Author Topic: daily something......  (Read 797412 times)

0 Members and 2 Guests are viewing this topic.

March 24, 2009, 07:19:06 am
Reply #210

sowhat-x

  • Guest
He-he,yeah,quite ridiculous,isn't it? And it's the "haitou.php" scumbags again...

March 24, 2009, 11:26:18 am
Reply #211

DiFor

  • Jr. Member

  • Offline
  • **

  • 19

March 24, 2009, 01:11:40 pm
Reply #212

CkreM

  • Special Access
  • Hero Member

  • Offline
  • *

  • 567
In:
Code: [Select]
http://interhack777.by.ruhttp://wepawet.iseclab.org/view.php?hash=083efd85e283aff8a4fd9c18839aa1cf&t=1237898209&type=js
iframe of:
Code: [Select]
http://interhack777.by.ru.33406df8d1f8b3f1.beencn.cn/china.cn/http://wepawet.iseclab.org/view.php?hash=45dc5f553ec84eb856a67f69c4f330a0&t=1237898552&type=js

which redirects to luckysploit at:
Code: [Select]
http://193.138.172.15/salo/?t=6http://wepawet.iseclab.org/view.php?hash=04288c0e3940bbf4229e4d19f439e43a&t=1237478938&type=js

that downloads a trojan at:
Code: [Select]
http://193.138.172.15/salo/?h=17http://www.virustotal.com/analisis/bf83ca150e492a461d5ee61efbdb3987

another trojan that is downloaded is:
Code: [Select]
http://lousecn.cn/load/6FCF55/ie709001http://www.virustotal.com/analisis/e437f79fac10473bf74647dcd7326662
Mal-Aware

March 24, 2009, 03:57:52 pm
Reply #213

PaJamis

  • Special Access
  • Jr. Member

  • Offline
  • *

  • 14
variant of Win32/Adware.Agent.NLE
Quote
hxxp://av1-click-download.info/en/PE/QWProtect.dll
http://www.virustotal.com/analisis/6374e6460d03174dc78c5a2081eeb6ce

March 24, 2009, 04:05:35 pm
Reply #214

CkreM

  • Special Access
  • Hero Member

  • Offline
  • *

  • 567
and on the same IP:

Code: [Select]
http://av1-click-site.info/
Mal-Aware

March 24, 2009, 05:11:32 pm
Reply #215

CkreM

  • Special Access
  • Hero Member

  • Offline
  • *

  • 567
Code: [Select]
http://best-tube-home.com/
http://check-ms-antivirus.com/

Both use social engineer of Media player codec to download from:
Code: [Select]
http://files.ms-loads-av.com/exe/setup_1_2_1.exe
only one anti virus hit:
http://www.virustotal.com/analisis/126210179d475c81a40b6a371cef7c6d
Mal-Aware

March 24, 2009, 06:27:52 pm
Reply #216

CkreM

  • Special Access
  • Hero Member

  • Offline
  • *

  • 567
Redirect/Contains exploits(pdf exploit domain is on mdl)
Code: [Select]
http://bc69.by.ru
pdf exploit which it redirects to:
Code: [Select]
http://vpsspeedin.ru/1/pdf.phphttp://wepawet.iseclab.org/view.php?hash=6f162c5dc313445ba755f9a799be7725&t=1237919023&type=js

downloads zbot at:
Code: [Select]
http://virtyoz.info/image/fi/load.php?id=35&spl=4http://www.virustotal.com/analisis/ce5fe16d39d64107ad2cd6884973a4c7
Mal-Aware

