Author Topic: Malicious URLs on port 8080  (Read 15554 times)

0 Members and 1 Guest are viewing this topic.

September 07, 2009, 01:59:29 pm
Read 15554 times

Malware-Web-Threats

  • Special Members
  • Hero Member

  • Offline
  • *

  • 354
    • MalwareURL
All are working with

:8080/index.php (exploits)
:8080/ts/in.cgi?pepsi{1-99} (redirects to exploits)
:8080/cache/readme.pdf (pdf exploits)

I found some of them yesterday and seems to continue:
Code: [Select]
010608.myftp.biz
0318665442.serveftp.com
044486.no-ip.biz
105k.servecounterstrike.com
1091johansson.myvnc.com
10987.myvnc.com
1103032954.servequake.com
111.serveblog.net
174.120.38.119
174.36.192.34
174.36.192.34-static.reverse.softlayer.com
205.234.231.29
207.228.233.6
208.100.38.37
208.53.183.65
216.243.174.70
65.111.164.118
66.36.242.36
67.223.232.29
67.228.39.206
72.14.184.178
74.208.69.115
79.143.129.13
82.138.96.5
82.165.179.193
87.249.116.188
91.121.108.53
95.130.174.200
aaissaoui2.thruhere.net
aalilil.isa-geek.com
aalkhateeb.go.dyndns.org
aalkhayari.dyndns.info
aasiyasa.webhop.info
aassafmohamed.homelinux.com
aassidek.serveftp.org
aateda.podzone.net
aathrey.webhop.org
aayir.is-a-chef.com
aazopole.ham-radio-op.net
ababdellatif.homedns.org
abalpardar.ftpaccess.cc
abdakssasse.webhop.biz
abdoulmakki.selfip.org
abenza.blogdns.org
abesol1.homelinux.org
ambitius.com
asteinhauer.serveirc.com
banthumloop.nl
bartelsharley.com
bartels-hd.com
bkludmila.servequake.com
cherryfun.com
chubenko.myvnc.com
directict.nl
directictserver.net
eletrolar.homedns.org
fapromix.ftpaccess.cc
filabio.com
global-free-classified-ads.com
hyper-info.com
i-net.nl
ip37.208-100-38.static.steadfast.net
jouli82.dynalias.org
karenpp.is-a-geek.org
katsulas.serveblog.net
lesniskolka.no-ip.org
li50-178.members.linode.com
malvn.homeunix.org
marksistskaya.hopto.org
marosey.servebeer.com
maurikov.serveirc.com
meguw7.dyndns.info
mehmetayyildiz.endofinternet.org
melidro.sytes.net
myriapulse.com
navolge1.myftp.org
ns37717.ovh.net
rs17204sah.servequake.com
s15246751.onlinehome-server.com
server.cherryfun.com
server.hyper-info.com
server1.jahmyspace.com
taskocorp.zapto.org
u15193453.onlinehome-server.com
uacinter.ath.cx
urs2007.serveftp.com

September 07, 2009, 02:01:25 pm
Reply #1

Malware-Web-Threats

  • Special Members
  • Hero Member

  • Offline
  • *

  • 354
    • MalwareURL
continue:

Code: [Select]
1a-h.de
1a-hosting-24.de
3soft.us
91.121.134.229
adsense-world.de
bi-jin.de
brandnamemart.cn
coolnamemart.cn
ddl-city.com
euddl.com
kroegerelectronics.de
mail-24.info
mail-x.at
mail-x.eu
n1soft.com
namebuylines.cn
ns201973.ovh.net
searchlook.de
soloddl.com
topddl.com
top-xxx.us
warezq.info
was-gutes-aber-guenstig.de

September 08, 2009, 05:12:42 am
Reply #2

Malware-Web-Threats

  • Special Members
  • Hero Member

  • Offline
  • *

  • 354
    • MalwareURL
I will check later if I can find the others.

