Site Reviews by the JoshMeister in the Norton Safe Web community Wed May 23 08:59:58 +0000 2012 http://safeweb.norton.com/profile/the%20JoshMeister * Phishing domain according to OpenDNS * Falsely claims that your "Facebook Video Player" needs to be updated, and presumably tries to push malware onto your system * Redirected from Facebook wall post spam See also the Web of Trust report for this domain: https://www.mywot.com/en/scorecard/facialboom.com Fri, 06 Jan 2012 15:12:22 +0000 http://safeweb.norton.com/report/show?url=facialboom.com * Redirects to a phishing domain as confirmed by OpenDNS * Falsely claims that your "Facebook Video Player" needs to be updated, and presumably tries to push malware onto your system * Advertised by Facebook wall post spam See also the Web of Trust report for this affiliated domain: https://www.mywot.com/en/scorecard/facialboom.com Fri, 06 Jan 2012 15:11:08 +0000 http://safeweb.norton.com/report/show?url=abhsu.com Site claims "free domain registration," allows malicious content. Currently blacklisted by numerous sites including Symantec's Norton Safe Web ("Drive-By Downloads" and "Viruses"), Browser Defender, hpHosts, McAfee SiteAdvisor, Trend Micro Site Safety Center, and WOT: http://www.urlvoid.com/scan/coom.in http://www.browserdefender.com/site/coom.in/ http://hosts-file.net/?s=coom.in https://www.siteadvisor.com/sites/coom.in/msgpage https://www.mywot.com/en/scorecard/coom.in The site's current IP is also blacklisted by Malware Domain List and WOT (and has previously been blacklisted by Emerging Threats, SURBL, and ZeuS Tracker): http://www.ipvoid.com/scan/178.18.87.141 http://www.malwaredomainlist.com/mdl.php?search=178.18.87.141&inactive=on https://www.mywot.com/en/scorecard/178.18.87.141 I discovered a subdomain of this site embedded as a malicious iframe in a hacked WordPress site. The iframe code is detected as Mal/Iframe-AD by Sophos, HEUR:Trojan.Script.Iframer by Kaspersky, and PUA.HTML.Crypt by ClamAV: https://www.mywot.com/en/scorecard/ghsnha.coom.in https://www.virustotal.com/file-scan/report.html?id=329b04a72ea94b40312cb8b99b833e76da730d3503d3990fcf197f2b6cf69d2b-1320403616 http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Mal~Iframe-AD.aspx http://wepawet.iseclab.org/view.php?hash=4cbb6a9dbd1d7df9913d4435e9f24290&type=js (the malicious JavaScript code after deobfuscation) The IP of the malicious subdomain is currently blacklisted by Malware Domain List, Spamhaus, and WOT: http://www.ipvoid.com/scan/95.163.66.209 http://www.malwaredomainlist.com/mdl.php?search=95.163.66.209&inactive=on https://www.mywot.com/en/scorecard/95.163.66.209 Other malicious subdomains identified by Symantec's Norton Safe Web and Browser Defender: https://www.mywot.com/en/scorecard/03-3t.ydl.coom.in https://www.mywot.com/en/scorecard/ydl.coom.in https://www.mywot.com/en/scorecard/u68b78676r7rv75r5.coom.in https://www.mywot.com/en/scorecard/oz-39.ciq.coom.in https://www.mywot.com/en/scorecard/ciq.coom.in https://www.mywot.com/en/scorecard/gdsggdzs.coom.in Avoid this site! Fri, 04 Nov 2011 12:22:33 +0000 http://safeweb.norton.com/report/show?url=coom.in This site contains a phishing scam page purporting to be the real Twitter login. Hacked Twitter accounts spam their followers with links to this URL in an attempt to steal Twitter login credentials. Avoid this site! Sun, 02 Oct 2011 18:41:15 +0000 http://safeweb.norton.com/report/show?url=twittelr.com Hosting a malicious PDF exploit. See these scan reports: http://www.virustotal.com/file-scan/report.html?id=74b926b64dfa4e81ec0b5883a3bdb1f82de0d0e6103b2fa6861d67805ec92ada-1294293023 http://wepawet.iseclab.org/view.php?hash=2d1eb76fde5a94b14e1436039ffb0d87&type=js Thu, 06 Jan 2011 18:50:49 +0000 http://safeweb.norton.com/report/show?url=yourremue.com Fake antivirus site. References to this site were found in a malware file found on an infected machine (this file is now detected by ESET NOD32, with detection coming soon from Kaspersky and Fortinet and possibly others): https://www.virustotal.com/file-scan/report.html?id=19cd088c46f49701e6e46931e3dfd9dffe535adfb05c9087117ad49a9b00cffe-1294339381 Thu, 06 Jan 2011 18:47:09 +0000 http://safeweb.norton.com/report/show?url=marezer.com Phishing scam site purporting to be Visa, as of 15 Nov 2010. See also the Web of Trust report for an apparently hacked domain which has redirected here: http://www.mywot.com/en/scorecard/decoradorvirtual.com.br Avoid this site! Mon, 15 Nov 2010 23:05:46 +0000 http://safeweb.norton.com/report/show?url=gramipa.com Unethical, untrustworthy pharmaceutical site. Advertised by hacked Yahoo! e-mail accounts. A spam blog automatically redirects here. McAfee SiteAdvisor currently rates this as a "yellow" site and warns that "McAfee TrustedSource web reputation analysis found potential suspicious behavior on this site which may pose a security risk. Use with caution." Two SiteAdvisor users who are "Experienced Reviewers" have rated this as a "Phishing or other scams" site. Additionally, TrendMicro Web Reputation has blacklisted this site. http://www.siteadvisor.com/sites/drugstorewellbeingworld.net/msgpage http://www.urlvoid.com/scan/drugstorewellbeingworld.net Please report spam blogs to Google here: http://www.google.com/support/blogger/bin/request.py?hl=en&contact_type=spam&rd=1 See also: http://www.mywot.com/en/scorecard/zholninselgixi.blogspot.com Avoid this site! Mon, 15 Nov 2010 04:00:06 +0000 http://safeweb.norton.com/report/show?url=drugstorewellbeingworld.net Unethical and untrustworthy pharmacy site. Fraud and/or malware. Blacklisted by TrendMicro Web Reputation, SURBL, and URIBL. McAfee SiteAdvisor currently lists this as a "yellow" site because "McAfee TrustedSource web reputation analysis found potential suspicious behavior on this site which may pose a security risk. Use with caution." Spammed via junk e-mail. http://www.siteadvisor.com/sites/spirit-med.com/msgpage http://www.urlvoid.com/scan/spirit-med.com Please report suspected unethical/illegitimate pharmaceutical sites to LegitScript at http://www.legitscript.com/pharmacies/report and to the anti-spam site KnujOn by forwarding pharmaceutical spam to rx@coldrain.net. Avoid this site! Fri, 12 Nov 2010 04:46:34 +0000 http://safeweb.norton.com/report/show?url=spirit-med.com Spammed by hacked Yahoo! accounts. Unethical and untrustworthy pharmacy site. Fraud and/or malware according to AVG and Opera. Blacklisted by TrendMicro Web Reputation. McAfee SiteAdvisor currently lists this as a "yellow" site because "McAfee TrustedSource web reputation analysis found potential suspicious behavior on this site which may pose a security risk. Use with caution." Listed on Joe Wein's spam blacklist and SURBL. http://www.siteadvisor.com/sites/medickr.com/msgpage http://www.urlvoid.com/scan/medickr.com http://www.mywot.com/en/scorecard/medickr.com Please report suspected unethical/illegitimate pharmaceutical sites to LegitScript at http://www.legitscript.com/pharmacies/report and to the anti-spam site KnujOn by forwarding pharmaceutical spam to rx@coldrain.net. See also the Web of Trust rating for a page that has redirected here: http://www.mywot.com/en/scorecard/77.222.40.236 Avoid this site! Wed, 10 Nov 2010 19:31:59 +0000 http://safeweb.norton.com/report/show?url=medickr.com Spammed by hacked Yahoo! accounts. Unethical and untrustworthy pharmacy site. Also: * Fraud and/or malware according to AVG and Opera * Listed on Joe Wein's spam blacklist * As of when this report is being submitted, McAfee SiteAdvisor currently lists this as a "yellow" site because "McAfee TrustedSource web reputation analysis found potential suspicious behavior on this site which may pose a security risk. Use with caution": http://www.siteadvisor.com/sites/dietdrugoutlet.com/msgpage Please report suspected unethical/illegitimate pharmaceutical sites to LegitScript at http://www.legitscript.com/pharmacies/report and to the anti-spam site KnujOn by forwarding pharmaceutical spam to rx@coldrain.net. See also the Web of Trust ratings for this site and an apparently hacked site that has redirected here: http://www.mywot.com/en/scorecard/dietdrugoutlet.com http://www.mywot.com/scorecard/reozone.com.au Avoid this site! Tue, 09 Nov 2010 20:46:48 +0000 http://safeweb.norton.com/report/show?url=dietdrugoutlet.com Distributing FakeAV malware according to Sunbelt: http://sunbeltblog.blogspot.com/2010/11/av-scam-is-it-rogue-or-is-it-avgs-free.html Also listed as a phishing site on hpHosts: http://hosts-file.net/?s=officialversion.ru See also the many user reports on Web of Trust: http://www.mywot.com/en/scorecard/officialversion.ru Avoid this site! Mon, 08 Nov 2010 16:43:34 +0000 http://safeweb.norton.com/report/show?url=officialversion.ru Mass-mailer malware phones home here. For details, see http://security.thejoshmeister.com/2010/10/upsusps-scam-e-mail-with-oficla-trojan.html Avoid this site! Sat, 16 Oct 2010 04:21:14 +0000 http://safeweb.norton.com/report/show?url=inglo-kotor.ru Malware attached to a UPS/USPS scam e-mail phones home to this domain. Mass-mailer malware also phones home here. For details, see http://security.thejoshmeister.com/2010/10/upsusps-scam-e-mail-with-oficla-trojan.html Avoid this site! Sat, 16 Oct 2010 04:16:19 +0000 http://safeweb.norton.com/report/show?url=webauc.ru Fraudulent phishing scam site. The domain was registered yesterday and it's already hosting a phishing page purporting to be La Banque Postale. Avoid this site! Thu, 14 Oct 2010 15:56:21 +0000 http://safeweb.norton.com/report/show?url=thesmoozy.com Pharmaceutical spam, unethical behavior, and reported fraud site. Pages on hacked sites (which in turn were linked from a hacked AOL e-mail account) redirect here. As of 1 Oct 2010, this is detected as a fraud site by Netcraft and Opera, is listed on URIBL's blacklist, and was already rated "red" on Web of Trust before I added my rating and review. See also: http://www.mywot.com/scorecard/prescriptionshoppharmacy.net http://www.urlvoid.com/scan/prescriptionshoppharmacy.net http://www.mywot.com/scorecard/parrocchiasanpietroapostolo.it (a hacked domain that is hosting pages that automatically redirect to this domain) Avoid this site! Sat, 02 Oct 2010 04:50:36 +0000 http://safeweb.norton.com/report/show?url=prescriptionshoppharmacy.net Pharmaceutical spam, unethical behavior, and reported fraud site. A page on a hacked site (which was in turn linked from a hacked AOL e-mail account) redirects here. As of 30 Sept 2010, this is detected as a fraud site by Netcraft and Opera, listed on SURBL as a phishing and spam site, and classified as "yellow" by McAfee SiteAdvisor because "Our analysis found that this site may be promoted through spammy e-mail." http://www.urlvoid.com/scan/pillsmedicationspharmacy.net http://www.siteadvisor.com/sites/pillsmedicationspharmacy.net http://www.mywot.com/en/scorecard/pillsmedicationspharmacy.net Avoid this site! Thu, 30 Sep 2010 08:35:26 +0000 http://safeweb.norton.com/report/show?url=pillsmedicationspharmacy.net Fraudulent phishing scam site as of 15 Sept 2010. Confirmed by OpenDNS, Netcraft, hpHosts, Symantec's Norton Safe Web, Opera, and an Experienced Reviewer on McAfee SiteAdvisor. http://hosts-file.net/?s=riv.kiev.ua http://www.siteadvisor.com/sites/riv.kiev.ua#reviewercommentssummary Avoid this site! Thu, 16 Sep 2010 16:12:23 +0000 http://safeweb.norton.com/report/show?url=riv.kiev.ua Phishing scam site as of 8 Sept 2010. Scam e-mails purporting to be from HSBC contain an HTML file attachment with a form that submits stolen login credentials to this domain. PhishTank, hpHosts, and Symantec's Norton Safe Web currently consider this a phishing site: http://www.phishtank.com/phish_detail.php?phish_id=1039762 http://hosts-file.net/?s=dogs4me.eu See also this report from Nodus, a McAfee SiteAdvisor Experienced Reviewer: http://www.siteadvisor.com/sites/dogs4me.eu#reviewercommentssummary Avoid this site! Thu, 09 Sep 2010 02:43:15 +0000 http://safeweb.norton.com/report/show?url=dogs4me.eu Fake antivirus scam site! DO NOT enter any personal information on this site. See these reports from Microsoft and The Register: http://blogs.technet.com/b/mmpc/archive/2010/09/01/rogue-msil-zeven-wants-a-piece-of-the-microsoft-security-essentials-pie.aspx http://www.theregister.co.uk/2010/09/06/scareware_fakes_browsers_warnings/ See also several user reports on Web of Trust: http://www.mywot.com/en/scorecard/win7av.com Avoid this site! Mon, 06 Sep 2010 16:59:31 +0000 http://safeweb.norton.com/report/show?url=win7av.com A TDSS rootkit variant phones home here according to Malware Database founder and Panda Security threat researcher Sean-Paul Correll: https://twitter.com/lithium/status/22254289643 Avoid this site! Fri, 27 Aug 2010 17:03:05 +0000 http://safeweb.norton.com/report/show?url=68b6b6b6.com Phishing scam site as of 24 August 2010. Confirmed by Netcraft and Opera. Avoid this site! Tue, 24 Aug 2010 19:07:02 +0000 http://safeweb.norton.com/report/show?url=tecacom.com Hosting a phishing scam page purporting to be HSBC as of 24 August 2010. Confirmed by Norton Safe Web as of the time of this comment. Avoid this site! Tue, 24 Aug 2010 15:42:54 +0000 http://safeweb.norton.com/report/show?url=gifts2gadgets.com Hosting a phishing scam page purporting to be PayPal as of 24 August 2010. Confirmed by OpenDNS, Netcraft, and McAfee SiteAdvisor. Fake domain registration info. See also McAfee's report at http://www.siteadvisor.com/sites/onassy.com Avoid this site! Tue, 24 Aug 2010 15:39:22 +0000 http://safeweb.norton.com/report/show?url=onassy.com Hosting a phishing scam page purporting to be PayPal as of 24 August 2010. Confirmed by Netcraft, OpenDNS, hpHosts, PhishTank, Opera, and McAfee SiteAdvisor: http://www.phishtank.com/phish_detail.php?phish_id=1036463 http://www.siteadvisor.com/sites/ampd.co.za http://hosts-file.net/?s=ampd.co.za http://www.mywot.com/en/scorecard/ampd.co.za Avoid this site! Tue, 24 Aug 2010 15:13:02 +0000 http://safeweb.norton.com/report/show?url=ampd.co.za Hosted a phishing scam page purporting to be PayPal on 23 August 2010. Avoid this site! Mon, 23 Aug 2010 16:18:10 +0000 http://safeweb.norton.com/report/show?url=visa-verified.servebeer.com Phishing scam site purporting to be PayPal as of 22 August 2010. Confirmed by OpenDNS. Avoid this site! Mon, 23 Aug 2010 08:42:52 +0000 http://safeweb.norton.com/report/show?url=visaverified.redirectme.net Hosting a PayPal phishing scam as of 20 August 2010. Avoid this site! Sat, 21 Aug 2010 05:07:32 +0000 http://safeweb.norton.com/report/show?url=195.191.24.160 Hosting a PayPal phishing scam page as of 17 August 2010. Confirmed by Netcraft, OpenDNS, Opera, Symantec's Norton Safe Web, and an Experienced Reviewer on McAfee SiteAdvisor: http://www.siteadvisor.com/sites/dbsweb.co.za#reviewercommentssummary Avoid this site! Wed, 18 Aug 2010 15:56:08 +0000 http://safeweb.norton.com/report/show?url=dbsweb.co.za Subdomains of this site are known to contain adware, malware, and exploits, and have been advertised through spam. See these sources for just a few examples: http://safeweb.norton.com/report/show?url=2288.org http://www.siteadvisor.com/sites/2288.org http://www.mywot.com/en/scorecard/2288.org http://www.mywot.com/en/scorecard/happycopush.go.2288.org http://www.malwareurl.com/listing.php?domain=aikaka8848.2288.org Avoid this site! Wed, 18 Aug 2010 02:21:54 +0000 http://safeweb.norton.com/report/show?url=2288.org Phishing scam purporting to be AOL as of 16 August 2010. Avoid this site! Mon, 16 Aug 2010 16:25:07 +0000 http://safeweb.norton.com/report/show?url=011775-webmail.com Advertised via spam sent from a hacked e-mail account. Avoid this site! Mon, 16 Aug 2010 14:40:04 +0000 http://safeweb.norton.com/report/show?url=xmedicine24.com Advertised via spam sent from a hacked e-mail account. Avoid this site! Mon, 16 Aug 2010 14:39:53 +0000 http://safeweb.norton.com/report/show?url=hph0.xmedicine24.com Hosting an AOL phishing scam as of 14 August 2010, still active as of 15 August 2010. Confirmed by Netcraft, Opera, McAfee SiteAdvisor, and Symantec's Norton Safe Web: http://www.siteadvisor.com/sites/ibill98001-aol.com http://safeweb.norton.com/report/show?name=ibill98001-aol.com Avoid this site! Sun, 15 Aug 2010 15:22:52 +0000 http://safeweb.norton.com/report/show?url=ibill98001-aol.com This domain is hosting a PayPal phishing scam as of 12 August 2010. Confirmed by OpenDNS, PhishTank, and Symantec's Norton Safe Web: http://www.phishtank.com/phish_detail.php?phish_id=1032505 http://safeweb.norton.com/report/show?name=teriaplus.com Avoid this site! Fri, 13 Aug 2010 02:24:19 +0000 http://safeweb.norton.com/report/show?url=teriaplus.com This domain hosted a phishing scam purporting to be AOL on 8 Aug 2010. Avoid this site! Tue, 10 Aug 2010 02:55:56 +0000 http://safeweb.norton.com/report/show?url=pugliabikers.com WARNING: Hosting a phishing scam on a subdomain as of 5 Aug 2010. Confirmed by Netcraft and Opera. See http://www.mywot.com/scorecard/alerthsbc.sammyp.org Avoid this site! Thu, 05 Aug 2010 15:11:21 +0000 http://safeweb.norton.com/report/show?url=sammyp.org WARNING: Hosting a phishing scam as of 5 Aug 2010. Confirmed by Netcraft and Opera. See http://www.mywot.com/scorecard/alerthsbc.sammyp.org Avoid this site! Thu, 05 Aug 2010 15:10:44 +0000 http://safeweb.norton.com/report/show?url=alerthsbc.sammyp.org Phishing scam pretending to be Bank of America as of 3 Aug 2010. Confirmed by Netcraft as well as Symantec/Norton. Avoid this site! Tue, 03 Aug 2010 17:45:06 +0000 http://safeweb.norton.com/report/show?url=loansacceptable.biz Phishing scam pretending to be Skype as of 2 Aug 2010. I submitted this to Netcraft who confirmed it as a phishing site and will begin blocking it immediately. Avoid this site! Tue, 03 Aug 2010 17:43:52 +0000 http://safeweb.norton.com/report/show?url=onlinecheking.com This domain hosted targeted phishing attacks in July 2010. See this report for a subdomain which is classified as phishing by PhishTank: http://www.mywot.com/scorecard/acc1.centralserv.net Additionally, McAfee currently rates this as a "yellow" site because "Our analysis found that this site may be promoted through spammy e-mail." http://www.siteadvisor.com/sites/centralserv.net Avoid this site! Thu, 29 Jul 2010 23:02:49 +0000 http://safeweb.norton.com/report/show?url=centralserv.net Malicious site according to Google and Threat Log. Additionally, Malware phones home to this domain: http://www.urlvoid.com/scan/soft-cleaner.com http://www.google.com/safebrowsing/diagnostic?site=soft-cleaner.com http://www.threatlog.com/search/soft-cleaner.com http://anubis.iseclab.org/?action=result&task_id=1b88df6b908cc2d745d01a927ef59754b&format=html Avoid this site! Wed, 07 Jul 2010 17:09:10 +0000 http://safeweb.norton.com/report/show?url=soft-cleaner.com Malware site according to Malware Database, URLVoid, Threat Log, and Google Safe Browsing: http://malwaredatabase.net/blog/index.php/2010/07/06/new-rogue-domain-oksave9-co-cc/ http://www.urlvoid.com/scan/oksave9.co.cc http://www.threatlog.com/search/oksave9.co.cc http://www.google.com/safebrowsing/diagnostic?site=oksave9.co.cc Avoid this site! Wed, 07 Jul 2010 16:57:40 +0000 http://safeweb.norton.com/report/show?url=oksave9.co.cc PayPal phishing scam site as of 6 July 2010. Avoid this site! Tue, 06 Jul 2010 16:13:27 +0000 http://safeweb.norton.com/report/show?url=communicationelse.com Fraudulent PayPal phishing scam site as of 1 July 2010. Confirmed by McAfee, Netcraft, OpenDNS, hpHosts, and Opera, and independently confirmed by me. Also contains malware according to Symantec's Norton Safe Web and PC Tools' Browser Defender. See these reports: http://www.siteadvisor.com/sites/kachola.com.br http://hosts-file.net/?s=kachola.com.br http://safeweb.norton.com/report/show?name=kachola.com.br http://www.browserdefender.com/site/kachola.com.br/ http://www.urlvoid.com/scan/kachola.com.br Avoid this site! Thu, 01 Jul 2010 18:50:35 +0000 http://safeweb.norton.com/report/show?url=kachola.com.br Fraudulent PayPal phishing scam site as of 1 July 2010. Confirmed by Netcraft, OpenDNS, Panda Security, and Opera, and independently confirmed by me. Avoid this site! Thu, 01 Jul 2010 18:07:02 +0000 http://safeweb.norton.com/report/show?url=jadidtv.org Fraudulent PayPal phishing scam site. Confirmed by Netcraft and Opera, and independently confirmed by me. Avoid this site! Thu, 01 Jul 2010 14:59:57 +0000 http://safeweb.norton.com/report/show?url=paypal-sr.com WARNING: This domain was included in at least 9 different blacklists as of 15 June 2010 according to URLVoid: http://blog.urlvoid.com/dangerous-websites-analyzed-in-urlvoid/ http://www.urlvoid.com/scan/vv00vv.biz (currently on 8 blacklists) McAfee SiteAdvisor currently lists this as a "Red" site because "McAfee TrustedSource web reputation analysis found potential security risks with this site. Use with extreme caution." http://www.siteadvisor.com/sites/vv00vv.biz Malware Domain List indicates that this domain hosts (or recently hosted) a Zeus botnet configuration file: http://www.malwaredomainlist.com/mdl.php?search=vv00vv.biz&inactive=on See also the site's rating and reviews on Web of Trust and Symantec's Norton Safe Web: http://www.mywot.com/scorecard/vv00vv.biz http://safeweb.norton.com/report/show?name=vv00vv.biz See also the IPVoid report for this domain's current IP: http://www.ipvoid.com/scan/91.213.174.8 (currently on 7 blacklists) Avoid this site! Thu, 17 Jun 2010 20:20:06 +0000 http://safeweb.norton.com/report/show?url=vv00vv.biz This domain has contained malware in the past. McAfee SiteAdvisor currently lists this as a "Red" site because "McAfee TrustedSource web reputation analysis found potential security risks with this site. Use with extreme caution." http://www.siteadvisor.com/sites/murtinreid.com See my March 2009 report for this site on McAfee SiteAdvisor: http://www.siteadvisor.com/sites/murtinreid.com/postid/?p=1461730#post1461730 Google Safe Browsing currently lists this domain as suspicious: http://www.google.com/safebrowsing/diagnostic?site=murtinreid.com More information about this domain and its current IP: http://www.urlvoid.com/scan/murtinreid.com (currently on 4 blacklists) http://www.ipvoid.com/scan/69.43.160.145 (currently on 7 blacklists) Thu, 17 Jun 2010 19:48:02 +0000 http://safeweb.norton.com/report/show?url=murtinreid.com This domain is included in at least 10 different blacklists as of 15 June 2010 according to URLVoid: http://blog.urlvoid.com/dangerous-websites-analyzed-in-urlvoid/ http://www.urlvoid.com/scan/xorg.pl From Google's current report for this domain (quoted here because it changes often): "Part of this site was listed for suspicious activity 1827 time(s) over the past 90 days. ... Of the 128910 pages we tested on the site over the past 90 days, 11 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-06-17, and the last time suspicious content was found on this site was on 2010-06-17. Malicious software includes 41840 scripting exploit(s), 8430 trojan(s), 2 exploit(s). Successful infection resulted in an average of 2 new process(es) on the target machine. Malicious software is hosted on 7 domain(s), including deryam .biz/, taiping2030 .3322.org/, potomac .pop.e-wro.pl/. 