Honeypots forgotten Links...

[GaryDee]

Code: [Select]

xn----jtbewcdgkdy.xn--p1ai/
xn----jtbewcdgkdy.xn--p1ai/ckidki.html
xn----jtbewcdgkdy.xn--p1ai/contakt.html
xn----jtbewcdgkdy.xn--p1ai/dalee.html
xn----jtbewcdgkdy.xn--p1ai/js/lightbox.js
xn----jtbewcdgkdy.xn--p1ai/js/prototype.js
xn----jtbewcdgkdy.xn--p1ai/js/scriptaculous.js
xn----jtbewcdgkdy.xn--p1ai/galerea.html
xn----jtbewcdgkdy.xn--p1ai/prize/N1.html
xn----jtbewcdgkdy.xn--p1ai/prize/usl_fasad.html
xn----jtbewcdgkdy.xn--p1ai/prize/usl_demontag.html
xn----jtbewcdgkdy.xn--p1ai/prize/usl_santex.html
xn----jtbewcdgkdy.xn--p1ai/prize/usl_elektro.html
xn----jtbewcdgkdy.xn--p1ai/prize/usl_obshestvenie.html
xn----jtbewcdgkdy.xn--p1ai/prize/usl_otdeloch.html
xn----jtbewcdgkdy.xn--p1ai/prize/usl_metallkon.html
xn----jtbewcdgkdy.xn--p1ai/smeta/smeta.html
xn----jtbewcdgkdy.xn--p1ai/vakan.html

Trojan-Downloader.JS.Agent.gpp
Trojan.JS.Agent.FPX
Troj/PhoexRef-A

[GaryDee]

Code: [Select]

http://xn----8sb5a0ajk1cg.xn--p1ai/
xn----8sb5a0ajk1cg.xn--p1ai/modules/mod_icetabs/assets/script_15.js
xn----8sb5a0ajk1cg.xn--p1ai/#content
xn----8sb5a0ajk1cg.xn--p1ai/#footer
xn----8sb5a0ajk1cg.xn--p1ai/#main-nav_wrap
xn----8sb5a0ajk1cg.xn--p1ai/#site_wrapper
xn----8sb5a0ajk1cg.xn--p1ai/index.php?option=com_contact&view=contact&id=1&Itemid=688
xn----8sb5a0ajk1cg.xn--p1ai/index.php?option=com_content&view=article&id=1216:2011-05-15-20-27-05&catid=102:icetabs
xn----8sb5a0ajk1cg.xn--p1ai/index.php?option=com_content&view=article&id=1236&Itemid=791
xn----8sb5a0ajk1cg.xn--p1ai/index.php?option=com_content&view=article&id=1240&Itemid=792
xn----8sb5a0ajk1cg.xn--p1ai/index.php?option=com_content&view=article&id=1274:2011-05-23-19-04-02
xn----8sb5a0ajk1cg.xn--p1ai/index.php?option=com_content&view=article&id=1289:something-to-tempt-your-tastebuds
xn----8sb5a0ajk1cg.xn--p1ai/index.php?option=com_content&view=article&id=1292&Itemid=795
xn----8sb5a0ajk1cg.xn--p1ai/index.php?option=com_content&view=article&id=1293&Itemid=764
xn----8sb5a0ajk1cg.xn--p1ai/index.php?option=com_content&view=article&id=1295:something-to-tempt-your-tastebuds
xn----8sb5a0ajk1cg.xn--p1ai/index.php?option=com_content&view=article&id=1296:something-to-tempt-your-tastebuds
xn----8sb5a0ajk1cg.xn--p1ai/index.php?option=com_content&view=article&id=1301:2011-05-15-20-27-05&catid=102:icetabs
xn----8sb5a0ajk1cg.xn--p1ai/index.php?option=com_content&view=article&id=1302:2011-05-15-20-27-05&catid=102:icetabs
xn----8sb5a0ajk1cg.xn--p1ai/index.php?option=com_content&view=article&id=1303:2011-05-15-20-27-05&catid=102:icetabs
xn----8sb5a0ajk1cg.xn--p1ai/index.php?option=com_content&view=article&id=1304:2011-05-15-20-27-05&catid=102:icetabs
xn----8sb5a0ajk1cg.xn--p1ai/index.php?option=com_content&view=article&id=1305:2011-05-15-20-27-05&catid=102:icetabs
xn----8sb5a0ajk1cg.xn--p1ai/index.php?option=com_poll&id=16:-qelhouseq

