Author Topic: daily something......  (Read 832724 times)

0 Members and 4 Guests are viewing this topic.

April 11, 2009, 12:12:46 pm
Reply #300

neoark

  • Newbie

  • Offline
  • *

  • 1
Found the whole list not sure if some of them are already included or not.

Quote
hxxp://193.138.172.15/salo/?16de305069114a106409128eb3bb985b8d4d98674d1376589cbccfd886874a6072e088f250fa24f1270c05764cfe398e75b8936c7cd308dcfab00d2d5beafff0 DIRECT/193.138.172.15
hxxp://193.138.172.15/salo/?27a2f14df1d2659997c6434cebe6df547dff29131b9812ee9e49a3402a2c9a0cd6fc3e067512f7802e3b072473443089755efbe378162268855fb15dd41ddd1b DIRECT/193.138.172.15
hxxp://193.200.255.19/%7Etimchenko/cms/cache/readme.pdf DIRECT/193.200.255.19
hxxp://194.165.5.20/sp/7.pdf DIRECT/194.165.5.20
hxxp://1st.abdulabah.cn/cache/readme.pdf DIRECT/210.83.85.100
hxxp://1st.abdulabah.cn/cache/readme.pdf DIRECT/213.182.197.229
hxxp://202.73.57.6/tomi/?1643bf49f40997de68d1f717b843a34e44612930cf3f24bc08ef9b738eb345962032326f97041b59e6df8f3d76d59a24c4f6a58f05e382fdab2fd26adc9ff32e DIRECT/202.73.57.6
hxxp://78.129.166.5/%7Exqz/sp/include/spl.php?stat=Windows%20XP%7CInternet%20Explorer%206.0%7CFR%7C82.123.93.80 DIRECT/78.129.166.5
hxxp://7ioi.biz/fo/spl/pdf.pdf DIRECT/213.182.197.236
hxxp://94.247.2.122/us.pdf DIRECT/94.247.2.122
hxxp://94.247.2.195/news/?id=2 DIRECT/94.247.2.195
hxxp://96.0.13.1/jms/sploits/test.pdf DIRECT/96.0.13.1
hxxp://alibaster-lab.com/ku4ka/?06f069b34f8391ebb6b30bea77dd544a00c51b31052c162535b1651701bdbc8d795bfdad269883f3bcffd34481d4b002aaf7794493ec9d458a16526e53f4ec55 DIRECT/195.216.175.114
hxxp://alibaster-lab.com/ku4ka/?7d175e916943129c063df2755092f4b03b2adbfd3e07325549fca0a004193bfa99ae001fc45d8818ca91c9481393fed02d8b28ebdae25d1f20086790abf0268b DIRECT/195.216.175.114
hxxp://alibaster-lab.com/ku4ka/?9818afdf8dbc7d26f9aabec45e66429d94873736ab28091bbb95c1235df09ff235048abe2ac286d7851421c916604e1e59f310a08ccf84738e202c7f65937144 DIRECT/195.216.175.114
hxxp://alibaster-lab.com/ku4ka/?a57de90806f02a6a9ba60c5bac2c4d51ec994e0838e76879965e0c6e13f3c9d53ecd0a3c929c1e690a2265ad262cf425f67d010dae21fceee3b6936e2ad19367 DIRECT/195.216.175.114
hxxp://alibaster-lab.com/ku4ka/?a60c2ced642a47a04cd3634efa5b32f6c37a5cb5d6b7d1f5a622043c740820680b775ce5864eda801bfbaf4e9103274485bf9850fd25fab793128ef89b627ff9 DIRECT/195.216.175.114
hxxp://alibaster-lab.com/ku4ka/?a6904e4daaa45b62e2fa3ae37946f807ac9d22f59134e91022bae9cc14af2199bbf44dcb587cc57da04cede8328127ac499f78642beab317ff768ade8ee96872 DIRECT/195.216.175.114
hxxp://alibaster-lab.com/ku4ka/?aa31ae54c455d5239ce8bb7e052ccede8faec050044695efb05e8996930cf3e12bef660d5aa4e84e3cf9ccd70e801a257bb73f2dc33d10dd91cbbb0dd183a26c DIRECT/195.216.175.114
