Malware Domain List

Malware Related => Malicious Domains => Topic started by: GaryDee on April 14, 2012, 07:18:20 pm

Title: Keeping a focus upon „New“ MW-Sites (?)
Post by: GaryDee on April 14, 2012, 07:18:20 pm
Code: [Select]
http://game-hidden-object.com/
http://www.mywot.com/en/scorecard/game-hidden-object.com

Quote
Links to games as from f.ex. :

http://www.alawar.com/download/1912TitanicMystery_15369.exe

http://128.111.48.236/domain.php?hash=f22e418a5bc93f472b4fc7bed6092f18&type=js

http://128.111.48.236/view.php?hash=c9e88289b10269cb6019a2b496f0fa74&t=1334429373&type=js

https://www.virustotal.com/url/20a4b8331274409a0da73f390126135511637688348d58aef67cfb108483587b/analysis/1334429176/
Title: Re: Keeping a focus upon „New“ MW-Sites (?)
Post by: GaryDee on April 14, 2012, 09:19:05 pm
Weird Stuff:
Quote
Google & Elgoog ?
Code: [Select]
http://furikk.ru/
http://zekur.ru/

Nice is:
http://www.UnmaskParasites.com/security-report/?page=furikk.ru
http://www.UnmaskParasites.com/security-report/?page=zekur.ru

And the difference:
furikk.ru has /
zekur.ru ---> ok-zerkalo.ru ---> http://www.mywot.com/en/scorecard/ok-zerkalo.ru
Title: Re: Keeping a focus upon „New“ MW-Sites (?)
Post by: GaryDee on April 15, 2012, 11:13:40 am
Code: [Select]
http://www.pressmash.org/
appears also in connection to the MW-Domain

Code: [Select]
xn----7sboorocikaf8a1c.xn--p1ai
https://www.virustotal.com/url/ef638476852298afb83c170e61f27a6c7a1976a9734b695cc44954d38868a9c1/analysis/1334488025/
http://128.111.48.236/domain.php?hash=d900dd5502560153d0e6e2fd4f680150&type=js
Title: Re: Keeping a focus upon „New“ MW-Sites (?)
Post by: GaryDee on April 15, 2012, 12:24:33 pm
Code: [Select]
http://forp-eng.com/
http://128.111.48.236/domain.php?hash=b123f985ee143fc131812f74aa188306&type=js
https://www.virustotal.com/url/4ecd33e5df6365534e4075f0d7c2c10f5f275d2421e75f966f77d3a4e6913700/analysis/
http://www.unmaskparasites.com/security-report/?page=http%3A//forp-eng.com/

in connection to

Code: [Select]
combinebet.cn
https://www.virustotal.com/url/fd44c2e8263f30c1b18a6daf28f50e75c066d5914bfbf9381ffe3ca82fe19e49/analysis/1334492436/
http://128.111.48.236/domain.php?hash=b11c5a09636f1a7cb3088c94f8cbe8b5&type=js


and

Code: [Select]
www.forp.ru
http://www.unmaskparasites.com/security-report/?page=http%3A//www.forp.ru/
Title: Re: Keeping a focus upon „New“ MW-Sites (?)
Post by: GaryDee on April 16, 2012, 02:44:51 pm
Caution here:

Code: [Select]
http://www.enil.pl/
as the link enil.pl is found on the domain

Code: [Select]
http://krys-bet.pl/
Maybe a future MW-Domain. See also:

https://www.virustotal.com/url/a3d78fbd3353046eb2caaeb38f2d7a4116fe91f17923683f4449f81a329f0218/analysis/
http://128.111.48.236/domain.php?hash=a215c3fa735ca370e821037debc6de28&type=js
http://www.mywot.com/en/scorecard/krys-bet.pl
Title: Re: Keeping a focus upon „New“ MW-Sites (?)
Post by: GaryDee on April 16, 2012, 07:07:33 pm
Code: [Select]
http://anuslingus.fr/
together with

