Serves ad I-frames:
www.adquest.nl
Full Version: Bad Websites
Razespyware:
www.spyware-doctor.alfaspace.net
spyware-doctor.alfaspace.net
www.spyware-program.alfaspace.net
spyware-program.alfaspace.net
www.razespyware.fws1.com
razespyware.fws1.com
www.razespyware.6x.to
razespyware.6x.to
www.razespyware.siteburg.com
razespyware.siteburg.com
www.raze-spyware.redi.tk
raze-spyware.redi.tk
www.raze-spyware-download.6x.to
raze-spyware-download.6x.to
www.razespyware.1x16.org
razespyware.1x16.org
www.free-anti-spyware.alfaspace.net
free-anti-spyware.alfaspace.net
www.spyware-scan.6x.to
spyware-scan.6x.to
www.anti-spyware.redi.tk
anti-spyware.redi.tk
www.spyware-cleaner.alfaspace.net
spyware-cleaner.alfaspace.net
www.anti-spyware.alfaspace.net
anti-spyware.alfaspace.net
www.internet-spyware.alfaspace.net
internet-spyware.alfaspace.net
www.detecting-spyware.alfaspace.net
detecting-spyware.alfaspace.net
www.spyware-detector.alfaspace.net
spyware-detector.alfaspace.net
www.delete-spyware.alfaspace.net
delete-spyware.alfaspace.net
www.detect-spyware.alfaspace.net
detect-spyware.alfaspace.net
It looks like they have been registering a lot of sub domains recently.
www.spyware-doctor.alfaspace.net
spyware-doctor.alfaspace.net
www.spyware-program.alfaspace.net
spyware-program.alfaspace.net
www.razespyware.fws1.com
razespyware.fws1.com
www.razespyware.6x.to
razespyware.6x.to
www.razespyware.siteburg.com
razespyware.siteburg.com
www.raze-spyware.redi.tk
raze-spyware.redi.tk
www.raze-spyware-download.6x.to
raze-spyware-download.6x.to
www.razespyware.1x16.org
razespyware.1x16.org
www.free-anti-spyware.alfaspace.net
free-anti-spyware.alfaspace.net
www.spyware-scan.6x.to
spyware-scan.6x.to
www.anti-spyware.redi.tk
anti-spyware.redi.tk
www.spyware-cleaner.alfaspace.net
spyware-cleaner.alfaspace.net
www.anti-spyware.alfaspace.net
anti-spyware.alfaspace.net
www.internet-spyware.alfaspace.net
internet-spyware.alfaspace.net
www.detecting-spyware.alfaspace.net
detecting-spyware.alfaspace.net
www.spyware-detector.alfaspace.net
spyware-detector.alfaspace.net
www.delete-spyware.alfaspace.net
delete-spyware.alfaspace.net
www.detect-spyware.alfaspace.net
detect-spyware.alfaspace.net
It looks like they have been registering a lot of sub domains recently.
| QUOTE (Anti_Spyware @ Dec 24 2005, 03:21 AM) |
| Ah, okay- The only reason I posted them was because some of them weren't in the list So i didnt know if you saw those, they arent CWS domains, they are seperate infectons listed in his weblog at that URL i pasted, but, if u got him covered, thats fine. Sorry. |
I'll double check them anyway, normally everything is listed on the complete listings. Maybe a few slipped through, if so I'll add them.
@ Samurai & Makaveli
Added thanks
SANS reports that hyipgoldinvest.com is exploiting a recent Microsoft vulnerability. I also blocked www.hyipgoldinvest.com but I don't know if that's a valid URL or not.
A friend of mine who does not use a Hosts file reported that free proxy site www.guardster.com attempts to download "installer.exe" each time the site is visited in Firefox 1.5. I did not receive any installer attempt there with the Hosts file active, so the actual download site is apparently already blocked. (Guardster also uses the URL tproxy.guardster.com)
The article here says that Guardster is owned by spyware company Qtech, which also owns Adroar. In view of this, I think the Guardster proxy is too dangerous to be trusted and should be blocked.
Doxdesk also says that Qtech owns the domain musicfeast.com, which is not blocked in the current Hosts file.
The article here says that Guardster is owned by spyware company Qtech, which also owns Adroar. In view of this, I think the Guardster proxy is too dangerous to be trusted and should be blocked.
Doxdesk also says that Qtech owns the domain musicfeast.com, which is not blocked in the current Hosts file.
Every site on this list I am positive is bad, except for a few that I mention are suspicious, so you won’t need to do very much research at all.
Typo sites that show ads:
“When people mistype web addresses and end up to these sites, the sites show Google AdSense advertisments, profiting the fraudsters - and indirectly profiting Google.”
Quote from http://www.f-secure.com/weblog/#00000743
This is because the ads come from oingo.com which google owns.
f-sekure.com
f-secue.com
mcafeeantiviru.com
nortpnantivirus.com
www-f-secure.com
I am starting to understand what you mean about making sure to report the right “types” of sites.
I spent an hour finding lots of sites that linked to search portals that linked to rogue sites.
An example would be 4523.wxmzl.com/. That just shows how many sites wxmzl.com has registered. A google search shows that they have 49 thousand sites registered and probably have set up bots to create their sites, which link to search portals that link to other bad sites.
I have realized that it is pointless to block the search portals also, there are probably thousands of them registered, at least hundreds. The only real thing that would be good to block is the actual sites themselves that host the ActiveX or other types of downloads.
I now understand how the people who write the malware get the money to run their infections.
Affiliate links.
Each time someone clicks on an affiliate link it gives money to the person running the link.
So, what the people did, was set up bots to create tons of sites to link to other sites thus earning them lots of money from infected people who go through their site and another search portal to get to a bad site. This funds the malware writers, who in turn probably fund the search portal sites and subdomain linking sites in order to ensure that people keep finding THEIR sites.
It’s really too bad they cant all be blocked on the blocklist-if only it supported wildcards it wouldn’t really be too hard, but since it doesn’t’ unless we have bots adding stuff to the list we cant have enough time to add all those search portal subdomains and link subdomains….there are too many of them.
Also, I don’t think I should report cracks/other illegal sites because it will take too long to download things and see if they infect me, its better just not to go to those kinds of sites, and if you do, you can expect to get infected.
Besides I don’t have a virtual machine, so I would just get infected.
Therefore, I will only report sites that actually install stuff through ActiveX or other means, or sites I suspect are phising scams or that serve up ads/adservers. Also shock sites I will report. However I wont waste any more time reporting bogus search portals or subdomains, there are waaayyy to many to report.
As I am writing this, I am realizing how futile my efforts are…there are 196 thouasnd domains registered under gorematic.org that run ISTBar installs through ActiveX.
That’s 196000 sites, from one single domain.
I think a better solution is to just have the search engines remove all bad sites from servers, that way people cant get infected if they don’t directly input the URLs (yahoo is already working on this and I hope google will start soon). An easy way to do this would be for google, yahoo, etc create bots that crawl their own search engines and delete any webpages that contained random words for keywords (since those types of sites are ones that bots create, then bots could be fighting bots, rathter than humans fighting bots).