Attached the screenshot

Code: [Select]
juliachar.sytes.net
lachgar06.is-a-chef.net
64.186.129.93
70.32.73.147
tomaszstupnowicz.boldlygoingnowhere.org
feb000327975.dvrdns.org
sp2ekon.myftp.biz
chasunee.shacknet.nu
ventas.servemp3.com

September 08, 2009, 05:29:36 am
Reply #3

Malware-Web-Threats

  • Special Members
  • Hero Member

  • Offline
  • *

  • 354
    • MalwareURL
Another list:
Code: [Select]
onniru.homelinux.org
jfbarbant.shacknet.nu
ascott9.homeunix.com
matheus99.kicks-ass.org
fedotenko.servemp3.com
alfamira.getmyip.com
rostovtoys.no-ip.org
shapovalov.hopto.org
smpspl.blogdns.org
revibol.3utilities.com
65.60.44.122
91.121.95.136
88.208.209.48
91.121.148.73
74.208.167.71
tommycronvall.doesntexist.com
albertkuhn49.servegame.com

September 10, 2009, 02:36:58 am
Reply #4

Malware-Web-Threats

  • Special Members
  • Hero Member

  • Offline
  • *

  • 354
    • MalwareURL
Code: [Select]
00000.servemp3.com
10809.servegame.com
108mef.servequake.com
11112222.servemp3.com
195.34.25.36
1A-7525.antagus.de
204.124.182.135
209.200.246.17
209.200.250.127
213.246.39.135
5e.f5.344a.static.theplanet.com
64.202.35.190
66.132.239.173
66.230.195.113
66.96.214.117
67.213.222.104
67.225.168.183
69.36.94.33
69.60.10.2
69.64.92.87
69-64-92-87.dedicated.abac.net
70.85.241.242
70.86.189.250
72.249.123.191
72.34.60.135
74.208.149.223
74.50.115.101
74.52.245.94
77.79.19.33
79.143.129.11
79.143.129.19
79.143.129.29
79.143.129.3
79.171.18.30
80.73.85.83
84.242.167.49
85.17.237.5
86.122.132.11
88.191.63.28
91.121.121.6
91.121.174.19
91.121.7.26
91.121.74.84
91.151.86.140
98.142.210.207
a2aveiculos.dynalias.org
a2stu.blogdns.com
a6t.homeftp.net
a86x.homeunix.org
aaawaawawawawa.is-a-chef.com
aabadane.is-a-chef.org
aamelkov.hobby-site.com
aarab51.go.dyndns.org
aartt.dyn-o-saur.com
aasmirnova.homeip.net
abaddah.serveftp.net
abadeka.homelinux.net
abadik.dontexist.org
abakhtiabdel.homeftp.org
abdelfettehmout.homeftp.org
abderrifai.is-a-geek.net
abdessamadk.dyndns.info
abedimohamed.dontexist.org
abhishekbhatia.webhop.org
abidarabderrahim.webhop.info
abjabari.ham-radio-op.net
abrosimovam.bounceme.net
airimp.webhop.net
ajderumerov.servecounterstrike.com
alaptoprock.servegame.org
alexanderm.servebeer.com
allensanders.shacknet.nu
alywik.podzone.org
amigos87.gotdns.org
amigosa.ham-radio-op.net
andreamaica.myftp.org
andreasavarese.sytes.net
anekon.dnsdojo.net
anitavinkovic.no-ip.info
annetty.endoftheinternet.org
arianescandella.homeftp.org
artem.serveblog.net
assistem.myftp.org
augvidas1.scrapping.cc
av237737.go.dyndns.org
