Malware Domain List

Malware Related => Malicious Domains => Topic started by: ziad270 on June 04, 2011, 08:51:48 am

Title: Fake AV - SEO Poisoning - VT 6/42
Post by: ziad270 on June 04, 2011, 08:51:48 am

http://gowithus.co.cc/red.php Fake AV Scanner


( virustotal : http://www.virustotal.com/file-scan/report.html?id=d397fcd879ff4b9b28357021e1d9af39a44e5917e5e60c030fed56650448deb4-1307176847 )

Title: Re: Fake AV - SEO Poisoning - VT 6/42
Post by: ziad270 on June 04, 2011, 09:04:13 am

Hum...anyone know what is this :

(https://lh5.googleusercontent.com/-NV3yF_EZCwc/Ten1-wbsnqI/AAAAAAAABC8/fU4h9qS2bPk/s720/Apache%252520Status.png)


http://opem.tk/status/ ??  it look like a status of the one mutualized server serving  the red.php
See :

39-0   -   0/0/74   .   0.50   2   1   0.0   0.00   0.91   180.194.30.166   www.gowithus.co.cc   GET /red.php HTTP/1.0

And i even saw me get the status page...this is weird...

Title: Re: Fake AV - SEO Poisoning - VT 6/42
Post by: SysAdMini on June 04, 2011, 04:44:26 pm

Quote from: ziad270 on June 04, 2011, 09:04:13 am

Hum...anyone know what is this :

This is the status page of an Apache web server. If module mod_status is loaded, then status can be displayed (per default on /server-status).

http://httpd.apache.org/docs/2.0/mod/mod_status.html