Author Topic: daily something......  (Read 832726 times)

0 Members and 3 Guests are viewing this topic.

March 25, 2009, 07:06:26 pm
Reply #225

sowhat-x

  • Guest
Quote
hxxp://ghthchinalimited.com.cn/admin/controller.php?action=bot&entity_list=
hxxp://turokgame.cn/bm/controller.php?action=bot&entity_list=

Quote
hxxp://attmyjoker.com/if/index.php

March 25, 2009, 10:17:05 pm
Reply #226

CkreM

  • Special Access
  • Hero Member

  • Offline
  • *

  • 567
Waledac:
Code: [Select]
http://bestjournalguide.com/run.exe
http://urbanfear.com/run.exe
http://globalantiterror.com/run.exe

Redirects to exploits:
Code: [Select]
paintball2.by.ruhttp://wepawet.iseclab.org/view.php?hash=8e522d049a6411492d6ddea2013a3c47&t=1238017604&type=js

Contain iframe of pdf exploit:
Code: [Select]
http://29ka.by.ru/http://wepawet.iseclab.org/view.php?hash=5ba619da85a609ec2942b6e0417a728b&t=1238018761&type=js

the pfd exploit:
Code: [Select]
http://expresstv.co.il/un/pdf.phphttp://wepawet.iseclab.org/view.php?hash=98a40fb7fd2a5a04cb12d788d2c4665c&t=1238018870&type=js

the trojan he download:
Code: [Select]
http://expresstv.co.il/un/load.phphttp://www.virustotal.com/analisis/8f452239eb342ba3decd28a6ff241465

AV fraud:
Code: [Select]
vistastabilitynow.com
vistastabilitynow.net
scanalertspage.com
onlinescanservice.com
getscanonline.com
bestfiresfull.com
fuckmoneycash.com
bestfiresfull.com
yourstabilitysystem.com
popularpcscan.com
mostpopularscan.com
scanvistanow.net
Mal-Aware

March 26, 2009, 09:27:04 am
Reply #227

CM_MWR

  • Special Members
  • Hero Member

  • Offline
  • *

  • 319
Quote
the trojan he download:

What happens if its a transexual piece of malware  ???   :D

March 26, 2009, 01:15:08 pm
Reply #228

CkreM

  • Special Access
  • Hero Member

  • Offline
  • *

  • 567
Quote
the trojan he download:

What happens if its a transexual piece of malware  ???   :D

i will change it to "it" for all the feminists here :P
Mal-Aware

March 26, 2009, 01:29:34 pm
Reply #229

CkreM

  • Special Access
  • Hero Member

  • Offline
  • *

  • 567
Mal-Aware

March 26, 2009, 05:54:22 pm
Reply #230

CkreM

  • Special Access
  • Hero Member

  • Offline
  • *

  • 567
Mal-Aware

March 26, 2009, 06:24:19 pm
Reply #231

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Redirects to exploits:
Code: [Select]
http://vniic.by.ru
Code: [Select]
http://rootastic.by.ru
Code: [Select]
http://gav-posad.by.ru
Code: [Select]
http://fastfood.by.ru
Code: [Select]
http://nemiroff.by.ru
Code: [Select]
http://kkff.by.ru
Code: [Select]
http://amirag.by.ru

All of them are at the same host :

http://www.malwaredomainlist.com/mdl.php?inactive=&sort=Date&search=87.242.78.57&colsearch=All&ascordesc=DESC&quantity=50&page=0

Whos has time to check more domains from this ip ?

http://www.bfk.de/bfk_dnslogger.html?query=87.242.78.57#result
Ruining the bad guy's day

March 26, 2009, 09:24:56 pm
Reply #232

CkreM

  • Special Access
  • Hero Member

  • Offline
  • *

  • 567
Redirects to exploits:
Code: [Select]
http://vniic.by.ru
Code: [Select]
http://rootastic.by.ru
Code: [Select]
http://gav-posad.by.ru
Code: [Select]
http://fastfood.by.ru
Code: [Select]
http://nemiroff.by.ru
Code: [Select]
http://kkff.by.ru
Code: [Select]
http://amirag.by.ru

All of them are at the same host :

http://www.malwaredomainlist.com/mdl.php?inactive=&sort=Date&search=87.242.78.57&colsearch=All&ascordesc=DESC&quantity=50&page=0

Whos has time to check more domains from this ip ?

http://www.bfk.de/bfk_dnslogger.html?query=87.242.78.57#result

thats what ive been doing in the last few days :)
think i covered like 70% :P
Mal-Aware