hxxp://alibaster-lab.com/ku4ka/?b36ae95f732ef6b87311f229bdf95b0285a346a85f964afc81c8f60a5c48a26bb4e4d9b2317ad66fe4553096ff7127ce21ae1e0ec034949ab48a4e7329ead9ae DIRECT/195.216.175.114
hxxp://alibaster-lab.com/ku4ka/?bf18df2f1a8515e59f6c5f41f9bd781cd913576ea4528b5fbc5b44d826febf794b8169fd7255691b7e6049c25f476480bee770e5b4d7a378c08c9228f9331592 DIRECT/195.216.175.114
hxxp://alibaster-lab.com/ku4ka/?c6b768850be96601249400e780d182e2144a43bb61f65f21cd570e567ccad8becf5dad7a9263b79962f824df94ca90c7a1e3d7efc00ea82fde510bcbf9a907c2 DIRECT/195.216.175.114
hxxp://alibaster-lab.com/ku4ka/?d8a5c5296b9ac376636d2c4c549f59ee6c4d990aba09bc735e122abcc14cc8ca891a5c0a7d44cd5fcaa100f0beac0da93097230c3f47c8e9ef3193e393c9cdd3 DIRECT/195.216.175.114
hxxp://alibaster-lab.com/ku4ka/?ecde4e68294d2139b61c47fa902a47fff0a30d57e062e38694ff262a2fe762dee88d5243393bf613dd04d32fb97cd38aa3de05223e7192b83fbbdfa870aa5a68 DIRECT/195.216.175.114
hxxp://bankitrade.com/exp/s/i.pdf DIRECT/95.129.145.242
hxxp://basesrv3.net/bin2/pdf.php DIRECT/91.212.41.90
hxxp://basesrv3.net/bin/pdf.php DIRECT/91.212.41.90
hxxp://basesrv.net/bin/pdf.php DIRECT/91.212.41.90
hxxp://bdsm-movies.info/33/cache/readme.pdf DIRECT/216.195.40.120
hxxp://bestyourown.cn/sploits/pdf.php?id=2 DIRECT/64.86.16.8
hxxp://bigtopescorts.cn/cache/readme.pdf DIRECT/94.247.3.151
hxxp://blufda.com/c94mee22/pdf.exp.php DIRECT/78.26.179.66
hxxp://blufda.com/rro69s6x/pdf.exp.php DIRECT/78.26.179.66
hxxp://bytenetcom.cn/nuc/spl/pdf.pdf DIRECT/91.203.4.106
hxxp://casinoslotbet.cn/cache/readme.pdf DIRECT/94.247.3.151
hxxp://checkantiddos.info/f/spl/pdf.pdf DIRECT/213.182.197.229
hxxp://darkslim.cn/1/cache/doc.pdf DIRECT/118.126.4.86
hxxp://dolpassgiven.ru/3/pdf.php DIRECT/91.212.41.209
hxxp://exploitbla.biz/include/spl.php?stat=Windows%20XP%7CInternet%20Explorer%206.0%7CFR%7C83.202.72.17 DIRECT/78.129.166.5
hxxp://famajormusic.ru/jjkj/pdf.php DIRECT/91.212.41.209
hxxp://firstgate.ru/33/cache/readme.pdf DIRECT/216.195.40.117
hxxp://ghrgt.hostindianet.com/cache/readme.pdf DIRECT/94.247.3.151
hxxp://hyperliteautoservices.cn/cache/readme.pdf DIRECT/94.247.3.151
hxxp://illegaltopcounters.ru/1/pdf.php DIRECT/95.129.144.13
hxxp://ispacemac.ru/1/pdf.php DIRECT/91.212.41.209
hxxp://kovsutap.cn/na/pdf.php DIRECT/91.212.41.102
hxxp://krona98.biz/opi/cache/readme.pdf DIRECT/91.203.4.59
hxxp://letomerin.cn/x0/spl/pdf.pdf DIRECT/213.182.197.235
hxxp://letomerin.cn/x0/spl/pdf.pdf DIRECT/78.109.25.216
hxxp://liteautofinestsite.cn/cache/readme.pdf DIRECT/94.247.3.151
hxxp://liteautorepair.cn/cache/readme.pdf DIRECT/94.247.3.151
hxxp://litebest.cn/cache/readme.pdf DIRECT/94.247.3.151