3 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including invisionresources .pl/, taiping2030 .3322.org/, potomac .pop.e-wro.pl/. ... Over the past 90 days, xorg .pl appeared to function as an intermediary for the infection of 8236 site(s) including xzdj .gov.cn/, turkotek .com/, ywchina .cn/. ... Yes, this site has hosted malicious software over the past 90 days. It infected 13001 domain(s)..." See the current Google Safe Browsing report at http://www.google.com/safebrowsing/diagnostic?site=xorg.pl See also the site's rating and reviews on McAfee SiteAdvisor and Web of Trust: http://www.siteadvisor.com/sites/xorg.pl http://www.mywot.com/scorecard/xorg.pl See also previous reports of mine from March 2009 and March 2010 that reference this domain: http://www.siteadvisor.com/sites/murtinreid.com/postid/?p=1461730#post1461730 http://safeweb.norton.com/reviews/78248 Avoid this site! Thu, 17 Jun 2010 19:36:58 +0000 http://safeweb.norton.com/report/show?url=xorg.pl This site recently hosted malware according to McAfee SiteAdvisor, Norton Safe Web, Google, DNS-BH, and others: http://www.siteadvisor.com/sites/hngqt.cn http://www.malwaredomains.com/wordpress/?p=974 http://www.mywot.com/en/scorecard/hngqt.cn http://safeweb.norton.com/report/show?name=hngqt.cn From Google's current report (quoted because it changes frequently): "Part of this site was listed for suspicious activity 1 time(s) over the past 90 days. ... Of the 287 pages we tested on the site over the past 90 days, 28 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-06-01, and the last time suspicious content was found on this site was on 2010-05-02. ... Malicious software includes 3510 trojan(s), 409 backdoor(s). Successful infection resulted in an average of 1 new process(es) on the target machine. ... Malicious software is hosted on 2 domain(s), including jcy .gov.cn/, dnf10086 .com/. ... 1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including idcdo .com/. ... Yes, this site has hosted malicious software over the past 90 days. It infected 111 domain(s)" The current Google Safe Browsing report can be found here: http://www.google.com/safebrowsing/diagnostic?site=hngqt.cn Avoid this site! Mon, 14 Jun 2010 19:09:12 +0000 http://safeweb.norton.com/report/show?url=hngqt.cn Malware site, as confirmed by Norton Safe Web, Google, DNS-BH, and others: http://safeweb.norton.com/report/show?name=geglete.cn http://www.malwaredomains.com/wordpress/?p=1015 http://www.mywot.com/en/scorecard/geglete.cn http://www.siteadvisor.com/sites/geglete.cn#reviewercommentssummary From Google's current report (quoted because it changes frequently): "Site is listed as suspicious - visiting this web site may harm your computer. Part of this site was listed for suspicious activity 1 time(s) over the past 90 days. ... The last time Google visited this site was on 2010-06-14, and the last time suspicious content was found on this site was on 2010-06-14. Malicious software includes 112 trojan(s), 41 backdoor(s), 8 worm(s). ... Yes, this site has hosted malicious software over the past 90 days. It infected 238 domain(s)" The current Google Safe Browsing report can be found here: http://www.google.com/safebrowsing/diagnostic?site=geglete.cn Avoid this site! Mon, 14 Jun 2010 18:55:03 +0000 http://safeweb.norton.com/report/show?url=geglete.cn Malware site, as confirmed by Norton Safe Web and Google: http://safeweb.norton.com/report/show?name=csszf.cn From Google's current report (quoted because it changes frequently): "Site is listed as suspicious - visiting this web site may harm your computer. Part of this site was listed for suspicious activity 1 time(s) over the past 90 days. ... The last time Google visited this site was on 2010-06-08, and the last time suspicious content was found on this site was on 2010-06-08. Malicious software includes 52616 trojan(s), 893 worm(s). ... Yes, this site has hosted malicious software over the past 90 days. It infected 533 domain(s)" The current Google Safe Browsing report can be found here: http://www.google.com/safebrowsing/diagnostic?site=csszf.cn Avoid this site! Mon, 14 Jun 2010 18:46:44 +0000 http://safeweb.norton.com/report/show?url=csszf.cn This domain recently hosted browser exploits according to Google, hpHosts, StopBadware.org, Sunbelt Software, Spybot-Search & Destroy, Malware Database, and other reputable sources. See these reports: http://malwaredatabase.net/blog/index.php/2010/06/11/robint-us-sqli-utilizing-cve-2010-1297-exploit/ http://hosts-file.net/?s=cnzz.com http://www.siteadvisor.com/sites/cnzz.com#reviewercommentssummary http://stopbadware.org/reports/d8a1b676a424e2da79751e404249b18f http://isc.sans.edu/diary.html?storyid=4393 (similar report from 2008) From Google's current report (quoted because it changes frequently): "Of the 115 pages we tested on the site over the past 90 days, 23 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-06-14, and the last time suspicious content was found on this site was on 2010-06-12. Malicious software includes 20 exploit(s), 17 scripting exploit(s), 10 trojan(s). Successful infection resulted in an average of 5 new process(es) on the target machine. Malicious software is hosted on 46 domain(s), including csszf .cn/, hngqt .cn/, geglete .cn/. 20 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including 126xingai .com/, rentisp .net/, mn30 .us/. ... Over the past 90 days, cnzz.com appeared to function as an intermediary for the infection of 3 site(s)" The current Google Safe Browsing report can be found here: http://www.google.com/safebrowsing/diagnostic?site=cnzz.com Avoid this site! Mon, 14 Jun 2010 17:41:49 +0000 http://safeweb.norton.com/report/show?url=cnzz.com This domain recently hosted browser exploits according to Google, hpHosts, StopBadware.org, Sunbelt Software, Spybot-Search & Destroy, Malware Database, and other reputable sources. See these reports: http://malwaredatabase.net/blog/index.php/2010/06/11/robint-us-sqli-utilizing-cve-2010-1297-exploit/ http://hosts-file.net/?s=cnzz.com http://www.siteadvisor.com/sites/cnzz.com#reviewercommentssummary http://stopbadware.org/reports/d8a1b676a424e2da79751e404249b18f http://isc.sans.edu/diary.html?storyid=4393 (similar report from 2008) From Google's current report (quoted because it changes frequently): "Of the 115 pages we tested on the site over the past 90 days, 23 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-06-14, and the last time suspicious content was found on this site was on 2010-06-12. Malicious software includes 20 exploit(s), 17 scripting exploit(s), 10 trojan(s). Successful infection resulted in an average of 5 new process(es) on the target machine. Malicious software is hosted on 46 domain(s), including csszf .cn/, hngqt .cn/, geglete .cn/. 20 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including 126xingai .com/, rentisp .net/, mn30 .us/. ... Over the past 90 days, cnzz.com appeared to function as an intermediary for the infection of 3 site(s)" The current Google Safe Browsing report can be found here: http://www.google.com/safebrowsing/diagnostic?site=cnzz.com Avoid this site! Mon, 14 Jun 2010 17:40:30 +0000 http://safeweb.norton.com/report/show?url=s11.cnzz.com This domain recently hosted browser exploits according to Google, hpHosts, StopBadware.org, Sunbelt Software, Spybot-Search & Destroy, Malware Database, and other reputable sources. See these reports: http://malwaredatabase.net/blog/index.php/2010/06/11/robint-us-sqli-utilizing-cve-2010-1297-exploit/ http://hosts-file.net/?s=cnzz.com http://www.siteadvisor.com/sites/cnzz.com#reviewercommentssummary http://stopbadware.org/reports/d8a1b676a424e2da79751e404249b18f http://isc.sans.edu/diary.html?storyid=4393 (similar report from 2008) From Google's current report (quoted because it changes frequently): "Of the 115 pages we tested on the site over the past 90 days, 23 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-06-14, and the last time suspicious content was found on this site was on 2010-06-12. Malicious software includes 20 exploit(s), 17 scripting exploit(s), 10 trojan(s). Successful infection resulted in an average of 5 new process(es) on the target machine. Malicious software is hosted on 46 domain(s), including csszf .cn/, hngqt .cn/, geglete .cn/. 20 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including 126xingai .com/, rentisp .net/, mn30 .us/. ... Over the past 90 days, cnzz.com appeared to function as an intermediary for the infection of 3 site(s)" The current Google Safe Browsing report can be found here: http://www.google.com/safebrowsing/diagnostic?site=cnzz.com Avoid this site! Mon, 14 Jun 2010 17:35:38 +0000 http://safeweb.norton.com/report/show?url=zs13.cnzz.com Malicious site according to Norton Safe Web, hpHosts, Malware Domain List, and Malware Database: http://safeweb.norton.com/report/show?name=2677.in http://hosts-file.net/?s=2677.in http://www.malwaredomainlist.com/mdl.php?search=2677.in&inactive=on http://malwaredatabase.net/blog/index.php/2010/06/11/robint-us-sqli-utilizing-cve-2010-1297-exploit/ Avoid this site! Mon, 14 Jun 2010 17:04:48 +0000 http://safeweb.norton.com/report/show?url=2677.in Malware site according to Malware Database: http://malwaredatabase.net/blog/index.php/2010/06/13/new-rogue-domain-fastcleancure47pd-co-cc/ Avoid this site! Mon, 14 Jun 2010 16:25:15 +0000 http://safeweb.norton.com/report/show?url=fastcleancure47pd.co.cc PayPal phishing scam site as of 4 June 2010. Blacklisted by PhishTank, Netcraft, OpenDNS, and hpHosts: http://hosts-file.net/?s=kamal.megabyet.net As of 8 June 2010, this domain currently redirects to mybookface .net, a site that is known for using SEO poisoning with auto-redirects from affiliated sites, has reportedly been blocked by Avira AntiVir in the past according to a McAfee SiteAdvisor Experienced Reviewer, has reportedly engaged in using hacked e-mail accounts to spam people, and is listed in hpHosts as a phishing site: http://www.mywot.com/scorecard/mybookface.net/comment-2358108#comment-2358108 http://hosts-file.net/?s=mybookface.net The domain hosting this site, megabyet .net, is categorized as a "red" site on McAfee SiteAdvisor because "McAfee TrustedSource web reputation analysis found potential security risks with this site. Use with extreme caution." Symantec's Norton Safe Web has an orange "CAUTION" rating for megabyet .net due to drive-by downloads on particular subdomains. It seems that the owners of megabyet .net do not properly detect malware uploaded by their users. http://www.siteadvisor.com/sites/megabyet.net http://safeweb.norton.com/report/show?name=megabyet.net Avoid this site! Tue, 08 Jun 2010 17:47:00 +0000 http://safeweb.norton.com/report/show?url=kamal.megabyet.net Confirmed malware domain. See these various reports: http://www.siteadvisor.com/sites/trafficin002.com http://www.malwareurl.com/listing.php?domain=trafficin002.com http://www.malwaredomainlist.com/mdl.php?search=trafficin002.com&inactive=on From Google Safe Browsing's current report: "Site is listed as suspicious - visiting this web site may harm your computer. Part of this site was listed for suspicious activity 2 time(s) over the past 90 days. ... The last time Google visited this site was on 2010-06-01, and the last time suspicious content was found on this site was on 2010-06-01. Malicious software includes 7 trojan(s), 4 scripting exploit(s), 4 exploit(s). ... Over the past 90 days, trafficin002.com appeared to function as an intermediary for the infection of 13 site(s) ... Yes, this site has hosted malicious software over the past 90 days. It infected 113 domain(s) ..." You can see the most current Google Safe Browsing report here: http://www.google.com/safebrowsing/diagnostic?site=trafficin002.com Avoid this site! Wed, 02 Jun 2010 18:27:43 +0000 http://safeweb.norton.com/report/show?url=trafficin002.com This site distributes malware according to multiple trustworthy sites: http://malwaredatabase.net/blog/index.php/2010/05/31/new-rogue-domain-rise-soft-info/ http://www.siteadvisor.com/sites/rise-soft.info http://www.malwareurl.com/listing.php?domain=rise-soft.info http://www.mywot.com/en/scorecard/rise-soft.info Avoid this site! Mon, 31 May 2010 19:19:12 +0000 http://safeweb.norton.com/report/show?url=rise-soft.info This site distributes malware according to multiple trustworthy sites: http://malwaredatabase.net/blog/index.php/2010/05/30/new-rogue-domain-rtsantivirus2010-com-2/ http://safeweb.norton.com/report/show?name=rtsantivirus2010.com http://www.malwaredomainlist.com/mdl.php?search=rtsantivirus2010.com http://www.mywot.com/en/scorecard/rtsantivirus2010.com Avoid this site! Mon, 31 May 2010 02:27:29 +0000 http://safeweb.norton.com/report/show?url=rtsantivirus2010.com This site hosted a PayPal phishing scam as of 16 May 2010, as confirmed by PhishTank, Netcraft, OpenDNS, and Panda Security. See http://www.mywot.com/en/scorecard/www-paypal-com-webscr-login-securise-cmd-home-general-nav-1.tk Avoid this site! Mon, 17 May 2010 15:59:14 +0000 http://safeweb.norton.com/report/show?url=www-paypal-com-webscr-login-securise-cmd-home-general-nav-1.tk This domain hosted fake anti-virus content as of 12 May 2010. I discovered this domain through forensic analysis of an infected system, and several malware domain blacklists confirm this domain is malicious: http://malwaredomainlist.com/mdl.php?search=antispyfortress.com http://malwareurl.com/listing.php?domain=antispyfortress.com http://www.mywot.com/en/scorecard/antispyfortress.com http://siteadvisor.com/sites/antispyfortress.com#reviewercommentssummary Avoid this site! Fri, 14 May 2010 02:52:55 +0000 http://safeweb.norton.com/report/show?url=antispyfortress.com This domain hosted malware including PDF exploits as of 11 May 2010. I discovered this domain through forensic analysis of an infected system, and several malware domain blacklists confirm that this domain is malicious: http://hosts-file.net/?s=relwqin.com http://malwaredomainlist.com/mdl.php?search=relwqin.com http://malwareurl.com/listing.php?domain=relwqin.com http://www.mywot.com/en/scorecard/relwqin.com Avoid this site! Fri, 14 May 2010 02:44:50 +0000 http://safeweb.norton.com/report/show?url=relwqin.com This domain is hosting an AOL phishing scam as of 11 May 2010. Avoid this site! Tue, 11 May 2010 17:58:07 +0000 http://safeweb.norton.com/report/show?url=certified-aol.ath.cx This site apparently hosted a PayPal phishing scam as of 10 May 2010, as confirmed by Netcraft. Avoid this site! Mon, 10 May 2010 19:18:07 +0000 http://safeweb.norton.com/report/show?url=www-paypal-com-account-acctivated-securise-0123549656651112.tk This site apparently hosted a PayPal phishing scam as of 9 May 2010, as confirmed by Netcraft. Avoid this site! Mon, 10 May 2010 19:17:37 +0000 http://safeweb.norton.com/report/show?url=pay-pal-com-compte-connexion-securise-activated-564641321store.tk This site apparently hosts a PayPal phishing scam as of 10 May 2010, according to PhishTank and OpenDNS. Avoid this site! Mon, 10 May 2010 19:14:59 +0000 http://safeweb.norton.com/report/show?url=ccrm.ch An official site of McAfee, Inc. Fri, 30 Apr 2010 15:36:36 +0000 http://safeweb.norton.com/report/show?url=mcafeetheplace.com See these listings: http://www.threatexpert.com/reports.aspx?find=funnylive2010.ru http://www.malwaredomainlist.com/mdl.php?search=funnylive2010.ru&inactive=on http://www.malwaredomains.com/files/domains.txt Avoid this site! Sun, 28 Mar 2010 01:09:28 +0000 http://safeweb.norton.com/report/show?url=funnylive2010.ru According to F-Secure CRO Mikko Hypponen, an MSN worm is sending IMs in various languages, pointing the user to this domain. Also, OpenDNS blocks this as a phishing site. Sources: http://twitter.com/mikkohypponen/statuses/11149832738 http://phish.opendns.com/?url=www.facebook-you.net Avoid this site! Sat, 27 Mar 2010 16:46:01 +0000 http://safeweb.norton.com/report/show?url=facebook-you.net Fake antivirus scam spamvertised through Skype, as reported by SANS Internet Storm Center: http://isc.sans.org/diary.html?storyid=8413 Avoid this site! Thu, 18 Mar 2010 19:03:12 +0000 http://safeweb.norton.com/report/show?url=onlineck.org Malware site, reported by MalwareURL.com: http://www.malwareurl.com/listing.php?domain=eflashmedia.com Avoid this site! Thu, 18 Mar 2010 16:39:47 +0000 http://safeweb.norton.com/report/show?url=eflashmedia.com This site distributes malware posing as a crack/keygen/serial for a PlayStation 2 emulator. The domains appzkeygen(dot)com and movieutilitesonline(dot)com were reported by Chris Boyd aka "Paper Ghost" from Sunbelt Software, and upon investigation I discovered that the appzkeygen site later linked to linkmediavideo(dot)com, premierworldmedia(dot)com, moviepublicstorage(dot)com, multimediafileworld(dot)com, newcenturymultimedia(dot)com, mediaatmedia(dot)com, fileutiliteenligne(dot)com, dvdhomemedia(dot)com, videodatavoice(dot)com, mediaprogrammet(dot)com, besttoolsonline(dot)com, and now links to supermovieplugins(dot)com. See these reports: http://security.thejoshmeister.com/2010/03/play-2-emulator-malware.html http://www.malwareurl.com/listing.php?domain=supermovieplugins.com http://hosts-file.net/?s=supermovieplugins.com http://sunbeltblog.blogspot.com/2010/03/consoles-for-old-games-come-with-new.html http://www.theregister.co.uk/2010/03/11/playstation_emulator_malware/ https://www.siteadvisor.com/sites/appzkeygen.com http://www.mywot.com/scorecard/appzkeygen.com http://www.mywot.com/scorecard/movieutilitesonline.com http://www.mywot.com/scorecard/linkmediavideo.com http://www.mywot.com/scorecard/premierworldmedia.com http://www.mywot.com/scorecard/supermovieplugins.com Avoid this site! Thu, 18 Mar 2010 16:22:33 +0000 http://safeweb.norton.com/report/show?url=supermovieplugins.com This site distributes malware posing as a crack/keygen/serial for a PlayStation 2 emulator. The domains appzkeygen(dot)com and movieutilitesonline(dot)com were reported by Chris Boyd aka "Paper Ghost" from Sunbelt Software, and upon investigation I discovered that the appzkeygen site later linked to linkmediavideo(dot)com, premierworldmedia(dot)com, moviepublicstorage(dot)com, multimediafileworld(dot)com, newcenturymultimedia(dot)com, mediaatmedia(dot)com, fileutiliteenligne(dot)com, dvdhomemedia(dot)com, videodatavoice(dot)com, mediaprogrammet(dot)com, and now links to besttoolsonline(dot)com. See these reports: http://security.thejoshmeister.com/2010/03/play-2-emulator-malware.html http://sunbeltblog.blogspot.com/2010/03/consoles-for-old-games-come-with-new.html http://www.theregister.co.uk/2010/03/11/playstation_emulator_malware/ https://www.siteadvisor.com/sites/appzkeygen.com http://www.mywot.com/scorecard/appzkeygen.com http://www.mywot.com/scorecard/movieutilitesonline.com http://www.mywot.com/scorecard/linkmediavideo.com http://www.mywot.com/scorecard/premierworldmedia.com Avoid this site! Wed, 17 Mar 2010 19:09:59 +0000 http://safeweb.norton.com/report/show?url=besttoolsonline.com This site distributes malware posing as a crack/keygen/serial for a PlayStation 2 emulator. The domains appzkeygen(dot)com and movieutilitesonline(dot)com were reported by Chris Boyd aka "Paper Ghost" from Sunbelt Software, and upon investigation I discovered that the appzkeygen site later linked to linkmediavideo(dot)com, premierworldmedia(dot)com, moviepublicstorage(dot)com, multimediafileworld(dot)com, newcenturymultimedia(dot)com, mediaatmedia(dot)com, fileutiliteenligne(dot)com, dvdhomemedia(dot)com, videodatavoice(dot)com, and now links to mediaprogrammet(dot)com. See these reports: http://security.thejoshmeister.com/2010/03/play-2-emulator-malware.html http://sunbeltblog.blogspot.com/2010/03/consoles-for-old-games-come-with-new.html http://www.theregister.co.uk/2010/03/11/playstation_emulator_malware/ https://www.virustotal.com/analisis/0c70467624f17a6a704bbd39bbe1ffd3311d8dca3ae4bcc18e66a50d68823759-1268794052 https://www.siteadvisor.com/sites/appzkeygen.com http://www.mywot.com/scorecard/appzkeygen.com http://www.mywot.com/scorecard/movieutilitesonline.com http://www.mywot.com/scorecard/linkmediavideo.com http://www.mywot.com/scorecard/premierworldmedia.com Avoid this site! Wed, 17 Mar 2010 02:59:26 +0000 http://safeweb.norton.com/report/show?url=mediaprogrammet.com This site distributes malware posing as a crack/keygen/serial for a PlayStation 2 emulator. The domains appzkeygen(dot)com and movieutilitesonline(dot)com were reported by Chris Boyd aka "Paper Ghost" from Sunbelt Software, and upon investigation I discovered that the appzkeygen