March 27, 2009, 02:24:45 am
Reply #233

XiTri

  • Jr. Member

  • Offline
  • **

  • 24
Code: [Select]
http://rifnasax.cn/nuc/index.php
http://rifnasax.cn/nuc/spl/pdf.pdf
http://rifnasax.cn/nuc/exe.php
may be offline
Code: [Select]
http://livestats.co.cc/script.js

March 28, 2009, 05:53:35 pm
Reply #234

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Code: [Select]
http://krona98.biz/opi/http://wepawet.cs.ucsb.edu/view.php?hash=03236ee924ddc9d03c2f11d176e3775c&t=1238262446&type=js

Code: [Select]
http://krona98.biz/opi/load.php?id=4http://www.virustotal.com/analisis/0f51acface4b59ccc14b48cd92beaaac 1/39
VBA32    3.12.10.1    2009.03.27    Worm.Win32.AutoRun.oik
Ruining the bad guy's day

March 29, 2009, 06:54:46 am
Reply #235

XiTri

  • Jr. Member

  • Offline
  • **

  • 24
Code: [Select]
http://ru98.biz/cgi-bin/wtsin.cgi?id=4
http://krona98.biz/ins/index.php
http://krona98.biz/myy/cache/readme.pdf
http://krona98.biz/myy/cache/flash.swf
http://krona98.biz/myy/load.php?id=4
http://krona98.biz/myy/load.php?id=5

March 30, 2009, 12:07:51 pm
Reply #236

CkreM

  • Special Access
  • Hero Member

  • Offline
  • *

  • 567

rogue:

Code: [Select]
http://systemsecuritytool.com
http://system-tuner.net
http://getpcguard.com
http://systemsecurityonline.com

exploits+trojan:
Code: [Select]
http://blufda.com/
http://wepawet.iseclab.org/view.php?hash=9f5b70106e995d5f7a4e842f54cc3c29&t=1238414305&type=js
Mal-Aware

March 30, 2009, 06:48:57 pm
Reply #237

CM_MWR

  • Special Members
  • Hero Member

  • Offline
  • *

  • 319
Code: [Select]
http://216.12.168.138/1/getexe.php?h=11
http://216.12.168.138/1/getfile.php?f=pdf
http://216.12.168.138/1/helper.xml
http://66.90.101.177/ldr/files/part.exe
http://66.90.101.177/ldr/files/minisvr4.exe
http://66.90.101.177/ldr/files/zchMiB.exe
http://basesrv.net/base/install.lib
http://basesrv.net/base/ntdll.exe
http://basesrv.net/bin/in.php
http://basesrv.net/bin/load.php?id=1
http://basesrv.net/bin/load.php?id=6
http://basesrv.net/bin/pdf.php
http://basesrv.net/load/ld.php?v=1&rs=76487-OEM-0083836-249893693295087&n=1&uid=1
http://basesrv.net/load/ld.php?v=1&rs=76487-OEM-0083836-249893693295087&n=1&uid=1&cc=0
http://basesrv.net/load/ld.php?v=1&rs=76487-OEM-0083836-249893693295087&n=1&uid=1&cc=0&cc=0
http://basesrv.net/load/ld.php?v=1&rs=76487-OEM-0083836-249893693295087&n=1&uid=1&cc=0&cc=0&cc=0
http://basesrv.net/update/delcache.exe
http://basesrv.net/update/load.exe
http://basesrv.net/update/loader_del.exe
http://basesrv.net/update/svchost.exe
http://bestfindahome.cn/findmeale.html
http://bestfindahome.cn/home.html
http://bestfindahome.cn/searchn.html
http://bizoplata.ru/monitoring.html
http://bizoplata.ru/onservice.html
http://bizoplata.ru/pay.html
http://nameashop.cn/in.cgi?income13
http://newsantimalware.com/720/load.php
http://nikodomain.info/in/init.php
http://pakras.com/c6p7fnqd/404.php
http://pakras.com/c6p7fnqd/flash.php
http://pakras.com/c6p7fnqd/getexe.php?h=11
http://pakras.com/c6p7fnqd/info.php
http://pakras.com/c6p7fnqd/pdf.exp.php
http://pakras.com/las/3rkour.dat
http://pakras.com/las/mp.dat
http://pakras.com/las/tos.dat
http://rec.bestrevenue.net/get_93.php?p=148
http://rec.bestrevenue.net/get_93.php?p=152
http://rec.bestrevenue.net/get_93.php?p=155
http://rec.bestrevenue.net/get_93.php?p=156
http://rec.bestrevenue.net/get_93.php?p=157
http://rec.bestrevenue.net/get_93.php?p=162
http://reddii.ru/traffic/sploit1/?263bYYYbaYtbt
http://reddii.ru/traffic/sploit1/getexe.php?h=11
http://reddii.ru/traffic/sploit1/getfile.php?f=swf
http://rifnasax.cn/nuc/exe.php
http://rifnasax.cn/nuc/index.php
http://rifnasax.cn/nuc/spl/pdf.pdf
http://sadcwed.hostindianet.com/cache/flash.swf
http://sadcwed.hostindianet.com/cache/readme.pdf
http://sadcwed.hostindianet.com/index.php
http://teleporn.net/fix.exe?id=EB52EAEE-B8A4-45F1-AE06-1918472E1B0D
http://teleporn.net/rep.php?id=EB52EAEE-B8A4-45F1-AE06-1918472E1B0D
http://teleporn.net/stat/cache/flash.swf
http://teleporn.net/stat/cache/readme.pdf
http://teleporn.net/stat/index.php
http://teleporn.net/stat/load.php?id=0
http://teleporn.net/stat/load.php?id=4
http://ultradant.cn/dis9/index.php
http://ultradant.cn/dis9/load.php
http://zzzz.hostindianet.com/load.php?id=0
http://zzzz.hostindianet.com/load.php?id=4