March 24, 2009, 07:30:38 pm
Reply #217

CM_MWR

  • Special Members
  • Hero Member

  • Offline
  • *

  • 319
Some of my dingleberries from last few weeks  :P

Code: [Select]
193.138.172.15/salo/?147b3cce4c7a455a85f424e630027351bf0decf9f5c2b6d461921318e73373ab5e0130cfa1d11ea6c772b232b5d24e7ad2226b2dc8abc83c2ad9492b6db74993
193.138.172.15/salo/?20630100614f1cb3b7617371a94dbb01aa6d6dea5501ab9b7bf031b622f263e38c36d0fbabdd4cc02766c70ef43594ab87f95e5a6dedbb95c1c2002dc05b14ef
193.138.172.15/salo/?5d9a3d064381864ad8ed6762adf8565929609ff4ff7598a008a3221cd4f456817bb3295a4c3a96ee7340286017c5b6b22632f52f4e3129e820b07e0528d987e0
193.138.172.15/salo/?6b76746d927a2b6a6ad63796b25d9a570c150a54f2639109ac0d45a04f4a964d11024c9721a1528be007f8ad424a5c495523b1c915d1b3d370c65a64291f9df2
193.138.172.15/salo/?t=6
208.43.162.84-static.reverse.softlayer.com/40E8000E4457572D414D31443831323036376C0000003766000000007600000642EB00053000060B10
208.43.162.84-static.reverse.softlayer.com/40E8000E4457572D414D31443831323036376C0000003766000000007600000642EB000530060C1117
208.43.162.84-static.reverse.softlayer.com/40E8000E4457572D414D31443831323036376C0000003766000000007600000642EB000530090F1419
208.43.162.84-static.reverse.softlayer.com/40E8000E4457572D414D31443831323036376C0000003766000000007600000642EB000530292F3439
208.43.162.84-static.reverse.softlayer.com/40E8000E4457572D414D31443831323036376C0000003766000000007600000642EB000530787E8389
208.43.162.84-static.reverse.softlayer.com/40E8000E4457572D414D31443831323036376C0000003766000000007600000642EB00053083898E93
208.43.162.84-static.reverse.softlayer.com/40E8000E4457572D414D31443831323036376C0000003766000000007600000642EB000530A3A9AEB3
208.43.162.84-static.reverse.softlayer.com/40E8000E4457572D414D31443831323036376C0000003766000000007600000642EB000530A9AEB3B8
208.43.162.84-static.reverse.softlayer.com/40E8000E4457572D414D31443831323036376C0000003766000000007600000642EB000530B2B8BDC2
208.43.162.84-static.reverse.softlayer.com/40E8000E4457572D414D31443831323036376C0000003766000000007600000642EB000530F1F7FC01
208.43.162.84-static.reverse.softlayer.com/40E8000E4457572D414D31443831323036376C000000376600000001760000005DEB000530F9FF0409
209.34.91.23/imp2/12400.php
64.225.158.70/aNI022328/?code=BundleBase1.2328
64.225.158.70/bpx/xS5PN9.exe
69.147.239.106/40E8000E4457572D414D31443831323036376C0000003766000000007600000642EB000530191F2429
69.147.239.106/40E8000E4457572D414D31443831323036376C0000003766000000007600000642EB000530F1F7FC01
84.244.138.55/ase/?17d5d5f9dd0c1644f0f6b20b74ec080c4851ccd7da471b3ffe20293cba2e2f8981cacb18bd70dcae3597fc9eeb532e5ba20ea2283c25034d7c7a97df26c2ecac
