Author Topic: rogue redirects  (Read 5720 times)

0 Members and 1 Guest are viewing this topic.

January 24, 2010, 01:04:32 am
Read 5720 times

.b

  • Special Members
  • Jr. Member

  • Offline
  • *

  • 12
Dangerous websites that host or redirect to rogue security software:

Code: [Select]
hxxp://www1.allstaff-defender.net/?p= - Redirects to rogue
hxxp://mysoftprotect4.net/?uid=290&pid=3&ttl=51e48633529 - Redirects to rogue
hxxp://a6i.ru//t2.php - Redirects to rogue
hxxp://www1.new-sys-defender.com/?p= - Redirects to rogue
hxxp://yabkilims37x.com/?uid=201&pid=3&ttl=51e48633529 - Redirects to rogue
hxxp://mimesispoetry.com/2.0/current_files/in.php?n=2812094 - Redirects to rogue
hxxp://gink22hok.com/?uid=195&pid=3&ttl=51e48633529 - Redirects to rogue
hxxp://merin22.mooo.com/in.php?t=cc&d=05-01-2010_style&h=&p= - Redirects to rogue
hxxp://wxa516.xorg.pl/in.php?t=cc&h=&p= - Redirects to rogue
hxxp://4-open-davinci.com - Rogue related website
hxxp://securitysoftwarepayments.com - Rogue related website
hxxp://privatesecuredpayments.com - Rogue related website
hxxp://secure.privatesecuredpayments.com - Rogue related website
hxxp://getantivirusplusnow.com - Rogue related website
hxxp://secure-plus-payments.com - Rogue related website
hxxp://www.getavplusnow.com - Rogue related website
hxxp://newsystem-guard.in/index.php?controller=hash - Rogue related website
hxxp://securityearth.cn/Reports/MicroinstallServiceReport.php?p=xxx - Rogue related website
hxxp://pay1.livepcguard.com/?abbr=LPCG&pid=3 - Rogue related website
hxxp://livepcguard.com - Rogue related website
hxxp://safetyearth.net - Rogue related website (User-Agent: Lp3dfc)
hxxp://newsystem-guard.in - Rogue related website (User-Agent: Lp3dfc)
hxxp://pay2.livepcguard.com/?abbr=LPCG&pid=3 - Rogue related website
hxxp://protectedfield.in - Rogue related website (User-Agent: Lp3dfc)
hxxp://paymentsafety.net/?abbr=LPCG&pid=3 - Rogue related website (User-Agent: Lp3dfc)
hxxp://update1.livepcguard.com - Rogue related website (User-Agent: Lp3dfc)
hxxp://mysecurityland.com - Rogue related website (User-Agent: Lp3dfc)
hxxp://update2.livepcguard.com - Rogue related website (User-Agent: Lp3dfc)

List of compromised websites with installed scripts to capture keywords:

