Which brings me to the additions, with special thanks to Anthony at MalwareURL for processing and sending me them, I've added 113 sites that are currently hosting Mebroot exploits.
Example:
http://vurl.mysteryfcm.co.uk/?url=737927
Analysis:
http://wepawet.cs.ucsb.edu/view.php?hash=458a7fa10b3e48340c72c8dc856fbeab&t=1248138822&type=js
The sites DO NOT LOAD THESE IN A BROWSER!
13negro.es
1957buickcarclub.com
433manager.net
abanicoscarbonell.com
abramgames.com
abruzzocountryhouses.com
academiajc.com
academytravel.net
ace-techauto.biz
acmpublishers.com
ac-talant.com
addis1.com
adinehtravel.com
adrianspainting.com
aeronetmx.com
afreshview.com
agrs.net
airflow.co.uk
airflow.com
albantajardines.es
aldo.com.hk
alessandrobenvenuti.net
alicechristov.com
allenpodell.com
allirelands.info
allschoolsarestrange.com
alltollz.org
alyas.it
anbuarchives.com
ancaeginocchio.it
andreolisrl.com
anghouse.com
angloven.org
animeadventurers.com
animeawardz.com
annunciromasexy.com
antoniossilktrees.com
anyexit.com
apartments-corvara.com
articolipubblicitari.it
corryville.org
finetraining.net
flashtek.ca
fomesa.com
fravaproducciones.com
freegroupvideo.us
fulleffectgospelministries.com
funsexworld.com
g-soft.ueuo.com
hentaidai.com
hovirinnankioski.com
icho-2.com
insert-coin.tv
joyeriaprieto.com
jsbtn.com
kidskeyboarding.com
kipiniak.com
kitchenexpo.com
kitexoteclub.com
kurdtelcom.com
latrivalente.com
lesboscorp.com
liliananeves.com
magicclean.com
milkonya.com
mobiletrenz.com
mobilmd.net
mojavetumbleweeds.com
moncayo.es
monkeydreams.net
moviesenlinea.com
myownsecretary.com
navarromusic.net
oloworms.co.uk
orangecrush.de
parfumautomata.com
pasionesflamencas.com
photographis.it
pointingpercy.com
portlotniczy.net
regalo-t.net
reichegger.com
reikisansfrontiere.com
salinaturda.eu
saraworld.com
schneider.hu
shanghaisisa.com
sherryswines.com
skposeidon.nu
sky-europe.net
snookerpoint.ae
stacgroup.net
stolppottery.com
strategicsimulations.net
studiodestasio.net
sushiartnet.com
szeplak-apartman.hu
tabcon.com
taco-mac.com
tereny.com
thick-click.com
tigey.net
tohentai.com
tpmrecords.com
transdalmau.com
tusolma.com
uniformesdibra.com
urbanjazz.org
urlcabin.com
vanessasbistro.com
vanmango.com
ventanademazatlan.com
yygrecords.com
1957buickcarclub.com
433manager.net
abanicoscarbonell.com
abramgames.com
abruzzocountryhouses.com
academiajc.com
academytravel.net
ace-techauto.biz
acmpublishers.com
ac-talant.com
addis1.com
adinehtravel.com
adrianspainting.com
aeronetmx.com
afreshview.com
agrs.net
airflow.co.uk
airflow.com
albantajardines.es
aldo.com.hk
alessandrobenvenuti.net
alicechristov.com
allenpodell.com
allirelands.info
allschoolsarestrange.com
alltollz.org
alyas.it
anbuarchives.com
ancaeginocchio.it
andreolisrl.com
anghouse.com
angloven.org
animeadventurers.com
animeawardz.com
annunciromasexy.com
antoniossilktrees.com
anyexit.com
apartments-corvara.com
articolipubblicitari.it
corryville.org
finetraining.net
flashtek.ca
fomesa.com
fravaproducciones.com
freegroupvideo.us
fulleffectgospelministries.com
funsexworld.com
g-soft.ueuo.com
hentaidai.com
hovirinnankioski.com
icho-2.com
insert-coin.tv
joyeriaprieto.com
jsbtn.com
kidskeyboarding.com
kipiniak.com
kitchenexpo.com
kitexoteclub.com
kurdtelcom.com
latrivalente.com
lesboscorp.com
liliananeves.com
magicclean.com
milkonya.com
mobiletrenz.com
mobilmd.net
mojavetumbleweeds.com
moncayo.es
monkeydreams.net
moviesenlinea.com
myownsecretary.com
navarromusic.net
oloworms.co.uk
orangecrush.de
parfumautomata.com
pasionesflamencas.com
photographis.it
pointingpercy.com
portlotniczy.net
regalo-t.net
reichegger.com
reikisansfrontiere.com
salinaturda.eu
saraworld.com
schneider.hu
shanghaisisa.com
sherryswines.com
skposeidon.nu
sky-europe.net
snookerpoint.ae
stacgroup.net
stolppottery.com
strategicsimulations.net
studiodestasio.net
sushiartnet.com
szeplak-apartman.hu
tabcon.com
taco-mac.com
tereny.com
thick-click.com
tigey.net
tohentai.com
tpmrecords.com
transdalmau.com
tusolma.com
uniformesdibra.com
urbanjazz.org
urlcabin.com
vanessasbistro.com
vanmango.com
ventanademazatlan.com
yygrecords.com
hpObserver Resolution Results
http://hosts-file.net/misc/hpObserver_-_Mebroot_Exploits.html
Posts
2 comments:
Dear MysteryFCM,
I am the responsable and the owner of the domain "liliananeves.com" and I would appreciate that you could tell me why you have included my domain in your list.
My website is purely professional and does not include anything offensive.
I would appreciate that you could reply me as soon as you get this message.
Best regards,
Liliana
Your site was added due to it's hosting several exploits;
http://wepawet.iseclab.org/view.php?type=js&hash=fb064ad4c95cc24b988a5340830c08da&t=1248009763
Post a Comment