jupiter.bravenet.com
textlink.webmersion.com
Full Version: Bad Websites
Thanks r00ted, added. 
Kim
Kim
| QUOTE (Kimberly @ Jul 29 2005, 05:46 AM) |
Same here, my popup blocker didn't stop it and my firewall that has ad-blocking features included didn't stop it neither.  Kim |
Hi, Kim,
You might be interested in a most unusual popup at http://anonymouse.org/anonwww.html . When you enter any URL to browse anonymously, a rectangular box appears in front of every page that you are viewing. The ad window is not stopped by any Hosts file entry (though the ad itself is rendered invisible), the Firefox popup blocker, or even the Adblock extension. In fact, it doesn't even show up as an element at all in Adblock. The darn thing is so annoying that I stopped using that service because of it.
hmm
from that page source I found
partners.webmasterplan.com
could probably be blocked. Don't know if it's related to that "blank" pop up tho.
from that page source I found
partners.webmasterplan.com
could probably be blocked. Don't know if it's related to that "blank" pop up tho.
Thanks for the hint, I'll fire up my vbs script and visit that page to see if something can be done about it.
Kim
Kim
Hi Samurai V,
Same here, it's something that you can't stop at first sight, it's embedded in the source code of the html page that you are viewing. The original HTML code is modified by Anonymouse.org, they add it at the botton of the page. There is also a part located higher up in the page with reference to adstream_mjx.ads on the Anonymouse.org server embedded in the URL you visit.
If you are interested, the code is attached, i can't post it here, the tags used are not allowed.
Kim
Same here, it's something that you can't stop at first sight, it's embedded in the source code of the html page that you are viewing. The original HTML code is modified by Anonymouse.org, they add it at the botton of the page. There is also a part located higher up in the page with reference to adstream_mjx.ads on the Anonymouse.org server embedded in the URL you visit.
If you are interested, the code is attached, i can't post it here, the tags used are not allowed.
Kim
Thanks for the info, Kim and r00ted ... let's hope that other websites don't start doing this too 
Banner ads:
ads.blackcode.com
ads.blackcode.com
Evil spamming pharmacy and rolex shop:
fat.neuc.equallyjointventures.com
pgls.t.equallyjointventures.com
y.ev.charmandrealdeal.com
86a.a.superstarsuper.com
12c.atdn.supervaluecomingup.com
gh.cgtj.lovelycurllybearwonder.com
2s63.ar.largequilt.com
csa8.rcgj.careandessence.com
4ud.rpuh.nobetteronevalue.com
4fq1.v.springforuwant.com
dxii.e.honestaffordable.com
vce.0.honestaffordable.com
yuj.bskr.cyberbizcoming.com
x.pqvn.realsavingdirection.com
27m.vy.simplythetop.com
u6.ki.timetovisits.com
g0wd.ku.messengerforu.com
Offending IP's :
210.22.14.157
210.22.14.157
218.104.136.187
218.104.136.187
218.104.136.187
218.104.136.187
218.104.136.189
218.104.136.189
218.104.136.189
218.104.136.189
218.106.35.211
218.106.35.211
218.106.35.213
218.106.35.213
218.106.35.213
218.106.35.213
218.106.35.213
fat.neuc.equallyjointventures.com
pgls.t.equallyjointventures.com
y.ev.charmandrealdeal.com
86a.a.superstarsuper.com
12c.atdn.supervaluecomingup.com
gh.cgtj.lovelycurllybearwonder.com
2s63.ar.largequilt.com
csa8.rcgj.careandessence.com
4ud.rpuh.nobetteronevalue.com
4fq1.v.springforuwant.com
dxii.e.honestaffordable.com
vce.0.honestaffordable.com
yuj.bskr.cyberbizcoming.com
x.pqvn.realsavingdirection.com
27m.vy.simplythetop.com
u6.ki.timetovisits.com
g0wd.ku.messengerforu.com
Offending IP's :
210.22.14.157
210.22.14.157
218.104.136.187
218.104.136.187
218.104.136.187
218.104.136.187
218.104.136.189
218.104.136.189
218.104.136.189
218.104.136.189
218.106.35.211
218.106.35.211
218.106.35.213
218.106.35.213
218.106.35.213
218.106.35.213
218.106.35.213
@Samurai V
Added, thanks.