84.244.138.55/ase/?712243de3e49129542d7beaf3af5e88f733447a27f28b850760e21c47fa99c7f3b589f8d92c08a3172ca3256cdb9c70c44c67b0a8990710d9ba987d4e3acda69
84.244.138.55/ase/?8a14b1d4f1a9842e935b9c14a07a5979f6e7639d50aff7bd0ec99dbbc3c36624d75277965f27068231bc845ab36d730920afc0341b1e0912c4a41c243676b411
84.244.138.55/ase/?8ca27317863d8812f429a9eae57ac422292fe38932698e9fde1f2dd3c4bbf4a58a12642e80fa68ce4d916e93e17562fe95930129e9fd1f8ab98f7b02d272b439
84.244.138.55/ase/?h=5ac0i?892bd46e0100f07002da639a9a060000000002c15031930001040900000000170
84.244.138.55/ase/?t=3
84.244.138.55/ts/in.cgi?lapp
94.75.234.35/data/u560x417145113
94.75.234.35/html/b874550815x19
94.75.234.35/data/ffc306323898
94.75.234.35/data/u560s1x25980757
94.75.234.35/html/kpnm1225628204
athlon.sibers.com/111.exe
benyodil.cn/pages2.html
benyodil.cn/pagess.html
benyodil.cn/senks/al1/1/404.php
benyodil.cn/senks/al1/1/flash.php
benyodil.cn/senks/al1/1/getexe.php?h=11
benyodil.cn/senks/al1/1/info.php
benyodil.cn/senks/al1/2/index.php
benyodil.cn/senks/al1/2/pdf.php
cfsiqejclo.com/progs/jokkl/aqmznana.php
cfsiqejclo.com/progs/jokkl/bxyyyyl.php
cfsiqejclo.com/progs/jokkl/cclmmmzmna
cfsiqejclo.com/progs/jokkl/dzzaaanxkx.php
cfsiqejclo.com/progs/jokkl/eoooocccpd.php?adv=adv656
cfsiqejclo.com/progs/jokkl/hhrrre.php?adv=adv656&code1=KNIH&code2=0154&id=-1331090992&p=0
cfsiqejclo.com/progs/jokkl/liivvwf.php
cfsiqejclo.com/progs/jokkl/qmzhr.php
cfsiqejclo.com/progs/jokkl/vrrsfssgt.php
cfsiqejclo.com/uniq.php?id=-1331090992&p=0
ctfmon.info/cd/cd.php?id=&ver=nz0
ctfmon.info/cd/cd.php?id=1C9A716AFEE7CF2&ver=nz6
ctfmon.info/cd/uns.php?id=&ver=nz0
dfhatnjfjw.net/ccsuper0.php
dfhatnjfjw.net/ccsuper1.php
dfhatnjfjw.net/ccsuper2.php
divinets.cn/xts/in.cgi?7
divinets.cn/z/1.htm
excelsystems.cn/soft.php?aid=0860&d=1&refer=be4f5fba9
firstgate.ru/33/cache/flash.swf
firstgate.ru/33/cache/readme.pdf
firstgate.ru/33/load.php?id=0
firstgate.ru/33/load.php?id=4
firstgate.ru/33/t.php
gbvql.wwlax.com/get_frst.php?uid=3423165F-07C8-1033-0623-990000000001
gbvql.wwlax.com/gt_bd_93.php
gbvql.wwlax.com/gt_ky.php
globalstats.net/loads/goo.exe
globalstats.net/loads/instcash.exe
globalstats.net/yes/index.php
globalstats.net/yes/load.php
gogo2me.net/.dif/go.php?sid=1
gogo2me.net/.go/check.html
gogo2me.net/.lck/?1e0f7f566750932cf9b96399a3a313ab712552ca04c019d33f696298486535fb54f7049de7dc2d36eb11acb071200d262a7deba7573384091c4d7c8de7b5302c
gogo2me.net/.lck/?t=3
google-analistyc.net/in.cgi?5
gujjipuzzi.net/in.cgi?pipka2
gujjipuzzi.net/su/in.cgi?19
hansali4.com/731l2.exe
members.upc.pl/i.lemecha/index.gif
mystats.cn/?cid=streamb&code=strim
mystats.cn/000/cscpu2.php?t=img&cid=amazonka&n=1&mode=html
mystats.cn/000/cscpu2.php?t=img&cid=skype&n=1&mode=html
mystats.cn/000/cscpu2.php?t=img&cid=streamb&n=1&mode=html
