Malware Domain List

Malware Related => Malicious Domains => Topic started by: JohnC on April 28, 2009, 09:21:35 pm

Title: A little mix
Post by: JohnC on April 28, 2009, 09:21:35 pm
old-partner.com      Promotes installs of malware
3xlvip.com      Promotes installs of malware
bestsoftlive.com         Exploits
astrofonix.com         Exploits
astrofonix.com/zui_files/system.exe        Trojan-Spy.Zbot.psx
1st.abdulabah.cn/index.php         Exploits
tesenmir.ru         Exploits
whenudownloads.com/vvsn/prod/AdVantageInstallerInst.exe       AdWare.SurfAccuracy.ar
video-go.net/go/go.php?sid=1        FakeRean
xxxtube.freehostia.com/        FakeRean
mp3diary.com/tds/go.php?sid=1        FakeRean
tubemov.com        FakeRean
movfree.com        FakeRean
uploadmoviez.com/codec/140.exe        FakeRean
popka-klass.net        Worm.Koobface
burumba.net/go.php?sid=9        Worm.Koobface
hxviewworldmy1.com/view/1/1244/0        Worm.Koobface
billingpayment.net/pp/?id=         Rogue
videoadobe.ru/forum/        Exploits
xcount.cc/ads/in.cgi?13        Exploits
sandiiegoexpo.ru/expocity.html        Exploits




inactive/remove

lafi.babjr.cn/index.php
www.fifa.babjr.cn/index.php
Title: Re: A little mix
Post by: JohnC on April 29, 2009, 04:02:22 pm
fuse4scan.info/22/?uid=keyin       Rogue
fuse4scan.info/download/install.php       Rogue
antiviruspowerfulscannerv2.com        Rogue, multiple IPs  78.47.91.153, 38.99.170.209, 94.102.48.28
proantivirusscanv2.com        Rogue
ns1.proantivirusscanv2.com         NameServer for Rogue sites
ns2.proantivirusscanv2.com         NameServer for Rogue sites
advancedpcscanner.com          Rogue
secure.trustedsoftstore.com/billing/indexSCT.php          Billing for Rogue software
deleteallspyware.com           Rogue
adware-removal-tool.com        Rogue
secure.goldsoftwarestore.com/billing/?product=ADR          Billing for Rogue software
systemguard2009.com        Rogue
gomaldef09.com        Rogue
84.16.251.222/maldef09/setup.php?track_id=10001        Rogue
dlmaldef092.com/maldef09/setup.php?track_id=10001        Rogue
malwaredefender2009.com/download/?track_id=10001        Rogue
secure-data-group.com       Rogue
secure.pnm-software.com/software.php        Rogue
Title: Re: A little mix
Post by: JohnC on April 29, 2009, 09:34:44 pm
download.web-mediaplayer.com/Web-MediaPlayer_setup.php?grpid=2055&tag_id=718&nums=FFjxahBAOb&popt1=1188&popt2=0       NaviPromo / Wintrim
em.pc-on-internet.com/eas?camp=22769&cu=923&ty=ct&popt1=1188&popt2=0       NaviPromo / Wintrim
porntubxxx.com/view.php?r=1188       NaviPromo / Wintrim
runinyour.cn       NaviPromo / Wintrim
refagonhid.cn       NaviPromo / Wintrim
ligevideo.cn       NaviPromo / Wintrim
porno-movies.name/PLAY-MOVIES/PS3-IPOD-MPG5/play.cgi       NaviPromo / Wintrim
fuck-my-dau.com         NaviPromo / Wintrim
myfreeporncash.com        Exploits
Title: Re: A little mix
Post by: JohnC on April 29, 2009, 10:19:47 pm
vids-online.net/video.php?id=Candace_Michelle       Falder
vids-online.net/go.php?sid=4       Falder
vids-online.net/video.php       Falder
sp-files.com/download/6f4c534833673d3decebbc42/VideoCodec.exe       Falder
91.212.65.17/cgi-bin/generator        Malware (Falder) calls home and posts data
adultbeerparty.com        Exploits
cheapslotplay.cn/in.cgi?income47        Exploits
lotbetworld.cn/in.cgi?income36        Exploits
goooogleadsence.biz/?click=124B4BD        Exploits
nanoautofinest.cn/index.php        Exploits
alldrivecleaning.com       Rogue
uplcodecset3.com/codec/228.exe         FakeRean / FraudLoad.ehp
66.36.241.191/_getf_/g.php?q=xxx&id=28362       FakeRean / FraudLoad.ehp
66.36.241.191/_getf_/xxx.html?id=28362       FakeRean / FraudLoad.ehp
66.36.241.191/__counter/go.php?sid=2&tds-sekey=xxx&tds-id=28362       FakeRean / FraudLoad.ehp
24media.org/search.php?q=xxx         Results lead to FakeRean / FraudLoad.ehp
batva.net/in.cgi?2&parameter=xxx      FakeRean / FraudLoad.ehp
trusted-dns.com/nfcleaner.exe       DNSChanger / ATRAPS
Title: Re: A little mix
Post by: JohnC on May 02, 2009, 07:41:04 pm
freshcinemaonline.net/tds/go.php?sid=5        NaviPromo
crackfind.org/install.exe        ZSearch
trafcity.com/in.cgi?4       Exploits
porntubetv.us       Exploits
teenstube.us/one.js       Exploits
insane-teens.com       Exploits

Already in database, but new IP address needs modifying.
visual-porn.com   209.67.210.242   sauron.hostworkz.com
allvidz.net   64.92.169.74   host-64.92.169.74.static.reverse.anchorvps.com

