Man is this site an annoyance!
www.fun-greetings-jokes.com
(go there and click close, it will pop up a window asking you to rate the site...and then take you to topgreeting cards.com while opening the ad site below. Also it links to some other site if you click to submit the information (go there and try it you will see what I mean). Just go there and search for other links from that site, they're all annoying.
http://www.topgreetingcards.com/ -annoying site
Ad site:
http://1.primaryads.com
Full Version: Bad Websites
Installs 180, Search Miracle, Internet Optimizer. Info:
http://sunbeltblog.blogspot.com/2005/11/se...outsoftnet.html
www.lookoutsoft.net
lookoutsoft.net
More 180:
blog.180solutions.com
Involved in an Esthost install:
core.psyche-evolution.com
http://sunbeltblog.blogspot.com/2005/11/se...outsoftnet.html
www.lookoutsoft.net
lookoutsoft.net
More 180:
blog.180solutions.com
Involved in an Esthost install:
core.psyche-evolution.com
Thanks added 
| QUOTE (Anti_Spyware @ Nov 26 2005, 08:25 AM) |
| I found a site that supposedly was of dumb criminals and jokes about them...however it had nothing to do with them and just offers search results...not only that, but when I closed the window, ANOTHER WINDOW OPENED AFTER THE FIRST ONE CLOSED FROM THE SAME SITE. WHen I closed THAT one, ANOTHER one openned, an ad of "Sponsored links". This is definetly bad. ..... |
I'll look that up and see if something needs to be blocked.
| QUOTE (Anti_Spyware @ Nov 27 2005, 03:32 AM) |
| Man is this site an annoyance! www.fun-greetings-jokes.com (go there and click close, it will pop up a window asking you to rate the site...and then take you to topgreeting cards.com while opening the ad site below. Also it links to some other site if you click to submit the information (go there and try it you will see what I mean). Just go there and search for other links from that site, they're all annoying. http://www.topgreetingcards.com/ -annoying site |
I don't just throw in a site because it is annoying, those greeting card sites are most of the time ok, it's the sites that serve ads/popups that need to be blocked, not the site itself.
Kim
www.crackinfo.net/
(on my restricted sites list)
(on my restricted sites list)
www.appzplanet.com/
-sends popups of gross sites as well as sites already on the blocklist...pretty suspicious...google popup blocker allows them for some reason...
By the way, should I be surfing with some extra protection since I am going to these sites and reporting them? I currently have for protection:
Sygate Personal Firewall
McAfee Anti-Virus
Microsoft Anti-Spyware Beta
SpywareBlaster
SpywareGuard
Ad-Aware
Spybot
Google Toolbar blocker
BISS Hosts Manager
IE-SPYAD
I use IE...should I use Firefox 1.5 when its released with AdBlock Plus like you suggested? Is that enough protection, or should I be running some sort of VMWare thing? VMWare looks very time-consuming and its not free...so I am rather wary about setting it up...are there any free virtual OS's that are easy to setup and configure? Or what type of tools should I use? In case a site gives me spyware and my various protection fails to remove it...I would like to be extra safe.
-sends popups of gross sites as well as sites already on the blocklist...pretty suspicious...google popup blocker allows them for some reason...
By the way, should I be surfing with some extra protection since I am going to these sites and reporting them? I currently have for protection:
Sygate Personal Firewall
McAfee Anti-Virus
Microsoft Anti-Spyware Beta
SpywareBlaster
SpywareGuard
Ad-Aware
Spybot
Google Toolbar blocker
BISS Hosts Manager
IE-SPYAD
I use IE...should I use Firefox 1.5 when its released with AdBlock Plus like you suggested? Is that enough protection, or should I be running some sort of VMWare thing? VMWare looks very time-consuming and its not free...so I am rather wary about setting it up...are there any free virtual OS's that are easy to setup and configure? Or what type of tools should I use? In case a site gives me spyware and my various protection fails to remove it...I would like to be extra safe.
www.allosponsor.com is an ad banner that tried to load on a cracks site.
Keep in mind that I do Not support cracks or even download them...searching for cracks sites is a great way to pick up more bad sites though.
www.lomalka.ru - I wouldn't trust this site personally but since I didnt download any things to test it out, i am not sure. Can you download a crack to test if it gives you spyware? I am rather afraid to do so..
apps5.oingo.com
www.zone-patchs.fr.st - very strange site. Somehow when loading the web page got canceled, and then it loaded all these really annoying ads that zoomed around before vanishing...very suspicious
ad2.regiedepub.com -one of the loaders of the fast popups...
search.ug.com/ not quite sure if they are affiliate link-stealers or not but when I clicked on search results it merely redirected me back to another one of their search pages...even when I clicked directly on a website URL located on the search page it didnt take me there..pretty darn bogus.
Oh, how do I configure Sygate Personal Firewall free edition to block outgoing traffic? Because quite a lot of it was allowed going to those sites...which isnt so good.
serialsdb.com/ -Claims to have lots of cracks but a lot of them are suspicious and one opens a link to a site already on the BIss blocklists..cracks probably either dont exist or are malware-infected.
vv6.s13.dupx.cc - Mentioned in Webhelpers CWS writeup
s13.dupx.cc
dupx.cc
Keep in mind that I do Not support cracks or even download them...searching for cracks sites is a great way to pick up more bad sites though.
www.lomalka.ru - I wouldn't trust this site personally but since I didnt download any things to test it out, i am not sure. Can you download a crack to test if it gives you spyware? I am rather afraid to do so..
apps5.oingo.com
www.zone-patchs.fr.st - very strange site. Somehow when loading the web page got canceled, and then it loaded all these really annoying ads that zoomed around before vanishing...very suspicious
ad2.regiedepub.com -one of the loaders of the fast popups...
search.ug.com/ not quite sure if they are affiliate link-stealers or not but when I clicked on search results it merely redirected me back to another one of their search pages...even when I clicked directly on a website URL located on the search page it didnt take me there..pretty darn bogus.
Oh, how do I configure Sygate Personal Firewall free edition to block outgoing traffic? Because quite a lot of it was allowed going to those sites...which isnt so good.
serialsdb.com/ -Claims to have lots of cracks but a lot of them are suspicious and one opens a link to a site already on the BIss blocklists..cracks probably either dont exist or are malware-infected.
vv6.s13.dupx.cc - Mentioned in Webhelpers CWS writeup
s13.dupx.cc
dupx.cc
www.dinogym.com -bogus search portal with links that all are on my restricted sites list, because it routes the sites through switch.atdmt.com
www.jammalottrecords.com - same as above site...search engine that routes sites through www21.overture.com
www.thebugs.ws - I am suspicious of this site because it has a link to a "search bar for IE users only" that takes users to a site thats on my restricted sites list.
promos.adlead.com - this looks pretty suspicious too.
search.ug/ - Man this site is so bogus, its a bogus search portal that lots of other bogus sites link to.
www.crackfind.com -not sure if this is bad, but highly suspicious...my filter blocked the site from loading so I am not sure but I would use extreme caution going to it.
www.pornoracle.net -Not sure agian cause of my filter but it seems very bad
www.cracklib.net - suspicious but not sure..
[www.easycracks.net - before downloading a crack it has a flash window that shows you how to install an activeX control....very very scary stuff...and of course i didn't install it, knowing how easily 1 little control could put thousands of spywares on my computer...mark thisup as one bad site.
www.regiedepub.com
www.crack.nu -filter blocked but suspicious none the less.
www.serials.ws -suspicious
www.astalavista.ws - astalavista TLD
www.wareznetwork.net - suspicious
www.cracksearchengine.net - on restricted sites list
www.easydownloads.net suspicious
beastysportal.6x.to - suspicious
www.directwarez.com -suspicious
www.easy-xxx.net - suspicious
moniqueduiveltje.eigenstart.nl - suspicious
cracksearch.cracksweb.com - suspicious
www.warezcrawler.net - suspicious
www.warez.com new home of warezcrawler.net - suspicious
www.atbtercume.com - pretty suspicious looking site
www.searchingtheweb.net
Click to enter loads the site "feed.peakclick.com/ which takes forever to load...very slow...makes me suspicious...not sure if site URL is cut off...
dell4me.com - suspicious
www.finderhome.biz - suspicious...
www.to-search.info - suspicious
www.serialz.to
http://www.mvps.org/winhelp2002/hosts.txt - a whole list of sites, most of which are probably already on the list..
