.com an 5webs.net subdomains which are working are
Code: [Select]
coming1.007webs.com/images/ads.js
coming2.007webs.com/images/ads.js
coming3.007webs.com/images/ads.js
coming4.007webs.com/images/ads.js
coming5.007webs.com/images/ads.js
day27.007webs.com/images/ads.js
europe12.007webs.com/images/ads.js
europe14.007webs.com/images/ads.js
europe15.007webs.com/images/ads.js
europe19.007webs.com/images/ads.js
europe20.007webs.com/images/ads.js
europe4.007webs.com/images/ads.js
europe6.007webs.com/images/ads.js
europe7.007webs.com/images/ads.js
jackson-rip.007webs.com/images/ads.js
mike-jackson.007webs.com/images/ads.js
topbooks.007webs.com/images/ads.js
topbooks2.007webs.com/images/ads.js
topbooks3.007webs.com/images/ads.js
start010.007webs.com/images/ads.js
day27s.5webs.net/images/ads.js
hittoday.5webs.net/images/ads.js
nextzz4.5webs.net/images/ads.js
nextzz5.5webs.net/images/ads.js
hittoday2.5webs.net/images/ads.js
Ruining the bad guy's day