The four below are not currently directing to any malware that I can find, but they have associations with malware sites, and in some cases have links inside to malicious sites which are no longer alive. Such as the pornogurman.com (http://www.malwaredomainlist.com/mdl.php?search=pornogurman&colsearch=All&quantity=50&inactive=on) urls.
adultsyoutube.com
mov2ns.net
handsporn.com
sistagirl.com
Title: Re: A little mix
Post by: JohnC on May 03, 2009, 10:35:30 pm
ugochaves.com/in.cgi?2&parameter=24apr        NaviPromo
banarasmalayalamfilm.com       Exploits
idunpop.com       Exploits
yourlitetop.cn/ts/in.cgi?mozila8       Exploits
alliteautolamps.cn/index.php       Exploits
meghalayadigitals.com       Exploits
specialneedstoday.org       Exploits
jinisethnicgourmet.com/courses.shtml        Exploits
marketakshya.com       Exploits
nipkelo.net        Exploits
nipkelo.net/liloadercdi.php?id=1934464      Sality
a.94saomm.com/js.js        Exploits
58.211.81.143:365/360.cn/rs.htm        Exploits
58.211.81.143:365/360.cn/fff.swf        Exploits
58.211.81.143:365/360.cn/iie.swf        Exploits
58.211.81.143:365/360.cn/x.htm        Exploits
58.211.81.143:365/360.cn/all.css        Exploits
58.211.81.143:365/360.cn/1.htm        Exploits
58.211.81.143:365/360.cn/1.css        Exploits
58.211.81.143:365/360.cn/2.htm        Exploits
58.211.81.143:365/360.cn/2.css        Exploits
58.211.81.143:365/360.cn/3.htm        Exploits
58.211.81.143:365/360.cn/3.css        Exploits
58.211.81.143:365/360.cn/4.htm        Exploits
58.211.81.143:365/360.cn/7.htm        Exploits
58.211.81.143:365/360.cn/7.css        Exploits
58.211.81.143:365/360.cn/newlz.htm        Exploits
58.211.81.143:365/360.cn/newlz.css        Exploits
58.211.81.143:365/360.cn/s.htm        Exploits
58.211.81.143:365/360.cn/office.css        Exploits
58.211.81.143:365/360.cn/office.htm        Exploits
58.211.81.143:365/360.cn/bf.htm        Exploits
58.211.81.143:365/360.cn/bf.css        Exploits
58.211.81.143:365/360.cn/cx.htm        Exploits
58.211.81.143:365/360.cn/uuss.htm        Exploits
58.211.81.143:365/360.cn/bff.htm        Exploits
58.211.81.143:365/360.cn/bff.css        Exploits
61.164.108.99/a.css      Malware
peskostruikaz.com/auq.php?d29f4e=1971906&id=21314263354893       Malware calls home
johnsonbodyshop.com/images/logo.gif?d4ce91=1992359&id=21314263354893       Malware calls home
sunandsea.co.kr/upload/rey.jpg        RFI
Title: Re: A little mix
Post by: JohnC on May 04, 2009, 04:48:43 am
aaaimmigration.com        Exploits
hostads.cn        Exploits
divinets.cn/z/5.htm        Exploits
rifnasax.cn/nuc/index.php        Exploits
sotville.ru        Exploits
sexy-zone.ru/mix/beta/        Exploits
extraspray.com/in.php?        Exploits
cacbuhub.cn/pa.html        Exploits
myrurrly.com/su/in.cgi?3        Exploits
porgacig.cn/sss/in.cgi?7        Exploits
netporn-tube.com/123/27/FFFFFF/48742b6265773d3dddc1b009/FlashCodec/FlashVideo/        DNSChanger
youwillenjoythis.info/x/21.fistin_gay.html       DNSChanger
173.29.235.190/YouTube/setup.exe         Net-Worm.Koobface.he
173.29.235.190/pid=8820/type=videxp/         Net-Worm.Koobface.he
24.23.98.38/YouTube/setup.exe         Koobface.BE
173.32.104.128/YouTube/setup.exe        Koobface.he
69.146.209.162/YouTube/setup.exe        Koobface.he
70.236.74.228/YouTube/Setup.exe        Trojan-Spy.Agent.anap / Koobface
76.99.238.201/YouTube/setup.exe        Koobface.he
82.43.153.137/YouTube/setup.exe        Trojan.Agent2.hgm / Koobface
youtubealert.com/movie.php        Virtumonde / Vundo / Virtum
youtubealert.com/setup.exe      Virtumonde / Vundo / Virtum
ralcofic.cn/3g/        Exploits
uswsw.com/8888/real.html        Exploits
antivirus.vc/?        Exploits
bizoplata.ru/pay.html        Exploits
bizoplata.ru/moun.html        Exploits
bizoplata.ru/palast.html        Exploits
beelposttraning.ru/s/in.cgi?2        Exploits
dolchepopka.ru/ol/in.php        Exploits
teyrebuf.cn/s/in.cgi?2        Exploits
quicksearchnet.com/in.cgi?3&meter=girls+fingering       NaviPromo
findnolimits.com/go.php?sid=1        NaviPromo
0576sf.com/88xz/win.exe       GameOL.yqw
tozxiqud.cn/in.cgi?8        Exploits
cximnik.cn/img1/index.php        Exploits
idealadvertising.org/clicksagent2/        Exploits
divinets.cn/out.php?s_id=1        Exploits
divinets.cn/xts/in.cgi?9        Exploits
karavan.us/bon/index.php        Exploits
91.212.65.138/a/in.php        Exploits
91.212.65.138/a/pdf.php        Exploits
lsiu.info/evo/count.php?o=2        Exploits
lsiu.info/evo/count.php?o=5        Exploits
lsiu.info/evo/count.php?o=7        Exploits
lsiu.info/evo/exploits/x19.php?o=2&t=1241403746&i=1365814122        Exploits
lsiu.info/evo/exploits/x18.php?o=2&t=1241403746&i=1365814122        Exploits
lsiu.info/evo/getexe.exe?o=2&t=1241403746&i=1365814122&e=1        Rabbit.ac / Wigon / Pushdo / Kobcka / Pandex
tixwagoq.cn/in.cgi?12        Exploits
gukgifoc.cn/nuc/index.php        Exploits
gukgifoc.cn/nuc/spl/pdf.pdf        Exploits
teenchickas.com        Exploits
teenchickas.com/pjs.html        Exploits
teenchickas.com/mininova.html        Exploits
teenchickas.com/us.pdf        Exploits
teenchickas.com/0.gif         TaskDisabler
girlteenxxxfreemov.com         Trojan-Downloader.Small.jqz
blogsexnakedgirlxxx.com         Trojan-Downloader.Small.jqz
megacooltubes2009.com/teens/xmovie.php?id=40013         Trojan-Downloader.Small.jqz
kvm-softwares.com/softwarefortubeview.40013.exe         Trojan-Downloader.Small.jqz
antivirus-remote.com        Rogue
lkmpmlm.com/fff9999.php?aid=0&uid=6cbbc5081e7548e276611ff5059df6ed30c8f8f1&os=513        Malware calls home
lkmpmlm.com/ccc_2.php?uid=6cbbc5081e7548e276611ff5059df6ed30c8f8f1&aid=&os=513        Malware calls home
lkmpmlm.com/eee9999.php?aid=0&uid=00cd1a40d41d8cd98f00b204e9800998ecf8427e&os=512         Malware calls home
imageempires.com/perce/064c5b7bbc854008e18e97e54448fea26776e621b10f2f35f025196defd65efd23a07ce83fb8ef114/80f/perce.jpg       Trojan-Downloader.FraudLoad.ehz / TrojanDownloader.FakeAlert.ZI
picturesoffline.com/item/86ccfb2b2c651048211e775514986e728746d681618fff45b0b539ddffb6de8d73c0aca83fc8ef51e/50a/item.gif        Trojan-Downloader.FraudLoad.eil / Renos / TrojanDownloader.FakeAlert.ABF
74.50.104.76/werber/903/216.jpg        Zlob.DGB
200.35.151.36/werber/903/216.jpg       Zlob.DGB
imagesrepository.com/resolution.php        Malware calls home
zone-searching.com/borders.php        Malware calls home
gdfshgfh.com/promo.exe        Waledac / FraudLoad.eeb
cls-softwares.com/suc.php        Malware calls home
rscserv.cn/service/      Malware calls home
findmorepill.com/klik/search.php?q=xxx        Results lead to malware
hottestfiles.com/search/search.php?q=xxx        Results lead to malware
italiavideoclip.com/~fcfcfc/zlzlzlz.exe        FakeAlert.KH
netporn-tube.com/?t_type=teens&id=4a4b4e5151773d3d2ca18652       DNSChanger
bestxmovs.info       DNSChanger
mac-videos.com/play/mac-video.php       (needs Macintosh user-agent)
mac-videos.com/start.html       (needs Macintosh user-agent)
part-owner.net/download/6b72504756673d3d397ccafd/macvideo.dmg       (needs Macintosh user-agent)
cleandownloaded.com/download/6f342f6248773d3dc4e28452/keygen-elite_proxy_switcher_1_07.exe         DNSChanger
uniquexsoftware.com/elite-proxy-switcher-107.html        DNSChanger
infodist1.com/in.cgi?11&parameter=404           <------ Already in the database but the IP needs modifying, new IP is 64.27.5.163
Title: Re: A little mix
Post by: JohnC on May 04, 2009, 05:30:10 pm
litefinestdirect.cn/ts/in.cgi?mozila5         Exploits
featherlitecarcare.cn/index.php         Exploits
adulttopzone.com         Exploits
fremoperka.com/embded/zend.php         Delf
fenomen-games.com/dfiles/WildTribe_dwn.exe      Adware FenomenGame.pxg
goasi.cn/ex/0032.exe       Trojan-Downloader.Injecter.cqd
goasi.cn/update/fix.txt       Kobcka / Wigon / Pandex / Cutwail / Pushdo
goasi.cn/sys/index.php?id=0005        Exploits
goasi.cn/mega/lgate.php?n=EA6FA0FF48DE8001       Malware calls home
goasi.cn/dll/cs.txt         Backdoor.IEbooot.brr / Rootkit.Otlard.A
goasi.cn/dll/abb.txt        Backdoor.Small.hwc
goasi.cn/update/licence.txt        Backdoor.Agent.pbt / Phdet.G / Finanz.J
goasi.cn/update/readme.txt        Srizbi / Rootkit.Qandr.ji
goasi.cn/update/toolbar.txt       Zhelatin.agg
goasi.cn/met/ge.txt         <---- Already in database, but needs description modified, Joleee.nh / Tedroo
goasi.cn/ex/a.php       Trojan-Downloader.Injecter.cqd
goasi.cn/dok/doc.txt        IEbooot.iz / Rlsloup
www.upononjob.cn/in.cgi?0032         <<---- Already in the database but IP needs modifying, 211.95.79.6
ns2.terns.org        NameServer for malware sites
Title: Re: A little mix
Post by: JohnC on May 05, 2009, 12:20:53 am
onlinetube.info/tds/go.php?sid=1      Fakealert / FraudLoad    <------- Already listed (as zlob) but needs the IP modifying 82.146.50.202
mp3diary.com/tds/go.php?sid=1      Fakealert / FraudLoad
xxxtube.freehostia.com/video.html      Fakealert / FraudLoad
truepornupload.com/codec/140.exe      Fakealert / FraudLoad
lovemp3world.cn/get/0/Madonna_-_Bedtime_Stories_(Thomas_Penton).mp3.exe      Trojan-Dropper.Agent.agit
lovemp3world.cn/go/0/Madonna/Bedtime+Stories+%28Thomas+Penton%29      Trojan-Dropper.Agent.agit
lovemp3world.cn/album.php?aid=79      Trojan-Dropper.Agent.agit
lovemp3world.cn/search.php?q=madonna      Trojan-Dropper.Agent.agit
whitetrack.net/zepaniah/1487340203/1/player.php?m=bW92MS53bXY=&id=3543        DNSChanger
winpcdown9.com/pcdef.exe       FakeRean / FakeAlert
porntubenew.com/getCodec.php       DNSChanger
xxxvideopussy.com/images/autoplay.php       DNSChanger
shotdro.com/download/3776694945673d3d03635c6c/play-video.exe       Trojan-Dropper.Win32.NSIS.bt
shotdro.com/download/3776694945673d3d03635c6c/play-video.dmg       Mac DNSChanger
tubeporn09.com       DNSChanger
flashgamezonline.net/video.php       DNSChanger
hdvideocenter.org/continue.php       DNSChanger
all-softfree.com/1/path.txt       DNSChanger
all-softfree.com/1/pathexe.php?id=3180&name=codec       DNSChanger
individualpeople.biz/go.php?sid=1       Exploits
tds.smallsexvids.info/go.php?sid=1       Phdet / Koobface
mxviewworldmy1.com/view/1/1193/0       Phdet / Koobface
Title: Re: A little mix
Post by: JohnC on May 05, 2009, 09:17:07 pm
webfreescan.cn/id/4912933/3/1/        Rogue
wn20090504.com/achcheck.php        Malware calls home
aksajans.com/1/6244.exe       Trojan-Dropper.BHO.bh
aksajans.com/1/nfr.exe        Phdet / Koobface
aksajans.com/1/pp.06.exe         Koobface
google-forum.biz        Exploits
sd9-forum.biz        Exploits
xssipforum.biz        Exploits
files932435.net/b2b/load/         Unknown malware
dglcxlcfmk.net/progs/bexdde/ahurebocmi.php       Virut.n
cezqtessjo.com/progs/bexdde/ahurebocmi.php       Virut.n
freewareseach.com       FraudLoad.eh / Fakeinit / FakeAlert.YV
free-webscaners.com/disk/?code=229       FraudLoad.eh / Fakeinit / FakeAlert.YV
trucount3000.com/cgi-bin/install.pl?adv=229       FraudLoad.eh / Fakeinit / FakeAlert.YV



