Author Topic: Mr Clean's dirt  (Read 173746 times)

0 Members and 1 Guest are viewing this topic.

August 02, 2009, 07:53:07 pm
Reply #180

Mr Clean

  • Special Members
  • Hero Member

  • Offline
  • *

  • 331


August 04, 2009, 01:51:21 pm
Reply #182

Mr Clean

  • Special Members
  • Hero Member

  • Offline
  • *

  • 331
Code: [Select]
192.168.1.10 - - [ 4/Aug/2009:13:29:39 +0000] "GET http://synthetic-electric.cn/go.php?id=2003-03&key=e20dfa513&p=1 HTTP/1.1" - - "http://whitepg-images.adbureau.net/whitepg/2009-07%20hotel_728x90.swf?clickTag=http://atl.whitepages.com/accipiter/adclick/CID=0000533400000" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.1)"
192.168.1.10 - - [ 4/Aug/2009:13:29:39 +0000] "GET http://onlinesecurityscanv11.com/1/?sess==W219jDwOS0zJmlwPTY1LjEyMy4xOS42MiZ0aW1lPTEyNDMzMkIMNQkO HTTP/1.1" - - "http://whitepg-images.adbureau.net/whitepg/2009-07%20hotel_728x90.swf?clickTag=http://atl.whitepages.com/accipiter/adclick/CID=0000533400000" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.1)"
192.168.1.10 - - [ 4/Aug/2009:13:29:40 +0000] "GET http://onlinesecurityscanv11.com/1/img/jquery.js HTTP/1.1" - - "http://onlinesecurityscanv11.com/1/?sess==W219jDwOS0zJmlwPTY1LjEyMy4xOS42MiZ0aW1lPTEyNDMzMkIMNQkO" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.1)"


Code: [Select]
hxxp://onlinesecurityscanv11.com/download/Install-0c6_2003-3.exe

$ dig onlinesecurityscanv11.com +short
88.198.41.170
209.44.126.52
78.47.172.66

http://www.virustotal.com/analisis/bd424b5f474ae9ef45daae7cb9064403497c187fc5b168b2fe859b27ac979379-1249393866 7/41

http://research.sunbelt-software.com/ViewMalware.aspx?id=9872536&cs=57BD3287F84998C9C7604E984A6956BF

http://anubis.iseclab.org/?action=result&task_id=11526942bdf3251a4597dd8e67e0cebd9


onlinesecurityscanv11.com
challenges-cup.com
systemupdatesv6.com


August 05, 2009, 07:33:00 pm
Reply #183

Mr Clean

  • Special Members
  • Hero Member

  • Offline
  • *

  • 331
Code: [Select]
hxxp://nucleargaming.net/errorlogs/aleluia.gif

$ file aleluia.gif
aleluia.gif: MS-DOS executable, MZ for MS-DOS

$ dig nucleargaming.net +short
209.25.133.225

http://www.virustotal.com/analisis/7fdadabb4922f008671d7a156acb8f8812814f156b7bffb22a82ef4c7a766ef3-1249424356 16/41
http://research.sunbelt-software.com/ViewMalware.aspx?id=9916879&cs=30A50ABCF454C2FE158BBE92ABE6350E


nucleargaming.net
ekeye.com




August 06, 2009, 05:24:52 pm
Reply #185

Mr Clean

  • Special Members
  • Hero Member

  • Offline
  • *

  • 331
Code: [Select]
hxxp://gofastscanner.com/download/Install-420d_2003-3.exe

$ dig gofastscanner.com +short
88.198.41.170
209.44.126.52
78.47.172.66

http://www.virustotal.com/analisis/27517370ea2e189c619bea5bd11afdacef7f4781b3a00989e598e5e3de39c113-1249577337 2/41
http://www.sunbeltsecurity.com/cwsandboxreport.aspx?id=9941812&cs=CA6C79071187BA84AB4E181F5E372678


bitmap files?   
Code: [Select]
hxxp://baseprogrammupdatesv5.com/logo.bmp

$ file logo.bmp
logo.bmp: data

Code: [Select]
hxxp://windefenderbaseupdate.com/template.bmp

$ file template.bmp
template.bmp: data



gofastscanner.com
keyboard-mouse-fun.com
baseprogrammupdatesv5.com
windefenderbaseupdate.com


August 06, 2009, 06:00:25 pm
Reply #186

Mr Clean

  • Special Members
  • Hero Member

  • Offline
  • *

  • 331
Code: [Select]
hxxp://govirusscanner.com/download/Install-1408e_2031.exe

$ dig govirusscanner.com +short
91.212.107.5
94.102.48.29
188.40.61.236
83.133.126.155
94.102.51.26

http://www.virustotal.com/analisis/8cdb3d69147640c82c8b1657ba90c5da3ecb1ee0eec5d6fc6ec23c07953f6f6c-1249581622 0/41
http://research.sunbelt-software.com/ViewMalware.aspx?id=9942677&cs=7DCBC5364B93941949240365756C7FFB


