Author Topic: 91.212.65.29 (Read 21427 times)

SysAdMini · May 08, 2009, 06:08:07 pm

Fake AV

trucount3001.com/cgi-bin/promo.pl?code=0000657http://www.virustotal.com/analisis/c14d9e4b0795e6e5b781d157d6efb60a 12/39

Code: [Select]

onlinescanxpp.com/land/eurl/1.php?code=downloads

Code: [Select]

antivirus-xppro-2009.com/cgi-bin/download.pl?code=00000001http://www.virustotal.com/analisis/785faaf2ff1ed2a3f5580aa7db69fcb5 7/39

SysAdMini · May 17, 2009, 08:43:28 pm

Fake scanner page

Code: [Select]

free-webscaners.net/disk/?code=170
downloads

Code: [Select]

trucount3001.com/cgi-bin/install.pl?adv=170http://www.virustotal.com/analisis/4b5312951cadde90314a58f805590155 9/40

SysAdMini · May 22, 2009, 10:01:29 am

Fake scanner page

Code: [Select]

freewebscaners.org/scan3/?code=674
downloads

Code: [Select]

trucount3002.com/cgi-bin/install.pl?adv=674http://virscan.org/report/eb1478d8ee1d7a7b6849cbffc6dab277.html 6/38

SysAdMini · May 22, 2009, 07:17:38 pm

Code: [Select]

trucount3002.com/cgi-bin/promo.pl?code=0000276http://www.virustotal.com/analisis/2af7aadc41ba17e4f5889d02201671780a5e1b716f8d4b3872ae7391df847a8f-1243018061 16/38

downloads

fake av config file

Code: [Select]

onlinescanxppp.com /?a=conf&code=276

Code: [Select]

#config#html_to_replace=http://onlinescanxppp.com/?a=html&code=276
is_html=1
html_replace_counter=10
replaces=10
html_url=http://onlinescanxppp.com/?a=html&code=276
pop_url=http://onlinescanxppp.com/?a=pop&q=%s&code=276
explorer_url=http://onlinescanxppp.com/land/eurl/?code=276
404_url=http://onlinescanxppp.com/?a=404&code=276
ruler_url=http://onlinescanxppp.com/?a=ruler&code=276
ruler_on=1
exlude_urls=antivirus-xppro2009.com
#/config#

leads to Fake AV

Code: [Select]

antivirus-xppro2009.com/cgi-bin/download.pl?code=276 http://www.virustotal.com/analisis/a91b87215e7940297d202759fa765b1aecdf0be980f4753383744323dee030e1-1243019304
10/35

JohnC · May 29, 2009, 09:24:06 pm

Code: [Select]

advanced-virusremover2009.com/cgi-bin/download.pl?code=00000000
http://www.virustotal.com/analisis/4016e727a4dd4475363c17f1aaa0ef06c6c30c13836c0e26a02fe4b885fcea7c-1243632085

This site is listed on the following nameservers:
ns1.megahostname.biz 91.212.65.10
ns2.megahostname.biz 91.212.65.29

SysAdMini · June 03, 2009, 08:54:47 pm

fake av downloader

Code: [Select]

alltubesplace.com/cgi-bin/install.pl?adv=686http://www.virustotal.com/analisis/72663e0fa4b02fc3d79e4e3e2fa05c4afcb8c5c10917288e5423747defa73603-1244062072 1/36
NOD32 4128 2009.06.03 a variant of Win32/Kryptik.RJ
http://www.threatexpert.com/report.aspx?md5=a01c2aa6a078a145e0ab0df0ebb66346

Malware-Web-Threats · June 12, 2009, 09:46:37 pm

fake av

Code: [Select]

onlinescanxppro.com/loads.php?code=0000585
trucount3005.com/cgi-bin/promo.pl?code=0000276

ThreatExpert

redirects to trojan

Code: [Select]

you-tube-xxx.com/1/1.php

rogue / fraud

Code: [Select]

vs-codec-pro.com
vscodec-pro.com

Author Topic: 91.212.65.29 (Read 21427 times)

SysAdMini

91.212.65.29

SysAdMini

Re: 91.212.65.29

SysAdMini

Re: 91.212.65.29

SysAdMini

Re: 91.212.65.29

JohnC

Re: 91.212.65.29

SysAdMini

Re: 91.212.65.29

Malware-Web-Threats

Re: 91.212.65.29