Sites that run ISTBar downloads (through ActiveX) by using misspelled words for searches such as “Nirton Antivirus” (all of them place a link in IE’s Back button to the IP address of 66.29.7.159, so when you click back it tries to install a script from ysbweb.com I believe..). Also each site tries to put two possible spyware/tracking cookies on your computer.
norton-antivirus-2004.nix.netmahalk.org/
remove-norton-antivirus.dome.glupperproject.com/
norton-antivirus-freeware.ment.magicdoodic.com/
norton-antivirus-2002.broad.krinka.net/
norton-antivirus-2005.dopax.kitydona.org/
norton-antivirus-coupon.mac.colosna.net/
norton-antivirus-homepage.some.sjsusy.com/
install-norton-antivirus.ment.magicdoodic.com/
antivirus-norton-2005.ioust.gorematic.org/
Other site that has keywords of crack downloads:
Sites that need a little researching:
http://www.memoryoptimizer.com
It seems to me as if it is a rogue McAfee pusher (I know that site is not the real McAfee download site but I think its using it as a front to install spyware, I just need you to investigate more since I don’t have a virtual machine and cant see what it installs without getting infected).
opportunists.loveshopping.us/search.php?keywords=norton+utility%0D
This also seem pretty bogus to me, it looks like a phishing site.
sg.hu/listazas.php3?id=1082118210
This looks like it has quite a lot of junk in its source code, some popups, maybe malicious scripts, needs a little researching.
In conclusion, I have realized how time-consuming it is to report sites with humans when bots are creating millions more daily. 1 website has registered 196 thousand domains, each of which install YourSiteBar, an ISTBar download, from each one of those sites. They cant all be blocked by us. We can only do so much. Now, the really bad sites are worth blocking, but these types of sites cannot be blocked, it would take years to block 196000 sites and those are just a few of the many out there (if each bad site has 196000 domains, there are over billions of bad sites).
What I am suggesting that the IANA and search engines and the common masses of people who use the internet do is this:
1) when people register a web site to the IANA, when they first create it, there needs to be a system where they have to type in numbers shown on a screen (this will defeat web bots, who cant see visual images since they aren’t human and don’t have eyes). This is already implemented in a number of registration systems. If a strong bot-defeating system is implemented, millions of generated sites will stop appearing and the chance of infection will be a lot less.
2) People need to register real names and addresses and the like to IANA, if they are serious about creating a website. IANA should be a lot bigger with more manpower and make sure that the addresses/names are actually real, or have some system invented/created to do that for them. IANA could keep the names in an extremely secure database with advanced technology to ensure that nobody could hack into it, or at least nobody hopefully would try.
3) Search engines need to delete bad sites from their servers. Yahoo and others are already doing this, but Google especially needs to. This is because most people use google, and its even a verb in the dictionary to “google something”.
4) People need to be smarter about what they click on and use better security. How to get this out to the masses? TV advertisements, since lots of people watch TV. If people don’t care, they will after they get infected, and people will become more savvy over generations of computer-savvy youths, and realize how dangerous the internet is.
I think if these 5 steps are implemented, the internet could be a whole lot safer for everyone.
Tell me what you think of this idea.
Typo sites that show ads:
“When people mistype web addresses and end up to these sites, the sites show Google AdSense advertisments, profiting the fraudsters - and indirectly profiting Google.”
Quote from http://www.f-secure.com/weblog/#00000743
This is because the ads come from oingo.com which google owns.
f-sekure.com
f-secue.com
mcafeeantiviru.com
nortpnantivirus.com
www-f-secure.com
I am starting to understand what you mean about making sure to report the right “types” of sites.
I spent an hour finding lots of sites that linked to search portals that linked to rogue sites.
An example would be 4523.wxmzl.com/. That just shows how many sites wxmzl.com has registered. A google search shows that they have 49 thousand sites registered and probably have set up bots to create their sites, which link to search portals that link to other bad sites.
I have realized that it is pointless to block the search portals also, there are probably thousands of them registered, at least hundreds. The only real thing that would be good to block is the actual sites themselves that host the ActiveX or other types of downloads.
I now understand how the people who write the malware get the money to run their infections.
Affiliate links.
Each time someone clicks on an affiliate link it gives money to the person running the link.
So, what the people did, was set up bots to create tons of sites to link to other sites thus earning them lots of money from infected people who go through their site and another search portal to get to a bad site. This funds the malware writers, who in turn probably fund the search portal sites and subdomain linking sites in order to ensure that people keep finding THEIR sites.
It’s really too bad they cant all be blocked on the blocklist-if only it supported wildcards it wouldn’t really be too hard, but since it doesn’t’ unless we have bots adding stuff to the list we cant have enough time to add all those search portal subdomains and link subdomains….there are too many of them.
Also, I don’t think I should report cracks/other illegal sites because it will take too long to download things and see if they infect me, its better just not to go to those kinds of sites, and if you do, you can expect to get infected.
Besides I don’t have a virtual machine, so I would just get infected.
Therefore, I will only report sites that actually install stuff through ActiveX or other means, or sites I suspect are phising scams or that serve up ads/adservers. Also shock sites I will report. However I wont waste any more time reporting bogus search portals or subdomains, there are waaayyy to many to report.
As I am writing this, I am realizing how futile my efforts are…there are 196 thouasnd domains registered under gorematic.org that run ISTBar installs through ActiveX.
That’s 196000 sites, from one single domain.
I think a better solution is to just have the search engines remove all bad sites from servers, that way people cant get infected if they don’t directly input the URLs (yahoo is already working on this and I hope google will start soon). An easy way to do this would be for google, yahoo, etc create bots that crawl their own search engines and delete any webpages that contained random words for keywords (since those types of sites are ones that bots create, then bots could be fighting bots, rathter than humans fighting bots).
Sites that run ISTBar downloads (through ActiveX) by using misspelled words for searches such as “Nirton Antivirus” (all of them place a link in IE’s Back button to the IP address of 66.29.7.159, so when you click back it tries to install a script from ysbweb.com I believe..). Also each site tries to put two possible spyware/tracking cookies on your computer.
norton-antivirus-2004.nix.netmahalk.org/
remove-norton-antivirus.dome.glupperproject.com/
norton-antivirus-freeware.ment.magicdoodic.com/
norton-antivirus-2002.broad.krinka.net/
norton-antivirus-2005.dopax.kitydona.org/
norton-antivirus-coupon.mac.colosna.net/
norton-antivirus-homepage.some.sjsusy.com/
install-norton-antivirus.ment.magicdoodic.com/
antivirus-norton-2005.ioust.gorematic.org/
Other site that has keywords of crack downloads:
Sites that need a little researching:
http://www.memoryoptimizer.com
It seems to me as if it is a rogue McAfee pusher (I know that site is not the real McAfee download site but I think its using it as a front to install spyware, I just need you to investigate more since I don’t have a virtual machine and cant see what it installs without getting infected).
opportunists.loveshopping.us/search.php?keywords=norton+utility%0D
This also seem pretty bogus to me, it looks like a phishing site.
sg.hu/listazas.php3?id=1082118210
This looks like it has quite a lot of junk in its source code, some popups, maybe malicious scripts, needs a little researching.