@shadowking
Added the hostsnames, unfurtunately a HOSTS file can not contain IP's, so these were not added.
Kim
Added, thanks.
@shadowking
Added the hostsnames, unfurtunately a HOSTS file can not contain IP's, so these were not added.
Kim
Reported at isc.sans.org as an email ploy to get users to go to the following malicious links:
www.jsnvowe.vbnnews.com
www.iepwls.vbnnews.com
www.jxdg.vbnnews.com
www.nevkbq.vbnnews.com
jsnvowe.vbnnews.com
iepwls.vbnnews.com
jxdg.vbnnews.com
nevkbq.vbnnews.com
www.jsnvowe.vbnnews.com
www.iepwls.vbnnews.com
www.jxdg.vbnnews.com
www.nevkbq.vbnnews.com
jsnvowe.vbnnews.com
iepwls.vbnnews.com
jxdg.vbnnews.com
nevkbq.vbnnews.com
Popups:
www211.paypopup.com
www213.paypopup.com
www214.paypopup.com
www219.paypopup.com
www211.paypopup.com
www213.paypopup.com
www214.paypopup.com
www219.paypopup.com
Thanks MaKaVeLi, added.
Kim
Kim
www.eksotik.com
unut.hollosite.com
There might be other embedded links to block, but was unable to view source on the computer I was at.
unut.hollosite.com
There might be other embedded links to block, but was unable to view source on the computer I was at.
127.0.0.1 nztv.juno.com
127.0.0.1 nztv.netzero.net
127.0.0.1 nztv.lax.untd.com
127.0.0.1 track.juno.com
127.0.0.1 www.ispgift.com
all related to View Source related stuff at webmail.juno.com
127.0.0.1 nztv.netzero.net
127.0.0.1 nztv.lax.untd.com
127.0.0.1 track.juno.com
127.0.0.1 www.ispgift.com
all related to View Source related stuff at webmail.juno.com
New eXactSearchBar websites:
www.yubilee.com
yubilee.com
mobile.yubilee.com
www.yubilee.com
yubilee.com
mobile.yubilee.com
Thanks MaKaVeLi, added.
Kim
Kim
Homepages from HJT logs:
www.xqdqzesfwdeafohlwx.biz
xqdqzesfwdeafohlwx.biz
www.faonxavrarxzpgwn.com
faonxavrarxzpgwn.com
www.joahnlbsskxrody.org
joahnlbsskxrody.org
Overture redirect sites:
www.gllgle.com
gllgle.com
www.fdsfd.com
fdsfd.com
c.mdnhinc.com
www.23523.com
23523.com
www.ancb.com
ancb.com
www.xqdqzesfwdeafohlwx.biz
xqdqzesfwdeafohlwx.biz
www.faonxavrarxzpgwn.com
faonxavrarxzpgwn.com
www.joahnlbsskxrody.org
joahnlbsskxrody.org
Overture redirect sites:
www.gllgle.com
gllgle.com
www.fdsfd.com
fdsfd.com
c.mdnhinc.com
www.23523.com
23523.com
www.ancb.com
ancb.com
Thanks MaKaVeLi, added.
