Official hpHosts Support Forums
http://forum.hosts-file.net/

Please submit sites to be added to hpHOSTS to this thread
http://forum.hosts-file.net/viewtopic.php?f=11&t=621		 Page 8 of 9
Author:  MysteryFCM [ Sat Aug 02, 2008 12:42 am ]
Post subject:  Re: Please submit sites to be added to hpHOSTS to this thread
Cheers Tom Smile
Author:  Guest [ Sat Aug 02, 2008 6:56 am ]
Post subject:  Re: Please submit sites to be added to hpHOSTS to this thread
1 to add, one to watch, or maybe add anyway:
  • This site is NOT currently listed in hpHosts
    Host: fastpyroscan.com
    Current IP*: 207.226.174.20
    IP PTR: 207-226-174-20.pccwglobal.net
    Registrar: ESTDOMAINS, INC.
    Whois Server: whois.estdomains.com
    Referral URL: http://www.estdomains.com
    Name Server: NS1.PYROANTISPY.COM
    Name Server: NS2.PYROANTISPY.COM
    Name Server: NS3.PYROANTISPY.COM
    Status: clientTransferProhibited
    Updated Date: 03-jun-2008
    Creation Date: 03-jun-2008
    Expiration Date: 03-jun-2009

    associated with proantyspy.com
    http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-080112-4201-99&tabid=2
  • This site is NOT currently listed in hpHosts
    Host: proantispy.com
    Rogue association, suspicious & Webhelper listed
    Registration Service Provided By: VIVIDS MEDIA GMBH
    Contact: +49.3094413291
    Registrant:
    PrivacyProtect.org
    Domain Admin (contact@privacyprotect.org)
    P.O. Box 97
    Note - All Postal Mails Rejected, visit Privacyprotect.org
    Moergestel
    null,5066 ZH
    NL
    Tel. +45.36946676

    Creation Date: 02-Jun-2007
    Expiration Date: 02-Jun-2009

    Analysis
    http://www.symantec.com/business/security_response/writeup.jsp?docid=2008-080112-4201-99&tabid=2

    Suspicious rating @ Trusted Source:
    http://www.trustedsource.org/TS?do=feedback&subdo=query&q=proantispy.com

    Listed @ Webhelper
    http://webhelper4u.net/whmembers/siteslists/cwsalphaA.txt
Author:  Guest [ Sat Aug 02, 2008 8:22 am ]
Post subject:  Re: Please submit sites to be added to hpHOSTS to this thread
This site is NOT currently listed in hpHosts
Host: theworldnews5.com
Current IP*: 84.16.252.138
IP PTR: 84-16-252-138.internetserviceteam.com
Registrant Contact:
DomainsReg, Inc.
Sergey Astakhov abuse@domainsreg.cn
1-800-716-0023 fax: 1-800-716-0023
Lenin str. 38, 77
Saratov Saratovskaya oblast 150040
cn
DNS:
ns1.mynick.name
ns2.mynick.name
ns3.mynick.name
ns4.mynick.name
Created: 2008-07-30
Expires: 2009-07-30

malicious
http://www.trustedsource.org/TS?do=feedback&subdo=query&q=theworldnews5.com

hxxp://internetprotection2009.com/2009/1/_freescan.php?aid=880253

installs xpantivirus 2009
Author:  Guest [ Sat Aug 02, 2008 8:51 am ]
Post subject:  Re: Please submit sites to be added to hpHOSTS to this thread
Below find vURL Online links for details. All sites below wind up installing Power Antivirus 2009.

This site is NOT currently listed in hpHosts
Host: antiware.orgfree.com
Current IP*: 72.232.26.155
IP PTR: ns2.orgfree.com
Registration Service Provided By: NameCheap.com
Contact: support@NameCheap.com
Visit: http://www.namecheap.com/
Name Servers:
ns1.orgfree.com
ns2.orgfree.com
Creation date: 28 Jan 2005 15:25:42
Expiration date: 28 Jan 2010 15:25:42
=======
Page Title: Power Antivirus 2009
http://vurl.mysteryfcm.co.uk/?url=http://imir.info/go.php?sid=6&selUAStr=0
This site is NOT currently listed in hpHosts
Host: imir.info
Current IP*: 209.59.142.226
IP PTR: host.gudzonserver.com
Domain ID:D15787080-LRMS
Domain Name:IMIR.INFO
Created On:20-Dec-2006 16:25:16 UTC
Last Updated On:16-Nov-2007 12:13:21 UTC
Expiration Date:20-Dec-2008 16:25:16 UTC
Sponsoring Registrar:Directi Internet Solutions Pvt. Ltd. d/b/a PublicDomainRegistry.com (R159-LRMS)
Name Server:NS1.GUDZONSERVER.COM
Name Server:NS2.GUDZONSERVER.COM
=======
Page Title: Power Antivirus 2009
http://vurl.mysteryfcm.co.uk/?url=http://mytraff.com/in.cgi?17&selUAStr=0 <<<<listed @ MDL
This site is NOT currently listed in hpHosts
Host: mytraff.com
Current IP*: 88.208.30.158
MX records for: mytraff.com
PRI Server IP Hostname
20 69.31.128.188 mail2.mytraff.com
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: http://www.estdomains.com
Name Server: NS5.PUBLIC-NS.COM
Name Server: NS6.PUBLIC-NS.COM
Status: ok
Updated Date: 15-nov-2007
Creation Date: 13-sep-2007
Expiration Date: 13-sep-2008