Hope this helps. People shouldn't search for cracks anyways since they are illegal and if they do, they deserve to get infected...
Hope this helps-
www.jammalottrecords.com - same as above site...search engine that routes sites through www21.overture.com
www.thebugs.ws - I am suspicious of this site because it has a link to a "search bar for IE users only" that takes users to a site thats on my restricted sites list.
promos.adlead.com - this looks pretty suspicious too.
search.ug/ - Man this site is so bogus, its a bogus search portal that lots of other bogus sites link to.
www.crackfind.com -not sure if this is bad, but highly suspicious...my filter blocked the site from loading so I am not sure but I would use extreme caution going to it.
www.pornoracle.net -Not sure agian cause of my filter but it seems very bad
www.cracklib.net - suspicious but not sure..
[www.easycracks.net - before downloading a crack it has a flash window that shows you how to install an activeX control....very very scary stuff...and of course i didn't install it, knowing how easily 1 little control could put thousands of spywares on my computer...mark thisup as one bad site.
www.regiedepub.com
www.crack.nu -filter blocked but suspicious none the less.
www.serials.ws -suspicious
www.astalavista.ws - astalavista TLD
www.wareznetwork.net - suspicious
www.cracksearchengine.net - on restricted sites list
www.easydownloads.net suspicious
beastysportal.6x.to - suspicious
www.directwarez.com -suspicious
www.easy-xxx.net - suspicious
moniqueduiveltje.eigenstart.nl - suspicious
cracksearch.cracksweb.com - suspicious
www.warezcrawler.net - suspicious
www.warez.com new home of warezcrawler.net - suspicious
www.atbtercume.com - pretty suspicious looking site
www.searchingtheweb.net
Click to enter loads the site "feed.peakclick.com/ which takes forever to load...very slow...makes me suspicious...not sure if site URL is cut off...
dell4me.com - suspicious
www.finderhome.biz - suspicious...
www.to-search.info - suspicious
www.serialz.to
http://www.mvps.org/winhelp2002/hosts.txt - a whole list of sites, most of which are probably already on the list..
Hope this helps. People shouldn't search for cracks anyways since they are illegal and if they do, they deserve to get infected...
Hope this helps-
dell4me.com is for dell customers.
Everyone knows that you don't have to visit those crack sites. I'll look them up when I have some time. Most of them should be bad ...
I did edit your post, because I prefer no http links, I don't want people to click on them by accident, so please just post the site without the http prefix. Thx.
We don't use or include the MVPS hosts file into ours.
On many of those sites when visiting them, you'll get drive-by downloads. No warning, no nothing and bang you are infected even with a firewall and an antivirus running, just by visiting the page. VM is good because it's virtual, none of them are free tho, at least I don't know any free. Another solution is to have a complete backup of your system (like a ghost image or something similar) before you visit that kind of sites. Or a pc dedicated to that kinda stuff.
Someone else might pop in with some info for your Sygate setup, I never used it so unfortunately I can't tell you where to change your settings to block outgoing traffic. But imo, if you block it, your webpages won't load anymore.
Kim
Everyone knows that you don't have to visit those crack sites. I'll look them up when I have some time. Most of them should be bad ...
I did edit your post, because I prefer no http links, I don't want people to click on them by accident, so please just post the site without the http prefix. Thx.
We don't use or include the MVPS hosts file into ours.
On many of those sites when visiting them, you'll get drive-by downloads. No warning, no nothing and bang you are infected even with a firewall and an antivirus running, just by visiting the page. VM is good because it's virtual, none of them are free tho, at least I don't know any free. Another solution is to have a complete backup of your system (like a ghost image or something similar) before you visit that kind of sites. Or a pc dedicated to that kinda stuff.
Someone else might pop in with some info for your Sygate setup, I never used it so unfortunately I can't tell you where to change your settings to block outgoing traffic. But imo, if you block it, your webpages won't load anymore.
Kim
Kim,
Thanks for your reply.
540.filost.com is a site that apparently added a ShellServiceObjectDelayLoad entry to someone's registry, over at SWI here...http://forums.spywareinfo.com/index.php?showtopic=62229
The full URL is found in the post....and sorry about posting a direct link ill be careful not to do that anymore.
Most of those crack sites had annoying popups to restricted sites, or had downloads that looked like they might contain trojans *i was afraid to actually download stuff in case they did*. They should be all bad, but like you said, its better to research and make sure. Let me know when you have found out the results, thanks!
If there is no need to surf those sites I guess I don't need to...but then shouldn't I do that to help improve the blocklist? I am confused.
I tried out the Sygate Personal Firewall thing and it actually blocked my connection to sites with the outgoing traffic all blocked...so you were right.
Why don'y you use the MVPS hosts file to add to your own? Is it copyrighted/protected or is there another reason for this? Just curious, not trying to bug you
I haven't gotten any drive-by-downloads from any of those sites. I am not 100 percent sure what a drive-by-download is...all I know is that sites can easily download trojans when the web page is loading to the Temporary Internet Files folder. However, Mcafee can detect these. As for spyware downloads, they would probably only infect me if I actually downloaded a crack, which I didn't. Also, I suppose they could put a web page script on their site to exploit me via a 0 day exploit, which would totally jack me up because 0 day exploits havent been found out yet....but I think I am pretty reasonably well protected from sypware...spywareguard protects my homepage and protects me from downloads...as well as those other anti-spyware apps I listed in the last post.
I am most vulnerable to rootkits, since I dont have an anti-rootkit software on my computer, to 0 day exploits, which everyone is vulnerable to, and to exploits in IE or The Java Sun which haven't yet been patched; I suppose firefox would make those more secure but honestly I dont like the GUI for firefox; i prefer IE even though its "not as safe technically".
Sorry about the dell4me mistake.
Thanks!
Thanks for your reply.
540.filost.com is a site that apparently added a ShellServiceObjectDelayLoad entry to someone's registry, over at SWI here...http://forums.spywareinfo.com/index.php?showtopic=62229
The full URL is found in the post....and sorry about posting a direct link ill be careful not to do that anymore.
Most of those crack sites had annoying popups to restricted sites, or had downloads that looked like they might contain trojans *i was afraid to actually download stuff in case they did*. They should be all bad, but like you said, its better to research and make sure. Let me know when you have found out the results, thanks!
If there is no need to surf those sites I guess I don't need to...but then shouldn't I do that to help improve the blocklist? I am confused.
I tried out the Sygate Personal Firewall thing and it actually blocked my connection to sites with the outgoing traffic all blocked...so you were right.
Why don'y you use the MVPS hosts file to add to your own? Is it copyrighted/protected or is there another reason for this? Just curious, not trying to bug you
I haven't gotten any drive-by-downloads from any of those sites. I am not 100 percent sure what a drive-by-download is...all I know is that sites can easily download trojans when the web page is loading to the Temporary Internet Files folder. However, Mcafee can detect these. As for spyware downloads, they would probably only infect me if I actually downloaded a crack, which I didn't. Also, I suppose they could put a web page script on their site to exploit me via a 0 day exploit, which would totally jack me up because 0 day exploits havent been found out yet....but I think I am pretty reasonably well protected from sypware...spywareguard protects my homepage and protects me from downloads...as well as those other anti-spyware apps I listed in the last post.
I am most vulnerable to rootkits, since I dont have an anti-rootkit software on my computer, to 0 day exploits, which everyone is vulnerable to, and to exploits in IE or The Java Sun which haven't yet been patched; I suppose firefox would make those more secure but honestly I dont like the GUI for firefox; i prefer IE even though its "not as safe technically".