awltech.doesntexist.com
axxis3.endofinternet.net
azservices.servebeer.com
beregrzn.myvnc.com
berezovskayvita.3utilities.com
bigfirststopnonfat.cn
blaid77.homeunix.net
bmcservis.homeunix.com
bncbilisim.com
boss.serveftp.com
boubahelou.myphotos.cc
brnkredit.zapto.org
bshaar.dyndns.biz
bugaevlipetsk.isa-geek.net
buhviteks.no-ip.org
bullfrogwirelesshotspots.com
busel777.serveftp.com
cagilarq.servegame.com
cawine.no-ip.biz
centertaxi.serveirc.com
chandra.servehttp.com
charkaoui2007.servehalflife.com
childvvd.serveftp.com
cmexbam.blogdns.net
constant.redirectme.net
cooperandhunter.no-ip.info
couvoirsud.no-ip.biz
creativeslab.net
crni.servegame.com
cymkuh.servehalflife.com
da54.hobby-site.com
daraleks.dyn-o-saur.com
denguir12.serveirc.com
desk46.dnsdojo.com
diamondcasinos.endofinternet.net
dmmin.dynalias.org
dogovor2.homeunix.com
dolfin48.zapto.org
dombita.servebeer.com
doronza.myftp.org
dottcacciano.getmyip.com
doumouhand.is-a-geek.net
ds76706.servehttp.com
e4933.endoftheinternet.org
edcvfr85.servehttp.com
edirnekapi.dontexist.net
elago.homedns.org
elja.servehalflife.com
elmaachim.sytes.net
erik13.kicks-ass.net
eruausn.serveftp.com
evdokimovao.dvrdns.org
f2.f1.5546.static.theplanet.com
fa580549.serveblog.net
fehercsalad.3utilities.com
finhabrio.myvnc.com
finps.sytes.net
forbookings.com
formulatyres.no-ip.org
galinochka07.serveftp.org
galochka84.dyndns.org
gavrilychenko.is-a-geek.net
gavriw.home.dyndns.org
gaziantep.myftp.org
genowefamrk.endofinternet.net
geokartom.myvnc.com
georgy.is-a-geek.org
gidran.thruhere.net
giuseppelattanzi.servecounterstrike.com
gmpire.mypets.ws
gunmaks.blogdns.net
gveldh14.servebeer.com
hafidiab.bounceme.net
halpertgabor.serveirc.com
helenapetrova.no-ip.biz
host.degreeforum.net
hst-19-33.splius.lt
industriya.no-ip.org
irinochka68.serveftp.net
ivke037.homeunix.com
janczar00.podzone.org
jaycee11.dyndns.biz
jensen4.office-on-the.net
jhollich.serveirc.com
juliakostyak.sytes.net
juliakrystal.servebeer.com
kacimi.webhop.org
kaleme.game-server.cc
kasai.myftp.biz
kashyaplimbachia.selfip.com
kburmenko.go.dyndns.org
kiradeath.game-server.cc
kirjianov.servehalflife.com
kojika10.hopto.org
kortukov.redirectme.net
kotov.serveblog.net
kovacskovacs.servequake.com
KPEMJIb.no-ip.info
krollbat.servegame.com
krystalline.sytes.net
ks25802.kimsufi.com
kupieckrakow.dontexist.net
kuzma03.getmyip.com
laboratorioradecom.is-a-chef.net
ladoga25.bounceme.net
lamzanabdou.is-a-chef.com
libusemoravcova.sytes.net
llyublinskaya.go.dyndns.org
lokymoroz.is-a-chef.net
ltf1478.tam.us.siteprotect.com
lubovorlova.dynalias.org