Inactive/Remove
files250362.net/b2b/
dablyt.cn/update/fix.txt
dablyt.cn/update/licence.txt
dablyt.cn/update/readme.txt
dablyt.cn/update/toolbar.txt
Title: Re: A little mix
Post by: JohnC on May 05, 2009, 10:17:17 pm
Inactive/Remove
gradesitesled.sitesled.com/cmd1.txt
system-tuner.com
202.72.194.21/card.exe
freewebs.com/robospy/keylogger/PKLOGG.exe


New
systemsecurityline.com/download.php        Trojan-Downloader.Agent.blct / Rogue
systemsecurityline.com/downloadsetup.php        Trojan-Downloader.Agent.blct / Rogue
extrantivirus.com/setup/install.exe          FakeAlert.BW / Rogue
gdq4hevif.com/j.js           Mebroot
31c0ffd0.org/a/null           Mebroot
javascript-analytics.com/j.php          Mebroot


Modify
javacsript.biz/in/in.cgi?2         New IP 213.163.91.244
Title: Re: A little mix
Post by: MysteryFCM on May 05, 2009, 10:26:07 pm
files932435.net/b2b/load/         Unknown malware

http://www.threatexpert.com/report.aspx?md5=6c527bbb73438d33487a6425d740b06b

No hits for it at Jotti though, and VT is down atm.
Title: Re: A little mix
Post by: RS-232 on May 06, 2009, 12:27:37 am
iky2hevif.com as well (on same ip - 67.18.208.28)

hxxp://www.ghcaxmesp.com/j.php
hxxp://www.jhddxqebf.com/j.php
hxxp://www.rhclxqarm.com/j.php
hxxp://www.xhirxtarm.com/j.php
hxxp://www.yhhsx6anj.com/j.php

Edit: Seems that both robtex+bfk.de are not fully updated with newer records currently,arghh...
ie.for example,at the moment,i don't get any useful results over there for ghcaxmesp.com
Anyway - all domains in that ip over there redirect over to mebroot...
Alternatively,until services above are fully updated,the quick-dirty-and-unreliable way...  ;)
http://www.google.com/search?hl=en&lr=&num=100&q=allintitle%3A++%22javascript-analytics%22&btnG=Search
Title: Re: A little mix
Post by: RS-232 on May 06, 2009, 04:37:26 am
Quote
hxxp://onlinescanxpp.com/land/eurl/1.php?code=
hxxp://antivirus-xppro-2009.com/cgi-bin/download.pl?code=00000001
http://www.virustotal.com/analisis/b48e04e62fbabf49a3ceef96f4cd949c
Title: Re: A little mix
Post by: JohnC on May 06, 2009, 07:29:40 pm
wantfinest.com/tds/in.cgi?default&seoref=        FraudLoad.ehs / Rogue
porntube4u.com/?uid=60b12dd602ca88e931e562f4b3ea3d0c         FraudLoad.ehs / Rogue
porntube4u.com/install.php?uid=60b12dd602ca88e931e562f4b3ea3d0c        FraudLoad.ehs / Rogue
sameshitasiteverwas.com/traf/tds/in.cgi?2       Trojan-Dropper.Agent.anpy
85.17.138.60/update/media_codec_setup.exe       Trojan-Dropper.Agent.anpy
94.75.234.35/html/b874550815x19         Malware calls home
94.75.234.35/data/u583x625302070         Malware calls home
nolagtime.com/conn/?JKV_1RWbUUdIfRUWUaITfdIfbREdYEYdfTTRI-6XBB_1WQR-6GF5_1AU-6LC6_1Y-gW-gEUQQ-gE-tsDF6K5D_rpX51_rR-t-66FC_1Q_fQ_fQ_fQ_fQ_fQ_fQ_fQ-62BG_1Q-672V_1YOR-6N8J_1Q-6252_1WQRR-69LV_1-65GZ_1W-6        Malware calls home
nolagtime.com/gwc.txt       Malware calls home
Title: Re: A little mix
Post by: JohnC on May 07, 2009, 09:39:22 pm
New
freescreensaversx.com        Directs to sites with Zango / MyWebSearch.fh
ak.exe.imgfarm.com/images/nocache/funwebproducts/2.3.50.45/PopularScreensaversSetup2.3.50.45.ZRman000.exe        MyWebSearch.fh
young-e.net/_count/check_ip.php?ip=       Exploits
ciancia.org/help/z/static.php       Exploits
trustedwebsecurity.com/page.php?id=85         FraudTool.SystemSecurity.ic
trustedwebsecurity.com/index.php?affid=08085         FraudTool.SystemSecurity.ic
trustedwebsecurity.com/download.php?affid=08085         FraudTool.SystemSecurity.ic
pixtube.net/play/        Zlob
luglios.net/in.php?ref=live        Rogue
comitta.cn        Exploits
cutheatergroup.cn/fl/index.php       Exploits
cutheatergroup.cn/fl/load.php?id=0     Trojan-Dropper.Wlord.sv / Bredolab
file-system.biz       Exploits
turokgame.cn/bm/controller.php?action=bot&entity_list=&uid=1&first=1&guid=1824245000&rnd=981633         Malware calls home
turokgame.cn/bm/controller.php?action=report&guid=0&rnd=981633&uid=1&entity=1239400597:unique_start;1241428497:unique_start        Malware calls home
megobir.info        Exploits
asspardon.com          Exploits
porn-tube-movies.com/promo2/?aid=1451&vname=wmcodec        FraudTool.PrivacyCenter.t
porn-tube-movies.com/promo2/2.php?aid=1451&vname=wmcodec       FraudTool.PrivacyCenter.t
porn-tube-movies.com/promo2/get.php?aid=1451&vname=wmcodec       FraudTool.PrivacyCenter.t
hotbdsmsex.com       Zlob
fullsecurityaction.com        Rogue



Modify
useitall.info/in.cgi?3&ur=1&se=search&parameter=Polliciy22.info&HTTP_REFERER=gremmioti.cn         80.87.199.13/in.cgi?3&ur=1&se=search&parameter=Polliciy22.info&HTTP_REFERER=gremmioti.cn
useitall.info/in.cgi?2&meter=Polliciy22.info&se=search&ur=1&HTTP_REFERER=gremmioti.cn        80.87.199.13/in.cgi?2&meter=Polliciy22.info&se=search&ur=1&HTTP_REFERER=gremmioti.cn
nutsmpegs.com/free-porn/show_young.php?video=        Description FraudTool.PrivacyCenter.t
nutsmpegs.com/free-porn/young_girl_getting_fucked_by_big_cock.wmv.exe        Description FraudTool.PrivacyCenter.t
great2008x.com/great/index.php        IP 67.212.80.125
thefreecompany.net/red/in.cgi?default        IP 67.212.80.125



Inactive/Remove
206.51.233.130/iexplore.exe
208.66.194.180/40e8001430303030303030303030303030303030303031306c0000003c66000000007600000002
208.66.194.180/40e8001430303030303030303030303030303030303031306c0000004d66000000007600000002
208.66.194.232/40E8000842CFEBBCE21EFAC86C0000006866000000007600000147EB0005306A70777F
208.66.194.232/40E800085879928BAC9B53916C0000015766000000007600000146EB000530501C79C
208.66.194.232/40E8001430303030303030303030303030303030303031306C0000018366000000007600000642EB000530C8D5DCE4
208.66.194.234/s_18_3232235904?m=3&a=1&hdd=3030&gen=0&os=940000
208.66.194.234/s_88_3232235910?m=3&a=1&hdd=3030&fs=1&gen=0&os=940000
208.66.194.241/s_18_3232235904?m=3&a=1&hdd=3030&gen=0&os=940000
208.66.194.241/s_46_0?m=3&a=1&r=1&hdd=202&os=940
208.66.194.241/s_88_3232235910?m=3&a=1&hdd=3030&fs=1&gen=0&os=940000
208.66.195.15/40E800142020202057202D444D574D414C393644383133376C0000003266000000017600000064EB00053013181A1
208.66.195.15/40E8001430303030303030303030303030303030303031306C0000002A66000000007600000644EB0005306490A5B9
208.66.195.15/40E8001430303030303030303030303030303030303031306C0000002A66000000007600000644EB000530B0CFE3F7
208.66.195.15/40E8001430303030303030303030303030303030303031306C0000002A66000000007600000644EB000530E1FF132
208.66.195.15/40e8001430303030303030303030303030303030303031306c0000003c66000000007600000002
208.66.195.15/40e8001430303030303030303030303030303030303031306c0000004d66000000007600000002
208.66.195.15/40e8001430303030303030303030303030303030303031306c0000006866000000007600000002
83.19.144.26/id.txt
debime.net/in.cgi?4&parameter=yung+porn+videos
194.54.90.246/kkq2.gif
fddporn.net/6007_1.exe
Title: Re: A little mix
Post by: JohnC on May 08, 2009, 03:38:43 pm
tube-library.com       Trojan-Downloader.Small.jro
video.xmancer.org/go.php?sid=1&name=1       Trojan-Downloader.Small.jro
my-tube-zone.com/xplays.php?id=40014&name=1       Trojan-Downloader.Small.jro
cls-softwares.com/softwarefortubeview.40014.exe        Trojan-Downloader.Small.jro
cls-softwares.com/file.exe
livestockfeed.cn/mov/r/index.html        Koobface
greatscansecurity.com/page.php?id=30        Rogue
greatscansecurity.com/index.php?affid=08030        Rogue
94.178.79.30/pid=1000/?ch=&ea=         Koobface
74.160.196.69/pid=8047/type=videxp/setup.exe        Koobface
redir2404.com/the/?pid=8047&type=videxp        Koobface