hxxp://litedownloadfinest.cn/cache/readme.pdf DIRECT/94.247.3.151
hxxp://litehitscar.cn/cache/readme.pdf DIRECT/94.247.3.151
hxxp://myfucking-pussy.com/tyrek/?08af957e26feebebaeb788d5cd4e0bce59d419a38c684b6284399e6f4266ecf617b7cbbc629c1ae6dcbc5d1308b8f7a0f4bc729239e9bc619e35869086f85d91 DIRECT/72.233.79.18
hxxp://myfucking-pussy.com/tyrek/?2200182aeb20dafdb47df1ddb4c819a8c4fbb5aa86c643a6ab01604ed81d4bdc22b4f578326e3fb577f9f18ddef1629c91ee8f8100f8d97b6298ff1ccb758022 DIRECT/72.233.79.18
hxxp://myfucking-pussy.com/tyrek/?26b5416cc91f58dc7c02a0fe304439184eb065a196467bf930f38148f19b82399f69437a2fef5aee53c9f38630d78d58dbf9c126b99969cd37644c624b2bf7e9 DIRECT/72.233.79.18
hxxp://myfucking-pussy.com/tyrek/?2b0ea2e40df93fd74b3090538c69990b533e402b6d40de4e1bd59f11e1c0b5a5539ea0e297dd79c0da7080ab1b9a997adb28b5a5fb1bfda4c9e574f158cae17b DIRECT/72.233.79.18
hxxp://myfucking-pussy.com/tyrek/?2c93b5539de28316012cf3c43ae2e0899193b20165672972af0703842b882c4cd653d6678404ec1b9b9e34794de15e047ebc488e31572e5a208bad33b0509eea DIRECT/72.233.79.18
hxxp://myfucking-pussy.com/tyrek/?2ef099bd359071ac46865dd01cdbd5fb8119b1a6c7b40e53560e37666231a2adb2faecf9b8751c19afa607c470c6feb11409168ffd87adb4066f0e79b0eb5746 DIRECT/72.233.79.18
hxxp://myfucking-pussy.com/tyrek/?45215b094440c6bdbc3a79e93561bca421fa2609fa75023f6083d23c1484dec389155714563636e200f5f3e5f1756b36c791e52c8e9da926310f42bc2e912727 DIRECT/72.233.79.18
hxxp://myfucking-pussy.com/tyrek/?4868406547514fc3c03e2c2cf7c3ecabbc6cc12a3b518a186c5837cf5297b9673e5444e84d888159e02754192054464210434a34f3b3c879035fc60745eeb815 DIRECT/72.233.79.18
hxxp://myfucking-pussy.com/tyrek/?595774b8b2f4672ba31f4ead701dc4ad4209ecec783cc7183ae504c40187203e7d0e66a1ee4c846d45573cda11fe0cc711a9b87f43a4b427f6f85e91f1eb30e9 DIRECT/72.233.79.18
hxxp://myfucking-pussy.com/tyrek/?626a25588a38f82452d5822340b84679b2dffea91b01be8f36a51363dccab07749a2e27780f195671c4e4c15056cf17192b17c4760d0874dbd00efec356c4497 DIRECT/72.233.79.18
hxxp://myfucking-pussy.com/tyrek/?7095d071692e927060e60d0bc637cec2be3223e6fe11ee05f10e23cbc4fc5bee921e6cf5579ac960235f7dc64eb81ca7bbd88c635afb8864c6c8f945e4e7d302 DIRECT/72.233.79.18
hxxp://myfucking-pussy.com/tyrek/?7482db71fcfa7db49e23e1553c2b433b9f4da51e9b2fe2460a20c43117aa8662ceeb0e844f7451a136dd122114b89a86eac384e28ba1a3fac6547a215327eebc DIRECT/72.233.79.18
hxxp://p0rn-movies.com/77/cache/readme.pdf DIRECT/91.212.41.102
hxxp://paksusic.cn/nuc/spl/pdf.pdf DIRECT/91.212.65.7
hxxp://projectns.biz/sploits/pdf.php?id=2 DIRECT/91.206.226.41
hxxp://qicdator.cn/nuc/spl/pdf.pdf DIRECT/91.212.65.7
hxxp://rifnasax.cn/nuc/spl/pdf.pdf DIRECT/91.212.65.7
hxxp://secondgate.ru/77/cache/readme.pdf DIRECT/216.195.56.149
