Author Topic: 90909001.cn  (Read 3426 times)

0 Members and 1 Guest are viewing this topic.

August 24, 2009, 09:45:40 pm
Read 3426 times

eoin.miller

  • Sr. Member

  • Offline
  • ****

  • 179
User's URLs Posted To here. List of links/sites come back:
----------------------------------------------
90909001.cn

Also seeing cliccker.cn inside of the responses coming back.

Hijacked links clicked on randomly get redirected to these sites and ultimately to their destination:
----------------------------------------------
64.111.196.117/c.php?
76.9.16.153/c.php?
76.9.16.156/c.php?

Weird sites that come back as part of URL's to

If you try to go to any of these domains, you are redirected to http://www.avg.com/?LinkScannerSucks (heh). All of these domains resolve to 208.87.33.151.
/search.php|5|1800:
----------------------------------------------
2002pourlafrance.net
abc.sonewhere.com
albena.com
alexhareimages.com
asqc.com
audioload.com
benricgi.com
branchmail.com
broken-dream.net
cempr.com
centreparcs.com
certificaterebates.com
cgsociety.com
charamix.com
chatplanet.com
chetf.com
clevelandroad.com
cmpr.com
cybername.net
darkprofits.com
data.satita.net
dentistisrael.com
desertplants.com
designerlinen.com
devil-hunter.no-ip.ork.com
digiforest.com
dinaire.com
displaywear.com
dpgile.com
drugmax.com
freeregister.biz


There are probably a lot more of these types of sites.


Lastly, there is some SSL connections going out to 212.117.174.171 over HTTPS using a fake ssl certificate. I am looking into this a bit more tomorrow, but if you see any connections back to this IP, you are infected.