In conclusion, I have realized how time-consuming it is to report sites with humans when bots are creating millions more daily. 1 website has registered 196 thousand domains, each of which install YourSiteBar, an ISTBar download, from each one of those sites. They cant all be blocked by us. We can only do so much. Now, the really bad sites are worth blocking, but these types of sites cannot be blocked, it would take years to block 196000 sites and those are just a few of the many out there (if each bad site has 196000 domains, there are over billions of bad sites).
What I am suggesting that the IANA and search engines and the common masses of people who use the internet do is this:
1) when people register a web site to the IANA, when they first create it, there needs to be a system where they have to type in numbers shown on a screen (this will defeat web bots, who cant see visual images since they aren’t human and don’t have eyes). This is already implemented in a number of registration systems. If a strong bot-defeating system is implemented, millions of generated sites will stop appearing and the chance of infection will be a lot less.
2) People need to register real names and addresses and the like to IANA, if they are serious about creating a website. IANA should be a lot bigger with more manpower and make sure that the addresses/names are actually real, or have some system invented/created to do that for them. IANA could keep the names in an extremely secure database with advanced technology to ensure that nobody could hack into it, or at least nobody hopefully would try.
3) Search engines need to delete bad sites from their servers. Yahoo and others are already doing this, but Google especially needs to. This is because most people use google, and its even a verb in the dictionary to “google something”.
4) People need to be smarter about what they click on and use better security. How to get this out to the masses? TV advertisements, since lots of people watch TV. If people don’t care, they will after they get infected, and people will become more savvy over generations of computer-savvy youths, and realize how dangerous the internet is.
I think if these 5 steps are implemented, the internet could be a whole lot safer for everyone.
Tell me what you think of this idea.
You have some very good points there however remember that the internet is not owned by anyone, even IANA. So to implement those suggestions there would need to be some sort worldwide legislation (?) or something which is never going to happen, and who is going to pay for it?
Also AFAIK people dont generally register websites directly to IANA, it is delegated to the regional internet registries, APNIC, RIPE etc etc.
I think the biggest thing is that people just cannot expect to blindly hook their computer up to the internet and expect that nothing is going to happen! As you said things should hopefully improve as the newer generations of more computer savvy peeps come through but ignorance will always reign supreme!!
Also AFAIK people dont generally register websites directly to IANA, it is delegated to the regional internet registries, APNIC, RIPE etc etc.
I think the biggest thing is that people just cannot expect to blindly hook their computer up to the internet and expect that nothing is going to happen! As you said things should hopefully improve as the newer generations of more computer savvy peeps come through but ignorance will always reign supreme!!
These sites are reported by F-Secure as actively exploiting the Windows WMF vulnerability:
127.0.0.1 www.tfcco.com
127.0.0.1 tfcco.com
127.0.0.1 unionseek.com
127.0.0.1 www.unionseek.com
127.0.0.1 jerrynews.com
127.0.0.1 www.jerrynews.com
See http://isc.sans.org for more on the WMF issue.
127.0.0.1 www.tfcco.com
127.0.0.1 tfcco.com
127.0.0.1 unionseek.com
127.0.0.1 www.unionseek.com
127.0.0.1 jerrynews.com
127.0.0.1 www.jerrynews.com
See http://isc.sans.org for more on the WMF issue.
I'm still not sure what to do about reporting sites created by bots, for example gorematic.org. I dont have time to report all 196 thousand sites, neither does anyone else. What is to be done about sites like that, if search engines dont remove them from their databases?
Quite a lot of sites have been created by bots to infect people with MySearchBar, here are just a few:
mcafee-antivirus-update.tam.kreopi.org/
mcafee-antivirus-2005.broad.krinka.net/
mcafee-antivirus-updates.ioust.gorematic.org/
mmcafee-antivirus.mcafee-antivirus.capml.com/
mcafeee-antivirus.mcafee-antivirus.capml.com/
mccafee-antivirus.mcafee-antivirus.capml.com/
macfee-antivirus.mcafee-antivirus.capml.com/
mcfee-antivirus.mcafee-antivirus.capml.com/
cafee-antivirus.mcafee-antivirus.capml.com/
mcaafee-antivirus.mcafee-antivirus.capml.com/
mcaee-antivirus.mcafee-antivirus.capml.com/
mcafe-antivirus.mcafee-antivirus.capml.com/
mafee-antivirus.mcafee-antivirus.capml.com/
mcafeeantivirus.mcafee-antivirus.capml.com/
mcafee-antiviruus.mcafee-antivirus.capml.com/
mcafee-antivirs.mcafee-antivirus.capml.com/
mcafee-anntivirus.mcafee-antivirus.capml.com/
mcafee-antvirus.mcafee-antivirus.capml.com/
mcafeea-ntivirus.mcafee-antivirus.capml.com/
mcafee-aantivirus.mcafee-antivirus.capml.com/
mcafee-antiviruss.mcafee-antivirus.capml.com/
mcafee-antiivirus.mcafee-antivirus.capml.com/
mcafee-antivius.mcafee-antivirus.capml.com/
mcafee-anivirus.mcafee-antivirus.capml.com/
mcafee-antiirus.mcafee-antivirus.capml.com/
mcafee-antivirrus.mcafee-antivirus.capml.com/
mcafee-ativirus.mcafee-antivirus.capml.com/
mcafee-antivvirus.mcafee-antivirus.capml.com/
mcafee-anttivirus.mcafee-antivirus.capml.com/
mcafee-antiviru.mcafee-antivirus.capml.com/
mcafee-antivirus-updates.eng.chianann.com/
It goes on and on and on….these sites are a waste of time to report, I’ll focus on the really bad ones, not the cloned thousands of sites created by bots..
mcafee-antivirus-update.tam.kreopi.org/
mcafee-antivirus-2005.broad.krinka.net/
mcafee-antivirus-updates.ioust.gorematic.org/
mmcafee-antivirus.mcafee-antivirus.capml.com/
mcafeee-antivirus.mcafee-antivirus.capml.com/
mccafee-antivirus.mcafee-antivirus.capml.com/
macfee-antivirus.mcafee-antivirus.capml.com/
mcfee-antivirus.mcafee-antivirus.capml.com/
cafee-antivirus.mcafee-antivirus.capml.com/
mcaafee-antivirus.mcafee-antivirus.capml.com/
mcaee-antivirus.mcafee-antivirus.capml.com/
mcafe-antivirus.mcafee-antivirus.capml.com/
mafee-antivirus.mcafee-antivirus.capml.com/
mcafeeantivirus.mcafee-antivirus.capml.com/
mcafee-antiviruus.mcafee-antivirus.capml.com/
mcafee-antivirs.mcafee-antivirus.capml.com/
mcafee-anntivirus.mcafee-antivirus.capml.com/
mcafee-antvirus.mcafee-antivirus.capml.com/
mcafeea-ntivirus.mcafee-antivirus.capml.com/
mcafee-aantivirus.mcafee-antivirus.capml.com/
mcafee-antiviruss.mcafee-antivirus.capml.com/
mcafee-antiivirus.mcafee-antivirus.capml.com/
mcafee-antivius.mcafee-antivirus.capml.com/
mcafee-anivirus.mcafee-antivirus.capml.com/
mcafee-antiirus.mcafee-antivirus.capml.com/
mcafee-antivirrus.mcafee-antivirus.capml.com/
mcafee-ativirus.mcafee-antivirus.capml.com/
mcafee-antivvirus.mcafee-antivirus.capml.com/
mcafee-anttivirus.mcafee-antivirus.capml.com/
mcafee-antiviru.mcafee-antivirus.capml.com/
mcafee-antivirus-updates.eng.chianann.com/
It goes on and on and on….these sites are a waste of time to report, I’ll focus on the really bad ones, not the cloned thousands of sites created by bots..