Kim
Kim
Sites associated with drive-by spyware installs:
127.0.0.1 softech-ltd.com
127.0.0.1 storagev2.delfinproject.com
127.0.0.1 gr2.cc
127.0.0.1 softech-ltd.com
127.0.0.1 storagev2.delfinproject.com
127.0.0.1 gr2.cc
Thanks Samurai V, added
Homepages from HJT logs:
www.bestwebslinks.com
bestwebslinks.com
www.elmzsjnjvjgriwxbv.info
elmzsjnjvjgriwxbv.info
www.tjgaigztnre.net
tjgaigztnre.net
www.fsyhnpoucbjla.net
fsyhnpoucbjla.net
Rouge anti-spyware apps:
www.wincleaner.com
wincleaner.com
According to these videos:
http://www.spywarewarrior.com/elh/boclean_cws.wmv
http://www.spywarewarrior.com/elh/iespyad_cws.wmv
http://www.spywarewarrior.com/elh/boclean_kl.wmv
This site is doing the new keylogger exploits:
mmxo.megaman-network.com
Similar sites that were in the source code:
mmco.megaman-network.com
mmzo.megaman-network.com
mmlo.megaman-network.com
mmbno.megaman-network.com
www.megaman-network.com
megaman-network.com
megaman.retrofaction.com
www.bestwebslinks.com
bestwebslinks.com
www.elmzsjnjvjgriwxbv.info
elmzsjnjvjgriwxbv.info
www.tjgaigztnre.net
tjgaigztnre.net
www.fsyhnpoucbjla.net
fsyhnpoucbjla.net
Rouge anti-spyware apps:
www.wincleaner.com
wincleaner.com
According to these videos:
http://www.spywarewarrior.com/elh/boclean_cws.wmv
http://www.spywarewarrior.com/elh/iespyad_cws.wmv
http://www.spywarewarrior.com/elh/boclean_kl.wmv
This site is doing the new keylogger exploits:
mmxo.megaman-network.com
Similar sites that were in the source code:
mmco.megaman-network.com
mmzo.megaman-network.com
mmlo.megaman-network.com
mmbno.megaman-network.com
www.megaman-network.com
megaman-network.com
megaman.retrofaction.com
Added MaKaVeLi, thx.
Homepages from HJT logs:
www.dgmnjevfcpmsyrmgjjlwxlk.uk
dgmnjevfcpmsyrmgjjlwxlk.uk
www.oholnanmoo.net
oholnanmoo.net
www.fastnetsearch.net
fastnetsearch.net
Ads:
ads.clicksor.com
www.hitstracer.com
hitstracer.com
www.dgmnjevfcpmsyrmgjjlwxlk.uk
dgmnjevfcpmsyrmgjjlwxlk.uk
www.oholnanmoo.net
oholnanmoo.net
www.fastnetsearch.net
fastnetsearch.net
Ads:
ads.clicksor.com
www.hitstracer.com
hitstracer.com
Added MaKaVeLi, thx.
Kim
Kim
Homepages from HJT logs:
www.erkqxutnsmgouzpviumko.com
erkqxutnsmgouzpviumko.com
Ads:
www.robocounter.com
robocounter.com
Rouge anti-spyware apps:
www.mntolympus.org
mntolympus.org
www.spysniper.net
spysniper.net
www.worldantispy.com
worldantispy.com
www.erkqxutnsmgouzpviumko.com
erkqxutnsmgouzpviumko.com
Ads:
www.robocounter.com
robocounter.com
Rouge anti-spyware apps:
www.mntolympus.org
mntolympus.org
www.spysniper.net
spysniper.net
www.worldantispy.com
worldantispy.com
McAfee reports that these sites are contacted by the Adclicker-DF trojan:
127.0.0.1 www.spootie.com
127.0.0.1 www.system-processes.com
127.0.0.1 www.block-checker.com
127.0.0.1 www.spootie.com
127.0.0.1 www.system-processes.com
127.0.0.1 www.block-checker.com
Banner ad server:
partners.powweb.com
partners.powweb.com
Thanks, all added
Kim
Kim
Thx shadowking, added
Kim
Kim
127.0.0.1 reg.sms.ac
Spamming via email:
----------------------------------------------------------------------------------
You have one or more friends waiting for you to join their Mobile Friends Network at SMS.ac, the most popular mobile community in the world!
Friend(s) waiting for you right now include:
sarah clayton
Your friend(s) already know about the world of opportunities made possible by SMS.ac, and now you can find out what the excitement is all about. Simply click on http://reg.sms.ac/registration/Intro.aspx?...82990;&r=41&t=4 and join SMS.ac for free today. With SMS.ac, you can:
* Send text messages (SMS) to over 400 wireless networks worldwide.