Modify
jii.be/fds/in.cgi?20         New IP 78.159.112.200
jii.be/s116/in.cgi?16       New URL and IP jii.be/s116/in.cgi?9&group=g14922639        78.159.112.200
Title: Re: A little mix
Post by: JohnC on May 08, 2009, 11:50:04 pm
wvg0.cn         Exploits
iwdown.com        Exploits
mmwwrrqq.3322.org/a/a7.htm        Exploits
mmwwrrqq.3322.org/a/cnzz.htm        Exploits
mmwwrrqq.3322.org/a/yy.htm        Exploits
mmwwrrqq.3322.org/a/14.js        Exploits
mmwwrrqq.3322.org/a/flash.htm        Exploits
mmwwrrqq.3322.org/a/qb.htm        Exploits
mmwwrrqq.3322.org/a/qb.js        Exploits
mmwwrrqq.3322.org/a/ippp.htm        Exploits
mmwwrrqq.3322.org/a/ip.htm        Exploits
mmwwrrqq.3322.org/a/02.htm        Exploits
mmwwrrqq.3322.org/a/set.js        Exploits
mmwwrrqq.3322.org/a/lz.htm        Exploits
mmwwrrqq.3322.org/a/lz.js        Exploits
mmwwrrqq.3322.org/a/office.htm        Exploits
mmwwrrqq.3322.org/a/office.js        Exploits
mmwwrrqq.3322.org/a/xl.htm        Exploits
mmwwrrqq.3322.org/a/xl.js        Exploits
mmwwrrqq.3322.org/a/real.htm        Exploits
mmwwrrqq.3322.org/a/real.js        Exploits
mmwwrrqq.3322.org/a/real.html        Exploits
mmwwrrqq.3322.org/a/re11.js        Exploits
mmwwrrqq.3322.org/a/bf.htm
        Exploits
mmwwrrqq.3322.org/a/bf.js        Exploits
mmwwrrqq.3322.org/a/iggg.html        Exploits
mmwwrrqq.3322.org/a/i16.swf        Exploits
mmwwrrqq.3322.org/a/i28.swf        Exploits
mmwwrrqq.3322.org/a/i45.swf        Exploits
mmwwrrqq.3322.org/a/i47.swf        Exploits
mmwwrrqq.3322.org/a/i64.swf        Exploits
mmwwrrqq.3322.org/a/i115.swf        Exploits
mmwwrrqq.3322.org/a/fgg.html        Exploits
mmwwrrqq.3322.org/a/f16.swf        Exploits
mmwwrrqq.3322.org/a/f28.swf        Exploits
mmwwrrqq.3322.org/a/f45.swf        Exploits
mmwwrrqq.3322.org/a/f47.swf        Exploits
mmwwrrqq.3322.org/a/f64.swf        Exploits
mmwwrrqq.3322.org/a/f115.swf        Exploits
wm5588.com/love/windoss.css         Trojan-Downloader.Geral.kq / Trojan.Killav.PN
a22.7766.org/hf/x/y.js        Exploits
a22.7766.org/hf/x/ie.htm        Exploits
a22.7766.org/hf/x/ieee.htm        Exploits
a22.7766.org/hf/x/ireal.htm        Exploits
k70.9966.org/hf/x/pp.exe         Backdoor.Hupigon.gtww / Trojan-GameThief.WOW
tourdo.net/download/5876596c6e513d3d4236703120090505/flash.exe        Trojan.Alureon
trffc2.info/stds/go.php?sid=1       Rogue
j-set.cn/stech/go.php?sid=1        Trojan.Alureon




Modify
goodsite.in/good/in.cgi?18       New URL, IP, Description      goodsite.in/good/in.cgi?7      212.98.162.59       Rogue
Title: Re: A little mix
Post by: JohnC on May 09, 2009, 01:36:30 am
Inactive/Remove

www.hairbyerin.net/TotalCalendar_2.4/alba.txt
141.84.238.34/.../cmd
cgd-k25.org/forum/includes/error/id.txt
xx.getenjoyment.net/id.txt
asyacan.info/tool20.dat
rusrezina.ru/img/test.txt
eurotandem2008.free.fr/id.txt
home.kookmin.ac.kr/~law/board/id.txt
lba.cptec.inpe.br/images/mercury/id.txt
neobit.simset.net/cache/cache_94afbfb2f291e0bf253fcf222e9d238e_d44d7fb098dd72c08c79c2dd4df809x0
216.120.252.101/~newdayn/pix/id1.txt
gujewear.com/bemarket/goods/qmono/Q-MoNoR57.txt
gujewear.com/bemarket/goods/qmono/Q-MoNoR6.txt
indicce.com/admin/r57.txt
kukekaw.fileave.com/id.txt
niceplace.biz/media/id.txt
niceplace.biz/mambots/id.txt
los-chamos.com/arab.txt
imperialfutar.hu/on.txt
h1.ripway.com/atsoe/bot/safe.txt
lankawe.com/ioncube/readme.txt
los-chamos.com/Fungky/id2.txt
parkliv.nu/mambots/%20%20%20/id.txt
trosken.com/test.txt
guardmusic.com/echo.txt
wechselgroup.com/cache/test.txt
www.anje.pt/www
61.100.228.37/img/02.jpg
www.haiagaros.info/hugs.txt