mystats.cn/general/mzn/promo.jpg
mystats.cn/general/mzn/promobanner.php
mystats.cn/general/skype/promo.jpg
mystats.cn/general/skype/promobanner.php
mystats.cn/general/skype/skype.gif
mystats.cn/general/skype/stats.php
mystats.cn/streamb/hdtvauction/hdtv-banner.jpg
mystats.cn/streamb/hdtvauction/popup.php
mystats.cn/streamb/hdtvauction/ppc.php
nolagtime.com/gwc.txt
nolagtime.com/p33r/?v=19&aic=0&p=6150&su=0&fu=0
pakras.com/fky/3rkour.dat
pakras.com/fky/mp.dat
pakras.com/fky/zro.dat
pakras.com/iz98kbhg/404.php
pakras.com/iz98kbhg/flash.php
pakras.com/iz98kbhg/getexe.php?h=11
pakras.com/iz98kbhg/getexe.php?h=31
pakras.com/iz98kbhg/info.php
pakras.com/iz98kbhg/pdf.exp.php
pakras.com/oy5x552m/info.php
pakras.com/tn99y3w3/info.php
pakras.com/u57cwchq/info.php
porn-money.org/default.cgi
porn-money.org/in.cgi?2
reddii.ru/traffic/sploit1/?1850ytdbVddYad
reddii.ru/traffic/sploit1/?470ybVYadbtbt
reddii.ru/traffic/sploit1/getexe.php?h=11
reddii.ru/traffic/sploit1/getfile.php?f=swf
rifnasax.cn/in.cgi?2
rifnasax.cn/nuc/exe.php
rifnasax.cn/nuc/index.php
sexbases.cn/gr.php
sexbases.cn/in.cgi?15
sexbases.cn/in.cgi?20
sexbases.cn/vas.php
sexbases.cn/wed.html
teleporn.net/in/init.php
teleporn.net/stat/cache/flash.swf
teleporn.net/stat/cache/readme.pdf
teleporn.net/stat/index.php
teleporn.net/stat/load.php?id=0
teleporn.net/stat/load.php?id=4
thehugetitstop.cn/1/in.php
thehugetitstop.cn/1/load.php?id=1
thehugetitstop.cn/1/load.php?id=6
thehugetitstop.cn/1/pdf.php
thehugetitstop.cn/dontstop.html
thehugetitstop.cn/kadastr.html
thehugetitstop.cn/moon.html
topdaynews.eu/norad/robo.php?r=1
topdaynews.eu/norad/robo.php?r=4
topdaynews.eu/norad/robo.php?r=5
topdaynews.eu/norad/robo.php?r=6
topdaynews.eu/norad/tasks/US
tozxiqud.cn/in.cgi?2
tozxiqud.cn/nuc/exe.php
tozxiqud.cn/nuc/index.php
vpsspeedin.ru/1/in.php
vpsspeedin.ru/1/load.php?id=1
vpsspeedin.ru/1/load.php?id=6
vpsspeedin.ru/1/pdf.php
www.dearbornbarry.com/images/1/bin/default.exe
www.dearbornbarry.com/images/1/bin/hxS.exe
www.dearbornbarry.com/images/1/bin/load.exe
www.dearbornbarry.com/images/1/bin/test.exe
www.dearbornbarry.com/images/1/index.php
www.dearbornbarry.com/images/1/load.php?com=cfecdb276f634854f3ef915e2e980c31
www.dearbornbarry.com/images/1/load.php?mdc=0.46815614385941473
www.dearbornbarry.com/images/1/load.php?mdc=0.6208075561393851
www.dearbornbarry.com/images/1/load.php?mdc=0.7461394047952373
www.dearbornbarry.com/images/1/load.php?mdc=0.9528790372625641
www.messangerupdate.com/conf/BHOversion.asp
www.messangerupdate.com/conf/conf/conf-new.aspx
www.messangerupdate.com/conf/msgasst.dll
www.messangerupdate.com/conf/msgutil.dll
www.onlineanalytics.cn/files/20026.exe
yourwindowsvista.com/cd/cd.php?id=1C9A716AFEE7CF2&ver=nz6