* Reconnect with old friends and make new ones via the web or by mobile phone. With over 40 million members, SMS.ac is the world's largest mobile network. That's a lot of potential new friends!
* And more!
SMS.ac. The always on, always connected Mobile Network.
Don't recognize the name above? Click the link above to learn more about the friend who invited you.
Not interested? Click the link above, then click Unsubscribe to block future invitations.
SMS.ac, Inc., 255 G Street #723, San Diego, Ca 92101 US
----------------------------------------------------------------------------------
Spamming via email:
----------------------------------------------------------------------------------
You have one or more friends waiting for you to join their Mobile Friends Network at SMS.ac, the most popular mobile community in the world!
Friend(s) waiting for you right now include:
sarah clayton
Your friend(s) already know about the world of opportunities made possible by SMS.ac, and now you can find out what the excitement is all about. Simply click on http://reg.sms.ac/registration/Intro.aspx?...82990;&r=41&t=4 and join SMS.ac for free today. With SMS.ac, you can:
* Send text messages (SMS) to over 400 wireless networks worldwide.
* Reconnect with old friends and make new ones via the web or by mobile phone. With over 40 million members, SMS.ac is the world's largest mobile network. That's a lot of potential new friends!
* And more!
SMS.ac. The always on, always connected Mobile Network.
Don't recognize the name above? Click the link above to learn more about the friend who invited you.
Not interested? Click the link above, then click Unsubscribe to block future invitations.
SMS.ac, Inc., 255 G Street #723, San Diego, Ca 92101 US
----------------------------------------------------------------------------------
Extremely annoying flashing banner ads:
images.radcity.net
images.radcity.net
Added, thanks.
Kim
Kim
Banner ads:
a1204.g.akamai.net
a1204.g.akamai.net
mercury.tiser.com.au (annoying adds on news.com.au)
saturn.tiser.com.au
au.rd.yahoo.com (yahoo australia adserver)
pornbridge.com (viruses, malware)
www.totalgalleries.com (viruses)
download-it-from.us (scam, malware)
saturn.tiser.com.au
au.rd.yahoo.com (yahoo australia adserver)
pornbridge.com (viruses, malware)
www.totalgalleries.com (viruses)
download-it-from.us (scam, malware)
www1.consumeralertsystem.com reported as trojan installer
Thanks shadowking & Samurai V
Banner ads:
images.match.com
www.wisebuynow.com
images.match.com
www.wisebuynow.com
Horrible banner ads:
stb.msn.com
images.shopping.msn.com
stb.msn.com
images.shopping.msn.com
thanks Samurai V
Related to sogosearch:
www.mnema.com
www.infoweb.net
www.searchthenetnow.com
www.searchrockland.net
Yahoo australia annoying ads:
au.i1.yimg.com
www.mnema.com
www.infoweb.net
www.searchthenetnow.com
www.searchrockland.net
Yahoo australia annoying ads:
au.i1.yimg.com
Thanks shadowking.
I'll look up the sogosearch issue.
I'll look up the sogosearch issue.
Banner ads:
aj.600z.com
aj.600z.com
Rolex shop involved with mass spam [China] :
real-replica-watches.com
Offending IP: 221.11.134.16
http://www.apnic.net/apnic-bin/whois.pl?se...t=221.11.134.16
real-replica-watches.com
Offending IP: 221.11.134.16
http://www.apnic.net/apnic-bin/whois.pl?se...t=221.11.134.16
Thanks Samurai V & shadowking
http://bywhat.com serves banner ads, although the site also has a legitimate php proxy, so I'm not sure if you would want to block this or not.
Tracking cookies:
stats2.clicktracks.com
stats2.clicktracks.com
China spam / pharmacy / rolex:
yil.blgs.org
instant-pills.com
yil.blgs.org
instant-pills.com
Thanks Samurai V & shadowking.
@ shadowking, I'll check out the proxy link.
@ shadowking, I'll check out the proxy link.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.