http://www.trustedsource.org/TS?do=feedback&subdo=query&q=mytraff.com

hxxp://scanner.power-antivirus-2009.com/?aff=1424

hxxp://scanner.power-antivirus-2009.com/setup/Install.exe
Author:  MysteryFCM [ Sat Aug 02, 2008 12:35 pm ]
Post subject:  Re: Please submit sites to be added to hpHOSTS to this thread
Cheers Tom Smile
Author:  Guest [ Sat Aug 02, 2008 9:48 pm ]
Post subject:  Re: Please submit sites to be added to hpHOSTS to this thread
Just spammed our forum.

Code:
Query: http://www.pornsamateur.com/o51810.html
Page Title:      No HTML title tags found
Server Response:    200 [ OK ]
Server Type:    Apache/2.2.8 (EL)
Server IP:    84.19.185.121
IP PTR:    ns2.km20935-18.keymachine.de
hpHosts Status:    Not Listed ( Report it? )
MDL Status:    Not Listed ( Report it? )
PhishTank Status:    Not Listed ( Report it? )
Links found?:    13
Scripts found?:    8
iFrames found?:    0
Last Dissected:    02/08/2008 21:21:39
Link to this query:    http://vurl.mysteryfcm.co.uk/?url=http://www.pornsamateur.com/o51810.html&selUAStr=0


I see the following and get a "probably infected with DLOADER.Trojan" from my av.

Code:
document.location.http://codechost.com/codecpack.v.1.0.98.exe;
http://codechost.com/codecpack.v.1.0.98.exe
http://codechost.com/codecpack.v.1.0.98.exe
http://codechost.com/codecpack.v.1.0.98.exe
Author:  Guest [ Sun Aug 03, 2008 9:20 am ]
Post subject:  Re: Please submit sites to be added to hpHOSTS to this thread
Code:
grajava.za.pl


EMD

one of the fake "avi" files that is going around.. i got the link in an email..

http://www.virustotal.com/analisis/a5116e1d4b262e7481f0ddc17a57fe04
Author:  MysteryFCM [ Sun Aug 03, 2008 1:03 pm ]
Post subject:  Re: Please submit sites to be added to hpHOSTS to this thread
Cheers guys Smile
Author:  Guest [ Mon Aug 04, 2008 10:28 pm ]
Post subject:  Re: Please submit sites to be added to hpHOSTS to this thread
EMD Candidate:
This site is NOT currently listed in hpHosts
Host: adultsexkey.com
Current IP*: 66.45.226.218
Registration Service Provided By: VIVIDS MEDIA GMBH
Contact: +49.3094413291
Registrant:
N/A
Kitaesa Kitaesa (pimpmarkets@gmail.com)
Glavnaya ulica, 01
Glavniy Gorod
0,151623
CN
Tel. +235.2352643
Creation Date: 15-Nov-2006
Expiration Date: 15-Nov-2008
Domain servers in listed order:
ns4.xxx-server.biz
ns3.xxx-server.biz
ns.xxx-server.biz

malicious
http://www.trustedsource.org/TS?do=feedback&subdo=query&q=adultsexkey.com

File red-codec.v.1.211.exe

Result: 9/36 (25%)
AntiVir 7.8.1.15 2008.08.04 PCK/NSIS.M
Avast 4.8.1195.0 2008.08.04 Win32:KdCrypt
AVG 8.0.0.156 2008.08.04 Downloader.Tiny.D
Ikarus T3.1.1.34.0 2008.08.04 Win32.Fosforo
Microsoft 1.3807 2008.08.04 Trojan:Win32/Zlob.AS
Norman 5.80.02 2008.08.04 Vundo.gen201.dropper
Rising 20.56.02.00 2008.08.04 Trojan.Win32.DNSChanger.drb
TrendMicro 8.700.0.1004 2008.08.04 TROJ_ZLOB.EIL
Webwasher-Gateway 6.6.2 2008.08.04 Packer.NSIS.M


http://www.virustotal.com/analisis/046da088ce1ce237d6997f0c043c2ed0
Author:  MysteryFCM [ Mon Aug 04, 2008 10:59 pm ]
Post subject:  Re: Please submit sites to be added to hpHOSTS to this thread
Cheers Tom Smile

@Kenny,
That URL has been cleaned up and no longer exists Wink (was likely a hacked server)
Page 8 of 9 All times are UTC [ DST ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/