Check Website
Inclusion Status
It is currently Thu Mar 21, 2019 4:34 pm

All times are UTC




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 43 posts ]  Go to page Previous  1, 2, 3, 4, 5  Next
Author Message
 Post subject: Re: Please submit sites to be added to hpHosts, to this thre
PostPosted: Sun Jan 20, 2013 2:31 pm 
Offline
User avatar

Joined: Mon Oct 05, 2009 1:57 pm
Posts: 497
Location: Kent, UK
French Spam:
Code:
calmapprentice.com
myc55.com
newventes.com
dealprograms.com
verbdata.com
linfo-dunet.com
sinceremeet.com
eimmersion.net


Referrer spam to obtain back links.
Code:
Host: 37.139.52.23
IP: 37.139.52.23
Referer: http://sonalbino.net/news.php?readmore=93
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; KKman2.0)
Reconstructed URL: http:// <Removed> /blog/beware-of-pc-speedscan-pro-as-advertised-by-finallyfast-com-on-tv-adverts/

Host: 178-137-5-60-kie.broadband.kyivstar.net
IP: 178.137.5.60
Referer: http://hotei-more.ucoz.ru/
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; APC; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50215; InfoPath.1)
Reconstructed URL: http://  <Removed>  /blog/beware-of-pc-speedscan-pro-as-advertised-by-finallyfast-com-on-tv-adverts/

Host: 2.94.179.166
IP: 2.94.179.166
Referer: http://gayshow.easyxblogs.com/
User Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)
Reconstructed URL: http://  <Removed>  /blog/spammers-exploiting-vbulletin-to-thwart-the-inbuilt-mod-tools/


Fake Pharmacy
Code:
http://erection.info-kamagra.com/


Counterfeit goods sites
Code:
cheapnikeairmaxshoesonline2013.weebly.com/
cheapnikeairmaxonline.blogspot.com/


Ascii injection
Code:
Host: sol-fttb.114.34.119.46.sovam.net.ua
IP: 46.119.34.114
Referer: http:// <Removed> /blog/spammers-exploiting-vbulletin-to-thwart-the-inbuilt-mod-tools/+result:+%ed%e5+%ed%e0%f8%eb%ee%f1%fc+%f4%ee%f0%ec%fb+%e4%eb%ff+%ee%f2%ef%f0%e0%e2%ea%e8;

Host: sol-fttb.16.39.119.46.sovam.net.ua
IP: 46.119.39.16
Referer: http:// <Removed> /blog/spammers-exploiting-vbulletin-to-thwart-the-inbuilt-mod-tools/+result:+%ed%e5+%ed%e0%f8%eb%ee%f1%fc+%f4%ee%f0%ec%fb+%e4%eb%ff+%ee%f2%ef%f0%e0%e2%ea%e8;

Host: host-5-138-64-41.stv.ru
IP: 5.138.64.41
Referer: http:// <Removed> /blog/spammers-exploiting-vbulletin-to-thwart-the-inbuilt-mod-tools/+result:+%e8%f1%ef%ee%eb%fc%e7%ee%e2%e0%ed%fb+%e4%e0%ed%ed%fb%e5+%f1%e8%f1%f2%e5%ec%fb+%f1%e0%ec%ee%ee%e1%f3%f7%e5%ed%e8%ff;+%f1%f1%fb%eb%ea%e0+%e8/%e8%eb%e8+%f4%ee%f0%ec%e0+%f0%e5%e3%e8%f1%f2%f0%e0%f6%e8%e8+%ed%e5+%ed%e0%e9%e4%e5%ed%e0;+%ed%e5+%ed%e0%f8%eb%ee%f1%fc+%f4%ee%f0%ec%fb+%e4%eb%ff+%ee%f2%ef%f0%e0%e2%ea%e8;

Host: sol-fttb.44.152.118.46.sovam.net.ua
IP: 46.118.152.44
Referer: http:// <Removed> /forum/viewtopic.php?f=55&amp;t=1893++++++++++++++++++++++++++result:+%f4%ee%f0%f3%ec+%ed%e5+%ed%e0%e9%e4%e5%ed+/+%ed%e5+%f3%e4%e0%eb%ee%f1%fc+%ee%ef%f0%e5%e4%e5%eb%e8%f2%fc+ip