[GaryDee]

Code: [Select]

xn--80ajb4acklee1cxfe.xn--p1ai/#imGoToCont
xn--80ajb4acklee1cxfe.xn--p1ai/#imGoToMenu
xn--80ajb4acklee1cxfe.xn--p1ai/blog/
xn--80ajb4acklee1cxfe.xn--p1ai/imsitemap.html
xn--80ajb4acklee1cxfe.xn--p1ai/index.html
xn--80ajb4acklee1cxfe.xn--p1ai/proekt.html
xn--80ajb4acklee1cxfe.xn--p1ai/res/swfobject.js
xn--80ajb4acklee1cxfe.xn--p1ai/res/x5cartengine.js
Trojan-Downloader.JS.Agent.gpp
Trojan.JS.Agent.FPX
Troj/PhoexRef-A

[GaryDee]

Code: [Select]

http://white-ravens.com/
http://white-ravens.com/index.php?option=com_content&view=article&id=57:boeing-767-300-leve-d&catid=34:demo-content
http://white-ravens.com/index.php?option=com_content&view=article&id=58:boeing-747-800-pmdg&catid=34:demo-content
http://white-ravens.com/index.php?option=com_content&view=article&id=59:boeing-747-400-pmdg&catid=34:demo-content
http://white-ravens.com/index.php?option=com_content&view=article&id=60:boeing-737-800-pmdg&catid=34:demo-content
http://white-ravens.com/index.php?option=com_content&view=article&id=66&catid=38
http://white-ravens.com/index.php?option=com_content&view=article&id=70&Itemid=53
http://white-ravens.com/index.php?option=com_content&view=article&id=74&Itemid=88
http://white-ravens.com/index.php?option=com_content&view=category&layout=blog&id=1&Itemid=69
http://white-ravens.com/index.php?option=com_content&view=frontpage&Itemid=61
http://white-ravens.com/index.php?option=com_content&view=frontpage&Itemid=78
http://white-ravens.com/index.php?option=com_content&view=section&id=3&Itemid=66
http://white-ravens.com/index.php?option=com_newsfeeds&view=categories&Itemid=68
http://white-ravens.com/index.php?option=com_user&view=remind
http://white-ravens.com/index.php?option=com_user&view=reset
http://white-ravens.com/media/system/js/caption.js
http://white-ravens.com/media/system/js/mootools.js
http://white-ravens.com/modules/mod_gk_tab/scripts/engine_compress.js
http://white-ravens.com/modules/mod_news_pro_gk1/scripts/engine_standard_compressed.js
http://white-ravens.com/templates/gk_coolfoto/lib/scripts/gk_image_show.js
http://white-ravens.com/templates/gk_coolfoto/lib/scripts/template_scripts.js
HEUR:Trojan.Script.Generic
Trojan-Downloader.JS.JScript.ak
Trojan-Downloader.JS.JScript.av
Trojan-Downloader.JS.JScript.ax

[GaryDee]