I emailed google's administrator and asked him or her to remove all bad sites from google's database just as yahoo and msn I believe, are doing, so we'll see what happens!
people.freenet.de/mookflolfctm/
people.freenet.de/aohobygi/
people.freenet.de/wlpgskmv/
people.freenet.de/svclxatmlhavj/
people.freenet.de/jpjpoptwql/
people.freenet.de/iohgdhkzfhdzo/
people.freenet.de/eetbuviaebe/
scifi.pages.at/vvvjkhmbgnbbw/
home.pages.at/twfofrfzlugq/
free.pages.at/sfhfksjzsfu/
home.arcor.de/qlqqlbojvii/
home.arcor.de/fulmxct/
home.arcor.de/fowclxccdxn/
home.arcor.de/lnzzlnbk/
home.arcor.de/rprpgbnrppb/
people.freenet.de/iufilfwulmfi/
people.freenet.de/xbqyosoe/
people.freenet.de/nkxlvcob/
people.freenet.de/svclxatmlhavj/
people.freenet.de/bnymomspyo/
people.freenet.de/jbevgezfmegwy/
people.freenet.de/gdvsotuqwsg/
scifi.pages.at/eveocczmthmmq/
home.pages.at/doarauzeraqf/
free.pages.at/hsdszhmoshh/
home.arcor.de/dyddznydqir/
home.arcor.de/iyxegtd/
home.arcor.de/oakmanympnw/
home.arcor.de/riggiymd/
home.arcor.de/jhjhgquqssq/
people.freenet.de/aohobygi/
people.freenet.de/wlpgskmv/
people.freenet.de/svclxatmlhavj/
people.freenet.de/jpjpoptwql/
people.freenet.de/iohgdhkzfhdzo/
people.freenet.de/eetbuviaebe/
scifi.pages.at/vvvjkhmbgnbbw/
home.pages.at/twfofrfzlugq/
free.pages.at/sfhfksjzsfu/
home.arcor.de/qlqqlbojvii/
home.arcor.de/fulmxct/
home.arcor.de/fowclxccdxn/
home.arcor.de/lnzzlnbk/
home.arcor.de/rprpgbnrppb/
people.freenet.de/iufilfwulmfi/
people.freenet.de/xbqyosoe/
people.freenet.de/nkxlvcob/
people.freenet.de/svclxatmlhavj/
people.freenet.de/bnymomspyo/
people.freenet.de/jbevgezfmegwy/
people.freenet.de/gdvsotuqwsg/
scifi.pages.at/eveocczmthmmq/
home.pages.at/doarauzeraqf/
free.pages.at/hsdszhmoshh/
home.arcor.de/dyddznydqir/
home.arcor.de/iyxegtd/
home.arcor.de/oakmanympnw/
home.arcor.de/riggiymd/
home.arcor.de/jhjhgquqssq/
The following domain is reported to be exploiting the unpatched WMF flaw:
127.0.0.1 mujegorda.bitacoras.com
127.0.0.1 mujegorda.bitacoras.com
www.yoursitebar.net/ -clone of www.yoursitebar.com but not on blocklist.
Dialers: (obtained from Symantec), so no research needed to be done-
www.baciamistupido.biz/
Dialers: (obtained from Symantec), so no research needed to be done-
www.baciamistupido.biz/
1/10th of the domains registered under next.mordesites.com
arabic-keyboards.next.mordesites.com/
wing-sauce-recipes.next.mordesites.com/
packaging-company.next.mordesites.com/
oceanographer.next.mordesites.com/
big-l.next.mordesites.com/
comcast-speeds.next.mordesites.com/
lake-property.next.mordesites.com/
hollister-clothing.next.mordesites.com/
chelifer-cancroides.next.mordesites.com/
breeding-pugs.next.mordesites.com/
fotos-erreway.next.mordesites.com/
patricia-schroeder.next.mordesites.com/
actors-connection.next.mordesites.com/
google-ad-words.next.mordesites.com/
buy-easter-candy.next.mordesites.com/
cuisinart-hand-mixer.next.mordesites.com/
nikon-d100-camera.next.mordesites.com/
open-canvas-download.next.mordesites.com/
wholesale-salon-products.next.mordesites.com/
teresa-cheung-photo.next.mordesites.com/
seaman-murder-trial.next.mordesites.com/
courtyard-new-orleans.next.mordesites.com/
pro-se-divorce.next.mordesites.com/
replace-laptop-keyboard.next.mordesites.com/
toy-australian-shepherds.next.mordesites.com/
custom-outdoor-cushions.next.mordesites.com/
stock.next.mordesites.com/
celtuce.next.mordesites.com/
automysophobia.next.mordesites.com/
zoanthropy.next.mordesites.com/
reflective.next.mordesites.com/
unmapped.next.mordesites.com/
marchland.next.mordesites.com/
extraversive.next.mordesites.com/
regnellidium.next.mordesites.com/
insectivora.next.mordesites.com/
honeydew.next.mordesites.com/
connoisseur.next.mordesites.com/
doubter.next.mordesites.com/
spoke.next.mordesites.com/
extent.next.mordesites.com/
electronics.next.mordesites.com/
blackhead.next.mordesites.com/
theatrically.next.mordesites.com/
socioeconomic.next.mordesites.com/
hanover.next.mordesites.com/
panzer-iii.next.mordesites.com/
david-grimm.next.mordesites.com/
irib-tv1.next.mordesites.com/
bookkeeping-rates.next.mordesites.com/
crop-shop.next.mordesites.com/
darling-diva.next.mordesites.com/
maid-honor.next.mordesites.com/
bcg-legal.next.mordesites.com/
2652-xxx.next.mordesites.com/
patty-wagstaff.next.mordesites.com/
mccs-okinawa.next.mordesites.com/
drawing-salve.next.mordesites.com/
uhaul-coupons.next.mordesites.com/
roll-out.next.mordesites.com/
ball-pumping.next.mordesites.com/
half-moon-betta.next.mordesites.com/
ktm-dealers.next.mordesites.com/
flush-face.next.mordesites.com/
burton-michigan.next.mordesites.com/
sequin-belts.next.mordesites.com/
sat-dw.next.mordesites.com/
aeon-genesis.next.mordesites.com/
neutron-bomb.next.mordesites.com/
compare-colleges.next.mordesites.com/
comstock-gold.next.mordesites.com/
dark-lord.next.mordesites.com/
texes-reviews.next.mordesites.com/
hebrew-home.next.mordesites.com/
1933-willys.next.mordesites.com/
coby-207.next.mordesites.com/
leaders-club.next.mordesites.com/
trac-lease.next.mordesites.com/
winter-haven.next.mordesites.com/
k20-motor.next.mordesites.com/
labour-party.next.mordesites.com/
leather-clothes.next.mordesites.com/
peer-mediation.next.mordesites.com/
penny-proud.next.mordesites.com/
quiksilver-pro.next.mordesites.com/
groveport-schools.next.mordesites.com/
elena-paparizou.next.mordesites.com/
kumc-groupwise.next.mordesites.com/
gullwing-trucks.next.mordesites.com/
web-layout.next.mordesites.com/
homestar-runner.next.mordesites.com/
broadway-reviews.next.mordesites.com/
petting-zoo.next.mordesites.com/
halifax-band.next.mordesites.com/
birthday-toast.next.mordesites.com/
bank-reconcile.next.mordesites.com/
ps-portable.next.mordesites.com/
seismic-exchange.next.mordesites.com/
hillsboro-reporter.next.mordesites.com/
arabic-keyboards.next.mordesites.com/
wing-sauce-recipes.next.mordesites.com/