Code: [Select]
http://guepiere.fr/
is hosted by the same as

http://128.111.48.236/view.php?hash=49de97148d449187051e83fb1655fc34&type=js
Title: Re: Keeping a focus upon „New“ MW-Sites (?)
Post by: GaryDee on April 17, 2012, 05:04:46 am
Code: [Select]
http://bosanoga.eu/
HEUR:Trojan.Script.Iframer

http://128.111.48.236/view.php?hash=a3164b85920818f721734f30bb19d4a9&t=1334638919&type=js
Title: Re: Keeping a focus upon „New“ MW-Sites (?)
Post by: GaryDee on April 17, 2012, 05:31:37 am
Code: [Select]
http://www.psychiatra-psychoterapeuta.pl/
HEUR:Trojan.Script.Iframer

http://128.111.48.236/view.php?hash=96a8b3ead77a9f4ace16c53ac3218160&t=1334640577&type=js
Title: Re: Keeping a focus upon „New“ MW-Sites (?)
Post by: GaryDee on April 17, 2012, 06:39:21 am
Code: [Select]
http://s-dach.bydgoszcz.pl/
HEUR:Trojan.Script.Iframer

http://128.111.48.236/domain.php?hash=a77d462534475c19b1f5bf960fbac818&type=js
Title: Re: Keeping a focus upon „New“ MW-Sites (?)
Post by: GaryDee on April 18, 2012, 11:27:11 am
Code: [Select]
http://favoclick.com/file/casttipv3_install.exe
not-a-virus:AdWare.Win32.PopAd.nv
Win32:Dropper-gen
TROJ_GEN.R42C3AR


https://www.virustotal.com/file/6cb51460784cb67261dc0ddce3749a4ed7ae1d7524aa4cb2418cd0845fc33480/analysis/1334747947/
Title: Re: Keeping a focus upon „New“ MW-Sites (?)
Post by: GaryDee on April 18, 2012, 11:53:48 am
Code: [Select]
http://down.favomark.co.kr/favomark_install.exe

https://www.virustotal.com/url/db36dad2fd1d3ba47af323d1a23db6b03be3c74cc346f85ef62ed5c841eec1b1/analysis/1334749321/
https://www.virustotal.com/file/f9dcc59b808bf09ae41fac62c763bdd7a89e606b285a269dc34b4a834f40aef0/analysis/1334749325/

TrojWare.Win32.Clicker.irq0
TrojanClicker:Win32/Delf.U
Trojan-Clicker.AA!IK


Code: [Select]
http://down.favomark.co.kr/favomark_uninstall.exe
https://www.virustotal.com/url/f31b89161c58f176e6f5a1d9b4122b336a63f830968debc40885070610faf4f7/analysis/1334749723/
https://www.virustotal.com/file/9dd15172c87fb6908cab38a1c46d5397357f7331d6e112585d5f97f0dfe8d2ab/analysis/1334749727/

W32/Smalltroj.WWUO
Title: Re: Keeping a focus upon „New“ MW-Sites (?)
Post by: GaryDee on April 19, 2012, 08:07:04 am
Code: [Select]
mysecure.co.kr
http://update.mysecure.co.kr/msc_gsetup.exe

Adware/MyPCCheck.A.4
a variant of Win32/Adware.MyPCCheck.A
suspected of Trojan.Downloader.gen.h


https://www.virustotal.com/url/681676a9cb28e2259d906c42f96fdd30660612d1129cc4faa66e32b2858e9f27/analysis/1334822070/
https://www.virustotal.com/file/205b268c6d0ea6c4f5091aec606ae0e0fbeecee9cb4951a968681b0949dd7667/analysis/1334822086/
http://128.111.48.236/view.php?hash=1af65062866d9b07016877b2b8a1cfec&t=1334822080&type=js
Title: Re: Keeping a focus upon „New“ MW-Sites (?)
Post by: GaryDee on April 19, 2012, 12:45:53 pm
Code: [Select]
http://939.co.kr/ezHelpClient.exe
Trojan.Agent-266231
Heuristic.BehavesLike.Win32.Fake.O


https://www.virustotal.com/file/5ed86589bc4f9388b6312df3064e32124fc94bdf498f0e87bb20c1b9a636eb26/analysis/1334839137/
Title: Re: Keeping a focus upon „New“ MW-Sites (?)
Post by: GaryDee on April 19, 2012, 04:18:02 pm
Code: [Select]
http://cupfile.com/down_fs/tax_vat_cfsetup_1167_2.exe
Application.Generic.398687
suspected of Trojan.Downloader.gen.h
Trojan.Win32.Generic!BT