Sorry about the dell4me mistake.
Thanks!
How do I configure Kerio Personal Firewall as so to block certain applications and connnections from running? Sygate allowed me to easily do this, however..Kerio does not seem to have this option. Does anyone know?
Here are a couple of sites that tried port scans on my computer...which are obviously illegal:
anakin.2020total.net
safepages.com
ma.ulimit.com (add ulimit.com as well)
ns12hiwit.net (add hiwit.net as well)
fc414850.aspad.ro (I think .ro is correct, the address got cut off on Kerio Firewall (another thing I don't like about it)... still overall its a very good firewall. If it weren't for the problem of having two firewalls I would want Sygate and Kerio Both.
mail1.dr.myx.net (add myx.net as well)
Wow this is great...Kerio is logging all this stuff that can add to the blacklist..
Here are a couple of sites that tried port scans on my computer...which are obviously illegal:
anakin.2020total.net
safepages.com
ma.ulimit.com (add ulimit.com as well)
ns12hiwit.net (add hiwit.net as well)
fc414850.aspad.ro (I think .ro is correct, the address got cut off on Kerio Firewall (another thing I don't like about it)... still overall its a very good firewall. If it weren't for the problem of having two firewalls I would want Sygate and Kerio Both.
mail1.dr.myx.net (add myx.net as well)
Wow this is great...Kerio is logging all this stuff that can add to the blacklist..
A duplicate post that has been edited out..sorry
Duplicate post #3 edited out..sorry about this!!
I thought that port scans were all bad, but apparently geek13.g2ghosting.com just portscanned me and geekstogo is hosted by them...definetly a valid site!!
Does that mean portscans are legal and good? I am confused? Should I trust g2ghosting if they are portscanning me or is that simply kerio putting out a false positive?
Does that mean portscans are legal and good? I am confused? Should I trust g2ghosting if they are portscanning me or is that simply kerio putting out a false positive?
WOW...sorry about that huge 4 double post thing......was not at all intended.
The firewall was slowing it down I believe..sorry about all those, feel free to delete the extras, I'm very sorry.
The firewall was slowing it down I believe..sorry about all those, feel free to delete the extras, I'm very sorry.
hi,banner ads,
www.v-w-d.com
no specific ip range found only sites ip atmo,part of go daddy software,
mark
www.v-w-d.com
no specific ip range found only sites ip atmo,part of go daddy software,
mark
From now On I will try to keep my posts under control.
Ok, found another bad site: Propogates VIA Aim, downloads a worm. Site listed here: http://forums.spywareinfo.com/index.php?sh...=0&#entry331846
Last part of site seems to change randomly...also VERY strange the email address for the tech support is tech@fbi.gov....is that spoofed or is there a rogue FBI agent???
Ok, found another bad site: Propogates VIA Aim, downloads a worm. Site listed here: http://forums.spywareinfo.com/index.php?sh...=0&#entry331846
Last part of site seems to change randomly...also VERY strange the email address for the tech support is tech@fbi.gov....is that spoofed or is there a rogue FBI agent???
Oh, found a few crack sites that Might be suspicious...if you could research them like the others and let me know that would be great if not thats okay too
2x.xyrid.com/
otstoi.nm.ru/
www.thecrack.net/
www.cracks.da.ru/
www.ehg.da.ru/
www.da.ru
xfilez.newmail.ru/
www.w56.org/
www3.cybercities.com/b/breakpoint/index2.html
www.zg169.net/~xming/ming3/new71.htm
crackfind.com/
se-ed.net/guide/m-crack.html
mrmix.chat.ru/warez.htm
flowers.pp.ru/rcz/non.php
www.thecrack.ws also I know you cant block IP's with HOSTS but the IP is apparently 151.196.220.77 ...this looks like a nasty, too scared to go there to find out, web page started loading slowly...course I have Kerio set to block Javascript VBScript and ActiveX so I am somewhat safe...
www.elitetoplist.com/index.html
www.password-crackers.com/index.html
www.blackbeast.narod.ru/
www.liaokai.com/serialno/sn_a.htm
www.banner.kiev.ua/
www.cracks.spb.ru/
www.unixc.com/
softlinkers.org/
if not thats okay too2x.xyrid.com/
otstoi.nm.ru/
www.thecrack.net/
www.cracks.da.ru/
www.ehg.da.ru/
www.da.ru
xfilez.newmail.ru/
www.w56.org/
www3.cybercities.com/b/breakpoint/index2.html
www.zg169.net/~xming/ming3/new71.htm
crackfind.com/
se-ed.net/guide/m-crack.html
mrmix.chat.ru/warez.htm
flowers.pp.ru/rcz/non.php
www.thecrack.ws also I know you cant block IP's with HOSTS but the IP is apparently 151.196.220.77 ...this looks like a nasty, too scared to go there to find out, web page started loading slowly...course I have Kerio set to block Javascript VBScript and ActiveX so I am somewhat safe...
www.elitetoplist.com/index.html
www.password-crackers.com/index.html
www.blackbeast.narod.ru/
www.liaokai.com/serialno/sn_a.htm
www.banner.kiev.ua/
www.cracks.spb.ru/
www.unixc.com/
softlinkers.org/
This site seems like it spams the user with an extremely large barrage of popups...if you want to find out, take down all ur popup blockers lol.
Sites with popups and randomly generated words designed to get hits on google but serve no other purpose:
delhi.dyn.nu/nifty.html many other links at bottom to site- site has random words-thousands of them-so that tons of google hits will pick it up....probably has every word in the "bad' dictionary...its just randomly generated words and popups...what a fraud..
beautylady.pcadsl.com.tw
mysql.pcadsl.com.tw
realdolls.twadsl.com
yokohama.dyn.nu
buttercup.zenno.info
finddate.free-bsd.org/dating-sims.html
I have noticed a pattern: many have different names before the domain name and endings but all of them come from the same couple of sites:
zenno.info
dyn.nu
twadsl.com
pcadsl.com.tw
pcadsl.com
free-bsd.org
mp4.com.tw
mp4.com
These pages are a HUGe waste of google resources and probably generated by bots or something. They take up at least 10 whole pages of google hits...at most, with repeated search results being allowed, up to 30 PAGES...what a waste...google should be notified.
Suspicious/Bad sites:
www.directdl.com/index_79.html looks supicious
header.smtp.ru/ redirects to betmaster.ru and tries to open searchallweb.info as a popup. betmaster istelf is on my restricted sites list
Bogus Search Portals:
find.gl/?cT1eXl5zPWVeXl5kPTU leads to search.ug ...it seems like all the sleazy bogus search portals do honestly..
search.ug
findit.gl is another one of those search.ug type portals
Sites with popups and randomly generated words designed to get hits on google but serve no other purpose:
delhi.dyn.nu/nifty.html many other links at bottom to site- site has random words-thousands of them-so that tons of google hits will pick it up....probably has every word in the "bad' dictionary...its just randomly generated words and popups...what a fraud..
beautylady.pcadsl.com.tw
mysql.pcadsl.com.tw
realdolls.twadsl.com
yokohama.dyn.nu
buttercup.zenno.info
finddate.free-bsd.org/dating-sims.html
I have noticed a pattern: many have different names before the domain name and endings but all of them come from the same couple of sites:
zenno.info
dyn.nu
twadsl.com
pcadsl.com.tw
pcadsl.com
free-bsd.org
mp4.com.tw
mp4.com
These pages are a HUGe waste of google resources and probably generated by bots or something. They take up at least 10 whole pages of google hits...at most, with repeated search results being allowed, up to 30 PAGES...what a waste...google should be notified.