packaging-company.next.mordesites.com/
oceanographer.next.mordesites.com/
big-l.next.mordesites.com/
comcast-speeds.next.mordesites.com/
lake-property.next.mordesites.com/
hollister-clothing.next.mordesites.com/
chelifer-cancroides.next.mordesites.com/
breeding-pugs.next.mordesites.com/
fotos-erreway.next.mordesites.com/
patricia-schroeder.next.mordesites.com/
actors-connection.next.mordesites.com/
google-ad-words.next.mordesites.com/
buy-easter-candy.next.mordesites.com/
cuisinart-hand-mixer.next.mordesites.com/
nikon-d100-camera.next.mordesites.com/
open-canvas-download.next.mordesites.com/
wholesale-salon-products.next.mordesites.com/
teresa-cheung-photo.next.mordesites.com/
seaman-murder-trial.next.mordesites.com/
courtyard-new-orleans.next.mordesites.com/
pro-se-divorce.next.mordesites.com/
replace-laptop-keyboard.next.mordesites.com/
toy-australian-shepherds.next.mordesites.com/
custom-outdoor-cushions.next.mordesites.com/
stock.next.mordesites.com/
celtuce.next.mordesites.com/
automysophobia.next.mordesites.com/
zoanthropy.next.mordesites.com/
reflective.next.mordesites.com/
unmapped.next.mordesites.com/
marchland.next.mordesites.com/
extraversive.next.mordesites.com/
regnellidium.next.mordesites.com/
insectivora.next.mordesites.com/
honeydew.next.mordesites.com/
connoisseur.next.mordesites.com/
doubter.next.mordesites.com/
spoke.next.mordesites.com/
extent.next.mordesites.com/
electronics.next.mordesites.com/
blackhead.next.mordesites.com/
theatrically.next.mordesites.com/
socioeconomic.next.mordesites.com/
hanover.next.mordesites.com/
panzer-iii.next.mordesites.com/
david-grimm.next.mordesites.com/
irib-tv1.next.mordesites.com/
bookkeeping-rates.next.mordesites.com/
crop-shop.next.mordesites.com/
darling-diva.next.mordesites.com/
maid-honor.next.mordesites.com/
bcg-legal.next.mordesites.com/
2652-xxx.next.mordesites.com/
patty-wagstaff.next.mordesites.com/
mccs-okinawa.next.mordesites.com/
drawing-salve.next.mordesites.com/
uhaul-coupons.next.mordesites.com/
roll-out.next.mordesites.com/
ball-pumping.next.mordesites.com/
half-moon-betta.next.mordesites.com/
ktm-dealers.next.mordesites.com/
flush-face.next.mordesites.com/
burton-michigan.next.mordesites.com/
sequin-belts.next.mordesites.com/
sat-dw.next.mordesites.com/
aeon-genesis.next.mordesites.com/
neutron-bomb.next.mordesites.com/
compare-colleges.next.mordesites.com/
comstock-gold.next.mordesites.com/
dark-lord.next.mordesites.com/
texes-reviews.next.mordesites.com/
hebrew-home.next.mordesites.com/
1933-willys.next.mordesites.com/
coby-207.next.mordesites.com/
leaders-club.next.mordesites.com/
trac-lease.next.mordesites.com/
winter-haven.next.mordesites.com/
k20-motor.next.mordesites.com/
labour-party.next.mordesites.com/
leather-clothes.next.mordesites.com/
peer-mediation.next.mordesites.com/
penny-proud.next.mordesites.com/
quiksilver-pro.next.mordesites.com/
groveport-schools.next.mordesites.com/
elena-paparizou.next.mordesites.com/
kumc-groupwise.next.mordesites.com/
gullwing-trucks.next.mordesites.com/
web-layout.next.mordesites.com/
homestar-runner.next.mordesites.com/
broadway-reviews.next.mordesites.com/
petting-zoo.next.mordesites.com/
halifax-band.next.mordesites.com/
birthday-toast.next.mordesites.com/
bank-reconcile.next.mordesites.com/
ps-portable.next.mordesites.com/
seismic-exchange.next.mordesites.com/
hillsboro-reporter.next.mordesites.com/
Spam sites:
freebiepeople.com
yfdirect.com
rewardsgateway.com
theoffersource.com
freescholarshipguide.com - 51 emails per week, somewhat spammy
bbqsweeps.com
amazingsamples.com
staycool4free.com
maxmoolah.com
winhundred.com
coverclicks.com
affiliatenetwork.com
Sites with lots of Popups:
3cr.net
Trafficenergy.com
Bilfen-kizlari.com
Bedavamp3.cc
Arb3.com
2000magazine.com
Sites with bad downloads:
galttech.com
screensaverheaven.com
daily1.com
my-desktop-wallpapers.com
topscreensavers.com
galtpage.com
gogalt.com
monash.edu.au
I got this list from SiteAdvisor, a very cool new program that has bots crawling the web lookin for bad sites, links, spam, and phising (everything bad). Its a plug-in to web browsing clients like IE, firefox, and opera, and shows an alert button next to the site on a search engine if its bad, or displays a little window baloon warning you if ur on the site. The preview version can be downloaded at http://www.siteadvisor.com/preview/. Im very excited about this, and so is Ben Endelman, a notable spyware researcher- I read this from his blog- look here: http://www.benedelman.org/news/121905-1.html. This is a really cool piece of software, and its coming out later on in 2006, I cant wait!
freebiepeople.com
yfdirect.com
rewardsgateway.com
theoffersource.com
freescholarshipguide.com - 51 emails per week, somewhat spammy
bbqsweeps.com
amazingsamples.com
staycool4free.com
maxmoolah.com
winhundred.com
coverclicks.com
affiliatenetwork.com
Sites with lots of Popups:
3cr.net
Trafficenergy.com
Bilfen-kizlari.com
Bedavamp3.cc
Arb3.com
2000magazine.com
Sites with bad downloads:
galttech.com
screensaverheaven.com
daily1.com
my-desktop-wallpapers.com
topscreensavers.com
galtpage.com
gogalt.com
monash.edu.au
I got this list from SiteAdvisor, a very cool new program that has bots crawling the web lookin for bad sites, links, spam, and phising (everything bad). Its a plug-in to web browsing clients like IE, firefox, and opera, and shows an alert button next to the site on a search engine if its bad, or displays a little window baloon warning you if ur on the site. The preview version can be downloaded at http://www.siteadvisor.com/preview/. Im very excited about this, and so is Ben Endelman, a notable spyware researcher- I read this from his blog- look here: http://www.benedelman.org/news/121905-1.html. This is a really cool piece of software, and its coming out later on in 2006, I cant wait!