Code: [Select]
hxxp://www.denoorman.info/trespass.php?be=free-online-virus-protection - Compromised Website for Keywords Logging
hxxp://www.dezilvermijn.info/labora.php?ate=online-virus-scan-free - Compromised Website for Keywords Logging
hxxp://www.darq.biz/scuffle.php?un=free-online-malware-scan - Compromised Website for Keywords Logging
hxxp://www.bouwie.info/gleek.php?kip=free-malware-scanner - Compromised Website for Keywords Logging
hxxp://www.denoorman.info/trespass.php?be=free-online-virus-protection - Compromised Website for Keywords Logging
hxxp://www.kingsqueens.info/domesday.php?om=free-spyware-scanner - Compromised Website for Keywords Logging
hxxp://www.singer-songwriter.info/noobe.php?bal=avg-free-virus-scanner - Compromised Website for Keywords Logging
hxxp://www.rdehaan.info/ingesta.php?cb=free-conficker-scan - Compromised Website for Keywords Logging
hxxp://www.ontruimen.info/sucrose.php?va=free-anti-rootkit - Compromised Website for Keywords Logging
hxxp://www.schaakmat.info/jib.php?hew=bandwidth-test-free - Compromised Website for Keywords Logging
hxxp://www.jeroenborn.info/rudd.php?auf=free-spyware-and-adware-removal - Compromised Website for Keywords Logging
hxxp://www.truestars.info/metritis.php?ugh=activex-free-install - Compromised Website for Keywords Logging
hxxp://www.ginschade.info/colaptes.php?mem=adware-removal-free - Compromised Website for Keywords Logging
hxxp://www.schaakmat.info/jib.php?hew=free-virus-patch - Compromised Website for Keywords Logging
hxxp://www.globalimage.info/edged.php?yea=free-spy-doctor - Compromised Website for Keywords Logging
hxxp://www.vlonder.info/mammal.php?be=conficker-virus-free-removal - Compromised Website for Keywords Logging
hxxp://www.bouwie.info/gleek.php?kip=norton-firewall-free - Compromised Website for Keywords Logging
hxxp://www.waterzooi.info/serratus.php?lb=ad-aware-se-free-download - Compromised Website for Keywords Logging
hxxp://www.ebenhaezer.info/ersatz.php?ben=avg-spyware-free - Compromised Website for Keywords Logging
hxxp://www.aquaplaza.info/eile.php?jib=norton-virus-free-trial - Compromised Website for Keywords Logging
hxxp://www.hypotheek-vergelijken.info/anaphase.php?toy=free-keylogger-program - Compromised Website for Keywords Logging
hxxp://www.ginschade.info/colaptes.php?mem=free-popup-blocker - Compromised Website for Keywords Logging
hxxp://www.rdehaan.info/ingesta.php?cb=free-spybot-downloads - Compromised Website for Keywords Logging
hxxp://www.ontruimen.info/sucrose.php?va=free-bootable-cd - Compromised Website for Keywords Logging
hxxp://www.drossaard.com/aden.php?x=free-online-malware-scan - Compromised Website for Keywords Logging
hxxp://www.desittekist.nl/chinked.php?pee=online-virus-scan-free - Compromised Website for Keywords Logging
hxxp://www.circle-24.com/timeful.php?rou=free-mcafee-online-virus-scan - Compromised Website for Keywords Logging
hxxp://www.mahabier.info/lipase.php?few=free-virus-scan-mac - Compromised Website for Keywords Logging
hxxp://www.beach-hockey.nl/porose.php?gut=free-online-malware-scan - Compromised Website for Keywords Logging
hxxp://www.coolgray.nl/pollard.php?id=free-online-virus-protection - Compromised Website for Keywords Logging
hxxp://www.cristinaursu.nl/abutting.php?mea=online-virus-scan-free - Compromised Website for Keywords Logging
hxxp://www.jankramer.com/tangere.php?mc=free-online-computer-scan - Compromised Website for Keywords Logging
hxxp://www.krachtcompany.nl/plage.php?hun=free-online-computer-scan - Compromised Website for Keywords Logging

More malicious domains can be found with robtex:

http://www.robtex.com/dns/safetyearth.net.html
http://www.robtex.com/dns/newsystem-guard.in.html
http://www.robtex.com/dns/paymentsafety.net.html
http://www.robtex.com/dns/mysecurityland.com.html
http://www.robtex.com/dns/livepcguard.com.html
http://www.robtex.com/ip/74.125.45.100.html
http://www.robtex.com/dns/protectedfield.in.html
http://www.robtex.com/dns/securityearth.cn.html
http://www.robtex.com/dns/merin22.mooo.com.html
http://www.robtex.com/dns/allstaffdefender.com.html
http://www.robtex.com/dns/gink22hok.com.html

Article with the analysis of the malicious websites:
http://blog.novirusthanks.org/2010/01/blackhat-seo-campaign-targets-security-software/