Suspicious/Bad sites:
www.directdl.com/index_79.html looks supicious
header.smtp.ru/ redirects to betmaster.ru and tries to open searchallweb.info as a popup. betmaster istelf is on my restricted sites list
Bogus Search Portals:
find.gl/?cT1eXl5zPWVeXl5kPTU leads to search.ug ...it seems like all the sleazy bogus search portals do honestly..
search.ug
findit.gl is another one of those search.ug type portals
More sites that look suspicious
(if description says nothing then its merely suspicious not confirmed)
HASTALAVSITA domains:
astalavista.box.sk/
www.astalavista.sk/
www.astalavista.pl/
www.astalavista.net/
www.astalavista.ru/
www.astalavista.us/
www.astalavista.cc/
www.astalavista.cz/
www.astalavista.ro/
www.astalavista.3x.ro/
astalavista.135.it/
astalavist.it/
astalavista.ms/ - On restricted sites list, a baddie
free-passwords-warez.xxxpowed.info/
www.serialsite.com/ - On restricted sites list
www.underground50.com/ on restricted sites list
www.badwarez.net
www.warez101.com
www.ccracks.com
www.betawarez.com
www.warez-vortex.net
www.games4u.ws
http://softdon.host.sk/
www.adrenalinewarez.info
bestserials.com
anycracks.com
freexxxpages.net
www.haxxx.net
www.cracks-serials-rox.info
www.powerddl.com
www.fastdownloadz.net
www.phatwarez.com
www.isospider.com
www.unlimited-post.com/
www.100topsitez.net/
Almost all of these came from a search for cracks portal at:
top.allseek.info/
staregate.com/
456.pool.ze5.info/
ze5.info/
Note: it seems like a whole lot of bad sites use the domains .com (well duh), .ru, .ws, and .info and .biz...
(if description says nothing then its merely suspicious not confirmed)
HASTALAVSITA domains:
astalavista.box.sk/
www.astalavista.sk/
www.astalavista.pl/
www.astalavista.net/
www.astalavista.ru/
www.astalavista.us/
www.astalavista.cc/
www.astalavista.cz/
www.astalavista.ro/
www.astalavista.3x.ro/
astalavista.135.it/
astalavist.it/
astalavista.ms/ - On restricted sites list, a baddie
free-passwords-warez.xxxpowed.info/
www.serialsite.com/ - On restricted sites list
www.underground50.com/ on restricted sites list
www.badwarez.net
www.warez101.com
www.ccracks.com
www.betawarez.com
www.warez-vortex.net
www.games4u.ws
http://softdon.host.sk/
www.adrenalinewarez.info
bestserials.com
anycracks.com
freexxxpages.net
www.haxxx.net
www.cracks-serials-rox.info
www.powerddl.com
www.fastdownloadz.net
www.phatwarez.com
www.isospider.com
www.unlimited-post.com/
www.100topsitez.net/
Almost all of these came from a search for cracks portal at:
top.allseek.info/
staregate.com/
456.pool.ze5.info/
ze5.info/
Note: it seems like a whole lot of bad sites use the domains .com (well duh), .ru, .ws, and .info and .biz...
Note...astalavista.net apperas to be a valid security site unlike the others..
Dialer suspected sites:
register.stardialer.de
stardialer.de
www.hackercd-online.de
www.manga.ag
www.henteye.de
www.gamepirates.de
www.dialerz.com/
fathom.dr.ag/
dr.ag/
home.swipnet.se/~w-61609/HappyHack.htm
automatic-dialers.because.meyic.net/ (one of those list-of-terms sites that gets google hits but doesnt do much)
homepages.pathfinder.gr/abbacy/abbacy.html
www.gamesites.de.vu/ - links to several sites like toolbar.de/
Oh Kimberly, many of the sites I found are indeed bad. The www.keygen.us site gievs you an XXX toolbar!! at http://forums.spywareinfo.com/lofiversion/....php/t1127.html shoreg mentions several sites that give you CWS exploits, one of which I found: lomalka.com (already on blocklist i think) and young-exotic.com
accessplugin.com
bomb-mp3.com (installs about 15 parasites- see the link above at spywareinfo)
downloads-mp3.net
www.dotcomtoolbar.com/default.htm
erosconnect.com
www.pictureheaven.com
wunderground.com
launch.com
www.uni-porn.com
and many others mentioned at that site URL.
Thosee are bad, bad sites.
These are suspicous:
surf.to/allmp3z
www.mp3z.pl/
new.4-all.org/
adserver.adreactor.com
hits.mpeg-search.com/
music369.com/
k-lite.nl/
www.latest-music.com/
...and all the other links listed at new.4-all.org/.
Dialer suspected sites:
register.stardialer.de
stardialer.de
www.hackercd-online.de
www.manga.ag
www.henteye.de
www.gamepirates.de
www.dialerz.com/
fathom.dr.ag/
dr.ag/
home.swipnet.se/~w-61609/HappyHack.htm
automatic-dialers.because.meyic.net/ (one of those list-of-terms sites that gets google hits but doesnt do much)
homepages.pathfinder.gr/abbacy/abbacy.html
www.gamesites.de.vu/ - links to several sites like toolbar.de/
Oh Kimberly, many of the sites I found are indeed bad. The www.keygen.us site gievs you an XXX toolbar!! at http://forums.spywareinfo.com/lofiversion/....php/t1127.html shoreg mentions several sites that give you CWS exploits, one of which I found: lomalka.com (already on blocklist i think) and young-exotic.com
accessplugin.com
bomb-mp3.com (installs about 15 parasites- see the link above at spywareinfo)
downloads-mp3.net
www.dotcomtoolbar.com/default.htm
erosconnect.com
www.pictureheaven.com
wunderground.com
launch.com
www.uni-porn.com
and many others mentioned at that site URL.
Thosee are bad, bad sites.
These are suspicous:
surf.to/allmp3z
www.mp3z.pl/
new.4-all.org/
adserver.adreactor.com
hits.mpeg-search.com/
music369.com/
k-lite.nl/
www.latest-music.com/
...and all the other links listed at new.4-all.org/.
Whew...added about 100 sites for you to research on this page 
Oh, no worries, I am safe now, I set Kerio to block ads and also to block Javascript, VBScript, and ActiveX. There is absolutely no way I could get infected except an exploit in MS or IE ( 0 day exploit).
To prove this, I went to wunderground.com, a site I listed earlier. It claims to have weather reports, but spawns lots of popups and downloads Hotbar, Websearch, CometCursor, and a couple of other malwares onto the computer that goes there.
Thanks to Kerio Personal Firewall, the scripts couldn't run, the page didnt even load, just stayed white, and I was perfectly safe. KERIO ROCKS!!!
Now I don't need VMWare!! Yay!
The one thing I am careful not to search for are exploits or 0-day exploits...cause I know those could screw me up badly. I hope I don't happen to find any...that is the only concern I have...rootkits shouldnt be a problem since they need scripts to run in order to infect me..Looks like I am pretty safe =D
By the way, the source code for wunderground.co was 100 PAGeS of stuff...a lot of it looked bad or looked like it had referral links..
Oh, no worries, I am safe now, I set Kerio to block ads and also to block Javascript, VBScript, and ActiveX. There is absolutely no way I could get infected except an exploit in MS or IE ( 0 day exploit).
To prove this, I went to wunderground.com, a site I listed earlier. It claims to have weather reports, but spawns lots of popups and downloads Hotbar, Websearch, CometCursor, and a couple of other malwares onto the computer that goes there.
Thanks to Kerio Personal Firewall, the scripts couldn't run, the page didnt even load, just stayed white, and I was perfectly safe. KERIO ROCKS!!!
Now I don't need VMWare!! Yay!
The one thing I am careful not to search for are exploits or 0-day exploits...cause I know those could screw me up badly. I hope I don't happen to find any...that is the only concern I have...rootkits shouldnt be a problem since they need scripts to run in order to infect me..Looks like I am pretty safe =D
By the way, the source code for wunderground.co was 100 PAGeS of stuff...a lot of it looked bad or looked like it had referral links..
www.paltalk.com/ - Rogue IM application bundled with spyware
Also integretel is a bad company that runs up fradulent charges:
http://www.ripoffreport.com/reports/ripoff44480.htm
http://scientium.com/diagon_alley/commenta...ays/integretel/
There you can read hundreds of reports about how Integretel tries to charge people for numbers they didnt call...FTC settled a 1.7 million dollar suit against em...dunno if they've changed their ways... www.integretel.com is their site, but i dont think it would help to block it.. just a heads up...not sure what u wanna do with that info but..yeah lol.