Spylog:
u4635.14.spylog.com
Zango:
prompt.zangocash.com
IntelliText:
allhiphop.us.intellitxt.com
Rogue anti-spyware:
support.spyiblock.com
help.spyiblock.com
Fake Security Centers:
www.systemsecurityindex.com
systemsecurityindex.com
www.uptodatesecurity.com
uptodatesecurity.com
Websearch:
helpint.mywebsearch.com
Ads:
estore.vzwshop.com
Popups:
www.mate1.com
mate1.com
u4635.14.spylog.com
Zango:
prompt.zangocash.com
IntelliText:
allhiphop.us.intellitxt.com
Rogue anti-spyware:
support.spyiblock.com
help.spyiblock.com
Fake Security Centers:
www.systemsecurityindex.com
systemsecurityindex.com
www.uptodatesecurity.com
uptodatesecurity.com
Websearch:
helpint.mywebsearch.com
Ads:
estore.vzwshop.com
Popups:
www.mate1.com
mate1.com
Fake Security Center:
www.systemupdates.net
systemupdates.net
www.systemupdates.net
systemupdates.net
Rogue anti-malware aps
malwarewipe.com
www.thespyguard.com
www.adwarepunisher.com
www.spyiblock.com
malwarewipe.com
www.thespyguard.com
www.adwarepunisher.com
www.spyiblock.com
add banners
www.paradisepoker.com
mark
www.paradisepoker.com
mark
www.nitro5x.com/faq.asp
Nitro5X I found on my computer, and I am not sure whether it was unintentionally installed by a member of my family or whether it was bundled with adware- either way, it needs to be researched.
www.dmv.ca.gov.com
This site needs to be researched because the Deparment of Motor Vehicles for California's site is www.dmv.ca.gov. When a family member typed in dmv.ca.gov without the www prefix, it went to the above site, which looks a bit suspicious, it claims to be an "official insurance site" or somesuch...not sure whether its phising site or legit, it also needs researching, thanks.
Nitro5X I found on my computer, and I am not sure whether it was unintentionally installed by a member of my family or whether it was bundled with adware- either way, it needs to be researched.
www.dmv.ca.gov.com
This site needs to be researched because the Deparment of Motor Vehicles for California's site is www.dmv.ca.gov. When a family member typed in dmv.ca.gov without the www prefix, it went to the above site, which looks a bit suspicious, it claims to be an "official insurance site" or somesuch...not sure whether its phising site or legit, it also needs researching, thanks.
I get spam letters for medical aids, or copies of famous brands of watches, and cheap software... such as ghjdmabefl.utlo.info-220.160.201.136 for medical aids of sorts.
Are these of any use?
Are these of any use?
**delete this**
**delete this**
WMF phising exploit sites:
www.jhsbc.com
www.i7tgg4rv.com
www.ll67ffgsp.com
www.mrhpd74e.com
www.pph4e32q.com
www.jhsbc.com
www.i7tgg4rv.com
www.ll67ffgsp.com
www.mrhpd74e.com
www.pph4e32q.com
movieland.com
www.movieland.com
http://www.consumeraffairs.com/news04/2006/01/movieland.html
MovieLand Pipes Spyware Onto Users' Computers Intrusive adware and pop-up windows can't be easily removed.
If i get a chance i will look into these popups to see what they are.
65.115.110.0 - 65.115.110.255
PACIFICON DBA VITALIX LIMITED
3940 Laural Canyon Blvd Suite 609
Studio City
CA
91604
United States
firstaid
www.movieland.com
http://www.consumeraffairs.com/news04/2006/01/movieland.html
MovieLand Pipes Spyware Onto Users' Computers Intrusive adware and pop-up windows can't be easily removed.
If i get a chance i will look into these popups to see what they are.
65.115.110.0 - 65.115.110.255
PACIFICON DBA VITALIX LIMITED
3940 Laural Canyon Blvd Suite 609
Studio City
CA
91604
United States
firstaid
That site is a joke.
I had some time to check it out. They have you install the software (mediapipe) just to enter the site. Then if you do not cancel within 3 days you will be bombarded with popups reminding you that you have to pay 90.00 for a full years perscription.
I downloaded 2 movies and could not play them, a popup came up saying something to the effect that the owner of this content needs you to update your DRM. uh...yeah,... but I was on a virtual OS so i tried and that didn't even work, couldn't connect to the server. I went to the microsoft page and it basicaly said they are trying to figure out why one gets this message.
well anyhow, I don't like it one bit. They also state in there TOC that there software sends info back to there servers about what applications you have installed.
I picked up some tracking cookies while i was there as well.
ads.vitalix.net
internetfuel.com
www.movieland.com
zedo.com
trafficmp.com
apmebt.com
qskrv.net
smartmoney.com
linksynergy.com
some links
www.netbroadcaster.com
members.accesmedia.tv
p2p.p2pnetworks.net
notifier.altbill.com
http://atbill.com
AltBill is an alternative billing solution for Internet merchants and content providers alike. The AltBill billing platform allows consumers to receive immediate access to web-based products and services without collecting any financial or personally-identifiable information.
The AltBill solution was adapted from the principals of the "honor system." Consumers who utilize the AltBill billing platform are given ample time to review products and are not obligated to purchase unless they are completely satisfied.
AltBill use of friendly payment reminders helps to maintain and ensure the trust between website owners and their valued customers.
AltBill enabled websites can elect to purchase based on their satisfaction of product via AltBill friendly payment reminders.
friendly payment reminders?!?!
Thats all I had time for.
firstaid
I had some time to check it out. They have you install the software (mediapipe) just to enter the site. Then if you do not cancel within 3 days you will be bombarded with popups reminding you that you have to pay 90.00 for a full years perscription.
I downloaded 2 movies and could not play them, a popup came up saying something to the effect that the owner of this content needs you to update your DRM. uh...yeah,... but I was on a virtual OS so i tried and that didn't even work, couldn't connect to the server. I went to the microsoft page and it basicaly said they are trying to figure out why one gets this message.
well anyhow, I don't like it one bit. They also state in there TOC that there software sends info back to there servers about what applications you have installed.