hxxp://seotraff.biz/cms/cache/readme.pdf DIRECT/193.200.255.19
hxxp://siplank.com/qqp/pdf.php DIRECT/209.44.126.62
hxxp://stats-analytics.cn/lera/?2b4a9572ff7310be2b53663701857cdb29c08df5d86020af263785aa02c9158b1c1fcbc6d92b1199afcc514ab5210c2b67a1f94d844e344d0cac9e3711d3cf64 DIRECT/94.232.248.51
hxxp://stats-analytics.cn/lera/?2c77f0edd917158b3213735a7a8b5fc01e689fc9e7982a67ce485344c701c57ff78f4a985f1d65c06361192592d28593bbce8be327029114a997a36624fc120b DIRECT/94.232.248.51
hxxp://stats-analytics.cn/lera/?30d68f7627e7966b6b53f697876d432d80f4297b61f2528b4c5d7d9d3e9fac08113794f5db25cc9e8f0b816016d5ab17035d91547bfdefab078d6b847a079da6 DIRECT/94.232.248.51
hxxp://stats-analytics.cn/lera/?3cca334cbb795f89bf718e1b994f133610a4caddf301ea4220113c863f59cca50cdefda9a607cec73cbf691d37b9e15f4ad50c00d39ec521ca6b02cf3dabe305 DIRECT/94.232.248.51
hxxp://stats-analytics.cn/lera/?5b18cdb699e3855f2dc0c0b4fcced806470f26ba806317ea1decffd3ac05e7140c556f72cc6ad7a3bbccb04aeab467986801367498c4b2815f4176af31da87af DIRECT/94.232.248.51
hxxp://stats-analytics.cn/lera/?670bb9759520482dc9428639faa3b88e917c31ed3c72be4e6ae6822f187aa14e6b75d689c9a89b5950f6501a98faa5693af640753dcffcdbd84d96e298b03dbc DIRECT/94.232.248.51
hxxp://stats-analytics.cn/lera/?6c4edbbde1079a141f222f317462eae4257d6b70b2bb4cb873bf3fd8bc03ab5d0c41e68c4e66d3ab6a790e97d6c05e9367eec5ee4e5c93e8911352c50f71a5e3 DIRECT/94.232.248.51
hxxp://stats-analytics.cn/lera/?924790525309dec3e79471a120b3d4e58874eb7e0b7986865f637467b023b120edb1f0c242159c63b2e685d5c3029c5f6a0e633b9d11191decaf9f05e5129b03 DIRECT/94.232.248.51
hxxp://stats-analytics.cn/lera/?c4208aeddcbdc2559b016827733b8b11cffc038505fe08852fca694c7fd06ef0cd56b0a69a69a70a6816ac602182e3f0ebf5a77ab0775bdd9ddef43df7dcd322 DIRECT/94.232.248.51
hxxp://stats-analytics.cn/lera/?c771c57144bf5721b1e30df8f9790430abec4c730132c06965d939dd3f431a68717a6336bcf6c44e6fb52ebd63cf275d4022cd59321f6b818900a06c04ac573a DIRECT/94.232.248.51
hxxp://stats-analytics.cn/lera/?cdc72a9e29fa2202c913c84c28672f25413aae316898ed78cfc12f85e970b18e28f6c53f345f1cb5c11b342fc2df80c0c0c1ea15a8d210bade54ad00d0c48061 DIRECT/94.232.248.51
hxxp://time-for-mumpreneurs.site90.net/images/acs.php DIRECT/64.235.47.65
hxxp://tochtonenado.com/yes/include/spl.php?stat=Windows%20XP%7CInternet%20Explorer%206.0%7CFR%7C82.123.231.245 DIRECT/95.129.144.228
hxxp://tochtonenado.com/yes/include/spl.php?stat=Windows%20XP%7CInternet%20Explorer%206.0%7CFR%7C82.123.80.121 DIRECT/95.129.144.228
hxxp://tusset.de/z/pdf.php?t=4%20&znk@%20l=700 DIRECT/88.84.137.164
hxxp://vestelia.com/qqp/pdf.php DIRECT/209.44.126.62
hxxp://www.murka-best.com/include/spl.php?do=foxit DIRECT/122.224.5.189