Code: [Select]

xn--80aadeapbbmqnj1cce9bbatr7ezf.xn--p1ai/
xn--80aadeapbbmqnj1cce9bbatr7ezf.xn--p1ai/jquery-1.3.2.min.js
xn--80aadeapbbmqnj1cce9bbatr7ezf.xn--p1ai/media/system/js/mootools.js
xn--80aadeapbbmqnj1cce9bbatr7ezf.xn--p1ai/plugins/system/modalizer/modals/colorbox/jquery.colorbox-min.js
xn--80aadeapbbmqnj1cce9bbatr7ezf.xn--p1ai/plugins/system/modalizer/modals/jquery.min.js
xn--80aadeapbbmqnj1cce9bbatr7ezf.xn--p1ai/zoom/zoom/zoom.js
xn--80aadeapbbmqnj1cce9bbatr7ezf.xn--p1ai/index.php?limitstart=20
xn--80aadeapbbmqnj1cce9bbatr7ezf.xn--p1ai/index.php?limitstart=25
xn--80aadeapbbmqnj1cce9bbatr7ezf.xn--p1ai/index.php?limitstart=30
xn--80aadeapbbmqnj1cce9bbatr7ezf.xn--p1ai/index.php?limitstart=35
xn--80aadeapbbmqnj1cce9bbatr7ezf.xn--p1ai/index.php?limitstart=40
xn--80aadeapbbmqnj1cce9bbatr7ezf.xn--p1ai/index.php?limitstart=45
xn--80aadeapbbmqnj1cce9bbatr7ezf.xn--p1ai/index.php?limitstart=5
xn--80aadeapbbmqnj1cce9bbatr7ezf.xn--p1ai/index.php?option=com_content&view=article&id=104:-2011&catid=3:2011-06-17-06-34-47&Itemid=9
xn--80aadeapbbmqnj1cce9bbatr7ezf.xn--p1ai/index.php?option=com_content&view=article&id=141:2011-11-23-19-20-57&catid=3:2011-06-17-06-34-47&Itemid=9
xn--80aadeapbbmqnj1cce9bbatr7ezf.xn--p1ai/index.php?option=com_content&view=article&id=179:-q-q
xn--80aadeapbbmqnj1cce9bbatr7ezf.xn--p1ai/index.php?option=com_content&view=article&id=180:-2011-
xn--80aadeapbbmqnj1cce9bbatr7ezf.xn--p1ai/index.php?option=com_content&view=article&id=184:-qq-
xn--80aadeapbbmqnj1cce9bbatr7ezf.xn--p1ai/index.php?option=com_content&view=article&id=188:2012-02-23-07-16-10
xn--80aadeapbbmqnj1cce9bbatr7ezf.xn--p1ai/index.php?option=com_content&view=article&id=189:22-
xn--80aadeapbbmqnj1cce9bbatr7ezf.xn--p1ai/index.php?option=com_content&view=article&id=190:2012-02-26-05-06-22
xn--80aadeapbbmqnj1cce9bbatr7ezf.xn--p1ai/index.php?option=com_content&view=article&id=193:pozdravlenie-s-8-marta
xn--80aadeapbbmqnj1cce9bbatr7ezf.xn--p1ai/index.php?option=com_content&view=article&id=194:nashi-potencialnye-soperniki-na-olimpiade-vostokzapad
xn--80aadeapbbmqnj1cce9bbatr7ezf.xn--p1ai/index.php?option=com_content&view=article&id=195:15go-marta-sostojalis-baklanovskie-sostjazanija-plastun-v-gorodegeroe-volgograde
xn--80aadeapbbmqnj1cce9bbatr7ezf.xn--p1ai/index.php?option=com_content&view=article&id=196:reportazh-v-volgapresse
xn--80aadeapbbmqnj1cce9bbatr7ezf.xn--p1ai/index.php?option=com_content&view=article&id=197:2012-03-20-10-36-43&catid=3:2011-06-17-06-34-47&Itemid=9
xn--80aadeapbbmqnj1cce9bbatr7ezf.xn--p1ai/index.php?option=com_content&view=article&id=198:2012-03-22-23-10-14
xn--80aadeapbbmqnj1cce9bbatr7ezf.xn--p1ai/index.php?option=com_content&view=article&id=199:sostav-sbornoj-komandy-na-olimpiadu-vostokzapad
xn--80aadeapbbmqnj1cce9bbatr7ezf.xn--p1ai/index.php?option=com_content&view=article&id=200:2012-03-28-16-29-32
xn--80aadeapbbmqnj1cce9bbatr7ezf.xn--p1ai/index.php?option=com_content&view=article&id=201:pozdravljaem-kotenjova-s-zasluzhennoj-nagradoj
xn--80aadeapbbmqnj1cce9bbatr7ezf.xn--p1ai/index.php?option=com_content&view=article&id=2&Itemid=2
xn--80aadeapbbmqnj1cce9bbatr7ezf.xn--p1ai/index.php?option=com_content&view=article&id=22&Itemid=10
xn--80aadeapbbmqnj1cce9bbatr7ezf.xn--p1ai/index.php?option=com_content&view=article&id=23&Itemid=11
xn--80aadeapbbmqnj1cce9bbatr7ezf.xn--p1ai/index.php?option=com_content&view=article&id=3&Itemid=3
xn--80aadeapbbmqnj1cce9bbatr7ezf.xn--p1ai/index.php?option=com_content&view=article&id=4&Itemid=4
xn--80aadeapbbmqnj1cce9bbatr7ezf.xn--p1ai/index.php?option=com_content&view=article&id=5&Itemid=5
xn--80aadeapbbmqnj1cce9bbatr7ezf.xn--p1ai/index.php?option=com_content&view=article&id=6&Itemid=6
xn--80aadeapbbmqnj1cce9bbatr7ezf.xn--p1ai/index.php?option=com_content&view=article&id=7&Itemid=7
xn--80aadeapbbmqnj1cce9bbatr7ezf.xn--p1ai/index.php?option=com_content&view=article&id=8&Itemid=8
xn--80aadeapbbmqnj1cce9bbatr7ezf.xn--p1ai/index.php?option=com_content&view=category&layout=blog&id=1&Itemid=13
xn--80aadeapbbmqnj1cce9bbatr7ezf.xn--p1ai/index.php?option=com_content&view=category&layout=blog&id=3&Itemid=9
xn--80aadeapbbmqnj1cce9bbatr7ezf.xn--p1ai/index.php?option=com_xmap&sitemap=1
Trojan-Downloader.JS.Agent.gpp
Trojan.JS.Agent.FPX
Troj/PhoexRef-A