If you could investigate this, I believe a company called Wayne spams people:
www.etype-europe.com/premium-sites.html
www.etype-europe.com/wayn.html
www.etype-europe.com/
MSN Free Winks
note that these need researching as well...sorry for creating alll of this work for u
www.messengertools.net/Free-MSN-Winks.html
www.winks.cc/
www.sherv.net
www.freeemoticons.tk/
www.freewinks.be/
www.winks.ws/
www.free-winks.com/
www.messengersites.com/
( a whole lot of sites listed at messengersites.com/ may also be suspicious, it has links to many many sites so check that out)
www.msnmonkey.co.uk/FreeWinks.php
www.freemoods.com/
www.winks4u.be/
10000-free-emoticons.be --> Google resource eater.
www.messengerplein.nl
www.messtones.com/
www.msnpoint.com/msn_winks.html
www.softplatz.com/kw/free-winks/
www.softplatz.com
www.animated-smilies.com
p2k.cqcounter.com
www.messengerstuff.info/ - pretty suspicious
Partners of messengerstuff.info ....
freeemoticons.atspace.com/ ( on my restricted sites list!!)
atspace.com/
www.msnsmileys.info/
smiley.lap.hu/
www.msnemotions.org/
www.thefreeemoticons.info/
aams1.aim4media.com
deneukbus.nl
www.messfreak.be/
www.hahahumor.com/ - annoying site..
www.topemoticones.info/
www.msn-emotions.us
www.msnlovers.com
smileys.startkabel.nl
www.bewegende-plaatjes.nl/
www.messenger-stuff.com
www.shinystat.com/ - stat counter (are they all bad?)
www.infomafia.com/
www.active-freebies.com/ - bogus search portal
emoticons.50webs.com/
www.msnmonkey.co.uk
www.hotmsnnames.com/
msn-messenger.paginamail.nl
pagina.nl/
www.messengerworld.nl
Also, check out the list of sites at freeemoticons.atspace.com/maeen41.html and at
www.casinopages.biz/
www.msnpro.com/
c.azjmp.com ( on restricted sites list!!)
www.coolmessenger.nl ( go there to find a list of partners on the right hand side of the page, I would suspect them all too)- I would write them all down here but there are a lot and I have already posted a huge list..dont wanna take up too much space..
Note; there seem to be quite a few dutch (.nl) TLD's involved in this MSN free winks spyware scam....
Also www.messengerstuff.info/links.htm has quite a few links...I posted the first block of links here but there are two more blocks of links....it would be welll too add those too...
There are tons and tons and tons of these sites...for each site I gave you, they probably list more partner sites...I could find more but its taking forever and I think I found the bulk of em (google found some 2 million hits on free winks and i dont have time to list em all).
Also integretel is a bad company that runs up fradulent charges:
http://www.ripoffreport.com/reports/ripoff44480.htm
http://scientium.com/diagon_alley/commenta...ays/integretel/
There you can read hundreds of reports about how Integretel tries to charge people for numbers they didnt call...FTC settled a 1.7 million dollar suit against em...dunno if they've changed their ways... www.integretel.com is their site, but i dont think it would help to block it.. just a heads up...not sure what u wanna do with that info but..yeah lol.
If you could investigate this, I believe a company called Wayne spams people:
www.etype-europe.com/premium-sites.html
www.etype-europe.com/wayn.html
www.etype-europe.com/
MSN Free Winks
note that these need researching as well...sorry for creating alll of this work for u
www.messengertools.net/Free-MSN-Winks.html
www.winks.cc/
www.sherv.net
www.freeemoticons.tk/
www.freewinks.be/
www.winks.ws/
www.free-winks.com/
www.messengersites.com/
( a whole lot of sites listed at messengersites.com/ may also be suspicious, it has links to many many sites so check that out)
www.msnmonkey.co.uk/FreeWinks.php
www.freemoods.com/
www.winks4u.be/
10000-free-emoticons.be --> Google resource eater.
www.messengerplein.nl
www.messtones.com/
www.msnpoint.com/msn_winks.html
www.softplatz.com/kw/free-winks/
www.softplatz.com
www.animated-smilies.com
p2k.cqcounter.com
www.messengerstuff.info/ - pretty suspicious
Partners of messengerstuff.info ....
freeemoticons.atspace.com/ ( on my restricted sites list!!)
atspace.com/
www.msnsmileys.info/
smiley.lap.hu/
www.msnemotions.org/
www.thefreeemoticons.info/
aams1.aim4media.com
deneukbus.nl
www.messfreak.be/
www.hahahumor.com/ - annoying site..
www.topemoticones.info/
www.msn-emotions.us
www.msnlovers.com
smileys.startkabel.nl
www.bewegende-plaatjes.nl/
www.messenger-stuff.com
www.shinystat.com/ - stat counter (are they all bad?)
www.infomafia.com/
www.active-freebies.com/ - bogus search portal
emoticons.50webs.com/
www.msnmonkey.co.uk
www.hotmsnnames.com/
msn-messenger.paginamail.nl
pagina.nl/
www.messengerworld.nl
Also, check out the list of sites at freeemoticons.atspace.com/maeen41.html and at
www.casinopages.biz/
www.msnpro.com/
c.azjmp.com ( on restricted sites list!!)
www.coolmessenger.nl ( go there to find a list of partners on the right hand side of the page, I would suspect them all too)- I would write them all down here but there are a lot and I have already posted a huge list..dont wanna take up too much space..
Note; there seem to be quite a few dutch (.nl) TLD's involved in this MSN free winks spyware scam....
Also www.messengerstuff.info/links.htm has quite a few links...I posted the first block of links here but there are two more blocks of links....it would be welll too add those too...
There are tons and tons and tons of these sites...for each site I gave you, they probably list more partner sites...I could find more but its taking forever and I think I found the bulk of em (google found some 2 million hits on free winks and i dont have time to list em all).
Banner ads:
em.aveno.net
adserver.online-tech.com
em.aveno.net
adserver.online-tech.com
@ Samurai V & marklusty
added thx
@ Anti_Spyware
I'll look all those crack sites and others up asap, while most of them are prolly bad, I can't just add them without checking. thx for reporting them tho.
added thx
@ Anti_Spyware
I'll look all those crack sites and others up asap, while most of them are prolly bad, I can't just add them without checking. thx for reporting them tho.
Stumbled across this after accidentally googling the name of a trojan, whereup google somehow tried to connect me to the actual site of that trojan name...this page came up:
www.nuseek.ac
It's one of those horrible scam search portals where all the results lead to restricted sites. I'm not suprised.
www60.overture.com seems to be the search engine of the nuseek.ac site.
Search results on the portal lead to (possibly to be considered suspicious):
www.castingaudition.com
www.collinsassociate.com
www.usaccess-llc.com
www.dpbrokers.com
www.the-paper-store.com
www.showbizltd.com
www.kevinduffyhomes.com
www.realtycleveland.com
www.forteinc.com
Note- it appears as if the site may possibly be legit but still it seems a bit bogus...some sites it mentions actually are good sites...but it uses annoying ads and ad servers...that is most likely why its blocked...not sure if those sites about are bad or not..maybe just legit.
www.nuseek.ac
It's one of those horrible scam search portals where all the results lead to restricted sites. I'm not suprised.
www60.overture.com seems to be the search engine of the nuseek.ac site.