All of the above are pdf/java exploits.

April 11, 2009, 01:59:28 pm
Reply #301

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Found the whole list not sure if some of them are already included or not.


Most of those urls have already been at the list.

It looks like Malekal's exploit list.
Ruining the bad guy's day

April 11, 2009, 11:32:53 pm
Reply #302

Malware-Web-Threats

  • Special Members
  • Hero Member

  • Offline
  • *

  • 354
    • MalwareURL
193.111.244.21

Exploit (util.printf) - Wepawet

Code: [Select]
hxxp://onlinepharmacy4you.org/65/iepdf.php?f=new
Trojan

Code: [Select]
hxxp://onlinepharmacy4you.org/65/load.php
hxxp://www.kandidatov.net/1/p.exe
VirusTotal 35/40 (87.5%)

Anubis

April 12, 2009, 05:06:58 am
Reply #303

CkreM

  • Special Access
  • Hero Member

  • Offline
  • *

  • 567
Zbot
Code: [Select]
finik.us/live/load.php?e=1http://www.virustotal.com/analisis/f081994ac023069ebe47ddd949adc743
Rogue:
Code: [Select]
http://www.chorussoft.com/install.exehttp://www.virustotal.com/analisis/a06a11e5549f88f483d564c2582ccc97

This IP is full of rogue:
http://www.bfk.de/bfk_dnslogger_en.html?query=64.191.12.38#result
the ones that aren't in MDL
Code: [Select]
ms-antispyware2009.com
pro-antispyware2009.com
http://files.load-antivir-pro-pc.com/release/setup.exe
totalantispyware2009.com
totalantispyware.com
system-cleanerpro.com
syscleanerpro.com
totalantispyware.net

other Rogue:

Code: [Select]
http://ugh-softwares.com/promo.exe
http://gdfshgfh.com/promo.exe
http://uniquexporn.com/promo.exe
http://www.virustotal.com/analisis/14a94fb9a291d16fbbade9a078d67846

Code: [Select]
http://bonuspromooffer.com/srm/adv/142/?a=cspsant1p&l=273&f=cs_7175823974&ex=&ed=⊂=&prodabbr=USRM
Mal-Aware


April 12, 2009, 05:29:01 pm
Reply #305

CkreM

  • Special Access
  • Hero Member

  • Offline
  • *

  • 567
the last one which leads to http://seofucking.com/vavilon/load.php is ambler trojan
Mal-Aware

April 13, 2009, 07:19:24 am
Reply #306

Malware-Web-Threats

  • Special Members
  • Hero Member

  • Offline
  • *

  • 354
    • MalwareURL
195.88.80.41

Code: [Select]
hxxp://slk-downloads.com/promo.exe
VirusTotal: Trojan 7/40 (17.5%)

76.73.21.186

config:
Code: [Select]
http://76.73.21.186/ldr/loadList.php?version=1
files:
Code: [Select]
hxxp://76.73.21.186/ldr/dl/zchMiB.exe
hxxp://76.73.21.186/ldr/dl/part.exe
hxxp://76.73.21.186/ldr/dl/minisvr4.exe (not found)
hxxp://76.73.21.186/ldr/dl/clkw.exe
hxxp://76.73.21.186/ldr/dl/websvr.exe

VirusTotal results:

zchMiB.exe - Trojan Autoit 21/39 (53.85%)
part.exe - Trojan Autoit 21/40 (52.5%)
clkw.exe - Trojan Autoit 13/40 (32.50%)
websvr.exe - Trojan Autoit 10/40 (25%)