[GaryDee]

Code: [Select]

http://xn----7sboorocikaf8a1c.xn--p1ai/
http://xn----7sboorocikaf8a1c.xn--p1ai/templates/ja_purity_ii/js/ja.ddmod.js
http://xn----7sboorocikaf8a1c.xn--p1ai/templates/ja_purity_ii/js/ja.script.js
http://xn----7sboorocikaf8a1c.xn--p1ai/templates/ja_purity_ii/js/menu/css.js
xn----7sboorocikaf8a1c.xn--p1ai/media/system/js/caption.js
xn----7sboorocikaf8a1c.xn--p1ai/#Top
xn----7sboorocikaf8a1c.xn--p1ai/index.php
xn----7sboorocikaf8a1c.xn--p1ai/index.php?option=com_content&view=article&id=13&Itemid=20
xn----7sboorocikaf8a1c.xn--p1ai/index.php?option=com_content&view=article&id=14&Itemid=19
xn----7sboorocikaf8a1c.xn--p1ai/index.php?option=com_content&view=article&id=16&Itemid=23
xn----7sboorocikaf8a1c.xn--p1ai/index.php?option=com_k2&view=item&layout=item&id=19&Itemid=10
xn----7sboorocikaf8a1c.xn--p1ai/index.php?option=com_k2&view=item&layout=item&id=29&Itemid=18
xn----7sboorocikaf8a1c.xn--p1ai/index.php?option=com_k2&view=item&layout=item&id=31&Itemid=24
xn----7sboorocikaf8a1c.xn--p1ai/index.php?option=com_k2&view=itemlist&layout=category&task=category&id=10&Itemid=25
xn----7sboorocikaf8a1c.xn--p1ai/index.php?option=com_k2&view=itemlist&layout=category&task=category&id=3&Itemid=15
xn----7sboorocikaf8a1c.xn--p1ai/index.php?option=com_k2&view=itemlist&layout=category&task=category&id=4&Itemid=16
xn----7sboorocikaf8a1c.xn--p1ai/index.php?option=com_k2&view=itemlist&layout=category&task=category&id=5&Itemid=17
xn----7sboorocikaf8a1c.xn--p1ai/index.php?view=article&catid=3:2011-06-01-19-22-24&id=15:2011-06-01-19-23-32&tmpl=component&print=1&layout=default&page=
Trojan-Downloader.JS.Agent.gpp
Trojan.JS.Agent.FPX
Troj/PhoexRef-A

