Blog for hpHosts, and whatever else I feel like writing about ....

Monday, 20 July 2009

Mass removal + mass addition!

I'm happy to report, I have finished the final round of validation, and am currently in the process of removing over 3000 domains that have failed to resolve over a 5 day period. They will of course continue to be monitored, especially given alot of them were associated with rogues, malware and exploits.

Which brings me to the additions, with special thanks to Anthony at MalwareURL for processing and sending me them, I've added 113 sites that are currently hosting Mebroot exploits.

Example:
http://vurl.mysteryfcm.co.uk/?url=737927

Analysis:
http://wepawet.cs.ucsb.edu/view.php?hash=458a7fa10b3e48340c72c8dc856fbeab&t=1248138822&type=js

The sites DO NOT LOAD THESE IN A BROWSER!

13negro.es
1957buickcarclub.com
433manager.net
abanicoscarbonell.com
abramgames.com
abruzzocountryhouses.com
academiajc.com
academytravel.net
ace-techauto.biz
acmpublishers.com
ac-talant.com
addis1.com
adinehtravel.com
adrianspainting.com
aeronetmx.com
afreshview.com
agrs.net
airflow.co.uk
airflow.com
albantajardines.es
aldo.com.hk
alessandrobenvenuti.net
alicechristov.com
allenpodell.com
allirelands.info
allschoolsarestrange.com
alltollz.org
alyas.it
anbuarchives.com
ancaeginocchio.it
andreolisrl.com
anghouse.com
angloven.org
animeadventurers.com
animeawardz.com
annunciromasexy.com
antoniossilktrees.com
anyexit.com
apartments-corvara.com
articolipubblicitari.it
corryville.org
finetraining.net
flashtek.ca
fomesa.com
fravaproducciones.com
freegroupvideo.us
fulleffectgospelministries.com
funsexworld.com
g-soft.ueuo.com
hentaidai.com
hovirinnankioski.com
icho-2.com
insert-coin.tv
joyeriaprieto.com
jsbtn.com
kidskeyboarding.com
kipiniak.com
kitchenexpo.com
kitexoteclub.com
kurdtelcom.com
latrivalente.com
lesboscorp.com
liliananeves.com
magicclean.com
milkonya.com
mobiletrenz.com
mobilmd.net
mojavetumbleweeds.com
moncayo.es
monkeydreams.net
moviesenlinea.com
myownsecretary.com
navarromusic.net
oloworms.co.uk
orangecrush.de
parfumautomata.com
pasionesflamencas.com
photographis.it
pointingpercy.com
portlotniczy.net
regalo-t.net
reichegger.com
reikisansfrontiere.com
salinaturda.eu
saraworld.com
schneider.hu
shanghaisisa.com
sherryswines.com
skposeidon.nu
sky-europe.net
snookerpoint.ae
stacgroup.net
stolppottery.com
strategicsimulations.net
studiodestasio.net
sushiartnet.com
szeplak-apartman.hu
tabcon.com
taco-mac.com
tereny.com
thick-click.com
tigey.net
tohentai.com
tpmrecords.com
transdalmau.com
tusolma.com
uniformesdibra.com
urbanjazz.org
urlcabin.com
vanessasbistro.com
vanmango.com
ventanademazatlan.com
yygrecords.com


hpObserver Resolution Results
http://hosts-file.net/misc/hpObserver_-_Mebroot_Exploits.html

2 comments:

liliana said...

Dear MysteryFCM,

I am the responsable and the owner of the domain "liliananeves.com" and I would appreciate that you could tell me why you have included my domain in your list.

My website is purely professional and does not include anything offensive.

I would appreciate that you could reply me as soon as you get this message.

Best regards,

Liliana

MysteryFCM said...

Your site was added due to it's hosting several exploits;

http://wepawet.iseclab.org/view.php?type=js&hash=fb064ad4c95cc24b988a5340830c08da&t=1248009763