luchgkbc.selfip.org
lucymax.hobby-site.org
ludmila44.no-ip.biz
luiscomtex.servepics.com
luxvoyag.myvnc.com
lvkt.no-ip.biz
macbernardy.dynalias.net
macdonaldone.homeip.net
maestrobor.servebbs.com
magdatyminska.is-a-chef.org
mailci.bounceme.net
maoalessi.gotdns.org
mariejoegarychelsey.is-a-geek.org
marinamamonova.selfip.net
markoy83.blogdns.org
markusblatnik.no-ip.info
marthymartin.blogdns.org
martinolander.dontexist.net
maxisfk.home.dyndns.org
mazlaniimane.is-a-chef.org
meboubaroud.homedns.org
medbenchagra.no-ip.info
melnik.myftp.biz
metarom.mine.nu
michalbahn.blogdns.net
mickysgarden.blogdns.net
minaevaev.servecounterstrike.com
misgal.endofinternet.org
mishacricket.webhop.org
mksound.office-on-the.net
mlbudzich.no-ip.org
mohcin00.servecounterstrike.com
mola58.servequake.com
mschuelein.serveirc.com
mvdhagen.doesntexist.com
nahum111.hobby-site.com
neyva.dvrdns.org
nicubadea.mine.nu
ns1.bncbilisim.com
nstylia.isa-geek.com
ntlbz.is-a-geek.com
oerkekkose.ftpaccess.cc
olesia0193.is-a-geek.net
osavush.kicks-ass.net
p03.servegame.org
pblmrccpb.isa-geek.net
pekam.no-ip.org
petomanyo.merseine.nu
petrenkoma.servegame.com
pioneerxs.doesntexist.com
plotnikovadisp.servebeer.com
portoferreira.dontexist.net
promet7.endoftheinternet.org
pssebusko.servecounterstrike.com
psvmagazin.dnsdojo.com
racer59.homeunix.com
radar7.dynalias.net
rajarulsamy.no-ip.biz
ramisalminen.servehalflife.com
rezerwacja.is-a-chef.com
rizzetka.servegame.com
romanov87.serveftp.org
rosufa2.is-a-geek.com
rp77ue.servecounterstrike.com
rsb33089.hopto.org
ruzzapendola4.dyndns.biz
salahsaadaoui.serveftp.com
sd-11899.dedibox.fr
senmu.homeftp.net
serval7.is-a-chef.net
server88-208-209-48.live-servers.net
sharandov.blogdns.net
shkola1237p2.blogdns.org
sidelnikovat.servemp3.com
slezak.hopto.org
slingoman.dontexist.org
solovyshka08.myvnc.com
spechat.homelinux.org
spilak.hopto.org
sprub.selfip.net
ssobel.serveftp.com
stealtha.3utilities.com
stefan.servehalflife.com
stihiez.no-ip.info
stmru.servehttp.com
stroybumn.is-a-chef.org
studiobr.3utilities.com
sudebka.homelinux.org
svetok.selfip.net
svoronin.homeftp.net
system195.serveftp.org
tabex.sopharma.bg
tamariuvilla.homeftp.org
tanyamironenko.serveblog.net
tcce2284.shacknet.nu
tevtel.bounceme.net
tomant.dyndns.info
trademarks.scrapping.cc
trouble64.selfip.org
tvorog.servemp3.com
twjkanters.dontexist.org
u15343483.onlinehome-server.com
uygarreklam.dnsalias.net
vanek77788.hopto.org
vasjuk.servequake.com
venetasystem.servepics.com
vetsnabservice.dyndns.org
vgi50.office-on-the.net
zinapetrova.dyn-o-saur.com