New

terihatchernecklace.aboutauts.info         Exploits
greatds.su/in.cgi?2        Exploits
megasearch.coolwebsearch.us/search.php        Exploits
i1match361.biz/html/2440/f8ae8aedaf494548b681dedb37dd3d5f/        Exploits
asusdisp.org/page/2440/f8ae8aedaf494548b681dedb37dd3d5f/05090020496166425/        Exploits
asusdisp.org/file/2440/f8ae8aedaf494548b681dedb37dd3d5f/05090020496166425/0.gif        Rootkit.Podnuha.byf
pornovideosxxx-01.com/images/pvideo.html        Zlob
pornovideosxxx-01.com/rs/go.php?sid=1        Zlob
xxxwomenfucksuck.com/images/videos.html       Zlob
gogoalscan.com         Rogue
fanscan4.com        Rogue
goscanfix.com        Rogue
goworkscan.com        Rogue
goscanmeta.com        Rogue
scan4atom.info        Rogue
daset.darktech.org        Rogue
goscanmeta.com/?uid=12404        Rogue
Title: Re: A little mix
Post by: JohnC on May 10, 2009, 03:27:39 am
total-virusprotection.com/xpprot/2/?a=ks157&s=2         Rogue
total-virusprotection.com/secure/661f3fc130277a5847bcb0102ff6122f/4a060e75/setupfiles/totalvirusprotections.exe        Rogue
teamerblog.com/blog/       Exploits
teamerblog.com/wiki/Ms06014.htm       Exploits
teamerblog.com/wiki/MS06042.htm       Exploits
teamerblog.com/wiki/MS07004.htm       Exploits
teamerblog.com/wiki/office.htm       Exploits
jetclickvip.com/in.cgi?2        WinTrim / NaviPromo
reliable007.com/take.php?id=3&r=1211&s=1365        WinTrim / NaviPromo
reliable007.com/take.php?id=4&r=1202        WinTrim / NaviPromo
reliable007.com/movie2.php?r=1202&s=        WinTrim / NaviPromo
reliable007.com/movies.php?r=1211&s=1365        WinTrim / NaviPromo
reliable007.com/view.php?r=1211&s=1365        WinTrim / NaviPromo
download.live-player.com/Live-Player_setup.php?grpid=2566&tag_id=718&nums=FGFBbtPAOb&popt1=1211&popt2=1365&popt3=3        WinTrim / NaviPromo
stolnik.net/888/_ts/?s=ka&sid=euGB1&q=spyware+remover&affid=15555&ref=klikcentral.com&fullref=http%3A%2F%2Fklikcentral.com       Trojan.Dropper.NaviPromo.qke
velinta.net/redirpost/?qq=Spyware+Remover&url=&source=ka&sid=euGB1&affid=15555       Trojan.Dropper.NaviPromo.qke
zeis.org.ua/eu/GB/k1/       Trojan.Dropper.NaviPromo.qke
216.12.161.18/download/download.php?camp=22769&f=Spyware%20Remover       Trojan.Dropper.NaviPromo.qke
kernelseo.com/in.cgi?5&parameter=spyware+remover&se=15555         NaviPromo
videotoolsfree.com/installation/update/        NaviPromo
seventhdayslubmer.com/WebMediaPlayerInstallation/        NaviPromo
cavle-online.com/play.exe       Backdoor.PcClient.aldh
rusuchki.com/go/freevideo2/       FraudPack.mmw / FakeAlert
xvirusdescan.com/index.php?affid=08041       FraudPack.mmw / FakeAlert
xvirusdescan.com/download.php?affid=08041       FraudPack.mmw / FakeAlert
uniqfind.net/?q=xxx      Results direct to malware
aeroads.net/?sub=6&id=15555&q=xxx        FraudPack.mmw / FakeAlert
klikcentral.com/search.php         Results direct to Malware
huangsidai.net/jyly/index.asp         Exploits
s51.cnzz-c.cn/stat.js?id=872651&web_id=872651       Exploits
wr.jrt46.cn/1/19/index.htm?20       Exploits
wr.jrt46.cn/1/19/index2.htm       Exploits
wr.jrt46.cn/1/19/ccqm.htm       Exploits
wr.jrt46.cn/1/19/js.css       Exploits
wr.jrt46.cn/1/19/hk14.htm       Exploits
wr.jrt46.cn/1/19/14.css       Exploits
wr.jrt46.cn/1/19/15.css       Exploits
wr.jrt46.cn/1/19/16.css       Exploits
wr.jrt46.cn/1/19/hkfl.htm       Exploits
wr.jrt46.cn/1/19/cc11.htm       Exploits
wr.jrt46.cn/1/19/cc22.htm       Exploits
wr.jrt46.cn/1/19/hkvod.htm       Exploits
wr.jrt46.cn/1/19/ccvod.css       Exploits
wr.jrt46.cn/1/19/b.css       Exploits
wr.jrt46.cn/1/19/d.css       Exploits
wr.jrt46.cn/1/19/hkbb.htm       Exploits
wr.jrt46.cn/1/19/bff1.css       Exploits
wr.jrt46.cn/1/19/bff.css       Exploits
wr.jrt46.cn/1/19/hkzzx.htm       Exploits
wr.jrt46.cn/1/19/091.css       Exploits
wr.jrt46.cn/1/19/092.css       Exploits
wr.jrt46.cn/1/19/hkff.htm       Exploits
wr.jrt46.cn/1/19/ff.css       Exploits
wr.jrt46.cn/1/19/hk122121.htm       Exploits
wr.jrt46.cn/1/19/Turl.css       Exploits
wr.jrt46.cn/1/19/real.css       Exploits
wr.jrt46.cn/1/19/real1.css       Exploits
wr.jrt46.cn/1/19/ci115.swf       Exploits
wr.jrt46.cn/1/19/ci47.swf       Exploits
wr.jrt46.cn/1/19/ci45.swf       Exploits
wr.jrt46.cn/1/19/ci64.swf       Exploits
wr.jrt46.cn/1/19/ci28.swf       Exploits
wr.jrt46.cn/1/19/cf115.swf       Exploits
wr.jrt46.cn/1/19/cf47.swf       Exploits
wr.jrt46.cn/1/19/cf45.swf       Exploits
wr.jrt46.cn/1/19/cf64.swf       Exploits
wr.jrt46.cn/1/19/cf28.swf       Exploits
100xx.com.cn/tj.htm       Exploits
shaduzhe.com/head.htm       Exploits
aqbo.cn/top.htm       Exploits
bizme.com.cn       Exploits
3b3.org/c.js       Exploits
59ukjff.9966.org/a/a100.htm       Exploits
59ukjff.9966.org/a/cnzz.htm       Exploits
59ukjff.9966.org/a/yy.htm       Exploits
59ukjff.9966.org/a/14.js       Exploits
59ukjff.9966.org/a/flash.htm       Exploits
59ukjff.9966.org/a/iggg.html       Exploits
59ukjff.9966.org/a/fgg.html       Exploits
59ukjff.9966.org/a/qb.htm       Exploits
59ukjff.9966.org/a/ippp.htm       Exploits
59ukjff.9966.org/a/ip.htm       Exploits
59ukjff.9966.org/a/02.htm       Exploits
59ukjff.9966.org/a/lz.htm       Exploits
59ukjff.9966.org/a/office.htm       Exploits
wr437jt.3322.org/a/a100.htm       Exploits
electric.cn/cp_view.asp?id=16842       Exploits
hjtshop.com       Exploits
wr.jkt57.cn/1/04/index.htm?05       Exploits
f1.hf3y5.com/1/aivticx.exe        AntiAV
www.gxxwgc.com.cn       Exploits
wr.kug78.cn/1/20/index.htm       Exploits
a1.igr5s.com/1/avticnx.exe        AntiAV
gdcb-h.com/xx.asp?id=2565       Exploits
w3og.cn/s.js       Exploits
h1.dgfg4.com/19/AeX.exe       Trojan.AntiAV
h1.dgfg4.com/a/AivtieX.exe        Trojan.AntiAV
www.adobeus.com/go/getflashplayer/flashplayer.exe        Trojan-GameThief.WOW.iif
gm.adsl8899.cn/nl1.exe        Trojan.Downloader
jx.kkwyx.com/sie/udw.rar      AdWare.BHO
kcs.cn/web6/images/down.txt        Malware calls home
kcs.cn/web6/images/dl_205423.exe        Koutodoor
kcs.cn/web6/images/nl1.exe          OnLineGames.NZF / Trojan-GameThief.WOW.msp
kcs.cn/web6/images/serverB.exe         BackDoor.VB.gtw
www.ppggg.com.cn/www.exe          AutoRun
219.139.81.6/news/image.jpg         Backdoor.Koutodoor
www.xzwrn.cn/nba/image.jpg        Backdoor.Koutodoor
chj771277.3322.org/qq.txt?14        Malware calls home
alan.p9555.cn/images/web/2/ie7_new.html         Exploits
baidusib.cn/06/ytxxz.htm         Exploits
baidusib.cn/06/091.js         Exploits
baidusib.cn/06/092.js         Exploits
pornotubxxx.com/updater.php?id=1222&rep=1        WinTrim / NaviPromo
celeb.pornotubxxx.com/view.php?video=9196&r=1198&s=        WinTrim / NaviPromo
google-anlacc.cn/pagead/show_ads.js         Exploits
ljstengfei.h45.f5w.net/cstj/cstj.htm         Exploits
qy.fn6k.cn/1/19/index.htm?07         Exploits
onewedhost.com/qdring1/themes/902.htm         Exploits
product4.cn/tcoun/ss.htm         Exploits
vkjfijfpowpo.3322.org/fsdfsdfw/news.htm         Exploits
vkjfijfpowpo.3322.org/fsdfsdfw/js.css         Exploits
166pp.com/w/ss.htm         Exploits




Modify
lineacount.info/cgi-bin/search?id=169205&k=ar15+stock&ref=undefined        <<--- Domain already in the database but needs new IP 91.207.61.48, and this is a new URL