https://www.virustotal.com/file/ca994f1a41f85057923e4f261985c6d1765b5c5614e93bd5fd3a82c9d791ed39/analysis/1334851688/
Title: Re: Keeping a focus upon „New“ MW-Sites (?)
Post by: GaryDee on April 19, 2012, 05:02:24 pm
Code: [Select]
http://www.onbar.co.kr/update/Public/onbar21/onBar_Setup.exe
Trojan.Downloader.JOQI
Win32:Spyware-gen [Spy]
Skodna.Generic.CC


https://www.virustotal.com/file/3c92a8de7d301afef4b7039891ef2b6e54389e061890aff0bbfae73f1c9b9251/analysis/1334853191/
Title: Re: Keeping a focus upon „New“ MW-Sites (?)
Post by: GaryDee on April 20, 2012, 02:53:32 pm
Code: [Select]
http://www.safeguardcommunities.com/
http://www.safeguardcommunities.com/wp-admin/maint/dynamicload.php

HEUR:Trojan.Script.Iframer

Title: Re: Keeping a focus upon „New“ MW-Sites (?)
Post by: GaryDee on April 20, 2012, 05:40:18 pm
Code: [Select]
http://eof2.0rg.fr/in.cgi?2
Malicious Link

http://128.111.48.236/view.php?hash=dfb1a76e7bc195d46484de24fc726e48&t=1334931546&type=js
https://www.virustotal.com/url/1d0785aacd9c9d5c171f6f2d4ace6013b00a2d499489b69b395acb11bc718e1a/analysis/1334933500/
Title: Re: Keeping a focus upon „New“ MW-Sites (?)
Post by: GaryDee on April 20, 2012, 06:46:47 pm
Code: [Select]
http://thesims3tg.com/
https://www.virustotal.com/url/8f52aeb9640cdb194b197c3705ae79bed94fa713683454362dc99fbeb8f8a022/analysis/1334946367/

Code: [Select]
---> about:blank
Code: [Select]
---> http://mensagens.host.uol.com.br/aviso/aviso_compartilhado.html
http://128.111.48.236/view.php?hash=690e7ad53e628e90fd21ed2ed2470efe&t=1334946352&type=js

KIS Suspicious PHISHING-Link

Title: Re: Keeping a focus upon „New“ MW-Sites (?)
Post by: GaryDee on April 23, 2012, 06:11:03 am
Code: [Select]
http://www.bloam.info
goes to

Code: [Select]
http://www.tdisk.co.kr
4 suspicious inline scripts found

http://www.UnmaskParasites.com/security-report/?page=www.tdisk.co.kr/main/main_html.php

1 Link to
Code: [Select]
http://app.gomtv.com/gom/GOMPLAYERSETUP.EXE
W32/RLPacked.A.gen!Eldorado

https://www.virustotal.com/file/b299e0406232623240e90da0430040cc2885a1e785ca6c758e98955779029714/analysis/1335159425/
http://128.111.48.236/view.php?hash=d98b1931283319b75fa7b34d4ff4da53&t=1335159088&type=js

1 Link to:
Code: [Select]
http://app.gomtv.com/gomaudio/GOMAUDIOSETUP.EXE
AdWare.AdSpy!IK

https://www.virustotal.com/file/b42663b568c8a30b8f00a5a7b16472de3c3089b578dfefd0d366aac26a1035e6/analysis/1335160273/
http://128.111.48.236/view.php?hash=94893b835ed730b9f367c7b2545dcb1d&t=1335160249&type=js

So, for a Site that links to Malware there is no room to assume good faith. Following two .exe-files stay Suspicious Malware, even though some voted them as GOODWARE:

Code: [Select]
http://www.tdisk.co.kr/main/downtool/download.php?filename=DTLite4451-0236.exe
https://www.virustotal.com/url/472ba38c7b15bb3cb3aa359123bca2d27de304a8c5ee838f17ab101cfee20970/analysis/1335158977/
https://www.virustotal.com/file/5f6e43609a99024ba49d8da0239b7cb6859ce34d5e46dfbe23298993c2ed5485/analysis/1335159007/
http://128.111.48.236/view.php?hash=bfcf3fed4695fcc1c0aebb060a6c79b5&t=1335158664&type=js

Code: [Select]
http://www.tdisk.co.kr/main/downtool/download.php?filename=ALZip851.exe
https://www.virustotal.com/url/9d6711484dcdff12950162aa6abecc8b5bfcaca390b84cd38f3abfead8e5b604/analysis/1335159051/
https://www.virustotal.com/file/869aeb141517be9c393cbee5cee1d7d912076f8f7a8aa624eba1d63ae1f27085/analysis/1335159083/
http://128.111.48.236/view.php?hash=7bb719e990b76896b2fbaad6bd5053c8&t=1335158540&type=js