Code: [Select]
0u0u.ru/nagios/cd.php?userid=--
0u0u.ru/nagios/cd.php?userid=14032009_065836_4950250
0u0u.ru/nagios/dan.php
0u0u.ru/nagios/datu.php
0u0u.ru/nagios/sdt.php
193.138.172.14/install3/security-update-KB944085.exe
193.138.172.14/install4/security-update-G5664085.exe
193.138.172.14/install4/security-update-KB964085.exe
208.43.162.84-static.reverse.softlayer.com/40E8000E4457572D414D31443831323036376C0000018766000000007600000642EB000530B8BEC3C8
208.43.162.84-static.reverse.softlayer.com/40E8000E4457572D414D31443831323036376C000001876600000001760000005DEB000530C7CDD2D7
208.43.162.84-static.reverse.softlayer.com/40E8000E4457572D414D31443831323036376C0000018A66000000007600000642EB000530FE040A0F
208.43.162.84-static.reverse.softlayer.com/40E8000E4457572D414D31443831323036376C0000018A6600000001760000005DEB000530FC02070D
64.151.72.252/aaqqe?sid=648&d=15_22_40&v=945
64.151.72.252/aaqqe?sid=672&d=15_22_58&v=898
64.151.72.252/aaqqe?sid=703&d=15_22_43&v=977
64.151.72.252/aaqqe?sid=713&d=15_22_49&v=943
64.191.15.133/rio?d=kjdd&j=jjjjjs&t=zbxbhcuzafzz&k=kkkkkkklpqkkkkkk&y=yfejdjeh&x=ydci
64.191.15.133/rio?s=zyss&f=fffffo&o=uwswcxpuva&g=mmggggggghlm&w=wwww&l=lllsrw&h=mqmhukus
64.191.15.133/rio?u=bauuuuuuudacyc&r=fasx&e=lqkkeeee&x=xxxycdxx&p=pppppwva&s=yhbcccxb
66.45.246.146/40E8000879B9FABC48B65F576C0000014166000000007600000177EB000530F2F19529
66.90.101.177/chimera/ldr.exe
66.90.101.177/chimera/nDler.exe
66.90.101.177/ldr/dl/chMiB.exe
66.90.101.177/ldr/dl/minisvr4.exe
66.90.101.177/ldr/dl/mSrv.exe
66.90.101.177/ldr/dl/zchMiB.exe
66.90.101.177/ldr/files/mSrv.exe
66.90.101.177/ldr/files/zchMiB.exe
66.96.229.213/rio?d=kjdd&e=eeeeenkmimsnfk&a=hmggaaaaaa&x=xxcdxxxxxx&j=jqpupvyvmomp
66.96.229.213/rio?m=tsmmmmmmmvsu&e=imsnfklqkk&f=fffffffg&f=klfffffffm&u=afvz&w=aiyddl
66.96.229.213/rio?w=dcwwwwwwwfceaekf&i=jopuooiiiiiiii&v=abvvvvvvvcbgyvei&z=mzfz
76.191.98.246/nyfa32.exe
84.16.247.29/maldef09/install.php?track_id=10232
85.17.166.175/aaqqe?sid=684&d=15_22_55&v=911
85.17.166.175/aaqqe?sid=702&d=15_22_52&v=904
85.17.166.218/dwn/kb802348.dll
96.9.142.101/nyfa32.exe
amerika.by/libraries/tcpdf/images/spl/cfg/fies/load.php?id=31
amerika.by/libraries/tcpdf/images/spl/cfg/fies/pdf.php?id=31
benyodil.cn/pagess.html
benyodil.cn/senks/al1/1/404.php
benyodil.cn/senks/al1/1/flash.php
benyodil.cn/senks/al1/1/getexe.php?h=11
benyodil.cn/senks/al1/1/info.php
benyodil.cn/senks/al1/2/index.php
benyodil.cn/senks/al1/2/load.php
benyodil.cn/senks/al1/2/pdf.php
bestlotron.cn/in.cgi?cocacola51
betstarwager.cn/in.cgi?cocacola25
betstarwager.cn/in.cgi?cocacola26
betstarwager.cn/in.cgi?cocacola51
betstarwager.cn/in.cgi?cocacola73
betstarwager.cn/in.cgi?cocacola74
bizoplata.ru/1/in.php
bizoplata.ru/1/load.php?id=1
bizoplata.ru/1/load.php?id=6
bizoplata.ru/1/pdf.php
bizoplata.ru/exchange.html
bizoplata.ru/funt.html
bizoplata.ru/pay.html
bizoplata.ru/s/in.cgi?5
bizoplata.ru/topcurs.html
botconnet.cn/nuc/index.php
bulkbin.cn/in.cgi?2&group=dns01&seoref=¶meter=$keyword&keyword=$keyword&se=$se&ur=1
clearadvare2008.cn/in.cgi?8
clickcouner.cn/?117f66bf567c1382b6d7ba2ad370c82ce78ed4c3c24b143599e9a15b876c0f9b20470530a0e11f40f1a5d5da8ed912c4d5236110653fafd952640bf635e837e2
clickcouner.cn/?3a8f76910fa0181ba6b5479a46825e4cafb742be29b6894b397da137363bed3cc794a770116e95afe10b7c4c5c4bb4ebcd2454a0636855f26e77bf36f0b47146
clickcouner.cn/?54cea7d7c7682f27df5070357c7a60e747f1b261e4d5d55b9fd8f8880e4a525ee4fc4b965e78fbbe4587ec538b22c2a078d2218a087d7a1b2fda9cff3739a4c2
clickcouner.cn/?8cc76fb22005a8b936b886a6800f481da000c0c523a044a870836623e8daea4f679f86f35ca39c72a0482f6675a1a126d9c13b9073fb6c36b82873e1c9394baf
clickcouner.cn/?t=5
d1gix.net/forum/index.php
d1gix.net/forum/load.php?id=1301
d1gix.net/forum/load.php?id=1301&spl=4
d1gix.net/forum/pdf.php?id=1301