[GaryDee]

Code: [Select]

xn------5cdaabkdeummgvtjc3gpfha6ap.xn--p1ai
HEUR:Trojan.Script.Generic
Trojan-Downloader.JS.JScript.ax

[GaryDee]

Code: [Select]

http://xn---24-5cdablcza5abzy3aja9amodl8h.xn--p1ai/
http://xn---24-5cdablcza5abzy3aja9amodl8h.xn--p1ai/js/jquery.pixelentity.kenburnsSlider.min.js
http://xn---24-5cdablcza5abzy3aja9amodl8h.xn--p1ai//mc.yandex.ru/metrika/watch.js
http://xn---24-5cdablcza5abzy3aja9amodl8h.xn--p1ai//mc.yandex.ru/watch/12758911
http://xn---24-5cdablcza5abzy3aja9amodl8h.xn--p1ai/index.php?id=10
http://xn---24-5cdablcza5abzy3aja9amodl8h.xn--p1ai/index.php?id=12
http://xn---24-5cdablcza5abzy3aja9amodl8h.xn--p1ai/index.php?id=13
http://xn---24-5cdablcza5abzy3aja9amodl8h.xn--p1ai/index.php?id=14
http://xn---24-5cdablcza5abzy3aja9amodl8h.xn--p1ai/index.php?id=15
http://xn---24-5cdablcza5abzy3aja9amodl8h.xn--p1ai/index.php?id=16
http://xn---24-5cdablcza5abzy3aja9amodl8h.xn--p1ai/index.php?id=2
http://xn---24-5cdablcza5abzy3aja9amodl8h.xn--p1ai/index.php?id=3
http://xn---24-5cdablcza5abzy3aja9amodl8h.xn--p1ai/index.php?id=4
http://xn---24-5cdablcza5abzy3aja9amodl8h.xn--p1ai/index.php?id=6
http://xn---24-5cdablcza5abzy3aja9amodl8h.xn--p1ai/index.php?id=8

Trojan-Downloader.JS.Agent.gpp
Trojan.JS.Agent.FPX
Troj/PhoexRef-A

[GaryDee]

Code: [Select]

http://www.blue-events.pl/
http://www.blue-events.pl/galeria/
http://www.blue-events.pl/kontakt/
http://www.blue-events.pl/oferta/
http://www.blue-events.pl/o-nas/
http://www.blue-events.pl/wp-includes/js/l10n.js?ver=20101110
Trojan-Downloader.JS.Iframe.cvd

[GaryDee]

Code: [Select]

http://euroinkaso.pl/
http://euroinkaso.pl/libs/jquery/jquery.tools.min.js
http://euroinkaso.pl/libs/jquery/lightbox/js/jquery.lightbox-0.5.js
http://euroinkaso.pl/12/windykacja/prewencja
http://euroinkaso.pl/19/finanse/faktoring
http://euroinkaso.pl/2
http://euroinkaso.pl/3
http://euroinkaso.pl/aktualnosci
http://euroinkaso.pl/aktualnosci/25
http://euroinkaso.pl/aktualnosci/26
http://euroinkaso.pl/inwigilacja
http://euroinkaso.pl/kontakt
http://euroinkaso.pl/libs/SWFObject/swfobject.js
http://euroinkaso.pl/mapa-serwisu
http://euroinkaso.pl/pliki-do-pobrania
http://euroinkaso.pl/referencje
http://euroinkaso.pl/uslugi-detektywistyczne