Query: f=55&t=1893++++++++++++++++++++++++++Result:+%F4%EE%F0%F3%EC+%ED%E5+%ED%E0%E9%E4%E5%ED+/+%ED%E5+%F3%E4%E0%EB%EE%F1%FC+%EE%EF%F0%E5%E4%E5%EB%E8%F2%FC+IP
Reconstructed URL: http://  <Removed>  /forum/viewtopic.php?f=55&t=1893++++++++++++++++++++++++++Result:+%F4%EE%F0%F3%EC+%ED%E5+%ED%E0%E9%E4%E5%ED+/+%ED%E5+%F3%E4%E0%EB%EE%F1%FC+%EE%EF%F0%E5%E4%E5%EB%E8%F2%FC+IP


Other
Code:
Host: 173.244.212.84.static.midphase.com
IP: 173.244.212.84
User Agent: start.exe



IP:
top
Top
 Profile  
Reply with quote  
 Post subject: Re: Please submit sites to be added to hpHosts, to this thre
PostPosted: Tue Jan 22, 2013 2:56 am 
Offline
Site Admin

Joined: Thu May 28, 2009 10:25 am
Posts: 6018
Cheers :)

_________________
Regards
Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

Keeping it FREE!



IP:
top
Top
 Profile  
Reply with quote  
 Post subject: Re: Please submit sites to be added to hpHosts, to this thre
PostPosted: Tue Jan 22, 2013 11:27 am 
Offline
User avatar

Joined: Mon Oct 05, 2009 1:57 pm
Posts: 497
Location: Kent, UK
French Spam:
Code:
testgiving.com
mycausality.net
awardscope.com
newsletters.apres-vous.info
relance.apres-vous.info
apres-vous.info
stats.wew153.com
teamcontemplate.com
flyknow.com
meetdirected.com
nurturedeep.com
keyparagraph.com
bynurture.com
wordsdeep.com
adviceprogram.com


Referrer spam to get back links.
Code:
Host: 37.139.52.23
IP: 37.139.52.23
Referer: http://landspace.1bb.ru/
User Agent: Mozilla/4.0 (compatible; MSIE 4.01; Digital AlphaServer 1000A 4/233; Windows NT; Powered By 64-Bit Alpha Processor)

Host: 176-8-91-143-lvv.broadband.kyivstar.net
IP: 176.8.91.143
Referer: http://rusbridegirls.w-ru.com/
User Agent: Opera/7.60 (Windows NT 5.2; U)  [en] (IBM EVV/3.0/EAK01AG9/LE)

Host: 176-8-91-143-lvv.broadband.kyivstar.net
IP: 176.8.91.143
Referer: http://modernlady.su/
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Crazy Browser 2.0.0 Beta 1; .NET CLR 1.0.3705; .NET CLR 1.1.4322)

Host: 37.139.52.23
IP: 37.139.52.23
Referer: http://landspace.1bb.ru/
User Agent: Mozilla/4.0 (compatible; MSIE 4.01; Digital AlphaServer 1000A 4/233; Windows NT; Powered By 64-Bit Alpha Processor)


http url injection / Anchor hack
Code:
Host: h5-152-220-131.host.redstation.co.uk
IP: 5.152.220.131
Referer: http://mycredittree.net
User Agent: Opera/9.80 &lt;a href=&quot;http://mycredittree.net&quot;&gt;auto loans bad credit&lt;/a&gt; (Windows NT 5.1; U; en) Presto/2.10.229 Version/11.60

Host: 184.107.192.50
IP: 184.107.192.50
Referer: http://systemprogressiveprotection.beep.com/
User Agent: Opera/9.80 &lt;a href=&quot;http://systemprogressiveprotection.beep.com/&quot;&gt;system progressive protection&lt;/a&gt; (Windows NT 5.1; U; en) Presto/2.10.229 Version/11.60


Other
Code:
Host: 68.168.211.143
IP: 68.168.211.143
User Agent: start.exe



IP:
top
Top
 Profile  
Reply with quote  
 Post subject: Re: Please submit sites to be added to hpHosts, to this thre
PostPosted: Sat Jan 26, 2013 8:41 am 
Offline
Site Admin

Joined: Thu May 28, 2009 10:25 am
Posts: 6018
Cheers :)

_________________
Regards
Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

Keeping it FREE!