April 13, 2009, 09:32:38 am
Reply #307

Malware-Web-Threats

  • Special Members
  • Hero Member

  • Offline
  • *

  • 354
    • MalwareURL
194.165.4.77

Code: [Select]
hxxp://loyal-porno.com/scan/?
hxxp://loyal-porno.com/tube/?
hxxp://loyal-porno.com/codec.exe

1) Fake Scanner Page
2) Fake Codec Page
3) Trojan

VirusTotal 7/40 (17.5%)

April 13, 2009, 11:33:33 am
Reply #308

Malware-Web-Threats

  • Special Members
  • Hero Member

  • Offline
  • *

  • 354
    • MalwareURL
91.212.41.119

Code: [Select]
hxxp://tixwagoq.cn/in.cgi?6

redirect to exploit

91.212.41.119

Code: [Select]
hxxp://paylayos.cn/nuc/index.php

which load

Code: [Select]
hxxp://paylayos.cn/nuc/exe.php

then load the flash exploit

Code: [Select]
hxxp://paylayos.cn/nuc/spl/pdf.pdf

to finally load the executable

VirusTotal: Trojan TDSS 8/40 (20.00%)

Redirection Analysis: Wepawet

April 13, 2009, 06:55:31 pm
Reply #309

sparsha

  • Special Members
  • Hero Member

  • Offline
  • *

  • 305
Code: [Select]

http://internetprotectedupdates.com/logo.bmp
http://protectionupdatecenter.com/wincontrol.dll

http://no-virus-pro-scan.com/11041/3/
http://files.pro-load-av-files.com/normal/setup_11041_3_1.exe

best-click-av1.info
http://download.best-click-av1.info/en/PE/install.exe

http://files.load-ms-av-soft.com/exe/setup_1_2_1.exe

http://dl.super-top-scan-pro.com/get/?pin=0&lnd=0&type=main
http://dl.anispy-storage-ms.com/get/?pin=0&lnd=0&type=main

http://in6iz.com/download/InternetAntivirusPro.exe

April 13, 2009, 07:14:24 pm
Reply #310

Malware-Web-Threats

  • Special Members
  • Hero Member

  • Offline
  • *

  • 354
    • MalwareURL
other links for "best-click-av1.info"

Code: [Select]
http://download.best-click-av1.info/install.php?campaign=mmb_227523872&country=en&counter=4&campaign=mmb_227523872&landid=4
http://download.best-click-av1.info/en/PE/N1.CAB
http://download.best-click-av1.info/en/PE/QWProtect.dll
http://download.best-click-av1.info/en/PE/svchost.exe

VirusTotal: Trojan FraudLoad 33/40 (82.5%)
VirusTotal: Trojan FraudLoad 11/39 (28.21%)
VirusTotal: Trojan 25/38 (65.79%)
VirusTotal: Trojan FakeAlert 28/38 (73.68%)

April 13, 2009, 07:14:56 pm
Reply #311

sparsha

  • Special Members
  • Hero Member

  • Offline
  • *

  • 305
Sites related to Vxgame Trojan

Code: [Select]
http://onlinescanxp.com/?a=conf&code=502
antivirusxppro-2009.com
5-renus2008.com
http://free-web-scaners.biz/scan/?code=435


April 13, 2009, 07:31:56 pm
Reply #312

lanvin

  • Special Access
  • Full Member

  • Offline
  • *

  • 55
    • PC Security Labs
hxxp://w1.akc8.com/01/s.exe
hxxp://w1.ys8c.com/01/s.exe
hxxp://down.zhibo8.com/soft/spvod.exe
Welcome to my personal blog
http://www.pcsecuritylabs.net/jeffrey/

April 13, 2009, 09:32:06 pm
Reply #313

CkreM

  • Special Access
  • Hero Member

  • Offline
  • *

  • 567
Mal-Aware

April 14, 2009, 04:09:42 pm
Reply #314

sparsha

  • Special Members
  • Hero Member

  • Offline
  • *

  • 305
Sites related to Rogue security applications

Code: [Select]
system-cleaner.net/load/setup.msi
tantispyware.com/load/setup.msi
webantispy.com/load/setup.msi
pantispyware09.com/dwn/setup.exe