I picked up some tracking cookies while i was there as well.
ads.vitalix.net
internetfuel.com
www.movieland.com
zedo.com
trafficmp.com
apmebt.com
qskrv.net
smartmoney.com
linksynergy.com
some links
www.netbroadcaster.com
members.accesmedia.tv
p2p.p2pnetworks.net
notifier.altbill.com
http://atbill.com
AltBill is an alternative billing solution for Internet merchants and content providers alike. The AltBill billing platform allows consumers to receive immediate access to web-based products and services without collecting any financial or personally-identifiable information.
The AltBill solution was adapted from the principals of the "honor system." Consumers who utilize the AltBill billing platform are given ample time to review products and are not obligated to purchase unless they are completely satisfied.
AltBill use of friendly payment reminders helps to maintain and ensure the trust between website owners and their valued customers.
AltBill enabled websites can elect to purchase based on their satisfaction of product via AltBill friendly payment reminders.
friendly payment reminders?!?!
Thats all I had time for.
firstaid
Thanks everyone.
I didn't post a lot lately in this topic, some real life issues are preventing me from having a lot of free time lately.
Currently I am checking all the valid / unvalid servers in the complete hosts file which will be completely updated in the next upcoming days.
All help in reporting bad sites is very appreciated as usual.
Kim
I didn't post a lot lately in this topic, some real life issues are preventing me from having a lot of free time lately.
Currently I am checking all the valid / unvalid servers in the complete hosts file which will be completely updated in the next upcoming days.
All help in reporting bad sites is very appreciated as usual.
Kim
hi kim,we appreciate what you do here too,
www.heavenlybodiesuk.com
www.letsgetiton.co.uk
can you guess what these sites are
monkeys do something similar in trees,
not too offensive to me but are for some pople,malware likeley from these sites,
www.keepitup.co.uk
that one wants to sell you a pill to go to the all nighters,as we at bluetack do not need such medical enhancements i though we ought to block it,
seriously though these are not good for kids,adds pay for more than you think on these sites,
mark
www.heavenlybodiesuk.com
www.letsgetiton.co.uk
can you guess what these sites are
monkeys do something similar in trees,not too offensive to me but are for some pople,malware likeley from these sites,
www.keepitup.co.uk
that one wants to sell you a pill to go to the all nighters,as we at bluetack do not need such medical enhancements i though we ought to block it,
seriously though these are not good for kids,adds pay for more than you think on these sites,
mark
I found this Trojan Infested site. "sexogalia.com". PG2 protected me. Someone using eDonkey had it as their user name, so I checked it out like I often do.
www.sharky-socks.net/citibank
That's a Citibank fraud/phising site.
www.sharky-socks.net/ has several other subdomains and should be blocked entirely. They offer a proxy service as well and a few other things.
I found this from the sunbelt blog http://sunbeltblog.blogspot.com/
That's a Citibank fraud/phising site.
www.sharky-socks.net/ has several other subdomains and should be blocked entirely. They offer a proxy service as well and a few other things.
I found this from the sunbelt blog http://sunbeltblog.blogspot.com/
Updated
Thanks everyone.
Thanks everyone.
Fake Security Centers:
www.securityprecaution.net
securityprecaution.net
www.perfectedsecurity.com
perfectedsecurity.com
www.websurfhelp.com
websurfhelp.com
www.securityfeature.com
securityfeature.com
www.securitysafeguards.net
securitysafeguards.net
www.securityenhance.com
securityenhance.com
r12-n2.rovedigital.com
www.securityprecaution.net
securityprecaution.net
www.perfectedsecurity.com
perfectedsecurity.com
www.websurfhelp.com
websurfhelp.com
www.securityfeature.com
securityfeature.com
www.securitysafeguards.net
securitysafeguards.net
www.securityenhance.com
securityenhance.com
r12-n2.rovedigital.com
hxxp://www.govt.com
every link on that page runs through overture, overture is blocked in the hosts file already but wondered if you would wanna block the site. lol
firstaid
every link on that page runs through overture, overture is blocked in the hosts file already but wondered if you would wanna block the site. lol
firstaid
ads.fitnessonline.com
www.ads.fitnessonline.com
www.ads.fitnessonline.com
join1.winhundred.com
spyfalcon.com
www.spyfalcon.com
spyfalcon.com
www.spyfalcon.com
banner.westernunion.com (ad server)
Thx everyone.
spyfalcon.com did join our club with gold membership already a few days ago
spyfalcon.com did join our club with gold membership already a few days ago
Aha, lol.
Here are some sites that, probably could join with more than just gold membership.... more like, 24- pure carat gold elite deluxe super-duper membership:
All of these sites use exploits and other means to download a great deal of junk and are all QUITE dangerous:
perlink.biz
wellspring-uk.net
game4all.biz
core.psyche-evolution.com
burgostar.info
download.winhound.com
lookoutsoft.net
perfhost.com
www2.pacimedia.com
maiden4u.biz
offshoreclicks.com
www.2mgames.com
Here are some sites that, probably could join with more than just gold membership.... more like, 24- pure carat gold elite deluxe super-duper membership:
All of these sites use exploits and other means to download a great deal of junk and are all QUITE dangerous:
perlink.biz
wellspring-uk.net
game4all.biz
core.psyche-evolution.com
burgostar.info
download.winhound.com
lookoutsoft.net
perfhost.com
www2.pacimedia.com
maiden4u.biz
offshoreclicks.com
www.2mgames.com
Domains known to have downloaded W32/Beouven:
downloadboost.com
hdnsservice.com
gigafreehost.com
kitehosting.com
ware2006.com
filesstore.com
gigs7.com
webmanaged.net
freeprohosting.net
filesget.com
conboost.com
wloads.com
getyourfile.cc
readagreement.net
dbdecicated.com
hostthesky.com
bt2n.com
connectpt.net
boostservice.com
Domains known to have downloaded Win32/Bagle.DR: (note; there could be a few duplicates on here, but hopefully that isnt too much of a problem - isnt there some features that removes duplicates easily? )
www.cnsrvr.com
www.casinofunnights.com
www.ec.cox-wacotrib.com
www.crazyiron.ru
www.uni-esma.de
www.sorisem.net
www.varc.lv
www.belwue.de
www.thetildegroup.com
www.vybercz.cz
www.kyno.cz
www.forumgestionvilles.com
www.campus-and-more.com
www.capitalforex.com
www.capitalspreadspromo.com
www.prineus.de
www.databoots.de
www.steintrade.net
www.njzt.net
www.emarrynet.com
www.zebrachina.net
www.lxlight.com
www.yili-lighting.com
www.fachman.com
www.q-serwer.net
www.wellness-i.com
www.newportsystemsusa.com
www.westcoastcadd.com
www.wing49.cz
www.posteffects.com
www.provax.sk
www.casinobrillen.de
www.duodaydream.nl
www.finlaw.ru
www.fitdina.com
www.flashcardplayer.com
www.flox-avant.ru
www.lotslink.com
www.algor.com
www.gaspekas.com
www.ezybidz.com
www.genesisfinancialonline.com
www.georg-kuenzle.ch
www.girardelli.com
www.rodoslovia.ru
www.golden-gross.ru
www.gregoryolson.com
www.gtechna.com
www.lunardi.com
www.sgmisburg.de
www.harmony-farms.net
www.hftmusic.com
www.hiwmreport.com
www.horizonimagingllc.com
www.hotelbus.de
www.howiwinmoney.com
www.ietcn.com
www.import-world.com
www.houstonzoo.org
www.interorient.ru
www.internalcardreaders.com
www.interstrom.ru
www.iutoledo.org
www.wena.net
www.iesgrantarajal.org
www.alexandriaradiology.com
www.booksbyhunter.com
www.wxcsxy.com
www.coupdepinceau.com
www.erotologist.com
www.jackstitt.com
www.imspress.com
www.digitalefoto.net
www.josemarimuro.com
www.eversetic.com
www.curious.be
www.kameo-bijux.ru
www.karrad6000.ru
www.kaztransformator.kz
www.keywordthief.com
IRC server known to be used by Win32.Mytob.KM:
rax.oucihax.info
Win32/Hanlo.I has been known to download from:
davepd.co.uk
taugammaphi1968.org
software-solution.org
Information found from http://www3.ca.com/securityadvisor/virusinfo/ by navigating around.