See also:

Code: [Select]
http://www.tdisk.co.kr/mmsv/Tdisk_setup.exe
https://www.virustotal.com/url/8fbb04d7a6c72430e256d8b6131a57f919cdbca7341dfbe39228332e6915a433/analysis/1335161986/
http://128.111.48.236/view.php?hash=ea30b5c8fc86d6b95414d4415726768b&t=1335161945&type=js
Title: Re: Keeping a focus upon „New“ MW-Sites (?)
Post by: GaryDee on April 23, 2012, 07:16:42 am
The wholen same procedure for the 2 following sites, as one above:

Code: [Select]
http://haziyo.com/
goes to

Code: [Select]
http://www.fileham.com/main/main_html.php
There are 18 suspicious inline scripts.

http://www.UnmaskParasites.com/security-report/?page=www.fileham.com/main/main_html.php
Title: Re: Keeping a focus upon „New“ MW-Sites (?)
Post by: GaryDee on April 24, 2012, 10:18:25 am
Links to:
Code: [Select]
http://www.qqjs2.55.la
http://www.count5.51yes.com

http://128.111.48.236/domain.php?hash=bbeea19f9caacef9482ed7bd9512ab57&type=js

Hidden Links:
http://www.UnmaskParasites.com/security-report/?page=www.cctvseo.com

Additional (potential) malware:
Code: [Select]
http://www.cctvseo.com/uploads/userup/0909/05163923K09.jpg|http://www.cctvseo.co m/uploads/userup/0909/021442019192.jpg|/uploads/userup/0908/31002T25561_lit.jpg& bcastr_link=/shop-extend/200909/13-460.html|/SEO-news/200909/08-455.html|/anli/2 00909/05-453.html|/SEO-news/200909/02-452.html|/SEO-news/200908/31-446.html&bcas tr_title=1???????????? ??|???????????????|????????????|???????????????|?? ????? ???????
http://128.111.48.236/view.php?hash=bbeea19f9caacef9482ed7bd9512ab57&t=1335262373&type=js
Title: Re: Keeping a focus upon „New“ MW-Sites (?)
Post by: GaryDee on April 25, 2012, 03:09:18 pm
Code: [Select]
http://www.xp-wallpaper.de/tools/screensaver/bilder/XPW_Galaxys.exe
PUA.Packed.ASPack

https://www.virustotal.com/url/73ef4cf5457dde47a5696da56ddb756836f2048cf24fdceb0aaca0056027944f/analysis/1335366361/
https://www.virustotal.com/file/df15210cf12128ca495ac02cfd694f55e3665e683d14243126cfbf9afdf87ac6/analysis/1335366377/
Title: Re: Keeping a focus upon „New“ MW-Sites (?)
Post by: GaryDee on April 28, 2012, 12:22:53 pm
Code: [Select]
http://files.chameleon-apps.com/cshutdown_freeware.exe
not-a-virus:WebToolbar.Win32.RK.cr

https://www.virustotal.com/url/a800640e3aaae61a9ffcfed1f0b1e6e1f0b8ac16a20bf611e82482cf830262de/analysis/1335615410/
https://www.virustotal.com/file/d9e3b1bff2f268d047cc79c463e80ab8dca4c12056a59a5a97e4f97966318c42/analysis/1335615411/
http://128.111.48.236/view.php?hash=02816ab07438aa32622a579c7227da88&t=1335615427&type=js

In Cooperation with:
Code: [Select]
http://www.download3k.com/Install-Chameleon-Shutdown-Lite.html
Title: Re: Keeping a focus upon „New“ MW-Sites (?)
Post by: EP_X0FF on April 29, 2012, 12:36:12 am
Code: [Select]
http://www.xp-wallpaper.de/tools/screensaver/bilder/XPW_Galaxys.exe
PUA.Packed.ASPack

https://www.virustotal.com/url/73ef4cf5457dde47a5696da56ddb756836f2048cf24fdceb0aaca0056027944f/analysis/1335366361/
https://www.virustotal.com/file/df15210cf12128ca495ac02cfd694f55e3665e683d14243126cfbf9afdf87ac6/analysis/1335366377/

