user profile

the JoshMeister
the JoshMeister
Member Since: 05-30-2009
219 Reviews
small-community-1
facialboom.com
WARNING: Confirmed Scam Site!

* Phishing domain according to OpenDNS
* Falsely claims that your "Facebook Video Player" needs to be updated, and presumably tries to push malware onto your system
* Redirected from Facebook wall post spam

See also the Web of Trust report for this domain:
https://www.mywot.com/en/scorecard/facialboom.com

small-community-1
abhsu.com
WARNING: Confirmed Scam Site!

* Redirects to a phishing domain as confirmed by OpenDNS
* Falsely claims that your "Facebook Video Player" needs to be updated, and presumably tries to push malware onto your system
* Advertised by Facebook wall post spam

See also the Web of Trust report for this affiliated domain:
https://www.mywot.com/en/scorecard/facialboom.com

small-community-1
coom.in
WARNING: Subdomains Contain Malware

Site claims "free domain registration," allows malicious content. Currently blacklisted by numerous sites including Symantec's Norton Safe Web ("Drive-By Downloads" and "Viruses"), Browser Defender, hpHosts, McAfee SiteAdvisor, Trend Micro Site Safety Center, and WOT:

http://www.urlvoid.com/scan/coom.in
http://www.browserdefender.com/site/coom.in/
http://hosts-file.net/?s=coom.in
https://www.siteadvisor.com/sites/coom.in/msgpage
https://www.mywot.com/en/scorecard/coom.in

The site's current IP is also blacklisted by Malware Domain List and WOT (and has previously been blacklisted by Emerging Threats, SURBL, and ZeuS Tracker):

http://www.ipvoid.com/scan/178.18.87.141
http://www.malwaredomainlist.com/mdl.php?search=178.18.87.141&inactive=on
https://www.mywot.com/en/scorecard/178.18.87.141

I discovered a subdomain of this site embedded as a malicious iframe in a hacked WordPress site. The iframe code is detected as Mal/Iframe-AD by Sophos, HEUR:Trojan.Script.Iframer by Kaspersky, and PUA.HTML.Crypt by ClamAV:

https://www.mywot.com/en/scorecard/ghsnha.coom.in
https://www.virustotal.com/file-scan/report.html?id=329b04a72ea94b40312cb8b99b833e76da730d3503d3990fcf197f2b6cf69d2b-1320403616
http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Mal~Iframe-AD.aspx
http://wepawet.iseclab.org/view.php?hash=4cbb6a9dbd1d7df9913d4435e9f24290&type=js (the malicious JavaScript code after deobfuscation)

The IP of the malicious subdomain is currently blacklisted by Malware Domain List, Spamhaus, and WOT:

http://www.ipvoid.com/scan/95.163.66.209
http://www.malwaredomainlist.com/mdl.php?search=95.163.66.209&inactive=on
https://www.mywot.com/en/scorecard/95.163.66.209

Other malicious subdomains identified by Symantec's Norton Safe Web and Browser Defender:

https://www.mywot.com/en/scorecard/03-3t.ydl.coom.in
https://www.mywot.com/en/scorecard/ydl.coom.in
https://www.mywot.com/en/scorecard/u68b78676r7rv75r5.coom.in
https://www.mywot.com/en/scorecard/oz-39.ciq.coom.in
https://www.mywot.com/en/scorecard/ciq.coom.in
https://www.mywot.com/en/scorecard/gdsggdzs.coom.in

Avoid this site!

small-community-1
twittelr.com
WARNING: Confirmed Phishing Scam Site!

This site contains a phishing scam page purporting to be the real Twitter login. Hacked Twitter accounts spam their followers with links to this URL in an attempt to steal Twitter login credentials. Avoid this site!

small-community-1
yourremue.com
WARNING: Confirmed Malware Exploit Domain!

Hosting a malicious PDF exploit. See these scan reports:

http://www.virustotal.com/file-scan/report.html?id=74b926b64dfa4e81ec0b5883a3bdb1f82de0d0e6103b2fa6861d67805ec92ada-1294293023
http://wepawet.iseclab.org/view.php?hash=2d1eb76fde5a94b14e1436039ffb0d87&type=js