IP:
top
Top
 Profile  
Reply with quote  
 Post subject: Re: Please submit sites to be added to hpHosts, to this thre
PostPosted: Sat Jan 26, 2013 1:00 pm 
Offline
User avatar

Joined: Mon Oct 05, 2009 1:57 pm
Posts: 497
Location: Kent, UK
French Spam:
Code:
rankaptitude.com
news.bazoba.com
gamecult.fr
bons-prix.fr
votre-univers.fr
ma-revue.fr
360news.fr
boardaware.com
presslining.com
knowinspire.com
eaidassist.com
fusebeyond.com
seekequation.com
massiveecho.com
bookloop.info
lettersflair.com
agencyecho.com
improvisepage.com
idealsubject.com


Other
Code:
Host: 173.244.212.79.static.midphase.com
IP: 173.244.212.79
User Agent: start.exe


Fake MBAM site
Code:
malwarebiter.com
http://blog.malwarebytes.org/intelligen ... biter-com/

Referrer spam and fake pharmacy
Code:
Host: 94-153-64-49-gprs.kyivstar.net
IP: 94.153.64.49
Referer: http://www.sax-sex.com/
User Agent: Mozilla/0.6 Beta (Windows)
Reconstructed URL: http://  <Removed>  /blog/beware-of-pc-speedscan-pro-as-advertised-by-finallyfast-com-on-tv-adverts/



IP:
top
Top
 Profile  
Reply with quote  
 Post subject: Re: Please submit sites to be added to hpHosts, to this thre
PostPosted: Mon Jan 28, 2013 8:02 pm 
Offline

Joined: Fri May 29, 2009 4:24 pm
Posts: 56
FSA site:
Code:
http://malwarebiter.com


Virustotal result:
https://www.virustotal.com/file/91e59c136c8e6d6aab1522cf53cfeab88aa996766a73c42684d55fc738400582/analysis/

_________________
Sired, Squired, Hired, RETIRED.



IP:
top
Top
 Profile  
Reply with quote  
 Post subject: Re: Please submit sites to be added to hpHosts, to this thre
PostPosted: Tue Jan 29, 2013 5:01 am 
Offline
Site Admin

Joined: Thu May 28, 2009 10:25 am
Posts: 6018
Cheers guys (I was also involved in the malwarebiter.com investigation btw - also the one going for takedown of the site itself ;)).

Sorry for the delay btw.

_________________
Regards
Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

Keeping it FREE!



IP:
top
Top
 Profile  
Reply with quote  
 Post subject: Re: Please submit sites to be added to hpHosts, to this thre
PostPosted: Tue Jan 29, 2013 9:58 am 
Offline
User avatar

Joined: Mon Oct 05, 2009 1:57 pm
Posts: 497
Location: Kent, UK
MysteryFCM wrote:
Cheers guys (I was also involved in the malwarebiter.com investigation btw - also the one going for takedown of the site itself ;)).

Nice one Steven :D

French Spam:
Code:
performbrief.com
targetimagine.com
alldiscern.com
puresynopsis.com
readerspecial.com
diagsv7.com
fans-duweb.com
plusdimmo.com
webmasterideal.com


Http url injection / anchor hack (suspected phish too although not checked the site).
Code:
Host: 89.205.49.139.robi.com.mk
IP: 89.205.49.139
Referer: http://paypalmoneyhack.org/
User Agent: Mozilla/5.0 &lt;a href=&quot;http://paypalmoneyhack.org/&quot;&gt;paypal money generator&lt;/a&gt; (Windows NT 5.1; U; en) Presto/2.10.229 Version/11.60



IP:
top
Top
 Profile  
Reply with quote  
 Post subject: Re: Please submit sites to be added to hpHosts, to this thre
PostPosted: Tue Jan 29, 2013 4:24 pm 
Offline
Site Admin

Joined: Thu May 28, 2009 10:25 am
Posts: 6018
Cheers :)

_________________
Regards
Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

Keeping it FREE!



IP:
top
Top
 Profile  
Reply with quote  
 Post subject: Re: Please submit sites to be added to hpHosts, to this thre
PostPosted: Wed Jan 30, 2013 9:33 am 
Offline
User avatar

Joined: Mon Oct 05, 2009 1:57 pm
Posts: 497
Location: Kent, UK
Code:
Host: 125.122.162.94
IP: 125.122.162.94

User Agent: start.exe



IP:
top
Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 43 posts ]  Go to page Previous  1, 2, 3, 4, 5  Next

All times are UTC


Who is online

Users browsing this forum: No registered users and 8 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
hpHosts and hpHosts Online are copyright © Malwarebytes Corp - All Rights Reserved

Powered by phpBB © 2000-2009 phpBB Group