site later linked to linkmediavideo(dot)com, premierworldmedia(dot)com, moviepublicstorage(dot)com, multimediafileworld(dot)com, newcenturymultimedia(dot)com, mediaatmedia(dot)com, fileutiliteenligne(dot)com, dvdhomemedia(dot)com, and now links to videodatavoice(dot)com. See these reports: http://security.thejoshmeister.com/2010/03/play-2-emulator-malware.html http://sunbeltblog.blogspot.com/2010/03/consoles-for-old-games-come-with-new.html http://www.theregister.co.uk/2010/03/11/playstation_emulator_malware/ https://www.siteadvisor.com/sites/appzkeygen.com http://www.mywot.com/scorecard/appzkeygen.com http://www.mywot.com/scorecard/movieutilitesonline.com http://www.mywot.com/scorecard/linkmediavideo.com http://www.mywot.com/scorecard/premierworldmedia.com Avoid this site! Tue, 16 Mar 2010 16:35:08 +0000 http://safeweb.norton.com/report/show?url=videodatavoice.com This site distributes malware posing as a crack/keygen/serial for a PlayStation 2 emulator. The domains appzkeygen(dot)com and movieutilitesonline(dot)com were reported by Chris Boyd aka "Paper Ghost" from Sunbelt Software, and upon investigation I discovered that the appzkeygen site later linked to linkmediavideo(dot)com, premierworldmedia(dot)com, moviepublicstorage(dot)com, multimediafileworld(dot)com, newcenturymultimedia(dot)com, mediaatmedia(dot)com, fileutiliteenligne(dot)com, and now links to dvdhomemedia(dot)com. See these reports: http://security.thejoshmeister.com/2010/03/play-2-emulator-malware.html http://sunbeltblog.blogspot.com/2010/03/consoles-for-old-games-come-with-new.html http://www.theregister.co.uk/2010/03/11/playstation_emulator_malware/ https://www.siteadvisor.com/sites/appzkeygen.com http://www.mywot.com/scorecard/appzkeygen.com http://www.mywot.com/scorecard/movieutilitesonline.com http://www.mywot.com/scorecard/linkmediavideo.com http://www.mywot.com/scorecard/premierworldmedia.com Avoid this site! Tue, 16 Mar 2010 11:39:56 +0000 http://safeweb.norton.com/report/show?url=dvdhomemedia.com This site distributes malware posing as a crack/keygen/serial for a PlayStation 2 emulator. The domains appzkeygen(dot)com and movieutilitesonline(dot)com were reported by Chris Boyd aka "Paper Ghost" from Sunbelt Software, and upon investigation I discovered that the appzkeygen site later linked to linkmediavideo(dot)com, premierworldmedia(dot)com, moviepublicstorage(dot)com, multimediafileworld(dot)com, newcenturymultimedia(dot)com, mediaatmedia(dot)com, and now links to fileutiliteenligne(dot)com. See these reports: http://security.thejoshmeister.com/2010/03/play-2-emulator-malware.html http://sunbeltblog.blogspot.com/2010/03/consoles-for-old-games-come-with-new.html http://www.theregister.co.uk/2010/03/11/playstation_emulator_malware/ https://www.virustotal.com/analisis/7bc482933d9f90585986abba32a8ddeb771c906ccff2389d9fb1ed29c41b0106-1268673339 https://www.virustotal.com/analisis/acc8413dfe0b510e42f2a0805d33d2ff09246532e3703330beb973d63ac68c62-1268673615 https://www.virustotal.com/analisis/aedfe6ce93b19f5fc612623558b48eda89e1b3d9afb30d7c162a70ae7b09f2d2-1268673649 https://www.virustotal.com/analisis/52e0ae04d942dc5a749a2d265f73042612e394f503d4a5366b5e2f5167adbbb5-1268673682 https://www.virustotal.com/analisis/793ff610c1e24fa44b35e13e76d3dd1f54db8a593bf172e34cd29d00789067bf-1268669317 https://www.virustotal.com/analisis/639569dcfa842ac4cfa96a2caf5e6e8a60f7493274c3dbb7bdfc4628855c853a-1268706549 https://www.siteadvisor.com/sites/appzkeygen.com http://www.mywot.com/en/scorecard/appzkeygen.com http://www.mywot.com/en/scorecard/movieutilitesonline.com http://www.mywot.com/en/scorecard/linkmediavideo.com http://www.mywot.com/en/scorecard/premierworldmedia.com Avoid this site! Tue, 16 Mar 2010 04:18:17 +0000 http://safeweb.norton.com/report/show?url=fileutiliteenligne.com Malware phones home to this domain. See these reports: http://security.thejoshmeister.com/2010/03/play-2-emulator-malware.html http://www.sunbeltsecurity.com/cwsandboxreport.aspx?id=58232856&cs=8E5EC808872FEC92DE7DD6028E66E39A http://autovin.pandasecurity.my/?p=4309 Avoid this site! Tue, 16 Mar 2010 04:02:45 +0000 http://safeweb.norton.com/report/show?url=yourdesignart.com Malware phones home to this domain. See these reports: http://security.thejoshmeister.com/2010/03/play-2-emulator-malware.html http://www.sunbeltsecurity.com/cwsandboxreport.aspx?id=58232856&cs=8E5EC808872FEC92DE7DD6028E66E39A http://autovin.pandasecurity.my/?p=4309 Avoid this site! Tue, 16 Mar 2010 04:02:24 +0000 http://safeweb.norton.com/report/show?url=flashgraphicarts.com WARNING: Malware phones home to this domain. See these reports: http://security.thejoshmeister.com/2010/03/play-2-emulator-malware.html http://www.sunbeltsecurity.com/cwsandboxreport.aspx?id=58232856&cs=8E5EC808872FEC92DE7DD6028E66E39A http://autovin.pandasecurity.my/?p=4309 Avoid this site! Tue, 16 Mar 2010 04:02:04 +0000 http://safeweb.norton.com/report/show?url=angelhousearts.com Malware phones home to this domain. See these reports: http://security.thejoshmeister.com/2010/03/play-2-emulator-malware.html http://www.sunbeltsecurity.com/cwsandboxreport.aspx?id=58232856&cs=8E5EC808872FEC92DE7DD6028E66E39A http://autovin.pandasecurity.my/?p=4309 Avoid this site! Tue, 16 Mar 2010 04:01:08 +0000 http://safeweb.norton.com/report/show?url=carartworld.com This domain contains malware. Additionally, malware phones home to this domain. See these reports: http://security.thejoshmeister.com/2010/03/play-2-emulator-malware.html http://www.sunbeltsecurity.com/cwsandboxreport.aspx?id=58232856&cs=8E5EC808872FEC92DE7DD6028E66E39A http://autovin.pandasecurity.my/?p=4309 https://www.virustotal.com/analisis/50509fed7e729d3525825869cd1b163cd8aad8fc5c56cde8c9932d942b332321-1268708078 Avoid this site! Tue, 16 Mar 2010 03:59:03 +0000 http://safeweb.norton.com/report/show?url=lookpike.com This site distributes malware posing as a crack/keygen/serial for a PlayStation 2 emulator. The domains appzkeygen(dot)com and movieutilitesonline(dot)com were reported by Chris Boyd aka "Paper Ghost" from Sunbelt Software, and upon investigation I discovered that the appzkeygen site later linked to linkmediavideo(dot)com, premierworldmedia(dot)com, moviepublicstorage(dot)com, multimediafileworld(dot)com, newcenturymultimedia(dot)com, and now links to mediaatmedia(dot)com. See these reports: http://security.thejoshmeister.com/2010/03/play-2-emulator-malware.html http://sunbeltblog.blogspot.com/2010/03/consoles-for-old-games-come-with-new.html http://www.theregister.co.uk/2010/03/11/playstation_emulator_malware/ https://www.virustotal.com/analisis/7bc482933d9f90585986abba32a8ddeb771c906ccff2389d9fb1ed29c41b0106-1268673339 https://www.virustotal.com/analisis/acc8413dfe0b510e42f2a0805d33d2ff09246532e3703330beb973d63ac68c62-1268673615 https://www.virustotal.com/analisis/aedfe6ce93b19f5fc612623558b48eda89e1b3d9afb30d7c162a70ae7b09f2d2-1268673649 https://www.virustotal.com/analisis/52e0ae04d942dc5a749a2d265f73042612e394f503d4a5366b5e2f5167adbbb5-1268673682 https://www.virustotal.com/analisis/793ff610c1e24fa44b35e13e76d3dd1f54db8a593bf172e34cd29d00789067bf-1268669317 https://www.virustotal.com/analisis/639569dcfa842ac4cfa96a2caf5e6e8a60f7493274c3dbb7bdfc4628855c853a-1268706549 https://www.siteadvisor.com/sites/appzkeygen.com http://www.mywot.com/en/scorecard/appzkeygen.com http://www.mywot.com/en/scorecard/movieutilitesonline.com http://www.mywot.com/en/scorecard/linkmediavideo.com http://www.mywot.com/en/scorecard/premierworldmedia.com Avoid this site! Tue, 16 Mar 2010 03:48:58 +0000 http://safeweb.norton.com/report/show?url=mediaatmedia.com This site distributes malware posing as a crack/keygen/serial for a PlayStation 2 emulator. The domains appzkeygen(dot)com and movieutilitesonline(dot)com were reported by Chris Boyd aka "Paper Ghost" from Sunbelt Software, and upon investigation I discovered that the appzkeygen site later linked to linkmediavideo(dot)com, premierworldmedia(dot)com, moviepublicstorage(dot)com, multimediafileworld(dot)com, and now links to newcenturymultimedia(dot)com. See these reports: http://sunbeltblog.blogspot.com/2010/03/consoles-for-old-games-come-with-new.html http://www.theregister.co.uk/2010/03/11/playstation_emulator_malware/ https://www.virustotal.com/analisis/7bc482933d9f90585986abba32a8ddeb771c906ccff2389d9fb1ed29c41b0106-1268519716 https://www.virustotal.com/analisis/acc8413dfe0b510e42f2a0805d33d2ff09246532e3703330beb973d63ac68c62-1268519725 https://www.virustotal.com/analisis/aedfe6ce93b19f5fc612623558b48eda89e1b3d9afb30d7c162a70ae7b09f2d2-1268519631 https://www.virustotal.com/analisis/52e0ae04d942dc5a749a2d265f73042612e394f503d4a5366b5e2f5167adbbb5-1268546976 https://www.virustotal.com/analisis/793ff610c1e24fa44b35e13e76d3dd1f54db8a593bf172e34cd29d00789067bf-1268669317 https://www.siteadvisor.com/sites/appzkeygen.com http://www.mywot.com/en/scorecard/appzkeygen.com http://www.mywot.com/en/scorecard/movieutilitesonline.com http://www.mywot.com/en/scorecard/linkmediavideo.com http://www.mywot.com/en/scorecard/premierworldmedia.com Avoid this site! Mon, 15 Mar 2010 16:13:24 +0000 http://safeweb.norton.com/report/show?url=newcenturymultimedia.com This site distributes malware posing as a crack/keygen/serial for a PlayStation 2 emulator. The domains appzkeygen(dot)com and movieutilitesonline(dot)com were reported by Chris Boyd aka "Paper Ghost" from Sunbelt Software, and upon investigation I discovered that the appzkeygen site later linked to linkmediavideo(dot)com, premierworldmedia(dot)com, moviepublicstorage(dot)com, and now links to multimediafileworld(dot)com. See these reports: http://sunbeltblog.blogspot.com/2010/03/consoles-for-old-games-come-with-new.html http://www.theregister.co.uk/2010/03/11/playstation_emulator_malware/ https://www.virustotal.com/analisis/7bc482933d9f90585986abba32a8ddeb771c906ccff2389d9fb1ed29c41b0106-1268519716 https://www.virustotal.com/analisis/acc8413dfe0b510e42f2a0805d33d2ff09246532e3703330beb973d63ac68c62-1268519725 https://www.virustotal.com/analisis/aedfe6ce93b19f5fc612623558b48eda89e1b3d9afb30d7c162a70ae7b09f2d2-1268519631 https://www.virustotal.com/analisis/52e0ae04d942dc5a749a2d265f73042612e394f503d4a5366b5e2f5167adbbb5-1268546976 https://www.siteadvisor.com/sites/appzkeygen.com http://www.mywot.com/en/scorecard/appzkeygen.com http://www.mywot.com/en/scorecard/movieutilitesonline.com http://www.mywot.com/en/scorecard/linkmediavideo.com http://www.mywot.com/en/scorecard/premierworldmedia.com Avoid this site! Sun, 14 Mar 2010 07:38:46 +0000 http://safeweb.norton.com/report/show?url=multimediafileworld.com This site distributes malware posing as a crack/keygen/serial for a PlayStation 2 emulator. The domains appzkeygen(dot)com and movieutilitesonline(dot)com were reported by Chris Boyd aka "Paper Ghost" from Sunbelt Software, and upon investigation I discovered that the appzkeygen site later linked to linkmediavideo(dot)com and premierworldmedia(dot)com, and now links to moviepublicstorage(dot)com. See these reports: http://sunbeltblog.blogspot.com/2010/03/consoles-for-old-games-come-with-new.html http://www.theregister.co.uk/2010/03/11/playstation_emulator_malware/ https://www.virustotal.com/analisis/7bc482933d9f90585986abba32a8ddeb771c906ccff2389d9fb1ed29c41b0106-1268519716 https://www.virustotal.com/analisis/acc8413dfe0b510e42f2a0805d33d2ff09246532e3703330beb973d63ac68c62-1268519725 https://www.virustotal.com/analisis/aedfe6ce93b19f5fc612623558b48eda89e1b3d9afb30d7c162a70ae7b09f2d2-1268519631 https://www.siteadvisor.com/sites/appzkeygen.com Avoid this site! Sat, 13 Mar 2010 23:01:43 +0000 http://safeweb.norton.com/report/show?url=moviepublicstorage.com This site distributes malware posing as a crack/keygen/serial for a PlayStation 2 emulator. The domains appzkeygen(dot)com and movieutilitesonline(dot)com were reported by Chris Boyd aka "Paper Ghost" from Sunbelt Software, and upon investigation I discovered that the appzkeygen site later linked to linkmediavideo(dot)com and now links to premierworldmedia(dot)com. See these reports: http://sunbeltblog.blogspot.com/2010/03/consoles-for-old-games-come-with-new.html http://www.theregister.co.uk/2010/03/11/playstation_emulator_malware/ https://www.virustotal.com/analisis/7bc482933d9f90585986abba32a8ddeb771c906ccff2389d9fb1ed29c41b0106-1268416054 https://www.virustotal.com/analisis/acc8413dfe0b510e42f2a0805d33d2ff09246532e3703330beb973d63ac68c62-1268415987 https://www.siteadvisor.com/sites/appzkeygen.com Avoid this site! Fri, 12 Mar 2010 18:12:23 +0000 http://safeweb.norton.com/report/show?url=premierworldmedia.com This site distributes malware posing as a crack/keygen/serial for a PlayStation 2 emulator. The domains appzkeygen(dot)com and movieutilitesonline(dot)com were reported by Chris Boyd aka "Paper Ghost" from Sunbelt Software, and upon investigation I discovered that the appzkeygen site currently links to linkmediavideo(dot)com. See these reports: http://sunbeltblog.blogspot.com/2010/03/consoles-for-old-games-come-with-new.html http://www.theregister.co.uk/2010/03/11/playstation_emulator_malware/ https://www.virustotal.com/analisis/7bc482933d9f90585986abba32a8ddeb771c906ccff2389d9fb1ed29c41b0106-1268352425 https://www.siteadvisor.com/sites/appzkeygen.com Avoid this site! Fri, 12 Mar 2010 00:39:05 +0000 http://safeweb.norton.com/report/show?url=linkmediavideo.com This site distributes malware posing as a crack/keygen/serial for a PlayStation 2 emulator. The domains appzkeygen(dot)com and movieutilitesonline(dot)com were reported by Chris Boyd aka "Paper Ghost" from Sunbelt Software, and upon investigation I discovered that the appzkeygen site currently links to linkmediavideo(dot)com. See these reports: http://sunbeltblog.blogspot.com/2010/03/consoles-for-old-games-come-with-new.html http://www.theregister.co.uk/2010/03/11/playstation_emulator_malware/ https://www.virustotal.com/analisis/7bc482933d9f90585986abba32a8ddeb771c906ccff2389d9fb1ed29c41b0106-1268352425 https://www.siteadvisor.com/sites/appzkeygen.com Avoid this site! Fri, 12 Mar 2010 00:38:39 +0000 http://safeweb.norton.com/report/show?url=movieutilitesonline.com This site distributes malware posing as a crack/keygen/serial for a PlayStation 2 emulator. The domains appzkeygen(dot)com and movieutilitesonline(dot)com were reported by Chris Boyd aka "Paper Ghost" from Sunbelt Software, and upon investigation I discovered that the appzkeygen site currently links to linkmediavideo(dot)com. See these reports: http://sunbeltblog.blogspot.com/2010/03/consoles-for-old-games-come-with-new.html http://www.theregister.co.uk/2010/03/11/playstation_emulator_malware/ https://www.virustotal.com/analisis/7bc482933d9f90585986abba32a8ddeb771c906ccff2389d9fb1ed29c41b0106-1268352425 https://www.siteadvisor.com/sites/appzkeygen.com Avoid this site! Fri, 12 Mar 2010 00:37:56 +0000 http://safeweb.norton.com/report/show?url=appzkeygen.com See this report: http://sunbeltblog.blogspot.com/2010/03/cute-and-malicious.html Avoid this site! Mon, 08 Mar 2010 21:56:26 +0000 http://safeweb.norton.com/report/show?url=oast.com Malware redirector. Malicious URLs on this domain redirect to the malware described in the following Sophos article, hosted on the domain mentioned in the following Sunbelt article: http://www.sophos.com/blogs/gc/g/2010/02/25/sea-world-killer-whale-attack-video-leads-malware/ http://sunbeltblog.blogspot.com/2010/02/twitter-search-is-finding-rogues-thanks.html See reports for these related domains: http://www.mywot.com/scorecard/my-securesystem.in http://www.mywot.com/scorecard/limp-viesys7.in Avoid this site! Fri, 26 Feb 2010 19:04:54 +0000 http://safeweb.norton.com/report/show?url=tbjo9n.xorg.pl Malware redirector. Malicious URLs on this domain redirect to the malware described in the following Sophos article, hosted on the domain mentioned in the following Sunbelt article: http://www.sophos.com/blogs/gc/g/2010/02/25/sea-world-killer-whale-attack-video-leads-malware/ http://sunbeltblog.blogspot.com/2010/02/twitter-search-is-finding-rogues-thanks.html The domain was just registered today. Avoid this site! Fri, 26 Feb 2010 18:16:33 +0000 http://safeweb.norton.com/report/show?url=limp-viesys7.in Malware domain advertised through Twitter spam, according to Sunbelt Software security researcher Chris Boyd: http://sunbeltblog.blogspot.com/2010/02/twitter-search-is-finding-rogues-thanks.html http://www.theregister.co.uk/2010/02/25/killer_whale_scareware/ Avoid this site! Fri, 26 Feb 2010 18:04:10 +0000 http://safeweb.norton.com/report/show?url=my-securesystem.in Affiliated with Koobface malware. For details see this report: http://security.thejoshmeister.com/2010/02/new-koobface-domains.html Avoid this site! Mon, 08 Feb 2010 13:36:59 +0000 http://safeweb.norton.com/report/show?url=pablopicassosite.com Affiliated with Koobface malware. For details please see these reports: http://security.thejoshmeister.com/2010/02/new-koobface-domains.html http://www.siteadvisor.com/sites/online-doors.co.uk Mon, 01 Feb 2010 03:27:07 +0000 http://safeweb.norton.com/report/show?url=online-doors.co.uk Affiliated with Koobface malware. For details please see this report: http://security.thejoshmeister.com/2010/02/new-koobface-domains.html Mon, 01 Feb 2010 03:26:45 +0000 http://safeweb.norton.com/report/show?url=shanghaiwebcamera.com Affiliated with Koobface malware. For details please see this report: http://security.thejoshmeister.com/2010/02/new-koobface-domains.html Mon, 01 Feb 2010 03:24:24 +0000 http://safeweb.norton.com/report/show?url=herangi.com Affiliated with Koobface malware. For details please see this report: http://security.thejoshmeister.com/2010/02/new-koobface-domains.html Mon, 01 Feb 2010 03:24:01 +0000 http://safeweb.norton.com/report/show?url=connecticuttea.com Affiliated with Koobface malware. For details please see this report: http://security.thejoshmeister.com/2010/02/new-koobface-domains.html Mon, 01 Feb 2010 03:23:07 +0000 http://safeweb.norton.com/report/show?url=gxf.co.il Affiliated with Koobface malware. For details please see this report: http://security.thejoshmeister.com/2010/02/new-koobface-domains.html Mon, 01 Feb 2010 03:21:36 +0000 http://safeweb.norton.com/report/show?url=renewalretreat.com Affiliated with Koobface malware. For details please see this report: http://security.thejoshmeister.com/2010/02/new-koobface-domains.html Mon, 01 Feb 2010 03:20:23 +0000 http://safeweb.norton.com/report/show?url=coloradowin.com Confirmed phishing scam site (Netcraft, Opera, self). See this report on Web of Trust: http://www.mywot.com/en/scorecard/htrfwdsadsa.pochta.ru/comment-5496661 See also these reports for pochta.ru in general: http://www.siteadvisor.com/sites/pochta.ru#reviewercommentssummary http://google.com/safebrowsing/diagnostic?site=pochta.ru (quoted below) Here's an excerpt from the current Google Safe Browsing report since it changes frequently: "Part of this site was listed for suspicious activity 30 time(s) over the past 90 days. ... Of the 1057 pages we tested on the site over the past 90 days, 172 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-01-18, and the last time suspicious content was found on this site was on 2010-01-18. Malicious software includes 515 scripting exploit(s), 9 trojan(s), 6 exploit(s). Successful infection resulted in an average of 1 new process(es) on the target machine. Malicious software is hosted on 22 domain(s), including nonepersonal .com/, fastreadingit .ru/, 209.205.196 .0/. 