Inactive/Remove
al-horno.com.ar/blog/wrwrwrwr.txt
Title: Re: A little mix
Post by: JohnC on May 10, 2009, 05:00:07 pm
injek.by.ru/download/source/klr-id.txt       RFI
antivirusbestscannerv1.com         78.47.91.153        Rogue
antivirusbestscannerv1.com         69.4.230.204        Rogue
antivirusbestscannerv1.com         212.117.165.126        Rogue
antivirusbestscannerv1.com         38.99.170.210        Rogue
antivirusbestscannerv1.com         78.47.132.216        Rogue
antivirusbestscannerv1.com         94.102.48.28        Rogue
usa-antispy.com        Rogue
antiviruslivescanv3.com        38.99.170.9        Rogue
antiviruslivescanv3.com        212.117.165.126        Rogue
antiviruslivescanv3.com        78.47.91.153        Rogue
adware-removal-tool.com        Rogue
antivirusquickscanv1.com         69.4.230.204
antivirusquickscanv1.com         212.117.165.126
antivirusquickscanv1.com         38.99.170.210
antivirusquickscanv1.com         83.133.123.140
antivirusquickscanv1.com         94.102.48.28
antivirusquickscanv1.com         78.47.91.153
2qnews.07x.net/images/menu.js        Rogue
sexerotika2009.ru/admin/red/en.php        Rogue
liveavantbrowser2.cn/go.php?id=2022&key=4c69e59ac&p=1        Rogue
safeinternettoolv1.com/1/?id=2022&smersh=7b2559944&back=%3DDQ1zTT5MYQNMI%3DO        212.117.165.126        Rogue
safeinternettoolv1.com/1/?id=2022&smersh=7b2559944&back=%3DDQ1zTT5MYQNMI%3DO        38.99.170.9        Rogue
safeinternettoolv1.com/1/?id=2022&smersh=7b2559944&back=%3DDQ1zTT5MYQNMI%3DO        69.4.230.204        Rogue
safeinternettoolv1.com/1/?id=2022&smersh=7b2559944&back=%3DDQ1zTT5MYQNMI%3DO        78.47.91.153        Rogue
ns1.s-hosting.biz         NameServer for Rogue sites
ns2.s-hosting.biz         NameServer for Rogue sites
softsupportmail.com        Rogue
pcantimalware.com/download.php        Rogue
www.accaddeoggi.it         Exploits
91.207.61.32/.r/.fi/index.php        Exploits
91.207.61.32/.r/.fi/load.php        Trojan-Spy.Zbot
www.medicidigruppo.it        Exploits
guardav.com/index.html        Rogue
coreguard2009.com        Rogue
guardlab2009.net/index.html        Rogue
coreguardlab2009.net        Rogue
errorstool.com/downloads/setup.exe         Rogue
fixupdates.com        Rogue
evidenceeraser.com        Rogue
errorsweeper.com        Rogue
adultelitiest.ru        Exploits
paytraff.biz/ts/in.cgi?prokop        Exploits
wuhwasum.cn/s/in.cgi?9        Exploits
cakpapaz.cn/nuc/index.php        Exploits
sex.xxx19.org/285/name.jar       Trojan-SMS.J2ME.Boxer.c
sextraf.cn       Trojan-SMS.J2ME.Boxer.c
8i0c.cn/14.htm       Exploits
nvi3.cn/ss.exe       Trojan-GameThief.Magania.bavl
deabak.com/z.js       Exploits
xin89221.com/love/windoss.css        Trojan-Downloader.Geral.kq
best-av-scanner.com         Rogue
av-antivir-check.com         Rogue
online-av-scan2008.net         Rogue
litecarfinestsite.cn        Exploits
Title: Re: A little mix
Post by: JohnC on May 11, 2009, 12:56:37 am
Inactive/Remove
secret-admirer.info/scan/id.txt
replicanew.com/more/kid.txt
bluewaterrunning.com/setan.txt
ds5vxk.com/board/id.txt
121.254.140.55/~shinapt/upload/File_Dir/safe
hanbol.es.kr/indo.txt
125.250.78.194/rgboard/manual/.../sistem.txt
cia.uabc.mx/images/raid.txt
163.27.96.5/~s92106/id.txt
septimamaipu.cl/septima/mambots/idar.txt
hydrocomp.com/phpmyfaq/attachments/id
computraining.nl/img/tool20.dat
freenet.am/~h4ck1nf0/sistem.gif
emmaperquin.nl/components/com_akobook/safeon.txt
posmac.nl/templates/sistem.gif
memex.c3.hu/~tata/limesurvey/tmp/alb
luoghidellacultura.it/www/components/com_joomla-visites/cmd.txt
naparstki.pl/mediagallery/maint/README
emuleapocalypse.nuxit.net/site/skins/advanced/id.txt
fo-saverne.com/images/temp/install.txt
fo-saverne.com/images/temp/readme.txt
dpsg-waldsee.de/dpsg/idv6.txt
elettrostudio.ch/fr/id.txt
elettrostudio.ch/fr/ids.txt
poko.pokol.hu/id5.txt
poko.club.hu/id1.txt
www.lammer.xpg.com.br/enviar3.php
www.webshell.xpg.com.br/TT
www.alb3rt0.xpg.com.br/hospedagem.txt
paginas.terra.com.br/lazer/xfatalityx/id3.txt
paginas.terra.com.br/lazer/fatalzinh0/id3.txt
cepeduc.com/cepa/images/M.images/idscan3
buenosairesidiomas.com/centro/idv6.txt
buenosairesidiomas.com/centro/xuxuon.txt
cinepopbrasil.com.br/sistem.txt
xvascainox7.sites.uol.com.br/v6.txt
brguild.t5.com.br/forum/id2.txt
hyoga.kit.net/idv6.txt
h4x0rs.kit.net/cmd.php
h4x0rs.kit.net/r57.php




New
webfo.biz/fxid1.txt
Title: Re: A little mix
Post by: JohnC on May 11, 2009, 10:33:56 pm
New
sexbases.cn/in.cgi?16&b84b77        Exploits
sexbases.cn/com.html        Exploits
firstgate.ru/33/link.php        Exploits
firstgate.ru/33/load.php?id=0        Trojan-Downloader.Murlo.awx / Branvine.A
lsiu.info/evo/count.php?o=10        Exploits
lsiu.info/evo/getexe.exe?o=10&t=1242070079&i=1365814122&e=1        Trojan.Win32.Agent.cfwe / Wigon / Pushdo
8addition.info        Exploits
fayst.com        Exploits
systemsecuritytool.com/downloadsetup.php        Trojan-Downloader.Agent.bqbu / Trojan-Downloader.Agent.blct
videoporntrue.com/tube/?id=157&title=Girls+Fucked       FakeRean / FakeAlert
videoporntrue.com/codec/157.exe       FakeRean / FakeAlert
freetubemov.com       FraudTool.PrivacyCenter.w
tubemoviez.com       FraudTool.PrivacyCenter.w
yourporn-xmovies.com/promo4/?aid=851       FraudTool.PrivacyCenter.w
yourporn-xmovies.com/promo4/get.php?aid=851&vname=flash_player_plugin       FraudTool.PrivacyCenter.w
pornitube.net/new/index.htm          Rogue
firesearch.sc/search.php?keyword=xxx        Results direct to malware
ngjxcs7b5.votrecv.com          Rogue
namazdu6.biz/str/in.cgi?default&parameter=glavmed          Rogue
totalvirusshield.com/page.php?id=44          Rogue
antivirus-xppro-2009.com         Rogue
antivirusxppro-2009.com         Rogue
websecuritybureau.com/hitin.php?land=30&affid=02086         Rogue
coqhecup.cn/pa.html        Exploits
hotxasib.cn/su/in.cgi?18        Exploits
profi-tooltip.biz/pro/page.html        Exploits
advanced-uninstaller.com         Rogue




Modify
www.hqualityporn.com/ethnic/     New IP 85.17.103.104   (Also, doesn't need www.)
www.hqualityporn.com/in.js       New IP 85.17.103.104   (Also, doesn't need www.)
adultvidsportal.info/go.php?ref=        (currently marked inactive, needs marking active), new IP  85.17.103.104
sutra2s.info           Domain already exists in database, IP needs modifying 75.102.24.14




Inactive/Remove
85.17.92.42/cgi-bin/index.cgi?user4
85.17.92.42/cgi-bin/index.cgi?user7
osteklen.org
Title: Re: A little mix
Post by: JohnC on May 11, 2009, 11:19:43 pm
Inactive/Remove
logistics.vec.go.th/r57.txt
gsis.bogo.net/bbs/tes.txt
www.haiagaros.info/x/id.txt
internetwonderful.com/r57.txt
freewebs.com/scanspread/include.c
bjork.name.md/id.txt
lechess.com/a.php
geocities.com/tandry87/test/id.txt
jeffery.wewokawoods.org/components/wing.jpg
lernservicecenter.de/lsc/administrator/components/com_rss/ini/id.txt
tp.klokan.sk/help/css/hello.txt
aranytoll.csillagszemek.hu/test.gif
naturopathic.org/images/bulletins/mic22.txt
topgas.co.uk/forum/succes
art-chrome.no-ip.org:16080/administrator/templates/%20%20%20/3.txt
geocities.com/siskagita/test.txt
lexikus.com/t/r1.txt
lexikus.com/t/stnc.php
yavuzselimlisesi.com/components/com_kanbankasi/language/id.txt
tnwnepal.org/id.txt
foolishmovies.helloweb.eu/fastidio_id.txt
perevorot.org/cache/tits.txt
free-news.nl/joomla/components/com_messages/id.txt
lun4.serveirc.com/bigdoz1.txt
xat.co.kr/xatboard/data/pds/id.txt
201.70.9.109/www
Title: Re: A little mix
Post by: JohnC on May 12, 2009, 09:51:58 pm
New
foto4foto.com/gallery/        Exploits
total-virusprotection.com/xpprot/2/?a=ks125&s=        Rogue
total-malwareprotection.com        Rogue
directdownloadcenter.net/search.php?q=xxx          Results direct to malware
bestspices.biz/search.php?aff=&saff=&q=screw+my+wife+please         Results direct to malware
searchpoint3.com/search.php?q=porn%20free         Results direct to malware
cvghrte3ergre.com/search.php?q=pussy         Results direct to malware
66.36.241.191/_getf_/screw%20my%20wife%20please.html?id=31370        FakeAlert-CM / FakeRean
pornproductions09.net/codec/228.exe        FakeAlert-CM / FakeRean
xml.klikvip.com/js.php?pin=2963121788257090953394199662910&num=3&saff=0&q=g-spot+vibrators&view=1&queue=3-1-2&ref=         Results direct to malware
ultimatecrack.biz/test/WebVideoX_live.exe         Trojan.Downloader.Loadadv.ACE
aaqkweoslz.com/progs/royyl/fcppddma.php?adv=adv413        Malware calls home
aaqkweoslz.com/progs/royyl/lvreefo.php         Virus.Virut.n
aaqkweoslz.com/progs/royyl/ggcqqdde.php         Trojan.Winwebsec / Ertfor.A
aaqkweoslz.com/progs/royyl/kqddj.php         Virus.Virut.n
aaqkweoslz.com/progs/royyl/wspcpq.php         Tobssod.A
aaqkweoslz.com/progs/royyl/clmvviwj.php         Virus.Virut.n
aaqkweoslz.com/progs/royyl/cyiivvvjjw.php         Virus.Virut.n
aaqkweoslz.com/progs/royyl/yhrrrrsfob         Trojan.Downloader.Loadadv.ACA / Harnig
aaqkweoslz.com/progs/royyl/dranobool.php?adv=adv413&code1=LNLD&code2=3115&id=1824245000&p=1         Malware calls home
aaqkweoslz.com/uniq.php?id=1824245000&p=1        Malware calls home
bazrvxedfe.net/aasuper0.php        Trojan-Downloader.Boltolog / Backdoor.Rustock.NFM
bazrvxedfe.net/aasuper1.php        Virus.Virut.ce
bazrvxedfe.net/aasuper2.php        Trojan-Downloader.FraudLoad.eiu / Wigon / Cutwail
bazrvxedfe.net/aasuper3.php        Net-Worm.Koobface
boscumix.com/optima/index.php?uid=483650&ver=2.03a       Malware calls home
boscumix.com/optima/control/bot.exe         Obfuscator.ER