Code: [Select]
http://66.90.101.177/ldr/files/minisvr4.exe
http://66.90.101.177/ldr/files/part.exe
http://66.90.101.177/ldr/files/zchMiB.exe
http://74.55.52.170/p1212/2.0/w.bin?226179
http://92.62.101.118/40E8001430303030303030303030303030303030303031306C0000003766000000007600000642EB0005302663788C
http://92.62.101.118/40E8001430303030303030303030303030303030303031306C0000016666000000007600000642EB0005301D414F5C
http://94.247.2.122/2.gif?nocache=0.3735362
http://94.247.2.122/2.gif?nocache=0.9495566
http://94.247.2.122/2.gif?nocache=1.401764E-02

Code: [Select]
forwrd.h15.ru.e09f1b7882de0743.beencn.cn/china.cn/
forwrd.h15.ru.e09f1b7882de0743.beencn.cn/cp/l/15/02c9be1ab189280058cd0585b0abebc8
forwrd.h15.ru.e09f1b7882de0743.beencn.cn/cp/l/3/275eefe4b40b934bedd87eb81b293bfd
forwrd.h15.ru.e09f1b7882de0743.beencn.cn/cp/r/15/02c9be1ab189280058cd0585b0abebc8
forwrd.h15.ru.e09f1b7882de0743.beencn.cn/cp/r/3/275eefe4b40b934bedd87eb81b293bfd
forwrd.h15.ru.e09f1b7882de0743.beencn.cn/cp/t
forwrd.h15.ru.e09f1b7882de0743.beencn.cn/g/g.php?1
forwrd.h15.ru/
forwrd.h15.ru/g/ch.gif?funnyst8

oligarh.territory.ru.b3675abf54988eef.axa3.cn/cp/l/13/85cd1675de836a8cbe767019adf63929
oligarh.territory.ru.b3675abf54988eef.axa3.cn/cp/l/15/6e107936d7e25cee0060e938e9b23a2a
oligarh.territory.ru.b3675abf54988eef.axa3.cn/cp/l/3/fa49ddccad9bc56cd081c69078d04b8e
oligarh.territory.ru.b3675abf54988eef.axa3.cn/cp/r/13/85cd1675de836a8cbe767019adf63929
oligarh.territory.ru.b3675abf54988eef.axa3.cn/cp/r/15/6e107936d7e25cee0060e938e9b23a2a
oligarh.territory.ru.b3675abf54988eef.axa3.cn/cp/r/3/fa49ddccad9bc56cd081c69078d04b8e
oligarh.territory.ru.b3675abf54988eef.axa3.cn/cp/t
oligarh.territory.ru.b3675abf54988eef.axa3.cn/elanguage.cn/
oligarh.territory.ru.b3675abf54988eef.axa3.cn/g/g.php?1

March 30, 2009, 10:22:27 pm
Reply #238

CkreM

  • Special Access
  • Hero Member

  • Offline
  • *

  • 567
Mal-Aware

March 31, 2009, 11:14:51 am
Reply #239

GmG

  • Special Members
  • Full Member

  • Offline
  • *

  • 92
Code: [Select]
http://steer2.co.uk/im/172.exe
http://steer2.co.uk/im/88.exe
http://steer2.co.uk/im/adv.exe
http://steer2.co.uk/im/avscan.exe
http://steer2.co.uk/im/podmena.exe