4 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including extraspray .com/, gumentha .com/, flo5 .cn/. ... Yes, this site has hosted malicious software over the past 90 days. It infected 67 domain(s), including xixomeme.ifrance .com/, wipemowa.ifrance .com/, getosoxi.ifrance .com/." Avoid this site! Mon, 18 Jan 2010 21:12:03 +0000 http://safeweb.norton.com/report/show?url=htrfwdsadsa.pochta.ru Phishing scam; a page on this site pretends to be PayPal as of 12 January 2010. See also Symantec's report for a related phishing site: http://safeweb.norton.com/report/show?name=83.170.88.119 Tue, 12 Jan 2010 10:17:03 +0000 http://safeweb.norton.com/report/show?url=83.170.112.238 Phishing scam; a page on this site pretends to be PayPal as of 12 January 2010. See also Symantec's report for a related phishing site: http://safeweb.norton.com/report/show?name=83.170.112.238 Tue, 12 Jan 2010 09:55:12 +0000 http://safeweb.norton.com/report/show?url=83.170.88.119 Malware domain. These .ru domains were all privately registered on one of two dates (2009.10.28 or 2009.11.22), were all last updated on the same date (2010.01.11), and all have been reported by Websense Security Labs, Malware Domain List, or others as being malicious: http://www.mywot.com/en/scorecard/ampsguide.ru http://www.mywot.com/en/scorecard/bestbob.ru http://www.mywot.com/en/scorecard/burkewebservices.ru http://www.mywot.com/en/scorecard/carswebnet.ru http://www.mywot.com/en/scorecard/funwebmail.ru http://www.mywot.com/en/scorecard/greatwebradio.ru http://www.mywot.com/en/scorecard/guidebat.ru http://www.mywot.com/en/scorecard/johnsite.ru http://www.mywot.com/en/scorecard/lagworld.ru http://www.mywot.com/en/scorecard/manbest.ru http://www.mywot.com/en/scorecard/suesite.ru http://www.mywot.com/en/scorecard/superaguide.ru http://www.mywot.com/en/scorecard/superore.ru http://www.mywot.com/en/scorecard/theaonline.ru http://www.mywot.com/en/scorecard/theatticsale.ru http://www.mywot.com/en/scorecard/theaworld.ru http://www.mywot.com/en/scorecard/thechocolateweb.ru http://www.mywot.com/en/scorecard/thelaceweb.ru http://www.mywot.com/en/scorecard/themobilewindow.ru http://www.mywot.com/en/scorecard/themobisite.ru http://www.mywot.com/en/scorecard/usaworldwideweb.ru http://www.mywot.com/en/scorecard/warbest.ru http://www.mywot.com/en/scorecard/webdesktopnet.ru http://www.mywot.com/en/scorecard/webdirectbroker.ru http://www.mywot.com/en/scorecard/weblessnet.ru http://www.mywot.com/en/scorecard/webnetenglish.ru http://www.mywot.com/en/scorecard/webnetlender.ru http://www.mywot.com/en/scorecard/webnetloans.ru http://www.mywot.com/en/scorecard/worldsouth.ru http://www.mywot.com/en/scorecard/worldwebworld.ru http://www.mywot.com/en/scorecard/xboxliveweb.ru For a detailed report on these domains, see: http://security.thejoshmeister.com/2010/01/malicious-site-reports-dangerous-ru.html Avoid this site! Mon, 11 Jan 2010 12:56:00 +0000 http://safeweb.norton.com/report/show?url=theaonline.ru Malware domain. These .ru domains were all privately registered on one of two dates (2009.10.28 or 2009.11.22), were all last updated on the same date (2010.01.11), and all have been reported by Websense Security Labs, Malware Domain List, or others as being malicious: http://www.mywot.com/en/scorecard/ampsguide.ru http://www.mywot.com/en/scorecard/bestbob.ru http://www.mywot.com/en/scorecard/burkewebservices.ru http://www.mywot.com/en/scorecard/carswebnet.ru http://www.mywot.com/en/scorecard/funwebmail.ru http://www.mywot.com/en/scorecard/greatwebradio.ru http://www.mywot.com/en/scorecard/guidebat.ru http://www.mywot.com/en/scorecard/johnsite.ru http://www.mywot.com/en/scorecard/lagworld.ru http://www.mywot.com/en/scorecard/manbest.ru http://www.mywot.com/en/scorecard/suesite.ru http://www.mywot.com/en/scorecard/superaguide.ru http://www.mywot.com/en/scorecard/superore.ru http://www.mywot.com/en/scorecard/theaonline.ru http://www.mywot.com/en/scorecard/theatticsale.ru http://www.mywot.com/en/scorecard/theaworld.ru http://www.mywot.com/en/scorecard/thechocolateweb.ru http://www.mywot.com/en/scorecard/thelaceweb.ru http://www.mywot.com/en/scorecard/themobilewindow.ru http://www.mywot.com/en/scorecard/themobisite.ru http://www.mywot.com/en/scorecard/usaworldwideweb.ru http://www.mywot.com/en/scorecard/warbest.ru http://www.mywot.com/en/scorecard/webdesktopnet.ru http://www.mywot.com/en/scorecard/webdirectbroker.ru http://www.mywot.com/en/scorecard/weblessnet.ru http://www.mywot.com/en/scorecard/webnetenglish.ru http://www.mywot.com/en/scorecard/webnetlender.ru http://www.mywot.com/en/scorecard/webnetloans.ru http://www.mywot.com/en/scorecard/worldsouth.ru http://www.mywot.com/en/scorecard/worldwebworld.ru http://www.mywot.com/en/scorecard/xboxliveweb.ru For a detailed report on these domains, see: http://security.thejoshmeister.com/2010/01/malicious-site-reports-dangerous-ru.html Avoid this site! Mon, 11 Jan 2010 12:55:30 +0000 http://safeweb.norton.com/report/show?url=johnsite.ru Malware domain. These .ru domains were all privately registered on one of two dates (2009.10.28 or 2009.11.22), were all last updated on the same date (2010.01.11), and all have been reported by Websense Security Labs, Malware Domain List, or others as being malicious: http://www.mywot.com/en/scorecard/ampsguide.ru http://www.mywot.com/en/scorecard/bestbob.ru http://www.mywot.com/en/scorecard/burkewebservices.ru http://www.mywot.com/en/scorecard/carswebnet.ru http://www.mywot.com/en/scorecard/funwebmail.ru http://www.mywot.com/en/scorecard/greatwebradio.ru http://www.mywot.com/en/scorecard/guidebat.ru http://www.mywot.com/en/scorecard/johnsite.ru http://www.mywot.com/en/scorecard/lagworld.ru http://www.mywot.com/en/scorecard/manbest.ru http://www.mywot.com/en/scorecard/suesite.ru http://www.mywot.com/en/scorecard/superaguide.ru http://www.mywot.com/en/scorecard/superore.ru http://www.mywot.com/en/scorecard/theaonline.ru http://www.mywot.com/en/scorecard/theatticsale.ru http://www.mywot.com/en/scorecard/theaworld.ru http://www.mywot.com/en/scorecard/thechocolateweb.ru http://www.mywot.com/en/scorecard/thelaceweb.ru http://www.mywot.com/en/scorecard/themobilewindow.ru http://www.mywot.com/en/scorecard/themobisite.ru http://www.mywot.com/en/scorecard/usaworldwideweb.ru http://www.mywot.com/en/scorecard/warbest.ru http://www.mywot.com/en/scorecard/webdesktopnet.ru http://www.mywot.com/en/scorecard/webdirectbroker.ru http://www.mywot.com/en/scorecard/weblessnet.ru http://www.mywot.com/en/scorecard/webnetenglish.ru http://www.mywot.com/en/scorecard/webnetlender.ru http://www.mywot.com/en/scorecard/webnetloans.ru http://www.mywot.com/en/scorecard/worldsouth.ru http://www.mywot.com/en/scorecard/worldwebworld.ru http://www.mywot.com/en/scorecard/xboxliveweb.ru For a detailed report on these domains, see: http://security.thejoshmeister.com/2010/01/malicious-site-reports-dangerous-ru.html Avoid this site! Mon, 11 Jan 2010 12:54:55 +0000 http://safeweb.norton.com/report/show?url=warbest.ru Malware domain. These .ru domains were all privately registered on one of two dates (2009.10.28 or 2009.11.22), were all last updated on the same date (2010.01.11), and all have been reported by Websense Security Labs, Malware Domain List, or others as being malicious: http://www.mywot.com/en/scorecard/ampsguide.ru http://www.mywot.com/en/scorecard/bestbob.ru http://www.mywot.com/en/scorecard/burkewebservices.ru http://www.mywot.com/en/scorecard/carswebnet.ru http://www.mywot.com/en/scorecard/funwebmail.ru http://www.mywot.com/en/scorecard/greatwebradio.ru http://www.mywot.com/en/scorecard/guidebat.ru http://www.mywot.com/en/scorecard/johnsite.ru http://www.mywot.com/en/scorecard/lagworld.ru http://www.mywot.com/en/scorecard/manbest.ru http://www.mywot.com/en/scorecard/suesite.ru http://www.mywot.com/en/scorecard/superaguide.ru http://www.mywot.com/en/scorecard/superore.ru http://www.mywot.com/en/scorecard/theaonline.ru http://www.mywot.com/en/scorecard/theatticsale.ru http://www.mywot.com/en/scorecard/theaworld.ru http://www.mywot.com/en/scorecard/thechocolateweb.ru http://www.mywot.com/en/scorecard/thelaceweb.ru http://www.mywot.com/en/scorecard/themobilewindow.ru http://www.mywot.com/en/scorecard/themobisite.ru http://www.mywot.com/en/scorecard/usaworldwideweb.ru http://www.mywot.com/en/scorecard/warbest.ru http://www.mywot.com/en/scorecard/webdesktopnet.ru http://www.mywot.com/en/scorecard/webdirectbroker.ru http://www.mywot.com/en/scorecard/weblessnet.ru http://www.mywot.com/en/scorecard/webnetenglish.ru http://www.mywot.com/en/scorecard/webnetlender.ru http://www.mywot.com/en/scorecard/webnetloans.ru http://www.mywot.com/en/scorecard/worldsouth.ru http://www.mywot.com/en/scorecard/worldwebworld.ru http://www.mywot.com/en/scorecard/xboxliveweb.ru For a detailed report on these domains, see: http://security.thejoshmeister.com/2010/01/malicious-site-reports-dangerous-ru.html Avoid this site! Mon, 11 Jan 2010 12:54:22 +0000 http://safeweb.norton.com/report/show?url=webnetlender.ru Malware domain. These .ru domains were all privately registered on one of two dates (2009.10.28 or 2009.11.22), were all last updated on the same date (2010.01.11), and all have been reported by Websense Security Labs, Malware Domain List, or others as being malicious: http://www.mywot.com/en/scorecard/ampsguide.ru http://www.mywot.com/en/scorecard/bestbob.ru http://www.mywot.com/en/scorecard/burkewebservices.ru http://www.mywot.com/en/scorecard/carswebnet.ru http://www.mywot.com/en/scorecard/funwebmail.ru http://www.mywot.com/en/scorecard/greatwebradio.ru http://www.mywot.com/en/scorecard/guidebat.ru http://www.mywot.com/en/scorecard/johnsite.ru http://www.mywot.com/en/scorecard/lagworld.ru http://www.mywot.com/en/scorecard/manbest.ru http://www.mywot.com/en/scorecard/suesite.ru http://www.mywot.com/en/scorecard/superaguide.ru http://www.mywot.com/en/scorecard/superore.ru http://www.mywot.com/en/scorecard/theaonline.ru http://www.mywot.com/en/scorecard/theatticsale.ru http://www.mywot.com/en/scorecard/theaworld.ru http://www.mywot.com/en/scorecard/thechocolateweb.ru http://www.mywot.com/en/scorecard/thelaceweb.ru http://www.mywot.com/en/scorecard/themobilewindow.ru http://www.mywot.com/en/scorecard/themobisite.ru http://www.mywot.com/en/scorecard/usaworldwideweb.ru http://www.mywot.com/en/scorecard/warbest.ru http://www.mywot.com/en/scorecard/webdesktopnet.ru http://www.mywot.com/en/scorecard/webdirectbroker.ru http://www.mywot.com/en/scorecard/weblessnet.ru http://www.mywot.com/en/scorecard/webnetenglish.ru http://www.mywot.com/en/scorecard/webnetlender.ru http://www.mywot.com/en/scorecard/webnetloans.ru http://www.mywot.com/en/scorecard/worldsouth.ru http://www.mywot.com/en/scorecard/worldwebworld.ru http://www.mywot.com/en/scorecard/xboxliveweb.ru For a detailed report on these domains, see: http://security.thejoshmeister.com/2010/01/malicious-site-reports-dangerous-ru.html Avoid this site! Mon, 11 Jan 2010 12:53:26 +0000 http://safeweb.norton.com/report/show?url=weblessnet.ru Malware domain. These .ru domains were all privately registered on one of two dates (2009.10.28 or 2009.11.22), were all last updated on the same date (2010.01.11), and all have been reported by Websense Security Labs, Malware Domain List, or others as being malicious: http://www.mywot.com/en/scorecard/ampsguide.ru http://www.mywot.com/en/scorecard/bestbob.ru http://www.mywot.com/en/scorecard/burkewebservices.ru http://www.mywot.com/en/scorecard/carswebnet.ru http://www.mywot.com/en/scorecard/funwebmail.ru http://www.mywot.com/en/scorecard/greatwebradio.ru http://www.mywot.com/en/scorecard/guidebat.ru http://www.mywot.com/en/scorecard/johnsite.ru http://www.mywot.com/en/scorecard/lagworld.ru http://www.mywot.com/en/scorecard/manbest.ru http://www.mywot.com/en/scorecard/suesite.ru http://www.mywot.com/en/scorecard/superaguide.ru http://www.mywot.com/en/scorecard/superore.ru http://www.mywot.com/en/scorecard/theaonline.ru http://www.mywot.com/en/scorecard/theatticsale.ru http://www.mywot.com/en/scorecard/theaworld.ru http://www.mywot.com/en/scorecard/thechocolateweb.ru http://www.mywot.com/en/scorecard/thelaceweb.ru http://www.mywot.com/en/scorecard/themobilewindow.ru http://www.mywot.com/en/scorecard/themobisite.ru http://www.mywot.com/en/scorecard/usaworldwideweb.ru http://www.mywot.com/en/scorecard/warbest.ru http://www.mywot.com/en/scorecard/webdesktopnet.ru http://www.mywot.com/en/scorecard/webdirectbroker.ru http://www.mywot.com/en/scorecard/weblessnet.ru http://www.mywot.com/en/scorecard/webnetenglish.ru http://www.mywot.com/en/scorecard/webnetlender.ru http://www.mywot.com/en/scorecard/webnetloans.ru http://www.mywot.com/en/scorecard/worldsouth.ru http://www.mywot.com/en/scorecard/worldwebworld.ru http://www.mywot.com/en/scorecard/xboxliveweb.ru For a detailed report on these domains, see: http://security.thejoshmeister.com/2010/01/malicious-site-reports-dangerous-ru.html Avoid this site! Mon, 11 Jan 2010 12:53:15 +0000 http://safeweb.norton.com/report/show?url=manbest.ru Malware domain. These .ru domains were all privately registered on one of two dates (2009.10.28 or 2009.11.22), were all last updated on the same date (2010.01.11), and all have been reported by Websense Security Labs, Malware Domain List, or others as being malicious: http://www.mywot.com/en/scorecard/ampsguide.ru http://www.mywot.com/en/scorecard/bestbob.ru http://www.mywot.com/en/scorecard/burkewebservices.ru http://www.mywot.com/en/scorecard/carswebnet.ru http://www.mywot.com/en/scorecard/funwebmail.ru http://www.mywot.com/en/scorecard/greatwebradio.ru http://www.mywot.com/en/scorecard/guidebat.ru http://www.mywot.com/en/scorecard/johnsite.ru http://www.mywot.com/en/scorecard/lagworld.ru http://www.mywot.com/en/scorecard/manbest.ru http://www.mywot.com/en/scorecard/suesite.ru http://www.mywot.com/en/scorecard/superaguide.ru http://www.mywot.com/en/scorecard/superore.ru http://www.mywot.com/en/scorecard/theaonline.ru http://www.mywot.com/en/scorecard/theatticsale.ru http://www.mywot.com/en/scorecard/theaworld.ru http://www.mywot.com/en/scorecard/thechocolateweb.ru http://www.mywot.com/en/scorecard/thelaceweb.ru http://www.mywot.com/en/scorecard/themobilewindow.ru http://www.mywot.com/en/scorecard/themobisite.ru http://www.mywot.com/en/scorecard/usaworldwideweb.ru http://www.mywot.com/en/scorecard/warbest.ru http://www.mywot.com/en/scorecard/webdesktopnet.ru http://www.mywot.com/en/scorecard/webdirectbroker.ru http://www.mywot.com/en/scorecard/weblessnet.ru http://www.mywot.com/en/scorecard/webnetenglish.ru http://www.mywot.com/en/scorecard/webnetlender.ru http://www.mywot.com/en/scorecard/webnetloans.ru http://www.mywot.com/en/scorecard/worldsouth.ru http://www.mywot.com/en/scorecard/worldwebworld.ru http://www.mywot.com/en/scorecard/xboxliveweb.ru For a detailed report on these domains, see: http://security.thejoshmeister.com/2010/01/malicious-site-reports-dangerous-ru.html Avoid this site! Mon, 11 Jan 2010 12:52:34 +0000 http://safeweb.norton.com/report/show?url=xboxliveweb.ru Malware domain. These .ru domains were all privately registered on one of two dates (2009.10.28 or 2009.11.22), were all last updated on the same date (2010.01.11), and all have been reported by Websense Security Labs, Malware Domain List, or others as being malicious: http://www.mywot.com/en/scorecard/ampsguide.ru http://www.mywot.com/en/scorecard/bestbob.ru http://www.mywot.com/en/scorecard/burkewebservices.ru http://www.mywot.com/en/scorecard/carswebnet.ru http://www.mywot.com/en/scorecard/funwebmail.ru http://www.mywot.com/en/scorecard/greatwebradio.ru http://www.mywot.com/en/scorecard/guidebat.ru http://www.mywot.com/en/scorecard/johnsite.ru http://www.mywot.com/en/scorecard/lagworld.ru http://www.mywot.com/en/scorecard/manbest.ru http://www.mywot.com/en/scorecard/suesite.ru http://www.mywot.com/en/scorecard/superaguide.ru http://www.mywot.com/en/scorecard/superore.ru http://www.mywot.com/en/scorecard/theaonline.ru http://www.mywot.com/en/scorecard/theatticsale.ru http://www.mywot.com/en/scorecard/theaworld.ru http://www.mywot.com/en/scorecard/thechocolateweb.ru http://www.mywot.com/en/scorecard/thelaceweb.ru http://www.mywot.com/en/scorecard/themobilewindow.ru http://www.mywot.com/en/scorecard/themobisite.ru http://www.mywot.com/en/scorecard/usaworldwideweb.ru http://www.mywot.com/en/scorecard/warbest.ru http://www.mywot.com/en/scorecard/webdesktopnet.ru http://www.mywot.com/en/scorecard/webdirectbroker.ru http://www.mywot.com/en/scorecard/weblessnet.ru http://www.mywot.com/en/scorecard/webnetenglish.ru http://www.mywot.com/en/scorecard/webnetlender.ru http://www.mywot.com/en/scorecard/webnetloans.ru http://www.mywot.com/en/scorecard/worldsouth.ru http://www.mywot.com/en/scorecard/worldwebworld.ru http://www.mywot.com/en/scorecard/xboxliveweb.ru For a detailed report on these domains, see: http://security.thejoshmeister.com/2010/01/malicious-site-reports-dangerous-ru.html Avoid this site! Mon, 11 Jan 2010 12:52:07 +0000 http://safeweb.norton.com/report/show?url=funwebmail.ru Malware domain. These .ru domains were all privately registered on one of two dates (2009.10.28 or 2009.11.22), were all last updated on the same date (2010.01.11), and all have been reported by Websense Security Labs, Malware Domain List, or others as being malicious: http://www.mywot.com/en/scorecard/ampsguide.ru http://www.mywot.com/en/scorecard/bestbob.ru http://www.mywot.com/en/scorecard/burkewebservices.ru http://www.mywot.com/en/scorecard/carswebnet.ru http://www.mywot.com/en/scorecard/funwebmail.ru http://www.mywot.com/en/scorecard/greatwebradio.ru http://www.mywot.com/en/scorecard/guidebat.ru http://www.mywot.com/en/scorecard/johnsite.ru http://www.mywot.com/en/scorecard/lagworld.ru http://www.mywot.com/en/scorecard/manbest.ru http://www.mywot.com/en/scorecard/suesite.ru http://www.mywot.com/en/scorecard/superaguide.ru http://www.mywot.com/en/scorecard/superore.ru http://www.mywot.com/en/scorecard/theaonline.ru http://www.mywot.com/en/scorecard/theatticsale.ru http://www.mywot.com/en/scorecard/theaworld.ru http://www.mywot.com/en/scorecard/thechocolateweb.ru http://www.mywot.com/en/scorecard/thelaceweb.ru http://www.mywot.com/en/scorecard/themobilewindow.ru http://www.mywot.com/en/scorecard/themobisite.ru http://www.mywot.com/en/scorecard/usaworldwideweb.ru http://www.mywot.com/en/scorecard/warbest.ru http://www.mywot.com/en/scorecard/webdesktopnet.ru http://www.mywot.com/en/scorecard/webdirectbroker.ru http://www.mywot.com/en/scorecard/weblessnet.ru http://www.mywot.com/en/scorecard/webnetenglish.ru http://www.mywot.com/en/scorecard/webnetlender.ru http://www.mywot.com/en/scorecard/webnetloans.ru http://www.mywot.com/en/scorecard/worldsouth.ru http://www.mywot.com/en/scorecard/worldwebworld.ru http://www.mywot.com/en/scorecard/xboxliveweb.ru For a detailed report on these domains, see: http://security.thejoshmeister.com/2010/01/malicious-site-reports-dangerous-ru.html Avoid this site! Mon, 11 Jan 2010 12:51:38 +0000 http://safeweb.norton.com/report/show?url=usaworldwideweb.ru Malware domain. These .ru domains were all privately registered on one of two dates (2009.10.28 or 2009.11.22), were all last updated on the same date (2010.01.11), and all have been reported by Websense Security Labs, Malware Domain List, or others as being malicious: http://www.mywot.com/en/scorecard/ampsguide.ru http://www.mywot.com/en/scorecard/bestbob.ru http://www.mywot.com/en/scorecard/burkewebservices.ru http://www.mywot.com/en/scorecard/carswebnet.ru http://www.mywot.com/en/scorecard/funwebmail.ru http://www.mywot.com/en/scorecard/greatwebradio.ru http://www.mywot.com/en/scorecard/guidebat.ru http://www.mywot.com/en/scorecard/johnsite.ru http://www.mywot.com/en/scorecard/lagworld.ru http://www.mywot.com/en/scorecard/manbest.ru http://www.mywot.com/en/scorecard/suesite.ru http://www.mywot.com/en/scorecard/superaguide.ru http://www.mywot.com/en/scorecard/superore.ru http://www.mywot.com/en/scorecard/theaonline.ru http://www.mywot.com/en/scorecard/theatticsale.ru http://www.mywot.com/en/scorecard/theaworld.ru http://www.mywot.com/en/scorecard/thechocolateweb.ru http://www.mywot.com/en/scorecard/thelaceweb.ru http://www.mywot.com/en/scorecard/themobilewindow.ru http://www.mywot.com/en/scorecard/themobisite.ru http://www.mywot.com/en/scorecard/usaworldwideweb.ru http://www.mywot.com/en/scorecard/warbest.ru http://www.mywot.com/en/scorecard/webdesktopnet.ru http://www.mywot.com/en/scorecard/webdirectbroker.ru http://www.mywot.com/en/scorecard/weblessnet.ru http://www.mywot.com/en/scorecard/webnetenglish.ru http://www.mywot.com/en/scorecard/webnetlender.ru http://www.mywot.com/en/scorecard/webnetloans.ru http://www.mywot.com/en/scorecard/worldsouth.ru http://www.mywot.com/en/scorecard/worldwebworld.ru http://www.mywot.com/en/scorecard/xboxliveweb.ru For a detailed report on these domains, see: http://security.thejoshmeister.com/2010/01/malicious-site-reports-dangerous-ru.html Avoid this site! Mon, 11 Jan 2010 12:51:26 +0000 http://safeweb.norton.com/report/show?url=webdesktopnet.ru Malware domain. These .ru domains were all privately registered on one of two dates (2009.10.28 or 2009.11.22), were all last updated on the same date (2010.01.11), and all have been reported by Websense Security Labs, Malware Domain List, or others as being malicious: http://www.mywot.com/en/scorecard/ampsguide.ru http://www.mywot.com/en/scorecard/bestbob.ru http://www.mywot.com/en/scorecard/burkewebservices.ru http://www.mywot.com/en/scorecard/carswebnet.ru http://www.mywot.com/en/scorecard/funwebmail.ru http://www.mywot.com/en/scorecard/greatwebradio.ru http://www.mywot.com/en/scorecard/guidebat.ru http://www.mywot.com/en/scorecard/johnsite.ru http://www.mywot.com/en/scorecard/lagworld.ru http://www.mywot.com/en/scorecard/manbest.ru http://www.mywot.com/en/scorecard/suesite.ru http://www.mywot.com/en/scorecard/superaguide.ru http://www.mywot.com/en/scorecard/superore.ru http://www.mywot.com/en/scorecard/theaonline.ru http://www.mywot.com/en/scorecard/theatticsale.ru http://www.mywot.com/en/scorecard/theaworld.ru http://www.mywot.com/en/scorecard/thechocolateweb.ru http://www.mywot.com/en/scorecard/thelaceweb.ru http://www.mywot.com/en/scorecard/themobilewindow.ru http://www.mywot.com/en/scorecard/themobisite.ru http://www.mywot.com/en/scorecard/usaworldwideweb.ru http://www.mywot.com/en/scorecard/warbest.ru http://www.mywot.com/en/scorecard/webdesktopnet.ru http://www.mywot.com/en/scorecard/webdirectbroker.ru http://www.mywot.com/en/scorecard/weblessnet.ru http://www.mywot.com/en/scorecard/webnetenglish.ru http://www.mywot.com/en/scorecard/webnetlender.ru http://www.mywot.com/en/scorecard/webnetloans.ru http://www.mywot.com/en/scorecard/worldsouth.ru http://www.mywot.com/en/scorecard/worldwebworld.ru http://www.mywot.com/en/scorecard/xboxliveweb.ru For a detailed report on these domains, see: http://security.thejoshmeister.com/2010/01/malicious-site-reports-dangerous-ru.html Avoid this site! Mon, 11 Jan 2010 12:50:56 +0000 http://safeweb.norton.com/report/show?url=greatwebradio.ru Malware domain. These .ru domains were all privately registered on one of two dates (2009.10.28 or 2009.11.22), were all last updated on the same date (2010.01.11), and all have been reported by Websense Security Labs, Malware Domain List, or others as being malicious: http://www.mywot.com/en/scorecard/ampsguide.ru http://www.mywot.com/en/scorecard/bestbob.ru http://www.mywot.com/en/scorecard/burkewebservices.ru http://www.mywot.com/en/scorecard/carswebnet.ru http://www.mywot.com/en/scorecard/funwebmail.ru http://www.mywot.com/en/scorecard/greatwebradio.ru http://www.mywot.com/en/scorecard/guidebat.ru http://www.mywot.com/en/scorecard/johnsite.ru http://www.mywot.com/en/scorecard/lagworld.ru http://www.mywot.com/en/scorecard/manbest.ru http://www.mywot.com/en/scorecard/suesite.ru http://www.mywot.com/en/scorecard/superaguide.ru http://www.mywot.com/en/scorecard/superore.ru http://www.mywot.com/en/scorecard/theaonline.ru http://www.mywot.com/en/scorecard/theatticsale.ru http://www.mywot.com/en/scorecard/theaworld.ru http://www.mywot.com/en/scorecard/thechocolateweb.ru http://www.mywot.com/en/scorecard/thelaceweb.ru http://www.mywot.com/en/scorecard/themobilewindow.ru http://www.mywot.com/en/scorecard/themobisite.ru