Malware Domain List

Malware Related => Malicious Domains => Topic started by: cconniejean on November 19, 2008, 08:35:36 am

Title: cashsurfing.biz
Post by: cconniejean on November 19, 2008, 08:35:36 am
Code: [Select]
hxxp://cashsurfing.biz/index.php?username=farznik
AntiVir alert for recognition pattern of the HTML/Crypted.Gen HTML script virus.

0x0 iframes on bottom of page:
Code: [Select]
Malicious 0x0 iframes:
1. 'hxxp://yahoo-analytics.net/count.php?o=2'
The yahoo one now redirects to:'hxxp://chtest.gooanal(dot)net/?o=2'

2. 'hxxp://pinoc.org/count.php?o=2'
Redirects to: 'hxxp://www.com.org/?not_found=pinoc.org'

3. 'hxxp://google-analyze.org/count.php?o=2'
Redirects to: 'hxxp://chtest.gooanal.net/?o=2
Title: Re: cashsurfing.biz
Post by: sowhat-x on November 19, 2008, 08:39:36 am
Thanks cconniejean  :)
For the record,there was a "gooanal" domain spreading pdf exploits couple days ago as well...
Quote
hxxp://2.gooanal.net/sis/getfile.php?f=pdf
Title: Re: cashsurfing.biz
Post by: sowhat-x on November 19, 2008, 11:46:05 am
And another "gooanal" pdf sample...
Quote
hxxp://rent1.gooanal.net/frd/getfile.php?f=vispdf
Result: 6/36 (16.67%)
http://www.virustotal.com/analisis/74ff44a02678d6da8f079cdefcd4c395
Title: Re: cashsurfing.biz
Post by: cconniejean on November 19, 2008, 12:30:31 pm
Thank you. When CashSurfing was first reported on our forum a contact was sent to the site owner. The contact page also has this on it too. Thanks again for the assistance.