downloadboost.com
hdnsservice.com
gigafreehost.com
kitehosting.com
ware2006.com
filesstore.com
gigs7.com
webmanaged.net
freeprohosting.net
filesget.com
conboost.com
wloads.com
getyourfile.cc
readagreement.net
dbdecicated.com
hostthesky.com
bt2n.com
connectpt.net
boostservice.com
Domains known to have downloaded Win32/Bagle.DR: (note; there could be a few duplicates on here, but hopefully that isnt too much of a problem - isnt there some features that removes duplicates easily? )
www.cnsrvr.com
www.casinofunnights.com
www.ec.cox-wacotrib.com
www.crazyiron.ru
www.uni-esma.de
www.sorisem.net
www.varc.lv
www.belwue.de
www.thetildegroup.com
www.vybercz.cz
www.kyno.cz
www.forumgestionvilles.com
www.campus-and-more.com
www.capitalforex.com
www.capitalspreadspromo.com
www.prineus.de
www.databoots.de
www.steintrade.net
www.njzt.net
www.emarrynet.com
www.zebrachina.net
www.lxlight.com
www.yili-lighting.com
www.fachman.com
www.q-serwer.net
www.wellness-i.com
www.newportsystemsusa.com
www.westcoastcadd.com
www.wing49.cz
www.posteffects.com
www.provax.sk
www.casinobrillen.de
www.duodaydream.nl
www.finlaw.ru
www.fitdina.com
www.flashcardplayer.com
www.flox-avant.ru
www.lotslink.com
www.algor.com
www.gaspekas.com
www.ezybidz.com
www.genesisfinancialonline.com
www.georg-kuenzle.ch
www.girardelli.com
www.rodoslovia.ru
www.golden-gross.ru
www.gregoryolson.com
www.gtechna.com
www.lunardi.com
www.sgmisburg.de
www.harmony-farms.net
www.hftmusic.com
www.hiwmreport.com
www.horizonimagingllc.com
www.hotelbus.de
www.howiwinmoney.com
www.ietcn.com
www.import-world.com
www.houstonzoo.org
www.interorient.ru
www.internalcardreaders.com
www.interstrom.ru
www.iutoledo.org
www.wena.net
www.iesgrantarajal.org
www.alexandriaradiology.com
www.booksbyhunter.com
www.wxcsxy.com
www.coupdepinceau.com
www.erotologist.com
www.jackstitt.com
www.imspress.com
www.digitalefoto.net
www.josemarimuro.com
www.eversetic.com
www.curious.be
www.kameo-bijux.ru
www.karrad6000.ru
www.kaztransformator.kz
www.keywordthief.com
IRC server known to be used by Win32.Mytob.KM:
rax.oucihax.info
Win32/Hanlo.I has been known to download from:
davepd.co.uk
taugammaphi1968.org
software-solution.org
Information found from http://www3.ca.com/securityadvisor/virusinfo/ by navigating around.
www.warningpages.com - this site seems pretty suspicious and is linked to a lot of other bad sites. Its probably one of those things where people earn revenue by illigitimate means...ping requests returned 'failed'- apparently they stop ping requests..a few other sites affiliated with it spoofed their IP's to return an address of 0.0.0.0 when pinged, when pinged using command prompt returned a different IP not associated with them either...seems like all these sites spoof everything possible in order to not get caught.
Ads:
ad.se.thepiratebay.org
ads.mixtapekings.com
ad.isohunt.com
www.ads.havamedia.net
ads.havamedia.net
adserver.utterlyboring.com
Exploits:
wmw.crackz.ws
SpyFalcon:
www.webasiansex.com
webasiansex.com
www.freeprohosting.net
freeprohosting.net
dl.spyfalcon.com
dl2.spyfalcon.com
dl3.spyfalcon.com
dl4.spyfalcon.com
dl5.spyfalcon.com
dl6.spyfalcon.com
Adware Sheriff:
www.onlinesecurityguide.net
onlinesecurityguide.net
Rouge Anti-Spyware:
www.advancedsearchbar.com
advancedsearchbar.com
ad.se.thepiratebay.org
ads.mixtapekings.com
ad.isohunt.com
www.ads.havamedia.net
ads.havamedia.net
adserver.utterlyboring.com
Exploits:
wmw.crackz.ws
SpyFalcon:
www.webasiansex.com
webasiansex.com
www.freeprohosting.net
freeprohosting.net
dl.spyfalcon.com
dl2.spyfalcon.com
dl3.spyfalcon.com
dl4.spyfalcon.com
dl5.spyfalcon.com
dl6.spyfalcon.com
Adware Sheriff:
www.onlinesecurityguide.net
onlinesecurityguide.net
Rouge Anti-Spyware:
www.advancedsearchbar.com
advancedsearchbar.com
Banner ads: info.freepay.com
Thanks everyone
www.7sultans.com/
passion.com
passion.com
bestjobsguide.com
www.bestjobsguide.com
financeadvisor.org
fitnessandhealth.us
bigromantic.com
seekerbar.com
sexybabesx.com
Portale93.com
totemmail.com (a major spam site)
myfavoritegames.com
ratloaf.com
entertainmentwallpaper.com
sweepandvacfree.com (major spam site)
uproar.com
www.bestjobsguide.com
financeadvisor.org
fitnessandhealth.us
bigromantic.com
seekerbar.com
sexybabesx.com
Portale93.com
totemmail.com (a major spam site)
myfavoritegames.com
ratloaf.com
entertainmentwallpaper.com
sweepandvacfree.com (major spam site)
uproar.com
www.hotget.com - possibly a rogue video codec site, needs investigating, seems dodgy.
www.reversecontext.com -another site that needs investigating.
www.reversecontext.com -another site that needs investigating.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.