http://www.mywot.com/en/scorecard/usaworldwideweb.ru http://www.mywot.com/en/scorecard/warbest.ru http://www.mywot.com/en/scorecard/webdesktopnet.ru http://www.mywot.com/en/scorecard/webdirectbroker.ru http://www.mywot.com/en/scorecard/weblessnet.ru http://www.mywot.com/en/scorecard/webnetenglish.ru http://www.mywot.com/en/scorecard/webnetlender.ru http://www.mywot.com/en/scorecard/webnetloans.ru http://www.mywot.com/en/scorecard/worldsouth.ru http://www.mywot.com/en/scorecard/worldwebworld.ru http://www.mywot.com/en/scorecard/xboxliveweb.ru For a detailed report on these domains, see: http://security.thejoshmeister.com/2010/01/malicious-site-reports-dangerous-ru.html Avoid this site! Mon, 11 Jan 2010 12:50:46 +0000 http://safeweb.norton.com/report/show?url=webdirectbroker.ru Malware domain. These .ru domains were all privately registered on one of two dates (2009.10.28 or 2009.11.22), were all last updated on the same date (2010.01.11), and all have been reported by Websense Security Labs, Malware Domain List, or others as being malicious: http://www.mywot.com/en/scorecard/ampsguide.ru http://www.mywot.com/en/scorecard/bestbob.ru http://www.mywot.com/en/scorecard/burkewebservices.ru http://www.mywot.com/en/scorecard/carswebnet.ru http://www.mywot.com/en/scorecard/funwebmail.ru http://www.mywot.com/en/scorecard/greatwebradio.ru http://www.mywot.com/en/scorecard/guidebat.ru http://www.mywot.com/en/scorecard/johnsite.ru http://www.mywot.com/en/scorecard/lagworld.ru http://www.mywot.com/en/scorecard/manbest.ru http://www.mywot.com/en/scorecard/suesite.ru http://www.mywot.com/en/scorecard/superaguide.ru http://www.mywot.com/en/scorecard/superore.ru http://www.mywot.com/en/scorecard/theaonline.ru http://www.mywot.com/en/scorecard/theatticsale.ru http://www.mywot.com/en/scorecard/theaworld.ru http://www.mywot.com/en/scorecard/thechocolateweb.ru http://www.mywot.com/en/scorecard/thelaceweb.ru http://www.mywot.com/en/scorecard/themobilewindow.ru http://www.mywot.com/en/scorecard/themobisite.ru http://www.mywot.com/en/scorecard/usaworldwideweb.ru http://www.mywot.com/en/scorecard/warbest.ru http://www.mywot.com/en/scorecard/webdesktopnet.ru http://www.mywot.com/en/scorecard/webdirectbroker.ru http://www.mywot.com/en/scorecard/weblessnet.ru http://www.mywot.com/en/scorecard/webnetenglish.ru http://www.mywot.com/en/scorecard/webnetlender.ru http://www.mywot.com/en/scorecard/webnetloans.ru http://www.mywot.com/en/scorecard/worldsouth.ru http://www.mywot.com/en/scorecard/worldwebworld.ru http://www.mywot.com/en/scorecard/xboxliveweb.ru For a detailed report on these domains, see: http://security.thejoshmeister.com/2010/01/malicious-site-reports-dangerous-ru.html Avoid this site! Mon, 11 Jan 2010 12:50:36 +0000 http://safeweb.norton.com/report/show?url=thechocolateweb.ru Malware domain. These .ru domains were all privately registered on one of two dates (2009.10.28 or 2009.11.22), were all last updated on the same date (2010.01.11), and all have been reported by Websense Security Labs, Malware Domain List, or others as being malicious: http://www.mywot.com/en/scorecard/ampsguide.ru http://www.mywot.com/en/scorecard/bestbob.ru http://www.mywot.com/en/scorecard/burkewebservices.ru http://www.mywot.com/en/scorecard/carswebnet.ru http://www.mywot.com/en/scorecard/funwebmail.ru http://www.mywot.com/en/scorecard/greatwebradio.ru http://www.mywot.com/en/scorecard/guidebat.ru http://www.mywot.com/en/scorecard/johnsite.ru http://www.mywot.com/en/scorecard/lagworld.ru http://www.mywot.com/en/scorecard/manbest.ru http://www.mywot.com/en/scorecard/suesite.ru http://www.mywot.com/en/scorecard/superaguide.ru http://www.mywot.com/en/scorecard/superore.ru http://www.mywot.com/en/scorecard/theaonline.ru http://www.mywot.com/en/scorecard/theatticsale.ru http://www.mywot.com/en/scorecard/theaworld.ru http://www.mywot.com/en/scorecard/thechocolateweb.ru http://www.mywot.com/en/scorecard/thelaceweb.ru http://www.mywot.com/en/scorecard/themobilewindow.ru http://www.mywot.com/en/scorecard/themobisite.ru http://www.mywot.com/en/scorecard/usaworldwideweb.ru http://www.mywot.com/en/scorecard/warbest.ru http://www.mywot.com/en/scorecard/webdesktopnet.ru http://www.mywot.com/en/scorecard/webdirectbroker.ru http://www.mywot.com/en/scorecard/weblessnet.ru http://www.mywot.com/en/scorecard/webnetenglish.ru http://www.mywot.com/en/scorecard/webnetlender.ru http://www.mywot.com/en/scorecard/webnetloans.ru http://www.mywot.com/en/scorecard/worldsouth.ru http://www.mywot.com/en/scorecard/worldwebworld.ru http://www.mywot.com/en/scorecard/xboxliveweb.ru For a detailed report on these domains, see: http://security.thejoshmeister.com/2010/01/malicious-site-reports-dangerous-ru.html Avoid this site! Mon, 11 Jan 2010 12:50:04 +0000 http://safeweb.norton.com/report/show?url=thelaceweb.ru Malware domain. These .ru domains were all privately registered on one of two dates (2009.10.28 or 2009.11.22), were all last updated on the same date (2010.01.11), and all have been reported by Websense Security Labs, Malware Domain List, or others as being malicious: http://www.mywot.com/en/scorecard/ampsguide.ru http://www.mywot.com/en/scorecard/bestbob.ru http://www.mywot.com/en/scorecard/burkewebservices.ru http://www.mywot.com/en/scorecard/carswebnet.ru http://www.mywot.com/en/scorecard/funwebmail.ru http://www.mywot.com/en/scorecard/greatwebradio.ru http://www.mywot.com/en/scorecard/guidebat.ru http://www.mywot.com/en/scorecard/johnsite.ru http://www.mywot.com/en/scorecard/lagworld.ru http://www.mywot.com/en/scorecard/manbest.ru http://www.mywot.com/en/scorecard/suesite.ru http://www.mywot.com/en/scorecard/superaguide.ru http://www.mywot.com/en/scorecard/superore.ru http://www.mywot.com/en/scorecard/theaonline.ru http://www.mywot.com/en/scorecard/theatticsale.ru http://www.mywot.com/en/scorecard/theaworld.ru http://www.mywot.com/en/scorecard/thechocolateweb.ru http://www.mywot.com/en/scorecard/thelaceweb.ru http://www.mywot.com/en/scorecard/themobilewindow.ru http://www.mywot.com/en/scorecard/themobisite.ru http://www.mywot.com/en/scorecard/usaworldwideweb.ru http://www.mywot.com/en/scorecard/warbest.ru http://www.mywot.com/en/scorecard/webdesktopnet.ru http://www.mywot.com/en/scorecard/webdirectbroker.ru http://www.mywot.com/en/scorecard/weblessnet.ru http://www.mywot.com/en/scorecard/webnetenglish.ru http://www.mywot.com/en/scorecard/webnetlender.ru http://www.mywot.com/en/scorecard/webnetloans.ru http://www.mywot.com/en/scorecard/worldsouth.ru http://www.mywot.com/en/scorecard/worldwebworld.ru http://www.mywot.com/en/scorecard/xboxliveweb.ru For a detailed report on these domains, see: http://security.thejoshmeister.com/2010/01/malicious-site-reports-dangerous-ru.html Avoid this site! Mon, 11 Jan 2010 12:49:54 +0000 http://safeweb.norton.com/report/show?url=theaworld.ru Malware domain. These .ru domains were all privately registered on one of two dates (2009.10.28 or 2009.11.22), were all last updated on the same date (2010.01.11), and all have been reported by Websense Security Labs, Malware Domain List, or others as being malicious: http://www.mywot.com/en/scorecard/ampsguide.ru http://www.mywot.com/en/scorecard/bestbob.ru http://www.mywot.com/en/scorecard/burkewebservices.ru http://www.mywot.com/en/scorecard/carswebnet.ru http://www.mywot.com/en/scorecard/funwebmail.ru http://www.mywot.com/en/scorecard/greatwebradio.ru http://www.mywot.com/en/scorecard/guidebat.ru http://www.mywot.com/en/scorecard/johnsite.ru http://www.mywot.com/en/scorecard/lagworld.ru http://www.mywot.com/en/scorecard/manbest.ru http://www.mywot.com/en/scorecard/suesite.ru http://www.mywot.com/en/scorecard/superaguide.ru http://www.mywot.com/en/scorecard/superore.ru http://www.mywot.com/en/scorecard/theaonline.ru http://www.mywot.com/en/scorecard/theatticsale.ru http://www.mywot.com/en/scorecard/theaworld.ru http://www.mywot.com/en/scorecard/thechocolateweb.ru http://www.mywot.com/en/scorecard/thelaceweb.ru http://www.mywot.com/en/scorecard/themobilewindow.ru http://www.mywot.com/en/scorecard/themobisite.ru http://www.mywot.com/en/scorecard/usaworldwideweb.ru http://www.mywot.com/en/scorecard/warbest.ru http://www.mywot.com/en/scorecard/webdesktopnet.ru http://www.mywot.com/en/scorecard/webdirectbroker.ru http://www.mywot.com/en/scorecard/weblessnet.ru http://www.mywot.com/en/scorecard/webnetenglish.ru http://www.mywot.com/en/scorecard/webnetlender.ru http://www.mywot.com/en/scorecard/webnetloans.ru http://www.mywot.com/en/scorecard/worldsouth.ru http://www.mywot.com/en/scorecard/worldwebworld.ru http://www.mywot.com/en/scorecard/xboxliveweb.ru For a detailed report on these domains, see: http://security.thejoshmeister.com/2010/01/malicious-site-reports-dangerous-ru.html Avoid this site! Mon, 11 Jan 2010 12:49:45 +0000 http://safeweb.norton.com/report/show?url=webnetloans.ru Malware domain. These .ru domains were all privately registered on one of two dates (2009.10.28 or 2009.11.22), were all last updated on the same date (2010.01.11), and all have been reported by Websense Security Labs, Malware Domain List, or others as being malicious: http://www.mywot.com/en/scorecard/ampsguide.ru http://www.mywot.com/en/scorecard/bestbob.ru http://www.mywot.com/en/scorecard/burkewebservices.ru http://www.mywot.com/en/scorecard/carswebnet.ru http://www.mywot.com/en/scorecard/funwebmail.ru http://www.mywot.com/en/scorecard/greatwebradio.ru http://www.mywot.com/en/scorecard/guidebat.ru http://www.mywot.com/en/scorecard/johnsite.ru http://www.mywot.com/en/scorecard/lagworld.ru http://www.mywot.com/en/scorecard/manbest.ru http://www.mywot.com/en/scorecard/suesite.ru http://www.mywot.com/en/scorecard/superaguide.ru http://www.mywot.com/en/scorecard/superore.ru http://www.mywot.com/en/scorecard/theaonline.ru http://www.mywot.com/en/scorecard/theatticsale.ru http://www.mywot.com/en/scorecard/theaworld.ru http://www.mywot.com/en/scorecard/thechocolateweb.ru http://www.mywot.com/en/scorecard/thelaceweb.ru http://www.mywot.com/en/scorecard/themobilewindow.ru http://www.mywot.com/en/scorecard/themobisite.ru http://www.mywot.com/en/scorecard/usaworldwideweb.ru http://www.mywot.com/en/scorecard/warbest.ru http://www.mywot.com/en/scorecard/webdesktopnet.ru http://www.mywot.com/en/scorecard/webdirectbroker.ru http://www.mywot.com/en/scorecard/weblessnet.ru http://www.mywot.com/en/scorecard/webnetenglish.ru http://www.mywot.com/en/scorecard/webnetlender.ru http://www.mywot.com/en/scorecard/webnetloans.ru http://www.mywot.com/en/scorecard/worldsouth.ru http://www.mywot.com/en/scorecard/worldwebworld.ru http://www.mywot.com/en/scorecard/xboxliveweb.ru For a detailed report on these domains, see: http://security.thejoshmeister.com/2010/01/malicious-site-reports-dangerous-ru.html Avoid this site! Mon, 11 Jan 2010 12:49:34 +0000 http://safeweb.norton.com/report/show?url=superaguide.ru Malware domain. These .ru domains were all privately registered on one of two dates (2009.10.28 or 2009.11.22), were all last updated on the same date (2010.01.11), and all have been reported by Websense Security Labs, Malware Domain List, or others as being malicious: http://www.mywot.com/en/scorecard/ampsguide.ru http://www.mywot.com/en/scorecard/bestbob.ru http://www.mywot.com/en/scorecard/burkewebservices.ru http://www.mywot.com/en/scorecard/carswebnet.ru http://www.mywot.com/en/scorecard/funwebmail.ru http://www.mywot.com/en/scorecard/greatwebradio.ru http://www.mywot.com/en/scorecard/guidebat.ru http://www.mywot.com/en/scorecard/johnsite.ru http://www.mywot.com/en/scorecard/lagworld.ru http://www.mywot.com/en/scorecard/manbest.ru http://www.mywot.com/en/scorecard/suesite.ru http://www.mywot.com/en/scorecard/superaguide.ru http://www.mywot.com/en/scorecard/superore.ru http://www.mywot.com/en/scorecard/theaonline.ru http://www.mywot.com/en/scorecard/theatticsale.ru http://www.mywot.com/en/scorecard/theaworld.ru http://www.mywot.com/en/scorecard/thechocolateweb.ru http://www.mywot.com/en/scorecard/thelaceweb.ru http://www.mywot.com/en/scorecard/themobilewindow.ru http://www.mywot.com/en/scorecard/themobisite.ru http://www.mywot.com/en/scorecard/usaworldwideweb.ru http://www.mywot.com/en/scorecard/warbest.ru http://www.mywot.com/en/scorecard/webdesktopnet.ru http://www.mywot.com/en/scorecard/webdirectbroker.ru http://www.mywot.com/en/scorecard/weblessnet.ru http://www.mywot.com/en/scorecard/webnetenglish.ru http://www.mywot.com/en/scorecard/webnetlender.ru http://www.mywot.com/en/scorecard/webnetloans.ru http://www.mywot.com/en/scorecard/worldsouth.ru http://www.mywot.com/en/scorecard/worldwebworld.ru http://www.mywot.com/en/scorecard/xboxliveweb.ru For a detailed report on these domains, see: http://security.thejoshmeister.com/2010/01/malicious-site-reports-dangerous-ru.html Avoid this site! Mon, 11 Jan 2010 12:48:58 +0000 http://safeweb.norton.com/report/show?url=suesite.ru Malware domain. These .ru domains were all privately registered on one of two dates (2009.10.28 or 2009.11.22), were all last updated on the same date (2010.01.11), and all have been reported by Websense Security Labs, Malware Domain List, or others as being malicious: http://www.mywot.com/en/scorecard/ampsguide.ru http://www.mywot.com/en/scorecard/bestbob.ru http://www.mywot.com/en/scorecard/burkewebservices.ru http://www.mywot.com/en/scorecard/carswebnet.ru http://www.mywot.com/en/scorecard/funwebmail.ru http://www.mywot.com/en/scorecard/greatwebradio.ru http://www.mywot.com/en/scorecard/guidebat.ru http://www.mywot.com/en/scorecard/johnsite.ru http://www.mywot.com/en/scorecard/lagworld.ru http://www.mywot.com/en/scorecard/manbest.ru http://www.mywot.com/en/scorecard/suesite.ru http://www.mywot.com/en/scorecard/superaguide.ru http://www.mywot.com/en/scorecard/superore.ru http://www.mywot.com/en/scorecard/theaonline.ru http://www.mywot.com/en/scorecard/theatticsale.ru http://www.mywot.com/en/scorecard/theaworld.ru http://www.mywot.com/en/scorecard/thechocolateweb.ru http://www.mywot.com/en/scorecard/thelaceweb.ru http://www.mywot.com/en/scorecard/themobilewindow.ru http://www.mywot.com/en/scorecard/themobisite.ru http://www.mywot.com/en/scorecard/usaworldwideweb.ru http://www.mywot.com/en/scorecard/warbest.ru http://www.mywot.com/en/scorecard/webdesktopnet.ru http://www.mywot.com/en/scorecard/webdirectbroker.ru http://www.mywot.com/en/scorecard/weblessnet.ru http://www.mywot.com/en/scorecard/webnetenglish.ru http://www.mywot.com/en/scorecard/webnetlender.ru http://www.mywot.com/en/scorecard/webnetloans.ru http://www.mywot.com/en/scorecard/worldsouth.ru http://www.mywot.com/en/scorecard/worldwebworld.ru http://www.mywot.com/en/scorecard/xboxliveweb.ru For a detailed report on these domains, see: http://security.thejoshmeister.com/2010/01/malicious-site-reports-dangerous-ru.html Avoid this site! Mon, 11 Jan 2010 12:48:48 +0000 http://safeweb.norton.com/report/show?url=burkewebservices.ru Malware domain. These .ru domains were all privately registered on one of two dates (2009.10.28 or 2009.11.22), were all last updated on the same date (2010.01.11), and all have been reported by Websense Security Labs, Malware Domain List, or others as being malicious: http://www.mywot.com/en/scorecard/ampsguide.ru http://www.mywot.com/en/scorecard/bestbob.ru http://www.mywot.com/en/scorecard/burkewebservices.ru http://www.mywot.com/en/scorecard/carswebnet.ru http://www.mywot.com/en/scorecard/funwebmail.ru http://www.mywot.com/en/scorecard/greatwebradio.ru http://www.mywot.com/en/scorecard/guidebat.ru http://www.mywot.com/en/scorecard/johnsite.ru http://www.mywot.com/en/scorecard/lagworld.ru http://www.mywot.com/en/scorecard/manbest.ru http://www.mywot.com/en/scorecard/suesite.ru http://www.mywot.com/en/scorecard/superaguide.ru http://www.mywot.com/en/scorecard/superore.ru http://www.mywot.com/en/scorecard/theaonline.ru http://www.mywot.com/en/scorecard/theatticsale.ru http://www.mywot.com/en/scorecard/theaworld.ru http://www.mywot.com/en/scorecard/thechocolateweb.ru http://www.mywot.com/en/scorecard/thelaceweb.ru http://www.mywot.com/en/scorecard/themobilewindow.ru http://www.mywot.com/en/scorecard/themobisite.ru http://www.mywot.com/en/scorecard/usaworldwideweb.ru http://www.mywot.com/en/scorecard/warbest.ru http://www.mywot.com/en/scorecard/webdesktopnet.ru http://www.mywot.com/en/scorecard/webdirectbroker.ru http://www.mywot.com/en/scorecard/weblessnet.ru http://www.mywot.com/en/scorecard/webnetenglish.ru http://www.mywot.com/en/scorecard/webnetlender.ru http://www.mywot.com/en/scorecard/webnetloans.ru http://www.mywot.com/en/scorecard/worldsouth.ru http://www.mywot.com/en/scorecard/worldwebworld.ru http://www.mywot.com/en/scorecard/xboxliveweb.ru For a detailed report on these domains, see: http://security.thejoshmeister.com/2010/01/malicious-site-reports-dangerous-ru.html Avoid this site! Mon, 11 Jan 2010 12:48:35 +0000 http://safeweb.norton.com/report/show?url=ampsguide.ru Malware domain. These .ru domains were all privately registered on one of two dates (2009.10.28 or 2009.11.22), were all last updated on the same date (2010.01.11), and all have been reported by Websense Security Labs, Malware Domain List, or others as being malicious: http://www.mywot.com/en/scorecard/ampsguide.ru http://www.mywot.com/en/scorecard/bestbob.ru http://www.mywot.com/en/scorecard/burkewebservices.ru http://www.mywot.com/en/scorecard/carswebnet.ru http://www.mywot.com/en/scorecard/funwebmail.ru http://www.mywot.com/en/scorecard/greatwebradio.ru http://www.mywot.com/en/scorecard/guidebat.ru http://www.mywot.com/en/scorecard/johnsite.ru http://www.mywot.com/en/scorecard/lagworld.ru http://www.mywot.com/en/scorecard/manbest.ru http://www.mywot.com/en/scorecard/suesite.ru http://www.mywot.com/en/scorecard/superaguide.ru http://www.mywot.com/en/scorecard/superore.ru http://www.mywot.com/en/scorecard/theaonline.ru http://www.mywot.com/en/scorecard/theatticsale.ru http://www.mywot.com/en/scorecard/theaworld.ru http://www.mywot.com/en/scorecard/thechocolateweb.ru http://www.mywot.com/en/scorecard/thelaceweb.ru http://www.mywot.com/en/scorecard/themobilewindow.ru http://www.mywot.com/en/scorecard/themobisite.ru http://www.mywot.com/en/scorecard/usaworldwideweb.ru http://www.mywot.com/en/scorecard/warbest.ru http://www.mywot.com/en/scorecard/webdesktopnet.ru http://www.mywot.com/en/scorecard/webdirectbroker.ru http://www.mywot.com/en/scorecard/weblessnet.ru http://www.mywot.com/en/scorecard/webnetenglish.ru http://www.mywot.com/en/scorecard/webnetlender.ru http://www.mywot.com/en/scorecard/webnetloans.ru http://www.mywot.com/en/scorecard/worldsouth.ru http://www.mywot.com/en/scorecard/worldwebworld.ru http://www.mywot.com/en/scorecard/xboxliveweb.ru For a detailed report on these domains, see: http://security.thejoshmeister.com/2010/01/malicious-site-reports-dangerous-ru.html Avoid this site! Mon, 11 Jan 2010 12:48:23 +0000 http://safeweb.norton.com/report/show?url=worldsouth.ru Malware domain. These .ru domains were all privately registered on one of two dates (2009.10.28 or 2009.11.22), were all last updated on the same date (2010.01.11), and all have been reported by Websense Security Labs, Malware Domain List, or others as being malicious: http://www.mywot.com/en/scorecard/ampsguide.ru http://www.mywot.com/en/scorecard/bestbob.ru http://www.mywot.com/en/scorecard/burkewebservices.ru http://www.mywot.com/en/scorecard/carswebnet.ru http://www.mywot.com/en/scorecard/funwebmail.ru http://www.mywot.com/en/scorecard/greatwebradio.ru http://www.mywot.com/en/scorecard/guidebat.ru http://www.mywot.com/en/scorecard/johnsite.ru http://www.mywot.com/en/scorecard/lagworld.ru http://www.mywot.com/en/scorecard/manbest.ru http://www.mywot.com/en/scorecard/suesite.ru http://www.mywot.com/en/scorecard/superaguide.ru http://www.mywot.com/en/scorecard/superore.ru http://www.mywot.com/en/scorecard/theaonline.ru http://www.mywot.com/en/scorecard/theatticsale.ru http://www.mywot.com/en/scorecard/theaworld.ru http://www.mywot.com/en/scorecard/thechocolateweb.ru http://www.mywot.com/en/scorecard/thelaceweb.ru http://www.mywot.com/en/scorecard/themobilewindow.ru http://www.mywot.com/en/scorecard/themobisite.ru http://www.mywot.com/en/scorecard/usaworldwideweb.ru http://www.mywot.com/en/scorecard/warbest.ru http://www.mywot.com/en/scorecard/webdesktopnet.ru http://www.mywot.com/en/scorecard/webdirectbroker.ru http://www.mywot.com/en/scorecard/weblessnet.ru http://www.mywot.com/en/scorecard/webnetenglish.ru http://www.mywot.com/en/scorecard/webnetlender.ru http://www.mywot.com/en/scorecard/webnetloans.ru http://www.mywot.com/en/scorecard/worldsouth.ru http://www.mywot.com/en/scorecard/worldwebworld.ru http://www.mywot.com/en/scorecard/xboxliveweb.ru For a detailed report on these domains, see: http://security.thejoshmeister.com/2010/01/malicious-site-reports-dangerous-ru.html Avoid this site! Mon, 11 Jan 2010 12:47:36 +0000 http://safeweb.norton.com/report/show?url=lagworld.ru Malware site; fake antivirus software phones home to this domain. See these reports: http://vil.nai.com/vil/content/v_230845.htm http://www.malwareurl.com/listing.php?domain=greatnorthwill.com http://google.com/search?q=site:www.threatexpert.com+"greatnorthwill.com"&filter=0 http://www.siteadvisor.com/sites/greatnorthwill.com ("yellow" rating: "McAfee TrustedSource web reputation analysis found potential suspicious behavior on this site which may pose a security risk. Use with caution.") http://www.trustedsource.org/query/greatnorthwill.com http://www.mywot.com/en/scorecard/greatnorthwill.com http://securitylabs.websense.com/content/Alerts/3519.aspx http://isc.sans.org/diary.html?storyid=7921 See also reports for these related domains: http://www.mywot.com/en/scorecard/web-virus-scanner1.com http://www.mywot.com/en/scorecard/santaclaus4.com Avoid this site! Mon, 11 Jan 2010 09:38:10 +0000 http://safeweb.norton.com/report/show?url=greatnorthwill.com Malware-affiliated