additional phoneix kit locations. please add.

[detro]

Additional Phoenix exploit kit locations, These have been coming in with a ton of different hosted locations specifically to the email boxes of small to midsize banks and credit unions. If these could get added to the MDL that would be fantastic. Unfortunately due to limited packet data and the denials of these outbound requests i am unable to pick up the other portions of the exploit kit, but they should be easy enough to locate as i believe most of these are related to the same campaign.

http://sed-machinery.com/status/tmp/des.jar

http://astastard.in/sub1/tmp/des.jar

http://79.135.152.221/a/tmp/des.jar   is listed but pushes the following below which is NOT on MDL.
http://79.135.152.218/a/l.php?i=2 - update.exe="W32/PackedHiloti.S!tr"

http://nivaploto5.com/aa/tmp/des.jar

And another 2

http://www.bluefincafe.com/news/tmp/des.jar

http://simariko.com/sosko/tmp/des.jar

I will continue adding throughout the day as more of these roll into my queue.

[SysAdMini]

Thanks. I have added all urls which are still online.

[detro]

And another, These two were seen active today Aug 31st

http://embroil12fh.info/n6/tmp/des.jar

http://78.26.179.243/tmp/des.jar

[detro]

And some more that came in today, many of these look related to the same campaign.

http://genrebnq.in/a1/tmp/des.jar
http://joculartuu7.info/p7/tmp/des.jar
http://jingoisticth65.info/p7/tmp/des.jar
http://jingoisticth65.info/q8/tmp/des.jar
http://homerockets.eu/xx2/tmp/des.jar
http://guilelesskiof.info/q8/tmp/des.jar

and these
http://wsus-services.com/exploits/des.jar
http://laudbak55.info/q8/tmp/des.jar

Thanks,

[cleanmx]

got a new one today.

Code: [Select]

http://nojtul.co.cc/c/statistics.php