Inactive/Remove
www.tramiche.org/l33tb1t.txt
www.ustaska.pl/editor/idid.txt
www.v8rx7forum.com/includes/paymentapi/log.txt
yallaweb.net/images/grey/tbl/DEVILS/help.txt
atventure.de/images/idid.txt
mamolar.com/~reloj/id.txt
myplaceol.org/photos/echo.txt
cardimg.info/test.txt
Title: Re: A little mix
Post by: CM_MWR on May 12, 2009, 11:30:54 pm
Code: [Select]
aaqkweoslz.com/progs/royyl/fcppddma.php?adv=adv413        Malware calls home
aaqkweoslz.com/progs/royyl/lvreefo.php         Virus.Virut.n
aaqkweoslz.com/progs/royyl/ggcqqdde.php         Trojan.Winwebsec / Ertfor.A
aaqkweoslz.com/progs/royyl/kqddj.php         Virus.Virut.n
aaqkweoslz.com/progs/royyl/wspcpq.php         Tobssod.A
aaqkweoslz.com/progs/royyl/clmvviwj.php         Virus.Virut.n
aaqkweoslz.com/progs/royyl/cyiivvvjjw.php         Virus.Virut.n
aaqkweoslz.com/progs/royyl/yhrrrrsfob         Trojan.Downloader.Loadadv.ACA / Harnig
aaqkweoslz.com/progs/royyl/dranobool.php?adv=adv413&code1=LNLD&code2=3115&id=1824245000&p=1         Malware calls home
aaqkweoslz.com/uniq.php?id=1824245000&p=1        Malware calls home
bazrvxedfe.net/aasuper0.php        Trojan-Downloader.Boltolog / Backdoor.Rustock.NFM
bazrvxedfe.net/aasuper1.php        Virus.Virut.ce
bazrvxedfe.net/aasuper2.php        Trojan-Downloader.FraudLoad.eiu / Wigon / Cutwail
bazrvxedfe.net/aasuper3.php        Net-Worm.Koobface
boscumix.com/optima/index.php?uid=483650&ver=2.03a       Malware calls home
boscumix.com/optima/control/bot.exe         Obfuscator.ER


You could make iframedollar gang thread out whats been in DB over past year or more.  :D
Title: Re: A little mix
Post by: JohnC on May 13, 2009, 12:38:38 am
Perhaps we should follow them even more closely :) I remember I used to list some of their nameservers aswell, I should probably do that again.

New
sgh-topprograms.com/softwarefortubeview.45013.exe        Trojan
yesey.net/play/video.php        Trojan
2todays.com/in.cgi?default        Trojan
freegirla.com/4831/h85224.html        Trojan
yourko.com/8644/n72651.html        Trojan
mekind.com/download/6b72504756673d3d397ccafd/MacTubePlayer.dmg       Jahlav.D
mac-videos.com/play/mac-video.php       Jahlav.D



Inactive
members.lycos.co.uk/zolahacker/id.txt
ncku.net/images/var.txt
quickshare.ru/upload/8374/tool25.html
russianinterpreter.ru/administrator/templates/joomla
shorttrackwarriors.com/backup/romid.txt
dragondyne.com/modules/cmd.txt
verinet.com.tr/id.txt
vririf.verificas01.pochta.ru/verifica.txt
wichtl.at/files/echo.txt
Title: Re: A little mix
Post by: JohnC on May 13, 2009, 12:23:20 pm
New
tm34.info/st/in.cgi?default        Rogue
hd.sbells.info/pcxp.php        Rogue
axmell.info/out.php?p=pcxp        Rogue
futureinternetsecurity.com/hitin.php?land=20&affid=09300        Rogue
quickscanpcv1.com       93.174.93.34        Rogue
quickscanpcv1.com       88.198.41.170        Rogue
savemypcnowv1.com       38.99.170.9        Rogue
savemypcnowv1.com       78.47.91.153        Rogue
savemypcnowv1.com       69.4.230.204        Rogue
Title: Re: A little mix
Post by: JohnC on May 15, 2009, 07:46:21 pm
New
rlamba.biz/in.cgi?5&d=33       Navipromo / Wintrim
1tubexxx.com       Navipromo / Wintrim
innovavids.com/take.php?id=3&r=1197       Navipromo / Wintrim
advanedmalwarescanner.com/go.php?id=2019&key=572c78987&p=1       Rogue
your-guide-online.com/page/fuck-slut       Rogue
get-mega-tube.com/teens/xindex.php?id=45024       Unknown
sextds.com/in.cgi?3&parameter=teen       Unknown
1k.pl/inlkir       Unknown
1k.pl/klnk.php?url=inlkir       Unknown
kor-programms.com/softwarefortubeview.40000.exe       Unknown


Modify
2009/05/13_00:00  85.17.136.137         (Domain is missing '-')
Title: Re: A little mix
Post by: JohnC on May 16, 2009, 10:10:03 pm
New
advanedpromalwarescanner.com Rogue
advanedmalwarescanner.com Rogue
search2007.info/sutra/in.cgi?28 Rogue
indoirc.go.ro/idscan.txt RFI
koal4.com/fx29id.txt RFI
nw.or.kr/bbs/icon/tukulid.txt RFI
208.98.22.241/id.txt RFI
lwamus.com/fx29id.txt RFI
lwamus.com/fx29id2.txt RFI
r-shooter.com/bbs/data/test.txt RFI
treffuns.de/img/icons/tabs/id.txt RFI
wizard.com.br/fx29id.txt RFI
wizard.com.br/fx29id2.txt RFI
www.bernardyni.ofm.pl/organy2/tmp/temp/id1.txt RFI
sherif-dudulz.ucoz.com/id1.txt RFI
sherif-dudulz.ucoz.com/id.txt RFI
sherif-dudulz.ucoz.com/id2.txt RFI
80.24.176.145/time/appserv/file.txt RFI
jeta.co.kr/bbs/component/.jpg/fx29id.txt RFI
rgbclub.net/bbs/icon/fx29id.txt RFI
theblythes.net/cal/mydb RFI
gsmch.org/club/chi.txt RFI
quetzal1.innsz.mx/components/com_joomlalib/standalone/fx29id.txt RFI
juarteakorea.co.kr/board/rgboard/include/w.txt RFI
elitewheels.ru/nopage Exploits
qwehost.com/count.php?o=2 Exploits
sc0field.info Exploits
sc0field.info/Icepack/index.php Exploits
sc0field.info/Icepack/exe.php Trojan.Dropper
202.73.57.11/arwe/?736361acd09ca9717c9462514beb5205 Exploits
202.73.57.11/tomi/?t=2 Exploits
casien.net/eu/GB/k1/ NaviPromo / Skintrim.BAY
216.12.161.18/download/download.php?camp=22769&f=slut NaviPromo / Skintrim.BAY
raindrip.com/cms/baner.txt RFI
barracuda-antivirus.com Rogue
4utraffic.com/tp1.tv Malware calls home
4utraffic.com/misterpresident/s.php Malware calls home
1stempirefinancial.com Exploits
mcdisseny.com/tmp/copyright.txt RFI
tugaspeed.info/idpriv8.txt RFI
sk8sunabe.heteml.jp/mt/mt-static/numpang/fx29id2.txt RFI
www.rainbowofdiamonds.com/scripts/test RFI
212.227.74.68/catalog/fx29id.txt RFI
www.hetjongeschaap.nl/site/images/response.txt RFI
masuccessguy.com/docs/book RFI
rsh.kiev.ua/images/idfx1.txt RFI
shababek.de/baner.txt RFI
srcdirc.my-php.net/fxtool/fxtool/fx29id.txt RFI
home.covenantberks.org/images/kampret.jpg RFI
deutsch-online.pl/films/video/ Exploits
aladin-online.com/new/components/com_virtuemart/shop_image/vendor/test.txt RFI
www.sysweb.it/user/1.txt RFI
tactitrans.com/b1ttletX1.txt RFI
driji.wap.sh/id.txt RFI
pallmall4.fileave.com/id.txt RFI
kcaer.re.kr/zboard/icon/id.txt RFI
mybcpc.org/bcpcchoi/technote7/skin_shop/standard/2_view_body/idfx1.txt RFI
stonemac.com/bbs/g/id1.txt RFI
geocities.com/coracore99/r0bot.txt RFI
qigong-club.ru/bitrix/admin/vid.txt RFI
nw.or.kr/bbs/icon/idxx.txt RFI
www.info-design.fr/language/fonts/id1.txt RFI
geocities.com/valent_45/id1.txt RFI
ssdnb.net/bbs/data/vo RFI
4-floor.com/css/z1 RFI
laskar.mw.lt/id.txt RFI
laxestereo.com/parranda/copyright.txt RFI
kq-china.com/web/templates/ja_purity/id1.txt RFI
triton-friendlyclub.com/2009/id.txt RFI
cocoking.com/upload/gallery/id.txt RFI
h1.ripway.com/lupa121/makan.txt RFI
h1.ripway.com/adi121/id1.txt RFI
kenniscentrumgemeenten.nl/assets/export/id.txt RFI
flyozoneusa.com/tmp/id1.txt RFI
flyozoneusa.com/tmp/rfi.txt RFI
steannareptile.it/administrator/id1.txt RFI
asistek.cl:443/accounts/inc/chid.txt RFI
nw.or.kr/bbs/icon/v6.txt RFI
tmt.org.ru/readme.txt RFI
e-blacklist.net/alditor/bin1.txt RFI
colegiopenacorada.com/xoops_lib/modules/pw.txt RFI
ladyboss.com.ua/fx29id2.txt RFI
angelcitytrading.com/css/1.txt RFI
ambient-arts.co.uk/media/id.txt RFI
lanaalaadi.com/gallery/data/media/2/3/db.txt RFI
nw.or.kr/bbs/icon/gie.txt RFI
diga-pro.es/r57/test.txt RFI