desktoprepairpackage.com/secure/3e448f5c3098045f42569da80c168ea7/49b6f34a/bestvirusremover2009.com/virusremover2009_setup_free_rezer_en.exe
desktoprepairpackage.com/secure/9417212421c1fb9821e530ddbd2b7c34/49b6f21e/bestvirusremover2009.com/virusremover2009_setup_free_rezer_en.exe
download.advancesoftwaretool.com/secure/4308c3fd58e7dabcf7f5ffd3b21eca90/49ba4ac1/bestvirusremover2009.com/virusremover2009_setup_free_rezer_en.exe
download.desktoprepairpackage.com/secure/3e448f5c3098045f42569da80c168ea7/49b6f34a/bestvirusremover2009.com/virusremover2009_setup_free_rezer_en.exe
download.desktoprepairpackage.com/secure/9417212421c1fb9821e530ddbd2b7c34/49b6f21e/bestvirusremover2009.com/virusremover2009_setup_free_rezer_en.exe
dlmaldef09.com/maldef09/install.php?track_id=10232
drebopoer.com/embded/mess_add.txt
drebopoer.com/embded/online.php?id=444884634282223285838277238378&country=United%20States
drebopoer.com/embded/redirect_fake.txt
drebopoer.com/embded/search_fid.txt
drebopoer.com/kept.exe
firstgate.ru/stat/404.php
firstgate.ru/stat/flash.php
firstgate.ru/stat/getexe.php?h=11
firstgate.ru/stat/traff.php
gowayscan.com/?uid=12405
gujjipuzzi.net/in.cgi?pipka2
gujjipuzzi.net/su/in.cgi?19
hayboxiw.cn/nuc/exe.php
hayboxiw.cn/nuc/index.php
hs.3-46.zlkon.lv/40E8000879B9FABC48B65F576C0000014166000000007600000177EB00053059300FA4
ipredator.ru/7/in.cgi?3
ipredator.ru/7/in.cgi?default
in4co.com/cki.php?uid=12405
in4ik.com/download/InternetAntivirusPro.exe
litedownloadseek.cn/in.cgi?cocacola25
litedownloadseek.cn/in.cgi?cocacola26
pakras.com/fky/3rkour.dat
pakras.com/fky/mp.dat
pakras.com/fky/zro.dat
pakras.com/n2by3ywf/404.php
pakras.com/n2by3ywf/flash.php
pakras.com/n2by3ywf/getexe.php?h=11
pakras.com/n2by3ywf/info.php
pakras.com/n2by3ywf/pdf.exp.php
pakras.com/ntmx13a5/404.php
pakras.com/ntmx13a5/flash.php
pakras.com/ntmx13a5/info.php
pakras.com/ntmx13a5/pdf.exp.php
reddii.ru/traffic/sploit1/?130ybabVxtxdd
reddii.ru/traffic/sploit1/getexe.php?h=11
reddii.ru/traffic/sploit1/getfile.php?f=pdf
reddii.ru/traffic/sploit1/getfile.php?f=vispdf
rotateonads.com/files/1000.exe
rotateonads.com/files/MPh.exe
sexbases.cn/gr.php
sexbases.cn/in.cgi?20
sexbases.cn/vas.php
sexbases.cn/wed.html
strhq.cn/tds_a/go.php?id=2
thehugetitstop.cn/1/in.php
thehugetitstop.cn/1/load.php?id=1
thehugetitstop.cn/1/load.php?id=6
thehugetitstop.cn/1/load.php?id=3
thehugetitstop.cn/1/pdf.php
thehugetitstop.cn/answer.html
thehugetitstop.cn/dontstop.html
thehugetitstop.cn/newsstop.html
thehugetitstop.cn/s/in.cgi?5
thehugetitstop.cn/soundthis.html
tombak-story.comimages/pics/system/load.php?id=33577
tombak-story.comimages/pics/system/pdf.php?id=33577
tombak-story.com/images/pics/system/index.php
tozxiqud.cn/in.cgi?2
tozxiqud.cn/in.cgi?4
tozxiqud.cn/nuc/exe.php
tozxiqud.cn/nuc/index.php
traf.asia/stat.php
trypetstore.cn/file1.exe
trypetstore.cn/in.php
trypetstore.cn/nop/tds2.php
trypetstore.cn/robo/f/123.exe
trypetstore.cn/robo/files/tasks/AC
trypetstore.cn/robo/robo.php?r=1
trypetstore.cn/robo/robo.php?r=4
trypetstore.cn/robo/robo.php?r=5
trypetstore.cn/robo/robo.php?r=6
trypetstore.cn/sploits/pdf.php?id=2
usa.amerika.by/1.exe
vpsspeedin.ru/1/in.php
vpsspeedin.ru/1/load.php?id=3
vpsspeedin.ru/1/pdf.php
www.abdomains.cn/multi/bact.php
www.abdomains.cn/multi/bcmd.php
www.abdomains.cn/multi/checkupdate.php
www.abdomains.cn/multi/dirlist.php
www.abdomains.cn/multi/filelist.php
www.abdomains.cn/multi/getemails.php
www.abdomains.cn/multi/isho.txt
www.abdomains.cn/multi/takida.txt
z.lovertoorcn.cn/cp/l/5/bb810243e44b3a69d8de712f1976a635
z.lovertoorcn.cn/cp/r/5/bb810243e44b3a69d8de712f1976a635
z.lovertoorcn.cn/cp/t
zatura.cn/prohit/demon.bin
zatura.cn/prohit/source.php
zatura.cn/sad/demo.exe
zlzu.ru/damma/index.php
zlzu.ru/damma/load.php
xoomer.alice.it/hogroves/file.exe
xoomer.alice.it/hogroves/InternetAntivirusPro.exe