Search results on the portal lead to (possibly to be considered suspicious):
www.castingaudition.com
www.collinsassociate.com
www.usaccess-llc.com
www.dpbrokers.com
www.the-paper-store.com
www.showbizltd.com
www.kevinduffyhomes.com
www.realtycleveland.com
www.forteinc.com
Note- it appears as if the site may possibly be legit but still it seems a bit bogus...some sites it mentions actually are good sites...but it uses annoying ads and ad servers...that is most likely why its blocked...not sure if those sites about are bad or not..maybe just legit.
54.a.store.one.pl/
one.pl/ is the main site
This is the most annoying site in the world...because its a google page hogger with absolutely no value. It downloads about 500 gif files just to load each of the search items it has, which is totally unneccessary, and then when clicked on they describe the search result but offer no links or anything...just keywords that lead to a site already on the blocklist...search10.com or somesuch.
It's sites like these that are real resource wasters...
one.pl/ is the main site
This is the most annoying site in the world...because its a google page hogger with absolutely no value. It downloads about 500 gif files just to load each of the search items it has, which is totally unneccessary, and then when clicked on they describe the search result but offer no links or anything...just keywords that lead to a site already on the blocklist...search10.com or somesuch.
It's sites like these that are real resource wasters...
www7.paypopup.com is on restricted sites list, loads azesearch i believe..nasty parasite
Another fake Security Center website:
www.yoursystemupdate.com
yoursystemupdate.com
www.yoursystemupdate.com
yoursystemupdate.com
Very irritating banner ads:
www.rapidsatellite.com
www.rapidsatellite.com
More adservers:
127.0.0.1 adverculture.com
127.0.0.1 www.rowise.com
127.0.0.1 adverculture.com
127.0.0.1 www.rowise.com
IE Toolbars:
appleblossomart.ezthemes.com
ezthemes.com (both on restricted sites list, so bad for sure)
www.digimode10.com/1freeware/DigiModeIEToolbar.htm - suspicious
www.fredscorner.nl/ - links to ezthemes.com and lists lots of suspicious downloads
www.daolnwod.net/soft_11633.html - possibly suspicious
List of Several Hundred Active Bank Fraud Sites (add em all to blocklist):
http://www.aa419.org/fake-banks/fakebanksl...%27%25%2C%25%27
List of SOme Unknown Fraud Sites:
http://www.aa419.org/fake-banks/fakebanksl...%27%25%2C%25%27
List of "Flashmobbed sites"- fraud sites that this site is trying to get lots of people to go to to shut down the site through excessive bandwidth use...not so sure if that is legal...it sounds kinda iffy ...
http://www.aa419.org/fake-banks/fakebanksl...%27%25%2C%25%27
That should add several hunderd sites to the list, also you might want to report them to the FBI, or notify them of the page if they dont already know...site also lists thousands that are currently dead, so Im guessig the FBI might know but not 100 percent sure.
I dont know if the actual sites are dangerous or if they are just frauds, the site says that they are run by criminals and some are african nigerian banks which are known to be run by huge fraud rings...my sister almost got duped by an ebay lookalike from a nigerian fraud ring once...so sorry I lost the link to site tho...dangit..still i have a feeling these are bad.
More suspected fraud sites, listed at http://www.carbuyingtips.com/fraud.htm?x=0..._ttky3&y=0ncx40. Also a few email addresses listed.
onlinebetterbusinessbureau.com (phony fraud site tricking you with Better Business Bureau name), world-transport-safe.com, safeandfast.tripod.com, trustmark-e.org, e-safebuying.com, sav-group.com, escrow-services-yahoo-autos.com, yahoo-square-trader.com, expert-deal.com, inttcomp.com, square-trade-yahoo.com, eurocargocomp.com, e-tradingsafe.com, europecargoline.com, autoscout24-safeexchange.com, forte-db.com, All-State.net, uk-auction-insurance.com, buy-vehicle.com, carbookbuy.com, escrow-depot.com, square-trade-support.com, cab-express.com, trade-vehicle.com, secure-bsol.com BidPay (they do not do escrow, scammers send you emails that appear to be from BidPay to trick you), securincorp.0catch.com, Secure-LTD, Secure Trade, Support[at]Secure-LTD.co.uk, securetrade-auctions.us, jimsmith[at]verizonmail.com, transatlantic-ce.com, global-xchanger.com, e-tradingsafe.com, auction-solutionsltd.com, escrow-ltd.com, gvshipping.com, stevenbanks6[at]hotmail.com europarceldistribution.com, hotriderz.com, securetrade-auctions.us, securincorp.0catch.com, transatlantic-ce.com, securetrade-auctions.us, onlinebenefitdeals.com, cz-dasautoshippers.com (FRAUD copy of DAS), uk-freightcenter.com, motorescrow.com, escrow-squaretrade-service.com, transnetcomp.com, eurocargo-comp.com, verrsustran.com, safe-webtrade.com, shipping-express-worldwide.com, expert-vehicle.com, holdmycar.com, wire-solution.com, safe-webtrade.com, isafetrader.com, trinity-escrow.com, apple-escrow.com, trans-tt.com, 003eb0d.netsolhost.com, sicherhandel-mobile.com, secure-trade-auction.com, safeautodeals.com (I call them unsafeautodeals.com), solutionsforyourneeds.org (trying to get eBay victims to buy iPods outside eBay), cargoescrow.com, securetrade-auctions.net, securetrade-auction.com, holdthecar.com, safe-bargain-online.com, forte-db.com, professionalshipping.com, dealinshurance.com, mobiletreuhand.de, verrsustran.com, interauto.idilis.ro, Internationalauto.tk, Internationalauto[at]insurer.com, tradeitsecure.com, eu-trades.com, sicherhandel-mobile.de, motorsecured.com, tradeitsecure.com, am-united-shipping.com, escrow-ex.com, internationalcargo-inc.com, oti-delivery-4t.com, mobile-vertrauenservice.com, sicherheitshandel-mobile.de, www.MobileTreuhand.com, tga-motors.co.uk, trade-xpress.com, Sicherhandel-Mobile.com, 003eb0d.netsolhost.com, mobile-vertrauenservice.de, ibb-world-shipping.com, trans-tt.com, us-gt-escrow.com, gemco-tracteurs.com (phony John Deere tractor fraud site), das-delivery.com, icp-service.com, safebid-ltd.com, tradeitsecure.com, buyer-services-protection.com, quintecha.net, europe-car-shipping.com, cargo-freightmaster.co.uk, quintecha.net, mellont.com, ltd-globetransport.com, trade-xpress.com, das-logistic.com, escrowviva.com.