Modify
nospam-ns.com/google/index.php        New IP 203.116.63.113







Inactive
nkdb.org/AsaMall/makeup/id.txt
fun-tour.ru/netcat_files/error.txt
cosmickls.net/bruno.bin
201.76.183.2/ids.txt
soesy.barcah.web.id/readme.txt
hashiriya.jp/upload/source/up16019.txt
203.113.6.34/adu/special.txt
emachine.com.hk/.z/okk.txt
203.253.145.192/zb41/skin/zero_vote/ruschmasik.txt
bbwonlinepersonals.com/groups/gallery/did.txt
bbwonlinepersonals.com/groups/gallery/id.txt
keycell.webs.com/IDscan.txt
bpec-english.com/test.txt
freewebs.com/lostmind7/idv6.txt
freewebs.com/brutusman/id.txt
lamarguerite.ca/mraneti.txt
sunter.us/a.txt
barancennet.getmyip.com/id.txt
kavirestan.ir/templates/siteground74/images/Za/bot.txt
pet-ijmond.nl/images/prc.gif
xddddd.webcindario.com/id.txt
elitewheels.ru/images/cnn
elitewheels.ru/images/inc
secondlive24.de/help/sql.txt
4utraffic.com/boom1.tv
Title: Re: A little mix
Post by: JohnC on May 17, 2009, 01:14:14 am
download.live-player.com/Live-Player_download.php?file=db Malware calls home
download.live-player.com/Live-Player_download.php?file=skin_dll Malware calls home
download.live-player.com/Live-Player_download.php?file=sqlite_dll Malware calls home
download.live-player.com/Live-Player_download.php?file=liveplayer_exe Malware calls home
download.live-player.com/Live-Player_download.php?file=liveplayer_skin Malware calls home
bl4ckst4r.cn/forum/foxpdf.php Exploits
bl4ckst4r.cn/forum/npdf.php Exploits
pornproductions09.com/scan/?id=260 FraudLoad.ekn / FakeAlert
spywaresystems.info/0/go.php?sid=2 FraudLoad.ekn / FakeAlert
fcbarcelona-alb.com FraudLoad.ekn / FakeAlert
tubeonporn09.net/codec/260.exe FraudLoad.ekn / FakeAlert
videoporntrue.com/scan/ FraudLoad.ekn / FakeAlert
pornotvnetwork.us Koobface
wottrack.com/promo.php?id=1000 DNSChanger
tmarab.com/vb/language/1/videoplayer.php.htm Trojan
videoland.biz Zlob
messengerdemon.free.fr/membres/up/Codec_Windows_Media_Player.exe Backdoor.IRCBot.gmp
ologetcn.zeigtsichimweb.de/amazing-video.html Rogue
tinnily.info/cgi-bin/counter?id=629901&ref= Rogue
warwork.info/cgi-bin/visits?id=591905&k=katie+richie+home+video&ref= Rogue
salehner.ynd.pl/all-the-best-video.htm Rogue
wihull.jclan.pl/dronchiro-1034.html Rogue
tangoing.info/cgi-bin/search?id=593102&k=nude+army+men&ref= Rogue
free-webscaners.net/disk/?code=170 Rogue
trafficshop.biz/ts/in.cgi?157 Rogue
retroxporntube.com  DNSChanger
hqplayer.net/will/373851649/1/player.php?m=bW92NC53bXY=&id=1000 DNSChanger
newhotvid.com DNSChanger
tampsb.info/cj/ Exploits
xdsabc.info/tds/go.php?sid=3 Exploits
new-videos.info Trojan
celebs-home-portal.com/?id=45017 Trojan
celebs-home-portal.com/video.php Trojan
exclusivestarvideo.com/Celebrity_StarVideo/Flash_Video/index.htm FraudLoad.ekn / FakeAlert
pornproductions09.net/codec/344.exe FraudLoad.ekn / FakeAlert
7stepsmedia.net/download/3776694945673d3d03635c6c/play-video.exe Trojan-Dropper.NSIS
tvcodec.net/xvidcodec.php DNSChanger




Modify
zuxmash.info/tsc/in.cgi?2     New IP 78.108.180.233
Title: Re: A little mix
Post by: JohnC on May 17, 2009, 03:05:30 am
afflvwetib.com/progs/royyl/fcppddma.php?adv=adv663 Malware calls home
afflvwetib.com/progs/royyl/lvreefo.php  Worm.Pinit.ds
afflvwetib.com/progs/royyl/ggcqqdde.php Winwebsec / Ertfor
afflvwetib.com/progs/royyl/kqddj.php Virut
afflvwetib.com/progs/royyl/wspcpq.php Virut
afflvwetib.com/progs/royyl/clmvviwj.php Virut
afflvwetib.com/progs/royyl/cyiivvvjjw.php Virut
afflvwetib.com/progs/royyl/yhrrrrsfob Loadadv.ACA
afflvwetib.com/progs/royyl/dranobool.php?adv=adv663&code1=LNLD&code2=3115&id=1824245000&p=1 Malware calls home
afflvwetib.com/uniq.php?id=1824245000&p=1 Malware calls home
ns1.afflvwetib.com NameServer for malware sites
ns2.afflvwetib.com NameServer for malware sites
klikvs.cn/in/load.exe Zbot
klikvs.cn/in/cfg/EXP.exe Zbot
bfcysytdze.net/aasuper0.php Backdoor.Rustock.NFM
bfcysytdze.net/aasuper1.php Virut / Virtob
bfcysytdze.net/aasuper2.php Trojan-Downloader.Small
bfcysytdze.net/aasuper3.php Koobface
ns1.bfcysytdze.net NameServer for malware sites
ns2.bfcysytdze.net NameServer for malware sites
currentlywork.com/site/unipack/index.php Exploits






Remove
individualpeople.biz/go.php?sid=1       Duplicate
Title: Re: A little mix
Post by: JohnC on May 17, 2009, 05:42:13 pm
gasex.info/s?search=xxx Results direct to malware
66.36.241.191/__counter/go.php?sid=2&tds-sekey=xxx&tds-id=29533 FakeAlert.BDR / FraudTool / Rogue
66.36.241.191/_getf_/xxx.html?id=29533 FakeAlert.BDR / FraudTool / Rogue
66.36.241.191/_getf_/g.php?q=xxx&id=29533 FakeAlert.BDR / FraudTool / Rogue
tubez-boobez.com/promo1/get.php?aid=1540&vname=xxx FakeAlert.BDR / FraudTool / Rogue
ipl.hk Exploits
google-analistyc.net/in.cgi?5 Exploits
archebald.com/promo/?92905d6ab40d95486148bb091780f99e Exploits
ns2.prospeed.cn NameServer for malware sites
livesexhard.ru/1vid1/index.html Exploits
livecumsex.ru Exploits
ns2.Tanford.cn NameServer for malware sites
ns1.Tanford.cn NameServer for malware sites
porn-blog.biz Rogue
traflab.com/in.cgi?4 Rogue
traflab.com/actual_redirect/sp.php Rogue
nicoleaustinxxxmovies.nakvgyuy.cn FakeAlert.BDR / FraudTool.PrivacyCenter.aj / Rogue
greatds.su/in.cgi?3&seoref=undefined&parameter=$keyword&se=$se&ur=1&HTTP_REFERER=undefined&default_keyword=undefined FakeAlert.BDR / FraudTool.PrivacyCenter.aj / Rogue
callsaua.info/software/ FakeAlert.BDR / FraudTool.PrivacyCenter.aj / Rogue
callsaua.info/software/stat/install.exe FakeAlert.BDR / FraudTool.PrivacyCenter.aj / Rogue
megasearch.coolwebsearch.us/search.php Exploits
i1match361.biz/html/2440/f8ae8aedaf494548b681dedb37dd3d5f/ Exploits
wabfind.in/page/2440/f8ae8aedaf494548b681dedb37dd3d5f/0517172721782737/ Exploits
wabfind.in/file/2440/f8ae8aedaf494548b681dedb37dd3d5f/0517172721782737/0.gif Rootkit.Podnuha.byf / Boaxxe.E
freesexywomanpic.statesaua.info Exploits
bureauofprintingengraving.growauts.info Exploits
shermanwilliamspaints.everyauts.info Exploits


Multiple IPs
antvirushelpv1.com 69.4.230.204 Rogue
antvirushelpv1.com 38.99.170.9 Rogue
antvirushelpv1.com 78.47.91.153 Rogue
antvirushelpv1.com 83.133.115.9 Rogue