e.see-something.cn/m/l/0/3d4f38cb2f508d50c37678cfffb60492
e.see-something.cn/m/l/3/7d9b68a88bc55148e1ab6f92be144574
e.see-something.cn/m/l/4/c30eebe3a7c0158a45a4f3966ffd2216
e.see-something.cn/m/l/6/74a2593a472f17e2e0a7f5be342b2371
e.see-something.cn/m/r/0/3d4f38cb2f508d50c37678cfffb60492
e.see-something.cn/m/r/3/7d9b68a88bc55148e1ab6f92be144574
e.see-something.cn/m/r/4/c30eebe3a7c0158a45a4f3966ffd2216
e.see-something.cn/m/r/6/74a2593a472f17e2e0a7f5be342b2371
e.see-something.cn/m/t


www.microsoft.com.v6.update.js.status200.should-be.cn/
www.microsoft.com.v6.update.js.status200.should-be.cn/ar.cn
www.microsoft.com.v6.update.js.status200.should-be.cn/m/l/13/aa3119ba7581b0bf3e5b4b3c7eb63f63
www.microsoft.com.v6.update.js.status200.should-be.cn/m/l/18/93aeb808d1c98aee14aef249486f1430
www.microsoft.com.v6.update.js.status200.should-be.cn/m/r/13/aa3119ba7581b0bf3e5b4b3c7eb63f63
www.microsoft.com.v6.update.js.status200.should-be.cn/m/r/18/93aeb808d1c98aee14aef249486f1430
www.microsoft.com.v6.update.js.status200.should-be.cn/m/t
www.microsoft.com.v6.update.js.status200.should-be.cn/p/o/o.php?2
www.microsoft.com.v6.update.js.status200.should-be.cn/st6.php
www.microsoft.com.v6.update.js.status200.should-be.cn/support.cn/forum.php
www.microsoft.com.v6.update.js.status200.should-be.cn/support.cn/index.php
www.microsoft.com.v6.update.js.status200.should-be.cn/support.cn/javac.php