This is not malware. This file is simple packed with ASPack which is legitimate packer for PE files.
Title: Re: Keeping a focus upon „New“ MW-Sites (?)
Post by: GaryDee on May 05, 2012, 01:12:19 pm
Code: [Select]
http://www.darkhe.com/reading/artoflove.exe
TR/Agent.uzg
Artemis!D53E69B41DB3
Trojan/Agent.weu


https://www.virustotal.com/url/648615cbd93585ac79cfee5dc666d0297693ac9a78ecb068e9e3808584ad3156/analysis/1336221300/
https://www.virustotal.com/file/10105f3add961ac749c21be9f5a9f8289fa8b57885ccf67cc903d75ed08e2e92/analysis/1336221302/
http://wepawet.iseclab.org/view.php?hash=95badf399acaab5bd8e8eba3ba9362d6&t=1336221320&type=js
http://anubis.iseclab.org/?action=result&task_id=12b9c49288dd63c0459d29e2a5d1e4174

Code: [Select]
http://www.darkhe.com/reading/fortune60.exe
W32/Agent.KS.gen!Eldorado
Trojan.Spy-63580
Riskware


https://www.virustotal.com/url/507e5dda7cb2d56e253ad83d5484af2e4adae1b5cc021f77b136d82f9b26957e/analysis/1336222072/
https://www.virustotal.com/file/249d85e557250de2d938f81c50af35627e97a272900c531bf75e7cff940a5e68/analysis/1336222073/
http://wepawet.iseclab.org/view.php?hash=1e67cb47adfbd6b410363c0ae6703e5f&t=1336222044&type=js
http://anubis.iseclab.org/?action=result&task_id=148c958e713f433a46142eac32b16d1b1

Code: [Select]
http://www.darkhe.com/reading/Iwanttotellyouaboutmyfeelings.exe
W32/Agent.KS.gen!Eldorado
Trojan.Spy-63580
Riskware


https://www.virustotal.com/url/7652b36b5e8328e1acc2eee5ab5482e5c66bb28e9523330226e28991a68e1ca0/analysis/1336222393/
https://www.virustotal.com/file/0dd4c23d655c3eee74dced8b0d76a8db69987f2ad2515e5dcde8ed79bbcb1deb/analysis/1336222395/
http://wepawet.iseclab.org/view.php?hash=8fe8f61f50bd73dc2795eefeedcf2454&t=1336222310&type=js
http://anubis.iseclab.org/?action=result&task_id=155c8fb6d3c0b95c499a843eb5f5315ae

Code: [Select]
http://www.darkhe.com/reading/love100.exe
W32/Agent.KS.gen!Eldorado
Trojan.Spy-63580
Riskware


https://www.virustotal.com/url/8e35c6b6414bda598e7b62773e56eff5592b0fae876c17a5c7f4484379026159/analysis/1336223057/
https://www.virustotal.com/file/03e502877e3da82cd3fb963e8178aae5a0eabc7400f0dace2b8e1e3fe8c316ea/analysis/1336223058/
http://wepawet.iseclab.org/view.php?hash=f66f532d484134667fca4132f05f10a2&t=1336223037&type=js
http://anubis.iseclab.org/?action=result&task_id=1d6a378b3ec34e0b46d3eb06e80803225
Title: Re: Keeping a focus upon „New“ MW-Sites (?)
Post by: GaryDee on May 19, 2012, 10:05:42 pm
Code: [Select]
http://www.alcodasoftware.com/dl/exactwrd.exe

http://www.alcodasoftware.com/dl/editext.exe

http://www.alcodasoftware.com/dl/spmagic.exe

http://www.alcodasoftware.com/dl/wdspring.exe

http://www.alcodasoftware.com/dl/wrsource.exe

Malicious Links


--------------------------------------------------------------------

Code: [Select]
http://2m-games.ab-archive.net/downloadnow.html?id=10881
Advertising Tool/not-a-virus

Code: [Select]
http://altix-soft.ab-archive.net/downloadnow.html?id=15224
RISKY

Code: [Select]
http://zonora-technologies.ab-archive.net/downloadnow.html?id=7720
http://southern-ocean-software.ab-archive.net/downloadnow.html?id=6331
http://www.uk-software.com/fullsoftware/spkclock.exe
http://southern-ocean-software.ab-archive.net/downloadnow.html?id=6331
http://www.southernoceansoftware.com/text2html/enovels/timeforgot.exe

SUSPICIOUS

Code: [Select]
http://clarkscript.ab-archive.net/downloadnow.html?id=12660