site; fake antivirus. See these reports: http://youtube.com/watch?v=90fulZenuuI (from Websense Labs) http://www.malwareurl.com/listing.php?domain=santaclaus4.com http://www.malwaredomainlist.com/mdl.php?search=santaclaus4.com&inactive=on http://google.com/safebrowsing/diagnostic?site=santaclaus4.com (current report quoted below) http://www.siteadvisor.com/sites/santaclaus4.com#reviewercommentssummary http://www.mywot.com/en/scorecard/santaclaus4.com http://securitylabs.websense.com/content/Alerts/3519.aspx http://isc.sans.org/diary.html?storyid=7921 From the current Google Safe Browsing report (quoted here because it can change frequently): "Over the past 90 days, santaclaus4 .com appeared to function as an intermediary for the infection of 23 site(s) including al5lood .com/, zengozen .co.jp/, naaps .com/." See also reports for these related domains: http://www.mywot.com/en/scorecard/web-virus-scanner1.com http://www.mywot.com/en/scorecard/greatnorthwill.com Avoid this site! Mon, 11 Jan 2010 09:33:47 +0000 http://safeweb.norton.com/report/show?url=santaclaus4.com Malware site; fake antivirus. See these various reports: http://youtube.com/watch?v=90fulZenuuI (from Websense Labs) http://www.malwareurl.com/listing.php?domain=web-virus-scanner1.com http://google.com/safebrowsing/diagnostic?site=web-virus-scanner1.com (current report quoted below) http://securitylabs.websense.com/content/Alerts/3519.aspx http://isc.sans.org/diary.html?storyid=7921 http://vil.nai.com/vil/content/v_230845.htm http://www.mywot.com/en/scorecard/web-virus-scanner1.com http://www.siteadvisor.com/sites/web-virus-scanner1.com#reviewercommentssummary From the current Google Safe Browsing report (quoted here because it can change frequently): "Site is listed as suspicious - visiting this web site may harm your computer. Part of this site was listed for suspicious activity 1 time(s) over the past 90 days. ... The last time Google visited this site was on 2010-01-07, and the last time suspicious content was found on this site was on 2010-01-07. ... Yes, this site has hosted malicious software over the past 90 days. It infected 12 domain(s), including chunghip .com/, mosta8im .com/, stoknig .com/." See also reports for these related domains: http://www.mywot.com/en/scorecard/santaclaus4.com http://www.mywot.com/en/scorecard/greatnorthwill.com Avoid this site! Mon, 11 Jan 2010 09:29:10 +0000 http://safeweb.norton.com/report/show?url=web-virus-scanner1.com Received phishing scam e-mail that claimed my employer's Outlook Web Access (OWA) underwent a "security upgrade" and prompted me to "apply the new set of settings" by clicking on a malicious link. According to a report from a 9/9 reputation McAfee SiteAdvisor reviewer, the site also distributes malware: https://www.siteadvisor.com/sites/okqwaa.com.pl#reviewercommentssummary See also the Web of Trust report for this domain: http://www.mywot.com/en/scorecard/okqwaa.com.pl Avoid this site! Fri, 08 Jan 2010 00:15:28 +0000 http://safeweb.norton.com/report/show?url=okqwaa.com.pl Maker of the excellent BIMP Lite freeware batch image converter app for Windows. See also the McAfee and Web of Trust ratings for this site: http://www.siteadvisor.com/sites/cerebralsynergy.com http://www.mywot.com/en/scorecard/cerebralsynergy.com Tue, 29 Dec 2009 15:17:16 +0000 http://safeweb.norton.com/report/show?url=cerebralsynergy.com Confirmed phishing scam site, spamvertized by hacked Twitter accounts on 30 Nov 2009. See also the Web of Trust report for this domain: http://www.mywot.com/en/scorecard/placement-selection.com Avoid this site! Mon, 30 Nov 2009 14:39:24 +0000 http://safeweb.norton.com/report/show?url=placement-selection.com Confirmed phishing scam site, spamvertized by hacked Twitter accounts on 30 Nov 2009. See also the Web of Trust report for this domain: http://www.mywot.com/en/scorecard/placement-selection.com Avoid this site! Mon, 30 Nov 2009 14:39:18 +0000 http://safeweb.norton.com/report/show?url=albums.videos.placement-selection.com Confirmed phishing scam site, spamvertized by hacked Twitter accounts on 30 Nov 2009. See also the Web of Trust report for this domain: http://www.mywot.com/en/scorecard/placement-selection.com Avoid this site! Mon, 30 Nov 2009 14:38:59 +0000 http://safeweb.norton.com/report/show?url=videos.placement-selection.com As of 23 Nov 2009, this site is distributing malware and appears to have been hacked. See these reports: http://google.com/safebrowsing/diagnostic?site=abhayam.com http://wepawet.iseclab.org/view.php?hash=4bae09076d42f4023ec48cf5317ef61f&t=1258513020&type=js http://www.virustotal.com/analisis/cea598204f69941529e1e8320a0473646d0501ec8faaae7242e37550026638fb-1258499183 http://www.mywot.com/en/scorecard/abhayam.com Following are details from the Google Site Browsing report as of 17 Nov 2009 (quoted here since Google's reports change frequently): "Site is listed as suspicious - visiting this web site may harm your computer. Part of this site was listed for suspicious activity 3 time(s) over the past 90 days. ... Of the 34 pages we tested on the site over the past 90 days, 2 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-11-17, and the last time suspicious content was found on this site was on 2009-11-17. Malicious software includes 43 scripting exploit(s), 10 exploit(s), 8 trojan(s). Malicious software is hosted on 4 domain(s), including icq-tel .ru, picafierce .com, check-your-iq .ru. ... Yes, this site has hosted malicious software over the past 90 days. It infected 20 domain(s), including topgamer .si, algharaaf .com, lincfs .com. How did this happen? In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message." As of 23 Nov 2009, Google's assessment states that the site now contains "89 scripting exploit(s), 16 exploit(s), 11 trojan(s)" and has now infected 53 domains in the past 90 days. Mon, 23 Nov 2009 23:33:42 +0000 http://safeweb.norton.com/report/show?url=abhayam.com Affiliated with malware. See these reports: http://security.thejoshmeister.com/2009/11/antimalware-fake-security-product.html http://www.threatexpert.com/report.aspx?md5=8d48379fd946e06b12d1ee8fe9efc65b http://www.mywot.com/en/scorecard/useractivesecurity.cn Avoid this site! Fri, 13 Nov 2009 12:32:17 +0000 http://safeweb.norton.com/report/show?url=useractivesecurity.cn Affiliated with malware. See these reports: http://security.thejoshmeister.com/2009/11/antimalware-fake-security-product.html http://xandora.security.net.my/?p=998 http://www.threatexpert.com/report.aspx?md5=8d48379fd946e06b12d1ee8fe9efc65b http://www.mywot.com/en/scorecard/activesecuritytool.cn Avoid this site! Fri, 13 Nov 2009 12:29:25 +0000 http://safeweb.norton.com/report/show?url=activesecuritytool.cn Affiliated with malware. See these reports: http://security.thejoshmeister.com/2009/11/antimalware-fake-security-product.html http://www.threatexpert.com/report.aspx?md5=8d48379fd946e06b12d1ee8fe9efc65b http://www.mywot.com/en/scorecard/activesecuritycodes.cn Avoid this site! Fri, 13 Nov 2009 12:17:15 +0000 http://safeweb.norton.com/report/show?url=activesecuritycodes.cn Affiliated with malware. See these reports: http://security.thejoshmeister.com/2009/11/antimalware-fake-security-product.html http://www.threatexpert.com/report.aspx?md5=8d48379fd946e06b12d1ee8fe9efc65b http://www.mywot.com/en/scorecard/activesecurityzones.cn Avoid this site! Fri, 13 Nov 2009 12:16:16 +0000 http://safeweb.norton.com/report/show?url=activesecurityzones.cn Affiliated with malware. See these reports: http://security.thejoshmeister.com/2009/11/antimalware-fake-security-product.html http://xandora.security.net.my/?p=998 http://www.threatexpert.com/report.aspx?md5=8d48379fd946e06b12d1ee8fe9efc65b http://www.mywot.com/en/scorecard/superactivesecurity.cn Avoid this site! Fri, 13 Nov 2009 12:15:19 +0000 http://safeweb.norton.com/report/show?url=superactivesecurity.cn Malware phones home to this IP. See these reports: http://security.thejoshmeister.com/2009/11/antimalware-fake-security-product.html http://www.threatexpert.com/report.aspx?md5=d7cb2ac94a4ad92df54f46fa1a1518dc Avoid this site! Tue, 10 Nov 2009 12:25:45 +0000 http://safeweb.norton.com/report/show?url=91.211.117.63 Payment site for fake antimalware product. See these reports: http://security.thejoshmeister.com/2009/11/antimalware-fake-security-product.html http://www.sunbeltsecurity.com/cwsandboxreport.aspx?id=12015462&cs=3A5470B18C24ED9689414DAA685B7A0F Avoid this site! Tue, 10 Nov 2009 12:22:14 +0000 http://safeweb.norton.com/report/show?url=95.211.14.162 Malware retrieves files from this site. See these reports: http://security.thejoshmeister.com/2009/11/antimalware-fake-security-product.html http://www.sunbeltsecurity.com/cwsandboxreport.aspx?id=12015462&cs=3A5470B18C24ED9689414DAA685B7A0F Avoid this site! Tue, 10 Nov 2009 12:12:15 +0000 http://safeweb.norton.com/report/show?url=activelayersecurity.cn Malware phones home to this IP. See these reports: http://security.thejoshmeister.com/2009/11/antimalware-fake-security-product.html http://www.threatexpert.com/report.aspx?md5=d7cb2ac94a4ad92df54f46fa1a1518dc Avoid this site! Tue, 10 Nov 2009 12:11:31 +0000 http://safeweb.norton.com/report/show?url=95.169.190.223 Malware retrieves files from this site. See these reports: http://security.thejoshmeister.com/2009/11/antimalware-fake-security-product.html http://www.threatexpert.com/report.aspx?md5=d7cb2ac94a4ad92df54f46fa1a1518dc Avoid this site! Tue, 10 Nov 2009 12:09:04 +0000 http://safeweb.norton.com/report/show?url=activesecuritygates.cn Malware retrieves files from this site. See these reports: http://security.thejoshmeister.com/2009/11/antimalware-fake-security-product.html http://www.sunbeltsecurity.com/cwsandboxreport.aspx?id=12015462&cs=3A5470B18C24ED9689414DAA685B7A0F Avoid this site! Tue, 10 Nov 2009 12:02:48 +0000 http://safeweb.norton.com/report/show?url=78.129.166.141 Payment site for fake antimalware product. See these reports: http://security.thejoshmeister.com/2009/11/antimalware-fake-security-product.html http://www.sunbeltsecurity.com/cwsandboxreport.aspx?id=12015462&cs=3A5470B18C24ED9689414DAA685B7A0F Avoid this site! Tue, 10 Nov 2009 12:00:45 +0000 http://safeweb.norton.com/report/show?url=onlinesecurebill.net Malware distribution site. See these reports: http://security.thejoshmeister.com/2009/11/antimalware-fake-security-product.html http://sample.pandasecurity.com.my/?p=652 Avoid this site! Tue, 10 Nov 2009 11:57:12 +0000 http://safeweb.norton.com/report/show?url=scansecurityhole.cn Malware retrieves files from this site. See these reports: http://security.thejoshmeister.com/2009/11/antimalware-fake-security-product.html http://www.threatexpert.com/report.aspx?md5=d7cb2ac94a4ad92df54f46fa1a1518dc Avoid this site! Tue, 10 Nov 2009 11:49:51 +0000 http://safeweb.norton.com/report/show?url=activesecuritycard.cn WARNING: PWS-CuteMoon password-stealing Trojan phones home to this site with stolen user credentials from infected computers. See these reports: http://security.thejoshmeister.com/2009/11/new-moon-movie-attracts-malware-makers.html http://www.threatexpert.com/report.aspx?md5=a93a96103b0f20ceca34bacce954d12f http://blog.threatexpert.com/2009/11/new-moon-trojan.html http://vil.nai.com/vil/content/v_240279.htm http://www.mywot.com/en/scorecard/newmoon-movie.net https://www.siteadvisor.com/sites/newmoon-movie.net#reviewercommentssummary Avoid this site! Mon, 02 Nov 2009 08:41:44 +0000 http://safeweb.norton.com/report/show?url=newmoon-movie.net InternetAntivirusPro malware and reported Koobface affiliation: https://www.virustotal.com/analisis/727658d0ff0c2975d1e4f9e3e4e148bb820849f36ea7ce4455fc68ad989db524-1253726627 http://www.malwareurl.com/listing.php?domain=iantiviruspro.com http://www.malwaredomainlist.com/mdl.php?search=iantiviruspro.com&inactive=on http://hosts-file.net/?s=iantiviruspro.com http://www.mywot.com/en/scorecard/iantiviruspro.com https://www.siteadvisor.com/sites/iantiviruspro.com#reviewercommentssummary http://ddanchev.blogspot.com/2009/09/koobface-botnets-scareware-business.html Avoid this site! Wed, 23 Sep 2009 10:46:23 +0000 http://safeweb.norton.com/report/show?url=iantiviruspro.com InternetAntivirusPro malware and reported Koobface affiliation: https://www.virustotal.com/analisis/727658d0ff0c2975d1e4f9e3e4e148bb820849f36ea7ce4455fc68ad989db524-1253726627 http://www.malwareurl.com/listing.php?domain=iantivirus-pro.com http://www.malwaredomainlist.com/mdl.php?search=iantivirus-pro.com&inactive=on http://hosts-file.net/?s=iantivirus-pro.com http://www.mywot.com/en/scorecard/iantivirus-pro.com https://www.siteadvisor.com/sites/iantivirus-pro.com#reviewercommentssummary http://ddanchev.blogspot.com/2009/09/koobface-botnets-scareware-business.html Avoid this site! Wed, 23 Sep 2009 10:46:22 +0000 http://safeweb.norton.com/report/show?url=iantivirus-pro.com Koobface Trojan malware phones home here. See these reports: http://www.threatexpert.com/report.aspx?md5=3174265b47d1acb8599701dc474777cc http://anubis.iseclab.org/?action=result&task_id=121c40404f8bae4b4d15a8190e04908d9&format=html Avoid this site! Wed, 23 Sep 2009 10:43:31 +0000 http://safeweb.norton.com/report/show?url=gdehochesh.com Actively distributing Koobface Trojan! See these reports: http://www.malwareurl.com/listing.php?domain=24.242.249.118 http://www.mywot.com/en/scorecard/24.242.249.118 Avoid this site! Tue, 22 Sep 2009 20:40:57 +0000 http://safeweb.norton.com/report/show?url=24.242.249.118 See these reports: http://www.malwareurl.com/listing.php?domain=in5iv.com http://www.mywot.com/en/scorecard/in5iv.com Avoid this site! Mon, 21 Sep 2009 01:16:56 +0000 http://safeweb.norton.com/report/show?url=in5iv.com Redirects to fake virus scan and malware exe. See these various reports: http://www.mywot.com/en/scorecard/jorgan.info http://wepawet.iseclab.org/view.php?hash=4759545e26863fa91feb632b69bedeff&t=1253519707&type=js http://anubis.iseclab.org/?action=result&task_id=112c680548dc4e094a97a553b5f99e3f4&format=html http://www.virustotal.com/analisis/1dd1b1ea5a18527ef9aa124695d89f1f6aa9d5a52a1abb708814ef4f31e4c482-1253518291 See also reports for another domain which currently redirects to the same site: http://www.mywot.com/en/scorecard/goneatscan.com Avoid this site! Mon, 21 Sep 2009 01:08:40 +0000 http://safeweb.norton.com/report/show?url=gomutescan.com Redirects to fake virus scan and malware exe. See these various reports: http://www.mywot.com/en/scorecard/jorgan.info http://wepawet.iseclab.org/view.php?hash=4759545e26863fa91feb632b69bedeff&t=1253519707&type=js http://anubis.iseclab.org/?action=result&task_id=112c680548dc4e094a97a553b5f99e3f4&format=html http://www.virustotal.com/analisis/1dd1b1ea5a18527ef9aa124695d89f1f6aa9d5a52a1abb708814ef4f31e4c482-1253518291 See also reports for another domain which currently redirects to the same site: http://www.mywot.com/en/scorecard/gomutescan.com Avoid this site! Mon, 21 Sep 2009 01:08:16 +0000 http://safeweb.norton.com/report/show?url=goneatscan.com See these various reports: http://wepawet.iseclab.org/view.php?hash=4759545e26863fa91feb632b69bedeff&t=1253519707&type=js http://anubis.iseclab.org/?action=result&task_id=112c680548dc4e094a97a553b5f99e3f4&format=html http://www.virustotal.com/analisis/1dd1b1ea5a18527ef9aa124695d89f1f6aa9d5a52a1abb708814ef4f31e4c482-1253518291 See also reports for an affiliated domain which currently redirects to this site: http://www.mywot.com/en/scorecard/gomutescan.com Avoid this site! Mon, 21 Sep 2009 01:02:02 +0000 http://safeweb.norton.com/report/show?url=jorgan.info See these various reports: MalwareURL report: http://www.malwareurl.com/listing.php?domain=deble.info VirusTotal multi-engine scan analysis: https://www.virustotal.com/analisis/1dd1b1ea5a18527ef9aa124695d89f1f6aa9d5a52a1abb708814ef4f31e4c482-1253513528 Anubis behavioral analysis: http://anubis.iseclab.org/?action=result&task_id=180ffa4cb1044c0548d2c9536532c6771&format=html See also these reports for related domains: http://www.mywot.com/en/scorecard/in5iv.com http://www.mywot.com/en/scorecard/alonse.info http://www.mywot.com/en/scorecard/gomutescan.com http://www.mywot.com/en/scorecard/goneatscan.com Avoid this site! Mon, 21 Sep 2009 00:11:47 +0000 http://safeweb.norton.com/report/show?url=deble.info See these various reports: MalwareURL report: http://www.malwareurl.com/listing.php?domain=alonse.info VirusTotal multi-engine scan analysis: https://www.virustotal.com/analisis/1dd1b1ea5a18527ef9aa124695d89f1f6aa9d5a52a1abb708814ef4f31e4c482-1253513528 Anubis behavioral analysis: http://anubis.iseclab.org/?action=result&task_id=180ffa4cb1044c0548d2c9536532c6771&format=html See also these reports for related domains: http://www.mywot.com/en/scorecard/in5iv.com http://www.mywot.com/en/scorecard/deble.info http://www.mywot.com/en/scorecard/gomutescan.com http://www.mywot.com/en/scorecard/goneatscan.com Avoid this site! Mon, 21 Sep 2009 00:00:12 +0000 http://safeweb.norton.com/report/show?url=alonse.info Malware distributor. See reports from MalwareURL, Sophos, ThreatExpert, and Web of Trust: http://www.malwareurl.com/listing.php?domain=005yourprivatescanner.com http://www.youtube.com/watch?v=F4fI9B9VXB0 (SophosLabs video) http://www.threatexpert.com/report.aspx?md5=26ab451ba096f9f62d0d5f1b35e0f0d6 http://www.mywot.com/en/scorecard/005yourprivatescanner.com See also reports for these related domains: http://www.mywot.com/en/scorecard/hearabout.linksysnet.com http://www.mywot.com/en/scorecard/thebigben.cn http://www.mywot.com/en/scorecard/pencil-netwok.com Avoid this site! Tue, 15 Sep 2009 10:38:04 +0000 http://safeweb.norton.com/report/show?url=005yourprivatescanner.com Malware distributor. See these reports from Sophos and others: http://www.youtube.com/watch?v=F4fI9B9VXB0 (SophosLabs video) http://www.mywot.com/en/scorecard/hearabout.linksysnet.com http://hosts-file.net/?s=hearabout.linksysnet.com See also reports for these related domains: http://www.mywot.com/en/scorecard/005yourprivatescanner.com http://www.mywot.com/en/scorecard/thebigben.cn http://www.mywot.com/en/scorecard/pencil-netwok.com Avoid this site! Tue, 15 Sep 2009 10:33:12 +0000 http://safeweb.norton.com/report/show?url=hearabout.linksysnet.com Malware host. See the VirusTotal and ThreatExpert analyses of the malware hosted on this domain: https://www.virustotal.com/analisis/46971eb361f7fddb32a5aea271dc587fb45247c6847fc81efd15718f8164ba07-1252916523 http://www.threatexpert.com/report.aspx?md5=e1517bff2aec5e27176fde1dc62d423e More info is available in the MalwareURL listing: http://www.malwareurl.com/listing.php?domain=ipaugli.cn Mon, 14 Sep 2009 01:34:22 +0000 http://safeweb.norton.com/report/show?url=ipaugli.cn Redirects to fake virus scan, malicious exe download. Found malicious URL for this site on a hacked domain. See also the malware site to which this site currently redirects: http://www.mywot.com/en/scorecard/antispywarescanner08.com See also these affiliated domains: http://www.mywot.com/en/scorecard/batman-comics.cn http://www.mywot.com/en/scorecard/radioheadicon.cn http://www.mywot.com/en/scorecard/antivirusonlinescan03.com http://www.mywot.com/en/scorecard/thebigben.cn http://www.mywot.com/en/scorecard/pencil-netwok.com Avoid this site! Thu, 10 Sep 2009 17:33:46 +0000 http://safeweb.norton.com/report/show?url=shrekmovie.cn Fake virus scan, malicious exe download. Found a URL on a hacked domain that redirects here. See these analyses of the malware hosted on this site: https://www.virustotal.com/analisis/e161b38860f8d009f622e5b3a99db3bfe0a5836c4dceddaf8a0e977eb5b6a735-1252620886 http://www.threatexpert.com/report.aspx?md5=70569042a8df4d22f0718126418d5902 See also these related domains, to which this malware phones home: http://www.mywot.com/en/scorecard/thebigben.cn http://www.mywot.com/en/scorecard/pencil-netwok.com See also this related domain, which contains URLs that redirect to this malware site: http://www.mywot.com/en/scorecard/shrekmovie.cn See also these affiliated domains: http://www.mywot.com/en/scorecard/batman-comics.cn http://www.mywot.com/en/scorecard/radioheadicon.cn http://www.mywot.com/en/scorecard/antivirusonlinescan03.com Avoid this site! Thu, 10 Sep 2009 17:21:24 +0000 http://safeweb.norton.com/report/show?url=antispywarescanner08.com Malware phones home to this domain. See for example this malware behavioral analysis: http://www.threatexpert.com/report.aspx?md5=ef9f6ac8026e38f446e2a11c8811bbc2 See also a related domain which is distributing the above-mentioned malware: http://www.mywot.com/en/scorecard/antivirusonlinescan03.com Avoid this site! Thu, 10 Sep 2009 13:27:44 +0000 http://safeweb.norton.com/report/show?url=pencil-netwok.com Malware phones home to this domain. See for example this malware behavioral analysis: http://www.threatexpert.com/report.aspx?md5=ef9f6ac8026e38f446e2a11c8811bbc2 See also a related domain which is distributing the above-mentioned malware: http://www.mywot.com/en/scorecard/antivirusonlinescan03.com Avoid this site! Thu, 10 Sep 2009 13:23:33 +0000 http://safeweb.norton.com/report/show?url=thebigben.cn Fake virus scan, malicious exe download. Found a URL on a hacked domain that redirects here. Also, this site was just added on MalwareURL and Malware Domain List: http://www.malwareurl.com/listing.php?domain=antivirusonlinescan03.com http://www.malwaredomainlist.com/mdl.php?search=antivirusonlinescan03.com http://www.mywot.com/en/scorecard/antivirusonlinescan03.com See also this related domain, which contains URLs that redirect to this malware site: http://www.mywot.com/en/scorecard/radioheadicon.cn Avoid this site! Thu, 10 Sep 2009 12:45:18 +0000 http://safeweb.norton.com/report/show?url=antivirusonlinescan03.com This site has recently hosted malware including scripting exploits according to Google. From the Google Safe Browsing report (as of 3 Sept 2009; quoted here because it changes often): "Site is listed as suspicious - visiting this web site may harm your computer. Part of this site was listed for suspicious activity 2 time(s) over the past 90 days. ... The last time Google visited this site was on 2009-07-07, and the last time suspicious content was found on this site was on 2009-07-07. ... Yes, this site has hosted malicious software over the past 90 days. It infected 48 domain(s)..." You can read the current report here: http://google.com/safebrowsing/diagnostic?site=kartoshkachamp.com This domain was advertised by hacked Facebook accounts in late June 2009, as I reported here: https://twitter.com/theJoshMeister/status/2388311889 McAfee SiteAdvisor recently rated this as a "yellow" site because "Our analysis found that this site may be promoted through spammy e-mail." This rating was still there on 3 Sept 2009. Sometime between 3 Sept 2009 and 8 Sept 2009, McAfee removed this rating without any explanation, and now it has gone back to the generic message "We've tested millions of websites, but we haven't tested this one yet." You can see the current SiteAdvisor report here: https://www.siteadvisor.com/sites/kartoshkachamp.com Avoid this site! Tue, 08 Sep 2009 13:26:49 +0000 http://safeweb.norton.com/report/show?url=kartoshkachamp.com Confirmed malware site! See these several reports: http://www.malwareurl.com/listing.php?domain=scanonlineworld.com https://www.siteadvisor.com/sites/scanonlineworld.com#reviewercommentssummary Malware is known to phone home to this domain: http://www.threatexpert.com/report.aspx?md5=53090aa509de9840f8cffef9efdca63c See also reports for this related domain: http://www.mywot.com/en/scorecard/nagasaki0zero.cn http://safeweb.norton.com/report/show?url=nagasaki0zero.cn Avoid this site! Tue, 08 Sep 2009 02:20:37 +0000 http://safeweb.norton.com/report/show?url=scanonlineworld.com WARNING: Confirmed malware distributor! See these reports: http://www.malwareurl.com/listing.php?domain=nagasaki0zero.cn VirusTotal analysis: Antivirus Version Last Update Result a-squared 4.5.0.24 2009.09.08 Trojan-Spy.Win32.Agent!IK AntiVir 7.9.1.12 2009.09.08 TR/Spy.Agent.azta eSafe 7.0.17.0 2009.09.06 Suspicious File F-Secure 8.0.14470.0 2009.09.08 Trojan-Spy.Win32.Agent.azta Ikarus T3.1.1.72.0 2009.09.08 Trojan-Spy.Win32.Agent Kaspersky 7.0.0.125 2009.09.08 Trojan-Spy.Win32.Agent.azta McAfee+Artemis 5734 2009.09.07 Artemis!53090AA509DE McAfee-GW-Edition 6.8.5 2009.09.08 Heuristic.LooksLike.Win32.Suspicious.H Prevx 3.0 2009.09.08 High Risk Cloaked Malware Rising 21.46.11.00 2009.09.08 Packer.Win32.LoveLHM.a [Suspicious] Additional information File size: 19456 bytes MD5...: 53090aa509de9840f8cffef9efdca63c SHA1..: 6bfbd27d2c4746b5c6a22e2aa3f7acd70d305739 SHA256: 9e8049cb9e324b772b2cca977e35830788255f7a8a5827e15f42486cfd731c7e ssdeep: 384:d1+iqidm+EGWziYFzYTvBuHOMBZ5fpmthE1zQjz/:d4iqADWDY0H5BZ5K/z/ https://www.virustotal.com/analisis/9e8049cb9e324b772b2cca977e35830788255f7a8a5827e15f42486cfd731c7e-1252399163 ThreatExpert detailed behavioral analysis: http://www.threatexpert.com/report.aspx?md5=53090aa509de9840f8cffef9efdca63c Prevx malware analysis: http://info.prevx.com/aboutprogramtext.asp?PX5=AE77B20000DD88F14C5D009AD4F5540095A99A93 See also reports for this related domain: http://www.mywot.com/en/scorecard/scanonlineworld.com Avoid this site! Tue, 08 Sep 2009 02:17:53 +0000 http://safeweb.norton.com/report/show?url=nagasaki0zero.cn WARNING: Malware redirector, listed in MalwareURL database: http://www.malwareurl.com/listing.php?domain=agiaten.cn See also these reports for affiliated domains: http://www.mywot.com/en/scorecard/apoiweh.cn http://www.mywot.com/en/scorecard/safetyscantool.com Avoid this site! Tue, 08 Sep 2009 00:33:33 +0000 http://safeweb.norton.com/report/show?url=agiaten.cn WARNING: Malware redirector affiliated with FakeAV/FakeAlert sites, listed in multiple blacklists (Malware Domain List, MalwareURL, DNS-BH, hpHosts): http://www.mywot.com/en/scorecard/apoiweh.cn See also these reports for affiliated domains: http://www.mywot.com/en/scorecard/safetyscantool.com http://www.mywot.com/en/scorecard/agiaten.cn Avoid this site! Tue, 08 Sep 2009 00:31:59 +0000 http://safeweb.norton.com/report/show?url=apoiweh.cn WARNING: Fake antivirus scan and malware downloads: http://www.malwareurl.com/listing.php?domain=safetyscantool.com Avoid this site! Mon, 07 Sep 2009 23:42:09 +0000 http://safeweb.norton.com/report/show?url=safetyscantool.com WARNING: Affiliated with Zbot banking malware! See this ThreatExpert report which shows that the Zbot Trojan connects to this domain: http://www.threatexpert.com/report.aspx?md5=727af5d8a6e1d2e07b18376aed0831e7 Additionally, this domain is listed on the Malware Domain List and MalwareURL for hosting malware: http://www.malwaredomainlist.com/mdl.php?search=bukake3890.info http://www.malwareurl.com/listing.php?domain=bukake3890.info In addition to the ThreatExpert malware analysis link above, see this VirusTotal report which shows the antivirus products which currently detect this file as malicious (at the time of this post): https://www.virustotal.com/analisis/a2a631fcfacec295c64a60d2ef9580e3149b7a2e87e697f0aff776b8e4fa356a-1252348391 Avoid this site! Mon, 07 Sep 2009 23:20:14 +0000 http://safeweb.norton.com/report/show?url=bukake3890.info WARNING: Affiliated with Zbot banking malware! See this ThreatExpert report, which shows that the Zbot Trojan connects to this domain: http://www.threatexpert.com/report.aspx?md5=74706b8f01a327c571f31fed6e108340 Additionally, this domain is listed on the Malware Domain List for hosting malware: http://www.malwaredomainlist.com/mdl.php?search=validating.ru Avoid this site! Mon, 07 Sep 2009 22:10:03 +0000 http://safeweb.norton.com/report/show?url=validating.ru Fake virus scan and malicious exe file. See these several reports: http://www.malwareurl.com/listing.php?domain=antivirus-fast-scan04.com http://www.mywot.com/en/scorecard/antivirus-fast-scan04.com http://google.com/safebrowsing/diagnostic?site=antivirus-fast-scan04.com The Google Safe Browsing report changes frequently, so I have quoted the current version of the report below: "Site is listed as suspicious - visiting this web site may harm your computer. Part of this site was listed for suspicious activity 1 time(s) over the past 90 days. ... The last time Google visited this site was on 2009-09-06, and the last time suspicious content was found on this site was on 2009-09-06. ... Yes, this site has hosted malicious software over the past 90 days. It infected 4 domain(s)..." See also reports for an affiliated domain: http://www.mywot.com/en/scorecard/mashroomtheory.cn Avoid this site! Sun, 06 Sep 2009 15:07:34 +0000 http://safeweb.norton.com/report/show?url=antivirus-fast-scan04.com WARNING: This site contains redirects to malware sites and uses SEO poisoning. See these reports for related domains: http://www.mywot.com/en/scorecard/delayyouranswer.cn https://www.siteadvisor.com/sites/delayyouranswer.cn#reviewercommentssummary http://www.mywot.com/en/scorecard/mashroomtheory.cn http://www.mywot.com/en/scorecard/in-t-h-e.cn Avoid this site! Sun, 06 Sep 2009 01:59:38 +0000 http://safeweb.norton.com/report/show?url=bsnonlinemalta.com WARNING: This site "appeared to function as an intermediary for the infection of 4 sites" within the past 90 days according to Google: http://google.com/safebrowsing/diagnostic?site=mashroomtheory.cn (Note: Google Safe Browsing reports change frequently and may not mention past maliciousness a few months from now) Furthermore, this domain shares the same IP address as a known malware host: http://www.mywot.com/en/scorecard/delayyouranswer.cn https://www.siteadvisor.com/sites/delayyouranswer.cn#reviewercommentssummary See also these related domains: http://www.mywot.com/en/scorecard/bsnonlinemalta.com http://www.mywot.com/en/scorecard/in-t-h-e.cn Avoid this site! Sun, 06 Sep 2009 01:55:54 +0000 http://safeweb.norton.com/report/show?url=mashroomtheory.cn WARNING: This site contains redirects to malware sites. See these reports for related domains: http://www.mywot.com/en/scorecard/delayyouranswer.cn https://www.siteadvisor.com/sites/delayyouranswer.cn#reviewercommentssummary http://www.mywot.com/en/scorecard/mashroomtheory.cn http://www.mywot.com/en/scorecard/bsnonlinemalta.com Avoid this site! Sun, 06 Sep 2009 01:50:05 +0000 http://safeweb.norton.com/report/show?url=in-t-h-e.cn WARNING: Malicious site according to Google Safe Browsing's report (quoted here because it changes often): "Part of this site was listed for suspicious activity 1 time(s) over the past 90 days. ... The last time Google visited this site was on 2009-08-21, and the last time suspicious content was found on this site was on 2009-08-21. ... Over the past 90 days, delayyouranswer.cn appeared to function as an intermediary for the infection of 39 site(s) ... Yes, this site has hosted malicious software over the past 90 days. It infected 40 domain(s) ..." (See http://google.com/safebrowsing/diagnostic?site=delayyouranswer.cn for the current report) This domain shares the same IP address as another malware site: http://www.mywot.com/en/scorecard/mashroomtheory.cn See also reports for the following domains which redirect to the sister site mentioned above: http://www.mywot.com/en/scorecard/in-t-h-e.cn http://www.mywot.com/en/scorecard/bsnonlinemalta.com Avoid this site! Sun, 06 Sep 2009 01:46:51 +0000 http://safeweb.norton.com/report/show?url=delayyouranswer.cn WARNING: Using SEO poisoning with auto-redirects from affiliated sites: http://www.mywot.com/en/scorecard/abc-los-angeles.myplus.org/comment-2358106 Also, this domain has a red rating on Web of Trust (WOT): http://www.mywot.com/en/scorecard/mybookface.net Furthermore, this domain is reportedly blocked by Avira AntiVir according to ColoradoChris, a SiteAdvisor Experienced Reviewer: http://www.siteadvisor.com/sites/mybookface.net#reviewercommentssummary This domain has reportedly engaged in using hacked e-mail accounts to spam people: https://www4.uwm.edu/uits/help/sysstat/index.cfm?a1=details&item_id=7203 If all that isn't enough to keep you away, it's also listed in hpHosts as a phishing site: http://hosts-file.net/?s=mybookface.net Avoid this site! Sat, 05 Sep 2009 23:35:46 +0000 http://safeweb.norton.com/report/show?url=mybookface.net WARNING: Fake antivirus scan and malware distributor. For details including related domains, please see: http://security.thejoshmeister.com/2009/09/malware-and-malicious-site-reports.html See also the Web of Trust (WOT) report for this domain: http://www.mywot.com/en/scorecard/pconlinescan.net Avoid this site! Fri, 04 Sep 2009 02:28:47 +0000 http://safeweb.norton.com/report/show?url=pconlinescan.net WARNING: Redirects to a fake antivirus scan and malware distribution site. For details including related domains, please see: http://security.thejoshmeister.com/2009/09/malware-and-malicious-site-reports.html See also the Web of Trust (WOT) report for this domain: http://www.mywot.com/en/scorecard/langlan.net Avoid this site! Fri, 04 Sep 2009 02:25:49 +0000 http://safeweb.norton.com/report/show?url=langlan.net WARNING: Redirects to a fake antivirus scan and malware distribution site. For details including related domains, please see: http://security.thejoshmeister.com/2009/09/malware-and-malicious-site-reports.html See also the Web of Trust (WOT) report for this domain: http://www.mywot.com/en/scorecard/moqxqpuxz.cc Avoid this site! Fri, 04 Sep 2009 02:25:22 +0000 http://safeweb.norton.com/report/show?url=moqxqpuxz.cc Fake antivirus scam software has been found to phone home to this site. For details including related domains, see: http://security.thejoshmeister.com/2009/09/malware-and-malicious-site-reports.html http://www.threatexpert.com/report.aspx?md5=aedd952609bd1c6056df337443fb951e See also the Web of Trust (WOT) rating for this domain: http://www.mywot.com/en/scorecard/securefield.net Fri, 04 Sep 2009 02:12:08 +0000 http://safeweb.norton.com/report/show?url=securefield.net Fake antivirus scam software has been found to phone home to this site. For details including related domains, see: http://security.thejoshmeister.com/2009/09/malware-and-malicious-site-reports.html http://www.threatexpert.com/report.aspx?md5=aedd952609bd1c6056df337443fb951e See also the Web of Trust (WOT) rating for this domain: http://www.mywot.com/en/scorecard/windowsprotectionsuite.com Fri, 04 Sep 2009 02:11:21 +0000 http://safeweb.norton.com/report/show?url=windowsprotectionsuite.com Fake antivirus scam software has been found to phone home to this site. For details including related domains, see: http://security.thejoshmeister.com/2009/09/malware-and-malicious-site-reports.html http://www.threatexpert.com/report.aspx?md5=aedd952609bd1c6056df337443fb951e See also the Web of Trust (WOT) rating for this domain: http://www.mywot.com/en/scorecard/pconlinescan.net Fri, 04 Sep 2009 02:09:50 +0000 http://safeweb.norton.com/report/show?url=prestotunerst.cn M86 Security is the new name of Marshal8e6, formerly known as 8e6. http://www.eweek.com/c/a/Security/Marshal8e6-Renamed-M86-Security-652986/ See the Norton SafeWeb reports for these related domains: http://safeweb.norton.com/report/show?name=marshal8e6.com http://safeweb.norton.com/report/show?name=8e6.com Thu, 03 Sep 2009 11:26:42 +0000 http://safeweb.norton.com/report/show?url=m86security.com WARNING: Malware host! See these many, many reports: http://threatinfo.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=TSPY_EBOD.A&VSect=Td http://www.malwaredomainlist.com/mdl.php?search=adobeupdateserver.com&inactive=on http://www.theregister.co.uk/2009/09/01/firefox_spyware_add_on/ http://www.mywot.com/en/scorecard/adobeupdateserver.com https://www.siteadvisor.com/sites/adobeupdateserver.com#reviewercommentssummary http://hosts-file.net/?s=adobeupdateserver.com http://www.threatexpert.com/report.aspx?md5=3c9aac8c8c7ad410b6c312c42e42add2 http://vil.nai.com/vil/content/v_219183.htm http://www.virustotal.com/analisis/cbb6af2759d87ae490440436b48836bc9f37121a7d3c811ede2262bf5fdf98f2-1251334796 http://blog.misec.net/2009/08/25/fake-adobe-flash-player-monitors-your-google-searches/ http://www.blog.malc0de.com/2009/08/26/fake-adobe-flash-player-monitors-your-google-searches/ Avoid this site! Thu, 03 Sep 2009 09:20:56 +0000 http://safeweb.norton.com/report/show?url=adobeupdateserver.com This site distributes the "System Security 2009" fake antivirus product. See the following reports regarding the dangerousness of this domain: http://www.mywot.com/en/scorecard/systemsecuritysite.com https://www.siteadvisor.com/sites/systemsecuritysite.com http://hosts-file.net/?s=systemsecuritysite.com http://www.malwaredomainlist.com/mdl.php?search=systemsecuritysite.com http://www.malwareurl.com/listing.php?domain=systemsecuritysite.com Avoid this site! Tue, 01 Sep 2009 00:56:48 +0000 http://safeweb.norton.com/report/show?url=systemsecuritysite.com This domain is affiliated with the "System Security 2009" fake antivirus product. A link to this domain was found on an infected machine in the Start menu in the "System Security 2009" folder. See also the following reports regarding the malicious affiliations of this domain: http://www.mywot.com/en/scorecard/supportnetcenter.com http://hosts-file.net/?s=supportnetcenter.com http://www.malwaredomainlist.com/mdl.php?search=supportnetcenter.com http://www.siteadvisor.com/sites/supportnetcenter.com#reviewercommentssummary Avoid this site! Tue, 01 Sep 2009 00:52:18 +0000 http://safeweb.norton.com/report/show?url=supportnetcenter.com Known malware domain associated with Exploit-Iframe.gen.s: http://vil.nai.com/vil/content/v_212507.htm From the Google Safe Browsing report (quoted here because it changes frequently): "Part of this site was listed for suspicious activity 1 time(s) over the past 90 days. ... The last time Google visited this site was on 2009-08-26, and the last time suspicious content was found on this site was on 2009-08-26. ... Yes, this site has hosted malicious software over the past 90 days. It infected 2 domain(s), including dcdisplay .com/, trademate .org/." For the current report, see http://google.com/safebrowsing/diagnostic?site=js.tongji.linezing.com See also these related McAfee SiteAdvisor and Web of Trust (WOT), and Malware Domain List reports: http://www.mywot.com/en/scorecard/js.tongji.linezing.com https://www.siteadvisor.com/sites/js.tongji.linezing.com#reviewercommentssummary http://malwaredomainlist.com/mdl.php?search=linezing.com http://www.mywot.com/en/scorecard/a0v.org https://www.siteadvisor.com/sites/a0v.org#reviewercommentssummary http://malwaredomainlist.com/mdl.php?search=a0v.org Avoid this site! Thu, 27 Aug 2009 15:28:17 +0000 http://safeweb.norton.com/report/show?url=js.tongji.linezing.com Known malware domain hosting Exploit-Iframe.gen.s: http://www.theregister.co.uk/2009/08/27/mass_web_infection/ From the Google Safe Browsing report (quoted here because it changes frequently): "Site is listed as suspicious - visiting this web site may harm your computer. Part of this site was listed for suspicious activity 2 time(s) over the past 90 days. ... The last time Google visited this site was on 2009-08-27, and the last time suspicious content was found on this site was on 2009-08-27. Malicious software includes 3007 scripting exploit(s), 1699 exploit(s), 165 trojan(s). ... Over the past 90 days, a0v .org appeared to function as an intermediary for the infection of 787 site(s) including kerala .gov.in/, fcac-acfc .gc.ca/, 140.137.101 .0/. ... Yes, this site has hosted malicious software over the past 90 days. It infected 1211 domain(s), including kerala .gov.in/, yuta .rs/, fcac-acfc .gc.ca/." For the current report, see http://google.com/safebrowsing/diagnostic?site=a0v.org See also McAfee's Threat Library report on this exploit: http://vil.nai.com/vil/content/v_212507.htm See also these related Web of Trust (WOT) and McAfee SiteAdvisor reports: http://www.mywot.com/en/scorecard/a0v.org https://www.siteadvisor.com/sites/a0v.org#reviewercommentssummary http://www.mywot.com/en/scorecard/js.tongji.linezing.com https://www.siteadvisor.com/sites/js.tongji.linezing.com#reviewercommentssummary Avoid this site! Thu, 27 Aug 2009 15:12:10 +0000 http://safeweb.norton.com/report/show?url=a0v.org This domain has been advertised via pharmaceutical spam e-mails. Never visit or buy from spam-advertised sites! They are often scams designed to trick you into giving them your money. Please report all pharmacy spam ("viagra" etc.) to the anti-spam organization KnujOn by forwarding the spam to rx@coldrain.net. The spammers affiliated with this domain violate CAN-SPAM by sending unsolicited commercial e-mail that is not clearly labeled as an advertisement, has forged headers and a deceptive subject line, does not contain a postal mailing address, and offers no removal instructions. U.S. residents who receive any junk mail in violation of the CAN-SPAM Act (http://www.ftc.gov/bcp/edu/pubs/business/ecommerce/bus61.shtm) should forward the e-mail to spam@uce.gov. Avoid this site! Mon, 24 Aug 2009 11:26:04 +0000 http://safeweb.norton.com/report/show?url=za71.com Received spam that linked to this domain on 21 August 2009. This site may be distributing malware according to Google Safe Browsing's diagnostics. From Google's analysis (quoted here because it changes often): "Site is listed as suspicious - visiting this web site may harm your computer. Part of this site was listed for suspicious activity 1 time(s) over the past 90 days. Of the 3 pages we tested on the site over the past 90 days, 3 page(s) resulted in malicious software being downloaded and installed without user consent. The last time... suspicious content was found on this site was on 2009-08-24. Malicious software is hosted on 5 domain(s), including antivirusplus2010 .com/, ihuqoyr .cn/, spywareshop .info/. 