Just some playing around stuff, nothing too serious.  ;)

March 24, 2009, 07:40:03 pm
Reply #218

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Some of my dingleberries from last few weeks  :P

Just some playing around stuff, nothing too serious.  ;)

Looks like a long night for me.  ;) You did that on MWR some weeks ago. I had a lot of fun for a whole day.  :)
Ruining the bad guy's day

March 24, 2009, 08:26:53 pm
Reply #219

sowhat-x

  • Guest
...Santa Claus is coming to town...

 ;D

March 24, 2009, 10:26:21 pm
Reply #220

sowhat-x

  • Guest
Code: [Select]
hxxp://239.by.ru
hxxp://4r.by.ru
hxxp://666-project.by.ru
hxxp://adminmail.by.ru
hxxp://ahf.by.ru
hxxp://ak-sh.by.ru
hxxp://aster2005.by.ru
hxxp://autolg.by.ru
hxxp://avsimirc.by.ru
hxxp://beliy-medved.by.ru
hxxp://belsoch.by.ru
hxxp://belsurgery.by.ru
hxxp://big-mass.by.ru
hxxp://bulkin.by.ru
hxxp://ekaterininskay-shcool.by.ru
hxxp://extreme-ski.by.ru
hxxp://hrunsky.by.ru
hxxp://lakkmus.by.ru
hxxp://liceysk.by.ru
hxxp://margotour.by.ru
hxxp://medievalmusic.by.ru
hxxp://misham.by.ru
hxxp://muric.by.ru
hxxp://normforum.by.ru
hxxp://ochakovo.by.ru
hxxp://ondeep.by.ru
hxxp://poxe.by.ru
hxxp://rbook.by.ru
hxxp://rushops.by.ru
hxxp://sfchgu.by.ru
hxxp://team-sleep.by.ru
hxxp://testpoligon.by.ru
hxxp://thp8.by.ru
hxxp://wraith-pony.by.ru
hxxp://www.gvozd.by.ru

Now let's see to whom supposedly "all of the bases are belong to...",heh...i say in return, 1 ip to rule them all:
http://www.bfk.de/bfk_dnslogger_en.html?query=87.242.78.57#result

March 24, 2009, 10:42:39 pm
Reply #221

sowhat-x

  • Guest
CM_MWR brought me up in a good mood (as he usually does),
so I thought of sharing the joy with others as well...   ;)
http://www.google.com/search?hl=en&q=%22Index+of+%2F%22+mhstchk.php

March 25, 2009, 02:48:11 am
Reply #222

CM_MWR

  • Special Members
  • Hero Member

  • Offline
  • *

  • 319
Has been a few moons, hasnt it.  ;D

March 25, 2009, 09:46:19 am
Reply #223

sowhat-x

  • Guest
Open dir,these are the ones that caught my attention though...
Quote
hxxp://glush.by.ru/agang.jar
http://www.virustotal.com/analisis/b50e6d91d682919f664d1b412fe51e7b
Quote
hxxp://glush.by.ru/settlers.jar
http://www.virustotal.com/analisis/0d4e1b9b172ba3663b2d5aeb8b39d3d2
========================
Quote
hxxp://javacsript.net/index/in.cgi?5
http://wepawet.iseclab.org/view.php?hash=237b6aae1fd55cb5517943b187f43488&t=1237979819&type=js
--->
Quote
hxxp://newsantimalware.com/412/
hxxp://newsantimalware.com/412/iepdf.php?f=new
hxxp://newsantimalware.com/412/load.php
---> Result: 5/40 (12.50%) :
http://www.virustotal.com/analisis/38b38ade6b7d019c5d0aa2f7c6f937d7
========================
Quote
hxxp://ayurvedaservicesindia.we.bs
http://wepawet.iseclab.org/view.php?hash=9f43c950049303a60e3755f92a9f07d1&t=1237981067&type=js

Quote
hxxp://extraspray.com/in.php?
hxxp://agkt.info/evo/count.php?o=7
========================
Quote
hxxp://drmituayurvedatreatments.we.bs
http://wepawet.iseclab.org/view.php?hash=761f6eb37181b4c5221f4b98340e194d&t=1237981408&type=js

Quote
hxxp://ftp.shmurge.com/get.php?id='
hxxp://stat.zima07.ru
hxxp://get.zima07.ru/pdf.php?acc=1
hxxp://get.zima07.ru/swf.php
hxxp://ftp.zima07.ru/run.php
hxxp://get.load-flash.com/out.php?click

There might be more crap in the same ip,haven't checked that though...
http://www.bfk.de/bfk_dnslogger_en.html?query=66.40.56.10#result

March 25, 2009, 01:40:21 pm
Reply #224

CkreM

  • Special Access
  • Hero Member

  • Offline
  • *

  • 567
av fraud:


Code: [Select]
goscanfull.comredirect in the end to:
Code: [Select]
http://fusescan4.com/download/install.php
Code: [Select]
goscanplan.comredirect in the end to:
Code: [Select]
http://wayscan4.com/download/install.php

this ip is full of av fraud domains..

http://www.bfk.de/bfk_dnslogger_en.html?query=78.159.101.27#result
Mal-Aware