onlinebetterbusinessbureau.com (phony fraud site tricking you with Better Business Bureau name), world-transport-safe.com, safeandfast.tripod.com, trustmark-e.org, e-safebuying.com, sav-group.com, escrow-services-yahoo-autos.com, yahoo-square-trader.com, expert-deal.com, inttcomp.com, square-trade-yahoo.com, eurocargocomp.com, e-tradingsafe.com, europecargoline.com, autoscout24-safeexchange.com, forte-db.com, All-State.net, uk-auction-insurance.com, buy-vehicle.com, carbookbuy.com, escrow-depot.com, square-trade-support.com, cab-express.com, trade-vehicle.com, secure-bsol.com BidPay (they do not do escrow, scammers send you emails that appear to be from BidPay to trick you), securincorp.0catch.com, Secure-LTD, Secure Trade, Support[at]Secure-LTD.co.uk, securetrade-auctions.us, jimsmith[at]verizonmail.com, transatlantic-ce.com, global-xchanger.com, e-tradingsafe.com, auction-solutionsltd.com, escrow-ltd.com, gvshipping.com, stevenbanks6[at]hotmail.com europarceldistribution.com, hotriderz.com, securetrade-auctions.us, securincorp.0catch.com, transatlantic-ce.com, securetrade-auctions.us, onlinebenefitdeals.com, cz-dasautoshippers.com (FRAUD copy of DAS), uk-freightcenter.com, motorescrow.com, escrow-squaretrade-service.com, transnetcomp.com, eurocargo-comp.com, verrsustran.com, safe-webtrade.com, shipping-express-worldwide.com, expert-vehicle.com, holdmycar.com, wire-solution.com, safe-webtrade.com, isafetrader.com, trinity-escrow.com, apple-escrow.com, trans-tt.com, 003eb0d.netsolhost.com, sicherhandel-mobile.com, secure-trade-auction.com, safeautodeals.com (I call them unsafeautodeals.com), solutionsforyourneeds.org (trying to get eBay victims to buy iPods outside eBay), cargoescrow.com, securetrade-auctions.net, securetrade-auction.com, holdthecar.com, safe-bargain-online.com, forte-db.com, professionalshipping.com, dealinshurance.com, mobiletreuhand.de, verrsustran.com, interauto.idilis.ro, Internationalauto.tk, Internationalauto[at]insurer.com, tradeitsecure.com, eu-trades.com, sicherhandel-mobile.de, motorsecured.com, tradeitsecure.com, am-united-shipping.com, escrow-ex.com, internationalcargo-inc.com, oti-delivery-4t.com, mobile-vertrauenservice.com, sicherheitshandel-mobile.de, www.MobileTreuhand.com, tga-motors.co.uk, trade-xpress.com, Sicherhandel-Mobile.com, 003eb0d.netsolhost.com, mobile-vertrauenservice.de, ibb-world-shipping.com, trans-tt.com, us-gt-escrow.com, gemco-tracteurs.com (phony John Deere tractor fraud site), das-delivery.com, icp-service.com, safebid-ltd.com, tradeitsecure.com, buyer-services-protection.com, quintecha.net, europe-car-shipping.com, cargo-freightmaster.co.uk, quintecha.net, mellont.com, ltd-globetransport.com, trade-xpress.com, das-logistic.com, escrowviva.com.
ebay.ie looks pretty suspicious too...
http://forums.ebay.com/db2/thread.jspa?thr...d=1133161980821 - not a bad site itself but a list of 15 pages of fake ebay sites reported by users...pretty helpful although lots of chatting and duplicates
www.dpbolvw.net - on restricted sites list
http://forums.ebay.com/db2/thread.jspa?thr...d=1133161980821 - not a bad site itself but a list of 15 pages of fake ebay sites reported by users...pretty helpful although lots of chatting and duplicates
www.dpbolvw.net - on restricted sites list
dax-error-is-not-a-valid-date.dantechcomputer.dk/ gave me the Wonka trojan when I went to that site...its a bad site all right.
Banner ads: www.dadirectoryon.com
Ugh, Yahoo is starting to serve ads on us.i2.yimg.com
Thanks everyone
Kimberly let me know what you found out about those sites that u researched, once ur done, if thats okay
http://forums.spywareinfo.com/index.php?showtopic=64269 lists some bad sites (around 3rd post down).
http://forums.spywareinfo.com/index.php?showtopic=64269 lists some bad sites (around 3rd post down).
a.as-us.falkag.net
This site is SOOOOO bad. It opened THIRTY FOUR WINDOWS WHEN I WENT TO IT AND WAS ON MY RESTRICTED SITES LIST AND STILL ABLE TO DO THAT!!!!!
I have a feeling it uses some iframe buffer exploit or such...must be analyzed by experts...Kimberly can you refer this site to some experts so they can take a look? ..I am not sure if its on the blocklist or not, if not please please add this. I cannot believe that. It took me 5 minutes to close them all and lagged bad..wow. That is really really a bad site...all of the windows opened to the exact same site, the one listed above.
This site: http://www.computing.net/security/wwwboard/forum/13720.html
computing.net claims to offer HijackThis help; HOWEVER they have add banners from the above site on their address and that is totally unacceptable given how many windows that site opens! I would personally add this to the blocklist but its up to you..
Guess what happens if you let the site load the banner ads? It adds them to the back button of internet explorer. So, if the ads arent blocked, and u dont click on them, you will click the back button and go immediately to a dangerous site that opens 34 windows of itself..- imagine the horror if that site had been able to dump its contents on me..thank goodness for IE SPYAD...the reason i was exposed is because i took down Kerio...it didnt allow my mom to access some legit sites so I felt it was better to get rid of it..now I dont just go looking for trouble since i dont have kerio...i gotta be more careful.
Oh and 1 more thing about that site- not only THAT, but the two sites i mentioned arent even shown in IE history..they somehow Wiped Themselves off it.
That computing site source code looks pretty malicious with some iframes intended to pop up and stuff...this really is a bad deal right here.
Hope this report helps, that site is a real nasty...or what i saw of it.
Thanks,
Anti_Spyware
Edit- site is already on blocklist BUT NOTE it can still open 34 or 32 windows of itself even when settings are locked down as secure as possible in IE and page is prevented from loading...must be an exploit.
Hmm how to stop this? Script blockers I suppose- stil check out that computer help site..
This site is SOOOOO bad. It opened THIRTY FOUR WINDOWS WHEN I WENT TO IT AND WAS ON MY RESTRICTED SITES LIST AND STILL ABLE TO DO THAT!!!!!
I have a feeling it uses some iframe buffer exploit or such...must be analyzed by experts...Kimberly can you refer this site to some experts so they can take a look? ..I am not sure if its on the blocklist or not, if not please please add this. I cannot believe that. It took me 5 minutes to close them all and lagged bad..wow. That is really really a bad site...all of the windows opened to the exact same site, the one listed above.
This site: http://www.computing.net/security/wwwboard/forum/13720.html
computing.net claims to offer HijackThis help; HOWEVER they have add banners from the above site on their address and that is totally unacceptable given how many windows that site opens! I would personally add this to the blocklist but its up to you..
Guess what happens if you let the site load the banner ads? It adds them to the back button of internet explorer. So, if the ads arent blocked, and u dont click on them, you will click the back button and go immediately to a dangerous site that opens 34 windows of itself..- imagine the horror if that site had been able to dump its contents on me..thank goodness for IE SPYAD...the reason i was exposed is because i took down Kerio...it didnt allow my mom to access some legit sites so I felt it was better to get rid of it..now I dont just go looking for trouble since i dont have kerio...i gotta be more careful.
Oh and 1 more thing about that site- not only THAT, but the two sites i mentioned arent even shown in IE history..they somehow Wiped Themselves off it.
That computing site source code looks pretty malicious with some iframes intended to pop up and stuff...this really is a bad deal right here.
Hope this report helps, that site is a real nasty...or what i saw of it.
Thanks,
Anti_Spyware
Edit- site is already on blocklist BUT NOTE it can still open 34 or 32 windows of itself even when settings are locked down as secure as possible in IE and page is prevented from loading...must be an exploit.
Hmm how to stop this? Script blockers I suppose- stil check out that computer help site..
Anti-spyware, thats prob one reasons why falkag is already blocked... did you happen to log the domain names in your firewall of those popups ?
Adding sites to the restricted sites list wont stop any site from loading , it just applies your chosen settings, from restriuced sites zone, to that site..
You would be safer to block them completely with Hosts file or by IP , then they cant even get in to your computer or load at all..
If a site is in the blocklist and you have turned your IP blocking/Hosts file on , it wont load to begin with so you wont get any additional popups.
We definitely arent blocking computing.net .. we will just block the ads , ok ..
Please take it easy on the multiple posting , if you have a lot of things to post make a list and at the end of the day post your list ..
please try to post things that you can verify yourself as needing to be blocked , we are very short on time at the moment to be looking in to hundreds of fraud sites etc ..
The main things we are looking to block are ads/adservers , malware/hijacker sites and maybe phishing sites.. thanks..
Adding sites to the restricted sites list wont stop any site from loading , it just applies your chosen settings, from restriuced sites zone, to that site..
You would be safer to block them completely with Hosts file or by IP , then they cant even get in to your computer or load at all..
If a site is in the blocklist and you have turned your IP blocking/Hosts file on , it wont load to begin with so you wont get any additional popups.
We definitely arent blocking computing.net .. we will just block the ads , ok ..