September 10, 2009, 02:59:35 am
Reply #5

Malware-Web-Threats

  • Special Members
  • Hero Member

  • Offline
  • *

  • 354
    • MalwareURL
Code: [Select]
a856.game-server.cc
abdlahouaoui.gotdns.com
abinsap.mine.nu
adoroshko.webhop.info
aitan.selfip.net
asgotte.servehttp.com
beldg.homelinux.org
corsair7.serveftp.org
danton13.redirectme.net
egorovna07.no-ip.biz
fiorellap.is-a-chef.com
fitklub.blogsite.org
gubanovpa.serveblog.net
himinter.no-ip.biz
ingepoharez.servepics.com
kstone541.servequake.com
lamelaclub.serveblog.net
len671698.servemp3.com
marcelamotodelta.getmyip.com
mmbj.serveftp.com
moussaddaky.serveirc.com
nadzel.serveirc.com
niva87.endofinternet.org
oborin.doesntexist.com
priderig3.mypets.ws
rcergin.dnsalias.org
rvarner.no-ip.biz
seanlittle.zapto.org
sebahat.scrapping.cc
swiswi.homeftp.net

September 10, 2009, 08:32:16 am
Reply #6

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Code: [Select]
a2stu.blogdns.com:8080/ts/in.cgi?open
aaaauto.servebbs.net:8080/ts/in.cgi?open2
aaburke.dynalias.org:8080/ts/in.cgi?open2
aaliyahicare4u.office-on-the.net:8080/ts/in.cgi?open3
aamane06.isa-geek.com:8080/ts/in.cgi?open3
aandrioli.servebbs.net:8080/ts/in.cgi?open3
aarab51.go.dyndns.org:8080/ts/in.cgi?open3
aartt.dyn-o-saur.com:8080/ts/in.cgi?open3
abbassi03.homedns.org:8080/ts/in.cgi?open4
kopaeva.servegame.com:8080/ts/in.cgi?open6
senmu.homeftp.net:8080/ts/in.cgi?open4
slyusarenko.kicks-ass.org:8080/ts/in.cgi?open7
styleorient.dnsalias.org:8080/ts/in.cgi?open4
sunshinecoasttours.selfip.net:8080/ts/in.cgi?open6
Ruining the bad guy's day

September 10, 2009, 09:03:59 am
Reply #7

Malware-Web-Threats

  • Special Members
  • Hero Member

  • Offline
  • *

  • 354
    • MalwareURL
Code: [Select]
list67.serveblog.net
abeldsg.dyndns.info
acerosolimpo.no-ip.info
alexguid.zapto.org
altivina.no-ip.org
andreas.servepics.com
arenda.servegame.com
arm1102.podzone.org
babela.ftpaccess.cc
bbrisbin.myphotos.cc
deloslectores.mine.nu
dgreby.hopto.org
drnostradamus.endoftheinternet.org
eganovotny.servebeer.com
elkoudbaoui2008.game-server.cc
gheorgheradulescu.ham-radio-op.net
hattabz.hopto.org
ivanenko77.merseine.nu
jssmith.sytes.net
kamerunec.serveirc.com
moniqueboath.homeunix.org
nczirmerwi.doesntexist.com
nqk21857.dnsalias.org
ohboy.is-a-chef.com
perminova.homeunix.net
primorh.servehttp.com
rett1.servehalflife.com
rogalar.servebbs.net
s15298446.onlinehome-server.com
sivrikova.serveblog.net
smitter.boldlygoingnowhere.org
stalino3.blogsite.org
storm64.homeunix.com
tanycha71.scrapping.cc
viborchenko.servequake.com

September 10, 2009, 09:10:30 am
Reply #8

Malware-Web-Threats

  • Special Members
  • Hero Member

  • Offline
  • *

  • 354
    • MalwareURL
listed as inactive but all are online
Code: [Select]
hugehighest.cn
liteautoexcellent.cn
bigfirststopnonfat.cn
greatliteautobest.cn
nonfatautobest.cn
hugetopnonfat.cn

new:
Code: [Select]
mybetorwager.cn
mymixwager.cn
mybetsportswager.cn
ultralitecar.cn
hugehighest.cn
litetopfindguide.cn

September 10, 2009, 10:30:36 am
Reply #9

Malware-Web-Threats

  • Special Members
  • Hero Member

  • Offline
  • *

  • 354
    • MalwareURL
Code: [Select]
tgamma.servepics.com
emgonella.servegame.org
evelien.servehalflife.com
gayatrichemi.myvnc.com
neygem.servemp3.com
redaccion.hobby-site.com
riessmario.servecounterstrike.com
rmagana2.servepics.com
roselonguinho.dnsalias.net
spfd7779.hopto.org

September 10, 2009, 01:23:09 pm
Reply #10

Malware-Web-Threats

  • Special Members
  • Hero Member

  • Offline
  • *

  • 354
    • MalwareURL
Code: [Select]
aaa689.selfip.com
abdahmani.serveftp.net
abenhaddad.ham-radio-op.net
abhasr.myphotos.cc
adarkaoui55.3utilities.com
ascentmgt.is-a-geek.org
brendavandessel1.webhop.biz
carineramponi.endofinternet.net
ddiaz01.dnsdojo.org
editor.servepics.com
ferratum.mypets.ws
jjperchat.servegame.org
kanpur.serveftp.com
krzychu116.zapto.org
kvark81.selfip.net
makatum67.dontexist.net
marlina.no-ip.biz
mashmet2006.servegame.org
mdnmeh.servepics.com
mehmetkorkmaz.endoftheinternet.org
miknathnenna.mine.nu
mischamikolasek.dynalias.org
mnkwy883.servemp3.com
niluferzeren.servebbs.org
nirvanart.is-a-geek.org
prospititesoreria.is-a-chef.com
pullower.mypets.ws
reduktor65.isa-geek.net
ritach.gotdns.com
samrasa.isa-geek.org
shilinsergey.myftp.org
svetazh1.servepics.com
taboassa.no-ip.info
toperson.homelinux.org