Trojan-Downloader.JS.Iframe.cvd

http://128.111.48.236/view.php?hash=38d41246a2756e33cab9c3a580899c1b&t=1334639551&type=js

[GaryDee]

MW-Link

Code: [Select]

campari.shinsengumi-subs.info/tooltip.js
https://www.virustotal.com/url/8304cf64f7290e78df8bb65b20ebd396cc65bd8f09e34d664be96bda18306fa2/analysis/1334689338/

seems not to exist anymore

http://www.profitux.cz/errors/404.htm

hoster Profitux seems to care...But obviously not enough, because as seen here:

Code: [Select]

http://campari.shinsengumi-subs.info/mylist.htm (Caution:  Trojan-Downloader.JS.Pegel.e)

still exists. Just follow the Network Activity and Redirects:

http://128.111.48.236/view.php?hash=0293673369a10630fc73318a3ce161c3&t=1334689079&type=js

So all in all someone considered to classify

Code: [Select]

campari.shinsengumi-subs.info/tooltip.js
as malicious, but instead forgot to check the redirect,

Code: [Select]

http://campari.shinsengumi-subs.info/mylist.js
who is indeed the real malicious one. That might be ONE reason however, how a false/positive „could“ be generated... However, noones perfect, especially no bytes

http://128.111.48.236/domain.php?hash=78aa59a1a5223fd836c6e0c1570b3129&type=js

Trojan-Downloader.JS.Pegel.e

[GaryDee]

In addition to:

Code: [Select]

http://download2.100limiterodas.com.br/
https://www.virustotal.com/url/d2166bbca5d42706763eed3d41aa09ab8011315fb18c86e14ae5eed4a04cd97d/analysis/1334741953/

see also:

Code: [Select]

http://100limiterodas.com.br/
http://construtorarh.com.br/
https://www.virustotal.com/url/7c36519cf31982531b403a232078f32e6f96255e16b229a46ae6aba06e627a25/analysis/1334741674/
https://www.virustotal.com/url/e6786c3ceb798b6c6df96e949143aae11596bb54aa3c4513ad2e7866875a7e7f/analysis/1334741856/

Trojan.Win32.Jorik.Vobfus.aqmx

[GaryDee]

Code: [Select]

http://down.feel2day.com/newmain/webmain/nfdinstall.exe
https://www.virustotal.com/url/f2a85e01dbdab0781ad6a37e376d1dc895f020b8cb03247c59c1420496afe305/analysis/1334752685/
https://www.virustotal.com/file/45d34bc29f82d26ff62859fc37e93e004d78083929a7b9f79cc4dea156ba049e/analysis/1334752693/

Trojan.Win32.Genome.aespr
Adware:Win32/Funpop
NSIS:Downloader-DJ [Trj]

[GaryDee]

Code: [Select]

http://down.neoprotect.com/neopuninst.exe
https://www.virustotal.com/url/e194d5a5c275bb074f969c4912a7e1792f340aa48a8176b58874f6fe1bd34cbd/analysis/1334826502/
https://www.virustotal.com/file/a04f7902085952c25baaa411e2be27370a92548f1840dec2dac0c3940b1a43f0/analysis/1334826506/

Adware/Aprotect.B.9
Trojan-Downloader.Agent!IK

[GaryDee]

Code: [Select]

http://down.pcgkimi.com/install/home/PcGkimi_setup.exe
Adware/Kraddare.AT.138
Gen:Variant.Graftor.873
TROJ_GEN.F4AC8J5