Please take it easy on the multiple posting , if you have a lot of things to post make a list and at the end of the day post your list ..
please try to post things that you can verify yourself as needing to be blocked , we are very short on time at the moment to be looking in to hundreds of fraud sites etc ..
The main things we are looking to block are ads/adservers , malware/hijacker sites and maybe phishing sites.. thanks..
Moore,
From now on I think I will keep a list in MSWOrd rather than posting 15 thousand different post...that is a good idea and I am sorry to have created all this work for you.
All of those fraud sites I listed in that one big paragraph are known fraud sites so they dont need to be researched-they are confirmed frauds.
If I come upon suspicious sites, I wont know if they hijack me or not because i dont download suspicious files-however most of the sites I think are suspicious are bad sites.
What should I do about this dilemna?
Thanks for your patience and sorry to have created so much work
From now on I think I will keep a list in MSWOrd rather than posting 15 thousand different post...that is a good idea and I am sorry to have created all this work for you.
All of those fraud sites I listed in that one big paragraph are known fraud sites so they dont need to be researched-they are confirmed frauds.
If I come upon suspicious sites, I wont know if they hijack me or not because i dont download suspicious files-however most of the sites I think are suspicious are bad sites.
What should I do about this dilemna?
Thanks for your patience and sorry to have created so much work
| QUOTE (Anti_Spyware @ Dec 21 2005, 05:48 PM) |
| If I come upon suspicious sites, I wont know if they hijack me or not because i dont download suspicious files-however most of the sites I think are suspicious are bad sites. What should I do about this dilemna? Thanks for your patience and sorry to have created so much work |
Ok cool , a list would probably easier to manage , since you are getting good at posting new sites .. When you come across sites that you think are suspicious , if you want you can check their page source out first using these web browser tool to retrieve page source code , removing the possibility of getting hijacked.
Online HTTP View page:
http://www.rexswain.com/httpview.html
Or install Sam Spade personal;
http://samspade.org/ssw/
Either of those should to help pick out the majority of bad urls found on sites from the source code , without needing to visit the site , except for things like javascript encoded / html encrypted / iframe pages.
Ads:
adidm.idmnet.pl
Rogue anti-spyware and fake Security Center websites:
www.amaena.com
amaena.com
www.nospywaresoft.com
nospywaresoft.com
www.win-anti-virus-pro.com
win-anti-virus-pro.com
www.win-antivirus.com
win-antivirus.com
www.winantivirus2005.com
winantivirus2005.com
www.adware-guard.com
adware-guard.com
download.winantispyware.com
www.spyterm.com
spyterm.com
www.spyiblock.com
spyiblock.com
www.remedyantispy.com
remedyantispy.com
www.hitvirus.com
hitvirus.com
www.adwarebazooka.com
adwarebazooka.com
Zango:
partner.zango.com
Phishing:
www.collionline.it
collionline.it
adidm.idmnet.pl
Rogue anti-spyware and fake Security Center websites:
www.amaena.com
amaena.com
www.nospywaresoft.com
nospywaresoft.com
www.win-anti-virus-pro.com
win-anti-virus-pro.com
www.win-antivirus.com
win-antivirus.com
www.winantivirus2005.com
winantivirus2005.com
www.adware-guard.com
adware-guard.com
download.winantispyware.com
www.spyterm.com
spyterm.com
www.spyiblock.com
spyiblock.com
www.remedyantispy.com
remedyantispy.com
www.hitvirus.com
hitvirus.com
www.adwarebazooka.com
adwarebazooka.com
Zango:
partner.zango.com
Phishing:
www.collionline.it
collionline.it
Rogue anti-spyware
adwarepunisher.com
www.adwarepunisher.com
Thx MaKaVeLi
adwarepunisher.com
www.adwarepunisher.com
Thx MaKaVeLi
I checked out that HTTP Viewer and I put some bad sites into it, but i couldnt figure out why they were bad from looking into the source code.
Also I downloaded sam Spade but am not sure how to use that to see whether websites are bad or not.
Also I downloaded sam Spade but am not sure how to use that to see whether websites are bad or not.
tbcode.com Hosts JS/TrojanDownloader.IstBar.AI trojan
All credit for these goes to Webhelper, I got them from http://www.webhelper4u.com/blog1/index.html
5starvideos.com
catsearches.com
dailyfreepass.com
digipassword.com
dns404.net
downldboost.com
fhgstr.com
Freetestonline.net
Goforsearch.com
Gogates.net
Guardsoftware.net
h00auth.net
hdnsservidce.com
Idrct.com
Igte.net
Interestsdirs.com
iqsearch.net
moviereality.com
moviestemptation.com
mshelpdesk.net
needupdate.com
newdumpsev.com
Newsearchs.com
notfound404.com
Onlinesecurityhelp.com
Onlinesecuritysolution.net
onlinesecuritytest.net
Onlyfavorite.com
p2pfiles.net
Pc2006.net
Perfectups.com
personal404.com
Picsbomb.com
Popentertain.com
popfinder.net
Protectsystem.net
qfind.net
Realsecurityonline.com
regdoor.com
Safesoftwareguide.com
Salesguides.net
search2k.net
Searchem.net
securitydownload.net
securityerrors.com
Securityfix2006.com
securityindex.nt
Securitylist.net
security-look.cc
security-toolbar.com
securitywarning.net
securitywarnings.net
syserrors.com
Sysprotect.net
systemupdate.net
systemwarning.com
Testsecurityonline.com
Updateyoursystem.com
vcodec.com
vcodecdownload.com
Vidcodec.com
Videocodecupdate.com
videosgalleries.com
vidscodec.com
ware2006.com
Warningmessage.com
welcomepage.net
Winprotections.com
yourfreevids.com
Youronlinesecurity.com
yoursystemupdate.com
5starvideos.com
catsearches.com
dailyfreepass.com
digipassword.com
dns404.net
downldboost.com
fhgstr.com
Freetestonline.net
Goforsearch.com
Gogates.net
Guardsoftware.net
h00auth.net
hdnsservidce.com
Idrct.com
Igte.net
Interestsdirs.com
iqsearch.net
moviereality.com
moviestemptation.com
mshelpdesk.net
needupdate.com
newdumpsev.com
Newsearchs.com
notfound404.com
Onlinesecurityhelp.com
Onlinesecuritysolution.net
onlinesecuritytest.net
Onlyfavorite.com
p2pfiles.net
Pc2006.net
Perfectups.com
personal404.com
Picsbomb.com
Popentertain.com
popfinder.net
Protectsystem.net
qfind.net
Realsecurityonline.com
regdoor.com
Safesoftwareguide.com
Salesguides.net
search2k.net
Searchem.net
securitydownload.net
securityerrors.com
Securityfix2006.com
securityindex.nt
Securitylist.net
security-look.cc
security-toolbar.com
securitywarning.net
securitywarnings.net
syserrors.com
Sysprotect.net
systemupdate.net
systemwarning.com
Testsecurityonline.com
Updateyoursystem.com
vcodec.com
vcodecdownload.com
Vidcodec.com
Videocodecupdate.com
videosgalleries.com
vidscodec.com
ware2006.com
Warningmessage.com
welcomepage.net
Winprotections.com
yourfreevids.com
Youronlinesecurity.com
yoursystemupdate.com
Anti_Spyware, no need to post the sites from webhelper, we've got the complete listings incorporated.
See : http://www.bluetack.co.uk/forums/index.php?showtopic=8406
See : http://www.bluetack.co.uk/forums/index.php?showtopic=8406
Ah, okay-
The only reason I posted them was because some of them weren't in the list
So i didnt know if you saw those, they arent CWS domains, they are seperate infectons listed in his weblog at that URL i pasted, but, if u got him covered, thats fine. Sorry.
The only reason I posted them was because some of them weren't in the list
So i didnt know if you saw those, they arent CWS domains, they are seperate infectons listed in his weblog at that URL i pasted, but, if u got him covered, thats fine. Sorry.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.