govirusscanner.com
june-crossover.com


August 07, 2009, 02:31:59 pm
Reply #187

Mr Clean

  • Special Members
  • Hero Member

  • Offline
  • *

  • 331
I can be just as relentless

Code: [Select]
hxxp://gomalwarescanner.com/download/Install-fa6bb14_2003-3.exe

$ dig gomalwarescanner.com +short
88.198.41.170
78.47.172.66
209.44.126.52

http://www.virustotal.com/analisis/c007ad216705e73b58c260ab049ba00a91745f0b092b1b29db1c8b360874df31-1249652331 2/41
http://research.sunbelt-software.com/ViewMalware.aspx?id=9987227&cs=B9EBAC0B6ECE5BFB9A45F608B027555B


gomalwarescanner.com
keyboard-mouse-fun.com



August 11, 2009, 02:52:54 pm
Reply #189

Mr Clean

  • Special Members
  • Hero Member

  • Offline
  • *

  • 331
Code: [Select]
hxxp://wfoto.front.ru/fotos.com

$ dig wfoto.front.ru +short
ftp.front.ru.
82.204.219.224

http://www.virustotal.com/analisis/2044851a8ec36f76359fc31233071be8f9d348d91a73a47fddde6a575c4f7246-1250001993 18/41
http://www.sunbeltsecurity.com/cwsandboxreport.aspx?id=10081211&cs=384D6631678577C784F7B7ABCD8BF452
http://anubis.iseclab.org/?action=result&task_id=154ac9b98fc08fa54bddb70df6868e0d8&format=html

Code: [Select]
hxxp://kede.hpg.ig.com.br/ree1.html

$ file ree1.html
ree1.html: data

hxxp://kede.hpg.ig.com.br/ree2.html

$ file ree2.html
ree2.html: data

hxxp://kedex02.hpg.ig.com.br/nl2.html

$ file nl2.html
nl2.html: data

hxxp://kedex02.hpg.ig.com.br/nl3.html

$ file nl3.html
nl3.html: data

hxxp://kedex02.hpg.ig.com.br/nl5.html

$ file nl5.html
nl5.html: data

hxxp://kedex02.hpg.ig.com.br/nl6.html

$ file nl6.html
nl6.html: data



front.ru
kedex02.hpg.ig.com.br
kede.hpg.ig.com.br



August 11, 2009, 03:33:15 pm
Reply #190

Mr Clean

  • Special Members
  • Hero Member

  • Offline
  • *

  • 331
Code: [Select]
hxxp://antispywarelivescanv5.com/download/Install-b85ed90_2015.exe

$ dig antispywarelivescanv5.com +short
83.133.123.174
188.40.61.236
91.212.107.5
94.102.51.26
94.102.48.29
83.133.126.155

http://www.virustotal.com/analisis/75774261b858b5963c8896b7613334ac98a6b2539c72de5babb8be969f7598da-1249982407 7/41

http://www.sunbeltsecurity.com/cwsandboxreport.aspx?id=10081212&cs=7C257D272767FA948E0A9186A93BE6EA

Code: [Select]
hxxp://recentbaseupdatesv6.com/logo.bmp

$ file logo.bmp
logo.bmp: data

$ dig recentbaseupdatesv6.com +short
84.16.255.108


antispywarelivescanv5.com
recentbaseupdatesv6.com


August 11, 2009, 05:08:38 pm
Reply #191

Mr Clean

  • Special Members
  • Hero Member

  • Offline
  • *

  • 331

August 11, 2009, 06:36:04 pm
Reply #192

Mr Clean

  • Special Members
  • Hero Member

  • Offline
  • *

  • 331
Code: [Select]
hxxp://antimalwaresecurescanv2.com/download/Install-4a8_2006-39.exe

$ dig antimalwaresecurescanv2.com +short
91.212.107.5
83.133.126.155
83.133.123.174
94.102.48.29
188.40.61.236
94.102.51.26

http://www.virustotal.com/analisis/681a877090b8e2275d781fadd7b9e1fb7700446365cc528db224d67b94cd548a-1250011543 3/41
http://www.sunbeltsecurity.com/cwsandboxreport.aspx?id=10081224&cs=6545E33A0C238A3850068D1E8B8B5A44


consensualart.cn                                <- originating domain
antimalwaresecurescanv2.com
june-crossover.com
recentbaseupdatesv6.com

August 12, 2009, 09:39:01 pm
Reply #193

Mr Clean

  • Special Members
  • Hero Member

  • Offline
  • *

  • 331
Code: [Select]
http://spywarescannerv4.com/download/Antivirus-b4ba_2015.exe

$ dig spywarescannerv4.com +short
83.133.123.174
94.102.51.26
94.102.48.29
188.40.61.236
91.212.107.5

http://www.virustotal.com/analisis/2b79674aab8e8faae071e057b9f65f3faac1c75a6453bf9db872d6802ea09f1b-1250110200 0/41
http://research.sunbelt-software.com/ViewMalware.aspx?id=10084941&cs=0604BAB0703FA5D36C0943BD14FA3471


spywarescannerv4.com



August 13, 2009, 12:33:34 pm
Reply #194

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
Just out of interest, have you been continuously monitoring these to see how quickly they're going down again? (last checks I did showed they only stayed online for 12-24 hours)
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net