September 10, 2009, 08:56:13 pm
Reply #11

Malware-Web-Threats

  • Special Members
  • Hero Member

  • Offline
  • *

  • 354
    • MalwareURL
Code: [Select]
591196.myvnc.com
78.111.98.227
abateagostina.blogdns.com
abfernandez.doesntexist.com
abratishchev.dvrdns.org
agoemaere.dvrdns.org
amuostafa.servehalflife.com
angelgirlmarija.homeip.net
annapalimaka.hobby-site.org
argoalplus.redirectme.net
bcapron.kicks-ass.net
bekecs.no-ip.info
bernadettesch.blogdns.net
berserk1978.isa-geek.net
bibindb1.zapto.org
bnrmrsh.selfip.info
book-of-blood.gmgroupenterprises.com
bradley-r--smith.sweetmangocafe.com
cantieri.no-ip.org
cbetru.blogdns.net
champions-online-review.dougs-gallery.com
chvm.myftp.biz
clark-gable-iii.cucinapartenopea.com
colrita.gotdns.org
connick.is-a-chef.org
cska.redirectme.net
drumschool.no-ip.info
duduhalperin.dynalias.org
eatarasova.webhop.info
edith.servegame.com
edrori.blogdns.com
emix.serveirc.com
ermakovairina77.game-server.cc
eweb.hopto.org
fa442642.hopto.org
filipstad2006.is-a-chef.com
fishin.mine.nu
focuscampinas.redirectme.net
gtelegan.no-ip.biz
gurachmp2003.servemp3.com
hamplovivm.myftp.biz
hu333.webhop.org
hydteam.zapto.org
idergachova.hobby-site.com
idzi.mine.nu
ilonakochkurkina.serveblog.net
ingridprimordial.sytes.net
ingvar333.dynalias.org
jdelarramona.mine.nu
kevinprocter.servebbs.com
kirnastya.servebeer.com
ksoltesz.servegame.com
kts046.bounceme.net
kybertarakonas.podzone.org
larisakulik.myftp.biz
larsholtkamp.kicks-ass.org
lena.servebeer.com
lwilkowski.servehalflife.com
machta.homeunix.net
manager2.sytes.net
mcua.mypets.ws
mertilykarim.myvnc.com
misman.servemp3.com
msturc.homeunix.net
nattawat.endoftheinternet.org
nikolicsanja.selfip.net
nremo.endoftheinternet.org
ns148.elinuxservers.com
ooodk.servequake.com
oouu.dyndns.biz
othila.myvnc.com
pery5.servecounterstrike.com
postleo.selfip.org
rahimelmehdi.webhop.biz
rajendraa.endofinternet.net
rjsantos.homeunix.com
rkgupta.blogdns.org
rose.servemp3.com
sadiki1984.servebbs.net
salchn.dyn-o-saur.com
sartws171.myvnc.com
sofier.dvrdns.org
specmontag.homeunix.com
stanastasia.zapto.org
stefan21632866.dynalias.com
t109kirklareli.gotdns.com
tea-party.colourtextads.com
timetravel08.serveirc.com
titanmar.merseine.nu
ua9mlz.is-a-chef.org

September 11, 2009, 12:00:53 pm
Reply #12

leegraves

  • Newbie

  • Offline
  • *

  • 3
    • eSoft ThreatCenter
Note...beyond the "readme.pdf", pdf exploit file that is hosted on these there was also some malicious "flash.swf" files. The files were in the same cache directory.

Example:
hxxp://marosey.servebeer.com:8080/cache/flash.swf

September 11, 2009, 02:58:06 pm
Reply #13

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
I've collected 'em all together from the above posts, and attached the list to save some time for those that want them.
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

September 11, 2009, 04:14:24 pm
Reply #14

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Can someone assemble a list of all dyndns.com domains ?
Ruining the bad guy's day