2 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including spywareshop .info/, golary .cn/." You can see the current Google Safe Browsing report here: http://google.com/safebrowsing/diagnostic?site=kasirkredits.lv Mon, 24 Aug 2009 10:33:20 +0000 http://safeweb.norton.com/report/show?url=kasirkredits.lv WARNING: Fake antivirus ("Personal AV") scam site. Pages on this site include fake virus scans, and the site is known to host malicious downloads. From the Google Safe Browsing report (quoted here because it changes often): "Site is listed as suspicious - visiting this web site may harm your computer. ...the last time suspicious content was found on this site was on 2009-08-18. Malicious software includes 2 trojan(s). ... Yes, this site has hosted malicious software over the past 90 days. It infected 27 domain(s), including geofffarina .com/, earthen-vessels .org/, iuxlab .com/." Quoted from http://google.com/safebrowsing/diagnostic?site=online-defenderv9.com See also these reports: http://www.mywot.com/en/scorecard/online-defenderv9.com https://www.siteadvisor.com/sites/online-defenderv9.com#reviewercommentssummary http://www.malwareurl.com/listing.php?domain=online-defenderv9.com Avoid this site! Wed, 19 Aug 2009 20:24:25 +0000 http://safeweb.norton.com/report/show?url=online-defenderv9.com WARNING: Fake antivirus ("Personal AV") scam site. Pages on this site include fake virus scans, and the site is known to host malicious downloads. From the Google Safe Browsing report (quoted here because it changes often): "Site is listed as suspicious - visiting this web site may harm your computer. ...the last time suspicious content was found on this site was on 2009-08-19. ... Yes, this site has hosted malicious software over the past 90 days. It infected 10 domain(s), including ockanickon .org/, photowebcomics .com/, ottisoft .com/." Quoted from http://google.com/safebrowsing/diagnostic?site=online-best-scanv3.com See also these reports: http://www.mywot.com/en/scorecard/online-best-scanv3.com https://www.siteadvisor.com/sites/online-best-scanv3.com#reviewercommentssummary http://www.malwareurl.com/listing.php?domain=online-best-scanv3.com Avoid this site! Wed, 19 Aug 2009 20:18:59 +0000 http://safeweb.norton.com/report/show?url=online-best-scanv3.com WARNING: Malicious site involved in Facebook phishing, according to Trend Micro, a trusted security company: http://countermeasures.trendmicro.eu/rogue-facebook-application-leads-to-phishing/ McAfee SiteAdvisor gives this site a "red" rating because "it may be designed to trick you into submitting your personal or financial information to online scammers": https://www.siteadvisor.com/sites/fucabook.com/ See also the Web of Trust (WOT) rating for this domain: http://www.mywot.com/en/scorecard/fucabook.com Avoid this site! Wed, 19 Aug 2009 09:50:46 +0000 http://safeweb.norton.com/report/show?url=fucabook.com WARNING: Google Safe Browsing detects this as a phishing site. Furthermore, the URL is shown in a screenshot of a Facebook spam message in this Mashable article: http://mashable.com/2009/08/13/facebook-scam-alert/ As of when this comment is being posted, the page currently redirects to a porn site with a poor reputation (see these reports): http://www.mywot.com/en/scorecard/adultfriendfinder.com https://www.siteadvisor.com/sites/adultfriendfinder.com#reviewercommentssummary Avoid this site! Thu, 13 Aug 2009 10:26:20 +0000 http://safeweb.norton.com/report/show?url=epbsduhakpzxsxjgp.blogspot.com WARNING: This site has been identified as a known malware distributor. From the Google Safe Browsing report: "Site is listed as suspicious - visiting this web site may harm your computer. Part of this site was listed for suspicious activity 1 time(s) over the past 90 days. ... The last time Google visited this site was on 2009-07-30, and the last time suspicious content was found on this site was on 2009-07-30. ... Yes, this site has hosted malicious software over the past 90 days. It infected 4984 domain(s), including mathrubhumi .info/, itspindore .com/, popolsku .eu/." For Google's current report, see http://google.com/safebrowsing/diagnostic?site=getavplusnow.com See also the Norton Safe Web and McAfee SiteAdvisor reports for this domain: https://safeweb.norton.com/report/show?name=getavplusnow.com (Symantec currently categorizes this domain with a red "WARNING" rating for hosting a "Trojan.Fakeavalert") https://www.siteadvisor.com/sites/getavplusnow.com Marshal8e6 corporate Web filters currently blacklist this site under the Malicious Code category. See also the Norton Safe Web and McAfee SiteAdvisor reports for a related domain: https://safeweb.norton.com/report/show?name=nextantivirusplus.com https://www.siteadvisor.com/sites/nextantivirusplus.com Avoid this site! Thu, 30 Jul 2009 18:00:39 +0000 http://safeweb.norton.com/report/show?url=getavplusnow.com WARNING: This site has been identified as a known malware distributor. From the Google Safe Browsing report: "Site is listed as suspicious - visiting this web site may harm your computer. Part of this site was listed for suspicious activity 1 time(s) over the past 90 days. .... The last time Google visited this site was on 2009-07-30, and the last time suspicious content was found on this site was on 2009-07-30. Malicious software includes 793 trojan(s). ... Yes, this site has hosted malicious software over the past 90 days. It infected 5094 domain(s), including itspindore .com/, ihostserver .com/, home .no/zurozhqx/." For Google's current report, see http://google.com/safebrowsing/diagnostic?site=nextantivirusplus.com See also the Norton Safe Web and McAfee SiteAdvisor reports for this domain: https://safeweb.norton.com/report/show?name=nextantivirusplus.com (Symantec currently categorizes this domain with a red "WARNING" rating for distributing a "Trojan.Fakeavalert") https://www.siteadvisor.com/sites/nextantivirusplus.com Avoid this site! Thu, 30 Jul 2009 17:51:22 +0000 http://safeweb.norton.com/report/show?url=nextantivirusplus.com WARNING: This domain contains at least two confirmed malware downloads: BLOCKEDhxxp://simplexdoom .com/download/395a695151773d3df7992c7620090715/MediaPlayer.exeBLOCKED BLOCKEDhxxp://simplexdoom .com/download/3056657a55773d3dd3f088be20090715/setup.exeBLOCKED See VirusTotal's multi-engine malware analyses for these files: https://www.virustotal.com/analisis/2db7b07e63fa0ebba001897f0ff094e79061d23fe0c20069c0f19dba5f5ff683-1248995953 (19/40 antivirus engines detect MediaPlayer.exe as malicious) https://www.virustotal.com/analisis/89f8e4e65136558354cb75cc4bed6aebb7ddad5a32da1864ddec73215acb8b62-1248995857 (20/39 antivirus engines detect setup.exe as malicious) I am submitting samples of these files to vendors that do not currently detect them as harmful, so the detection rates should soon be higher. See also McAfee Avert Labs' coverage here (note the download screenshot containing this domain): http://www.avertlabs.com/research/blog/index.php/2009/07/20/but-i-thought-i-just-installed-a-video-player/ See also the Norton SafeWeb and McAfee SiteAdvisor reports for this domain: https://safeweb.norton.com/report/show?name=simplexdoom.com (Symantec currently categorizes this site with a red "WARNING" rating for the presence of "Backdoor.Tidserv" in MediaPlayer.exe) http://www.siteadvisor.com/sites/simplexdoom.com Avoid this site! Thu, 30 Jul 2009 17:25:45 +0000 http://safeweb.norton.com/report/show?url=simplexdoom.com WARNING: This domain has been associated with malware: http://malwaredomainlist.com/mdl.php?search=greattoolset.com http://malwareurl.com/listing.php?domain=greattoolset.com I can also independently confirm that a malware-infected computer that I repaired on 1 June 2009 had loaded a URL from this domain on 27 May 2009, the same day that the PC was reported as being infected. The malware executable file that apparently came from this domain is detected by most anti-virus software. See this VirusTotal report: --- Antivirus Version Last Update Result a-squared 4.5.0.18 2009.06.24 Trojan.Win32.Winwebsec!IK AhnLab-V3 5.0.0.2 2009.06.24 Win-Trojan/Fraudload.368707.D AntiVir 7.9.0.196 2009.06.24 TR/Dldr.FraudLoad.watz Antiy-AVL 2.0.3.1 2009.06.24 Trojan/Win32.FraudLoad.gen Avast 4.8.1335.0 2009.06.24 Win32:Crypt-ECJ AVG 8.5.0.339 2009.06.24 Adload_r.JS BitDefender 7.2 2009.06.25 Application.Generic.121317 CAT-QuickHeal 10.00 2009.06.22 TrojanDownloader.FraudLoad.wa Comodo 1405 2009.06.24 TrojWare.Win32.TrojanDownloader.FraudLoad.wbom eSafe 7.0.17.0 2009.06.24 Win32.TRDldr.FraudLo Fortinet 3.117.0.0 2009.06.24 Misc/SystemSecurity GData 19 2009.06.25 Application.Generic.121317 Ikarus T3.1.1.59.0 2009.06.24 Trojan.Win32.Winwebsec K7AntiVirus 7.10.768 2009.06.19 Trojan-Downloader.Win32.FraudLoad.wbom Kaspersky 7.0.0.125 2009.06.25 Trojan-Downloader.Win32.FraudLoad.wbom McAfee 5656 2009.06.24 FakeAlert-WinwebSecurity.a McAfee+Artemis 5656 2009.06.24 FakeAlert-WinwebSecurity.a McAfee-GW-Edition 6.7.6 2009.06.24 Trojan.Dldr.FraudLoad.watz Microsoft 1.4803 2009.06.24 Trojan:Win32/Winwebsec nProtect 2009.1.8.0 2009.06.24 Trojan-Downloader/W32.FraudLoad.368707.E Prevx 3.0 2009.06.25 Low Risk Adware Rising 21.35.24.00 2009.06.24 Trojan.Win32.FakeAV.on Sophos 4.43.0 2009.06.24 Mal/Generic-A Sunbelt 3.2.1858.2 2009.06.25 FraudTool.Win32.RogueSecurity (v) Symantec 1.4.4.12 2009.06.25 Packed.Generic.234 TheHacker 6.3.4.3.353 2009.06.24 Trojan/Downloader.FraudLoad.wbom VBA32 3.12.10.7 2009.06.24 Trojan-Downloader.Win32.FraudLoad.wbom VirusBuster 4.6.5.0 2009.06.24 Trojan.FakeAlert.Gen!Pac.5 Additional information File size: 368707 bytes MD5 : 839f19ef964ef955b3d39356ec1f1909 SHA1 : ae3add14e937ab4fac1b8e70badd164663489cbd SHA256: 2659286d174c71e08afdd708b1265ae94ee51da3e38c23ba5011e6f8491aaace https://www.virustotal.com/analisis/2659286d174c71e08afdd708b1265ae94ee51da3e38c23ba5011e6f8491aaace-1245884926 --- Fortunately, this domain does not currently seem to be loading, but the domain appears to still be owned by the same registrant as when it was distributing malware last month. Avoid this site! Wed, 24 Jun 2009 16:19:19 +0000 http://safeweb.norton.com/report/show?url=greattoolset.com WARNING: As of 17 June 2009, according to eWeek and Websense, 40,000+ legitimate sites "have been hit by an attack that is redirecting users to [this domain, which is] laced with malware." See these reports for further details: http://securitylabs.websense.com/content/Alerts/3421.aspx http://www.eweek.com/c/a/Security/40000-Web-Sites-Compromised-in-Mass-Attack-227486 Google Safe Browsing currently blacklists this domain for its association with malware, warning that "Visiting this site may harm your computer." 8e6 corporate Web filters currently block the affiliated domain rmi[dot]tw. See also these reports for affiliated domains: http://www.siteadvisor.com/sites/rnw.kz http://www.siteadvisor.com/sites/bro.tw http://www.siteadvisor.com/sites/rmi.tw http://www.siteadvisor.com/sites/ninetoraq.in Avoid this site! Tue, 23 Jun 2009 16:05:50 +0000 http://safeweb.norton.com/report/show?url=ninetoraq.in WARNING: As of 17 June 2009, according to eWeek and Websense, 40,000+ legitimate sites "have been hit by an attack that is redirecting users [through this domain] to a site laced with malware." See these reports for further details: http://securitylabs.websense.com/content/Alerts/3421.aspx http://www.eweek.com/c/a/Security/40000-Web-Sites-Compromised-in-Mass-Attack-227486 Google Safe Browsing currently blacklists this domain for its association with malware, warning that "Visiting this site may harm your computer." 8e6 corporate Web filters currently block this domain as well. See also these reports for affiliated domains: https://safeweb.norton.com/report/show?name=ninetoraq.in http://www.siteadvisor.com/sites/ninetoraq.in http://www.siteadvisor.com/sites/rnw.kz http://www.siteadvisor.com/sites/bro.tw http://www.siteadvisor.com/sites/rmi.tw Avoid this site! Tue, 23 Jun 2009 16:04:25 +0000 http://safeweb.norton.com/report/show?url=rmi.tw WARNING: As of 17 June 2009, according to eWeek and Websense, 40,000+ legitimate sites "have been hit by an attack that is redirecting users [through this domain] to a site laced with malware." See these reports for further details: http://securitylabs.websense.com/content/Alerts/3421.aspx http://www.eweek.com/c/a/Security/40000-Web-Sites-Compromised-in-Mass-Attack-227486 Google Safe Browsing currently blacklists this domain for its association with malware, warning that "Visiting this site may harm your computer." 8e6 corporate Web filters currently block the affiliated domain rmi[dot]tw. See also these reports for affiliated domains: https://safeweb.norton.com/report/show?name=ninetoraq.in http://www.siteadvisor.com/sites/ninetoraq.in http://www.siteadvisor.com/sites/rnw.kz http://www.siteadvisor.com/sites/bro.tw http://www.siteadvisor.com/sites/rmi.tw Avoid this site! Tue, 23 Jun 2009 16:03:21 +0000 http://safeweb.norton.com/report/show?url=rnw.kz WARNING: As of 17 June 2009, according to eWeek and Websense, 40,000+ legitimate sites "have been hit by an attack that is redirecting users [through this domain] to a site laced with malware." See these reports for further details: http://securitylabs.websense.com/content/Alerts/3421.aspx http://www.eweek.com/c/a/Security/40000-Web-Sites-Compromised-in-Mass-Attack-227486 Google Safe Browsing currently blacklists this domain for its association with malware, warning that "Visiting this site may harm your computer." 8e6 corporate Web filters currently block the affiliated domain rmi[dot]tw. See also these reports for affiliated domains: https://safeweb.norton.com/report/show?name=ninetoraq.in http://www.siteadvisor.com/sites/ninetoraq.in http://www.siteadvisor.com/sites/rnw.kz http://www.siteadvisor.com/sites/bro.tw http://www.siteadvisor.com/sites/rmi.tw Avoid this site! Tue, 23 Jun 2009 15:14:30 +0000 http://safeweb.norton.com/report/show?url=bro.tw WARNING: This domain hosts a fake antivirus scan with a malicious payload from a known malware distribution site: BLOCKEDhxxp://file-archive-center .com/av-scanner.0.exeBLOCKED See the VirusTotal analysis for this malicious download: --- Antivirus Version Last Update Result Kaspersky 7.0.0.125 2009.06.17 Trojan.Win32.FraudPack.ovx NOD32 4164 2009.06.17 Win32/TrojanDownloader.FakeAlert.ACE Prevx 3.0 2009.06.17 Medium Risk Malware Sunbelt 3.2.1858.2 2009.06.17 Trojan-Downloader.Win32.CodecPack (v) Additional information File size: 106933 bytes MD5...: 46c9a73f9bb1113bcb2fbe4345d0216c SHA1..: 0faf2ec94a746d6f494cf845871f7154eaa90402 SHA256: e19da01cd53ed61b89f7d6ce15b7dc8c18f1899eb830fbd5163390bb6fdfa9ac ssdeep: 1536:k4hh1YHevg0ErhcbV1k8z0blaMbLJhc/9/Qmh/XivzlLU4JTU:k4hh1Xg3lc7kMk5nJ+/9/QmZSvK4JTU https://www.virustotal.com/analisis/e19da01cd53ed61b89f7d6ce15b7dc8c18f1899eb830fbd5163390bb6fdfa9ac-1245271060 --- See also the Prevx report for this file, which confirms that it is malicious software: http://info.prevx.com/aboutprogramtext.asp?PX5=5A87312EB5C19319A15401223AB0BB0063141B71 See also this report for an affiliated domain: https://safeweb.norton.com/report/show?name=file-archive-center.com Credit to malwaredatabase.net (@malwaredb on Twitter) for reporting this domain: http://malwaredatabase.net/blog/index.php/2009/06/17/new-rogue-domain-and-malware-domain-antivir-scann-64bit-com-file-archive-center-com/ Avoid this site! Wed, 17 Jun 2009 13:33:47 +0000 http://safeweb.norton.com/report/show?url=antivir-scann-64bit.com WARNING: This is a known malware distribution site: BLOCKEDhxxp://file-archive-center .com/av-scanner.0.exeBLOCKED See the VirusTotal analysis for this malicious download: --- Antivirus Version Last Update Result Kaspersky 7.0.0.125 2009.06.17 Trojan.Win32.FraudPack.ovx NOD32 4164 2009.06.17 Win32/TrojanDownloader.FakeAlert.ACE Prevx 3.0 2009.06.17 Medium Risk Malware Sunbelt 3.2.1858.2 2009.06.17 Trojan-Downloader.Win32.CodecPack (v) Additional information File size: 106933 bytes MD5...: 46c9a73f9bb1113bcb2fbe4345d0216c SHA1..: 0faf2ec94a746d6f494cf845871f7154eaa90402 SHA256: e19da01cd53ed61b89f7d6ce15b7dc8c18f1899eb830fbd5163390bb6fdfa9ac ssdeep: 1536:k4hh1YHevg0ErhcbV1k8z0blaMbLJhc/9/Qmh/XivzlLU4JTU:k4hh1Xg3lc7kMk5nJ+/9/QmZSvK4JTU https://www.virustotal.com/analisis/e19da01cd53ed61b89f7d6ce15b7dc8c18f1899eb830fbd5163390bb6fdfa9ac-1245271060 --- See also the Prevx report for this file, which confirms that it is malicious software: http://info.prevx.com/aboutprogramtext.asp?PX5=5A87312EB5C19319A15401223AB0BB0063141B71 See also this report for an affiliated domain: https://safeweb.norton.com/report/show?name=antivir-scann-64bit.com Credit to malwaredatabase.net (@malwaredb on Twitter) for reporting this domain: http://malwaredatabase.net/blog/index.php/2009/06/17/new-rogue-domain-and-malware-domain-antivir-scann-64bit-com-file-archive-center-com/ Avoid this site! Wed, 17 Jun 2009 13:28:46 +0000 http://safeweb.norton.com/report/show?url=file-archive-center.com WARNING! This is a fake antivirus scam site and malware distribution site. Sample download URL: BLOCKEDhxxp://antimalware-live-scanv3 .com/download/Install_0000.exeBLOCKED As of 3 June 2009, this malware download was detected by only 1 out of 39 virus scanners (Prevx): https://www.virustotal.com/analisis/4bc080e77782f27ab2f0578086b37d185a5ef22708d0a55435c6ef1d2bc8bb95-1244053941 I submitted the sample to multiple anti-virus vendors. So far Kaspersky has replied to notify me that it added the signature to its definitions the same day (3 June 2009) as Trojan.Win32.FraudPack.onq and McAfee added it on 5 June 2009 as FakeAlert-di. It may now be detected by other vendors as well. Also as of 5 June 2009, the domain is now blocked by default in the Malcode (malicious code) category for all companies using 8e6 Web browsing filters. McAfee SiteAdvisor currently lists this domain as a "red" site because "we found that it may be designed to trick you into submitting your personal or financial information to online scammers": http://www.siteadvisor.com/sites/antimalware-live-scanv3.com/postid/?p=1777208 Credit: I first learned of this site through Malware Database (@malwaredb on Twitter): http://malwaredatabase.net/blog/index.php/2009/06/02/new-rogue-domain-antimalware-live-scanv3com/ Avoid this site! Tue, 09 Jun 2009 10:22:51 +0000 http://safeweb.norton.com/report/show?url=antimalware-live-scanv3.com WARNING! This site distributes deceptively-named, fraudulent malware and is advertised by spamming anti-virus forums or article comments. Sample spam comment (may later be removed by site admins, but it's there at the moment): http://www.viruslist.com/en/weblog?discuss=208187734 Malicious download: BLOCKEDhxxp://www.search-and-destroy .com/SearchAndDestroy.exeBLOCKED See the following scan results from the multi-engine anti-virus scanner VirusTotal: === Antivirus Version Last Update Result a-squared 4.0.0.101 2009.06.03 Riskware.FraudTool.Win32.SearchAndDestroy!IK AntiVir 7.9.0.180 2009.06.03 DR/Fraud.SearchAndDestroy.A.2 Avast 4.8.1335.0 2009.06.02 Win32:Trojan-gen {Other} AVG 8.5.0.339 2009.06.03 Fake_AntiSpyware.AMR BitDefender 7.2 2009.06.03 Application.Generic.27393 eSafe 7.0.17.0 2009.06.03 Win32.FraudTool.Sear F-Secure 8.0.14470.0 2009.06.03 FraudTool.Win32.SearchAndDestroy.a GData 19 2009.06.03 Application.Generic.27393 K7AntiVirus 7.10.752 2009.06.02 not-a-virus:FraudTool.Win32.SearchAndDestroy.a Kaspersky 7.0.0.125 2009.06.03 not-a-virus:FraudTool.Win32.SearchAndDestroy.a McAfee-GW-Edition 6.7.6 2009.06.03 Trojan.Dropper.Fraud.SearchAndDestroy.A.2 NOD32 4127 2009.06.03 Win32/Adware.AntiVirusPro Norman 6.01.05 2009.06.02 FakeAV.VU Panda 10.0.0.14 2009.06.02 Adware/SearchAndDestroy Prevx 3.0 2009.06.03 Medium Risk Malware Sunbelt 3.2.1858.2 2009.06.03 FraudTool.Win32.SearchAndDestroy.a Additional information File size: 15403586 bytes MD5...: 8fb526b68a826cd3c87f0bf39a22c8df SHA1..: 2175cbb71d63f667a460d776361225d7195748d0 SHA256: 896e81b6d01cf13e91105de296607ef8f457116d36870ad2cc717a14657b8374 https://www.virustotal.com/analisis/896e81b6d01cf13e91105de296607ef8f457116d36870ad2cc717a14657b8374-1244043665 === See also the "red" rating and multiple user reports at McAfee SiteAdvisor: http://www.siteadvisor.com/sites/search-and-destroy.com (Note: This malware has no relation whatsoever to the legitimate anti-spyware utility "Spybot-Search & Destroy". The malware authors are seeking to piggyback on Spybot-S&D's good reputation by giving their malware a similar name. The *real* Spybot-Search & Destroy can be found at www.safer-networking.org) Avoid this site! Wed, 03 Jun 2009 09:44:37 +0000 http://safeweb.norton.com/report/show?url=search-and-destroy.com WARNING! This site is highly dangerous and has reportedly infected thousands of domains and hosted thousands of exploits and Trojan horses. See the following reports: eWeek article posted 1 June 2009: http://www.eweek.com/c/a/Security/Hackers-Hit-40000-Web-Sites-With-Mass-Compromise-224833/ Excerpts from the current Google Safe Browsing report: "Part of this site was listed for suspicious activity 5 time(s) over the past 90 days. ... The last time Google visited this site was on 2009-06-01, and the last time suspicious content was found on this site was on 2009-06-01. ... Malicious software includes 7638 exploit(s), 6565 trojan(s), 2386 scripting exploit(s). ... Over the past 90 days, beladen .net appeared to function as an intermediary for the infection of 1368 site(s) including pcberza .rs/, comunicati-stampa .com/, aprosok .name/. ... Yes, this site has hosted malicious software over the past 90 days. It infected 3310 domain(s), including risda .gov.my/, bahisci.com/, comunicati-stampa .com/." You can see the current Google Safe Browsing report for this domain at http://google.com/safebrowsing/diagnostic?site=beladen.net See also the McAfee SiteAdvisor user reports for this domain: http://www.siteadvisor.com/sites/beladen.net/postid/?p=1758936#post1758936 Avoid this site! Tue, 02 Jun 2009 02:11:41 +0000 http://safeweb.norton.com/report/show?url=beladen.net WARNING! As of 31 May 2009, this site is being linked from hacked Facebook accounts, and it is redirecting to a known-malicious domain. See also reports for the related domain, which Google Safe Browsing says has hosted malicious software and infected numerous domains within the past 90 days, and which McAfee SiteAdvisor currently rates as a "yellow" site for being promoted through spam: http://google.com/safebrowsing/diagnostic?site=updateserversoftware.com http://www.siteadvisor.com/sites/updateserversoftware.com https://safeweb.norton.com/report/show?url=updateserversoftware.com Avoid this site! Sun, 31 May 2009 15:52:18 +0000 http://safeweb.norton.com/report/show?url=juste.ru WARNING! As of 31 May 2009, this site is being linked from hacked Facebook accounts, and Google Safe Browsing reports this as a known-malicious domain: "Malicious software includes 10 scripting exploit(s). ... Over the past 90 days, updateserversoftware .com appeared to function as an intermediary for the infection of 15 site(s) including caliweekly .com/, umts-erlebnis .de/, cleaningbyallbright .com/. ... Yes, this site has hosted malicious software over the past 90 days. It infected 28 domain(s), including caliweekly .com/, umts-erlebnis .de/, cleaningbyallbright .com/." You can see the current Google Safe Browsing report for this domain at: http://google.com/safebrowsing/diagnostic?site=updateserversoftware.com McAfee SiteAdvisor currently lists this site with a "yellow" rating because "Our analysis found that this site may be promoted through spammy e-mail." See also the Norton Safe Web and McAfee SiteAdvisor reports for a related domain that redirects to this site: https://safeweb.norton.com/report/show?url=juste.ru http://www.siteadvisor.com/sites/juste.ru Avoid this site! Sun, 31 May 2009 15:12:08 +0000 http://safeweb.norton.com/report/show?url=updateserversoftware.com