[Viruswatch] Virus-sites with status changes: As of 2011-05-28 21:01:16 CEST

root root at dbserver.netpilot.net
Sat May 28 21:40:03 CEST 2011


Up(nil):	unknown_exe	RIPE	RU	noc at msk-adsl.ru	31.184.237.46	 to 31.184.237.46	31.184.237.46	http://31.184.237.46/nghfvw.exe
Up(nil):	TR/Spy.SpyEyes.hug	RIPE	RU	info at colocat.ru	109.95.210.33	 to 109.95.210.33	cz.cc	http://xopotor.cz.cc/pk5lg4/load.php?view=mdac
Up(nil):	unknown_exe	RIPE	RU	abuse at demos.net	194.87.50.148	 to 194.87.50.148	keylogger.ru	http://www.keylogger.ru/s/keylogger_netp_ru.exe
Up(nil):	BDS/Hupigon.Gen	APNIC	CN	abuse at hichina.com	121.199.143.29	 to 121.199.143.29	jingshida.com.cn	http://www.jingshida.com.cn/dir.exe
Up(nil):	unknown_exe	RIPE	DE	abuse at hetzner.de	188.40.209.183	 to 188.40.209.183	gerhard-klassen.de	http://www.gerhard-klassen.de/images/phocadownload/UAC.exe
Down:	NA	APNIC	IN	abuse at bsnl.in	210.212.0.250	 to 210.212.0.250	calcuttatelephones.com	http://www.calcuttatelephones.com/dataoneinstall/pppoe.exe
Up(nil):	DR/Ransom.BHO.BM	RIPE	RU	info at mtw.ru	77.91.226.120	 to 77.91.226.120	cinema-film-4you.ru	http://cinema-film-4you.ru/files/install_flash_player_ax.exe
Up(nil):	unknown_exe	APNIC	AU	support at exetel.com.au	220.233.150.34	 to 220.233.150.34	exetel.com.au	http://34.150.233.220.static.exetel.com.au/ftp/top2.gif
Up(nil):	PUA.Packed.PECompact-1	APNIC	AU	support at exetel.com.au	220.233.150.34	 to 220.233.150.34	exetel.com.au	http://34.150.233.220.static.exetel.com.au/ftp/top1.gif
Down:	unknown_html_google_malware	ARIN	US	abuse at softlayer.com	74.86.251.49	 to 74.86.251.49	vallesoft.com	http://www.vallesoft.com/POSMANAGER/images/TAM-Viajens.exe
Down:	NA	APNIC	CN	abuse at gddc.com.cn	125.89.197.2	 to 125.89.197.2	pp312321.info	http://www.pp312321.info/2/index.html
Up(nil):	TR/Crypt.XPACK.Gen	LACNIC	BR	abuse at kinghost.com.br	189.38.90.52	 to 189.38.90.52	agoravai2011.co.cc	http://www.agoravai2011.co.cc/swf/moduloa.swf
Down:	NA	APNIC	CN	abuse at chinaunicom.cn	221.209.17.178	 to 221.209.17.178	qq275.com	http://w3.youxi.qq275.com/jaikdjfa.exe
Down:	NA	APNIC	CN	abuse at chinaunicom.cn	221.209.17.178	 to 221.209.17.178	qq275.com	http://w3.youxi.qq275.com/ipool.exe
Up(nil):	unknown_exe	APNIC	CN	abuse at chinaunicom.cn	221.209.17.178	 to 221.209.17.178	qq275.com	http://w3.youxi.qq275.com/gbee00000003.exe
Up(nil):	unknown_file_$INSTDIR/Game.exe	APNIC	CN	abuse at chinaunicom.cn	221.209.17.178	 to 221.209.17.178	qq275.com	http://w3.youxi.qq275.com/erluofang.exe
Down:	NA	APNIC	CN	abuse at chinaunicom.cn	221.209.17.178	 to 221.209.17.178	qq275.com	http://w3.youxi.qq275.com/electronica.exe
Down:	NA	APNIC	CN	abuse at chinaunicom.cn	221.209.17.178	 to 221.209.17.178	qq275.com	http://w3.youxi.qq275.com/dzjpmj.exe
Down:	NA	APNIC	CN	abuse at chinaunicom.cn	221.209.17.178	 to 221.209.17.178	qq275.com	http://w3.youxi.qq275.com/dynomit.exe
Down:	NA	APNIC	CN	abuse at chinaunicom.cn	221.209.17.178	 to 221.209.17.178	qq275.com	http://w3.youxi.qq275.com/dynomitedeluxe.exe
Up(nil):	KIT/Binder.aap.14	APNIC	CN	abuse at chinaunicom.cn	221.209.17.178	 to 221.209.17.178	qq275.com	http://w3.youxi.qq275.com/dwllk.exe
Down:	NA	APNIC	CN	abuse at chinaunicom.cn	221.209.17.178	 to 221.209.17.178	qq275.com	http://w3.youxi.qq275.com/duiyi_setup.exe
Down:	NA	APNIC	CN	abuse at chinaunicom.cn	221.209.17.178	 to 221.209.17.178	qq275.com	http://w3.youxi.qq275.com/dingdingchinaxiangqi1_5.exe
Down:	NA	APNIC	CN	abuse at chinaunicom.cn	221.209.17.178	 to 221.209.17.178	qq275.com	http://w3.youxi.qq275.com/dfsajfkdsjf.exe
Down:	NA	APNIC	CN	abuse at chinaunicom.cn	221.209.17.178	 to 221.209.17.178	qq275.com	http://w3.youxi.qq275.com/deltaforcetaskforcedagger.exe
Down:	NA	APNIC	CN	abuse at chinaunicom.cn	221.209.17.178	 to 221.209.17.178	qq275.com	http://w3.youxi.qq275.com/daodantank.exe
Down:	NA	APNIC	CN	abuse at chinaunicom.cn	221.209.17.178	 to 221.209.17.178	qq275.com	http://w3.youxi.qq275.com/dailysudoku.exe
Down:	NA	APNIC	CN	abuse at chinaunicom.cn	221.209.17.178	 to 221.209.17.178	qq275.com	http://w3.youxi.qq275.com/cwllk.exe
Up(nil):	W32/Almanahe.B	APNIC	CN	abuse at chinaunicom.cn	221.209.17.178	 to 221.209.17.178	qq275.com	http://w3.youxi.qq275.com/cwllk2.exe
Down:	NA	APNIC	CN	abuse at chinaunicom.cn	221.209.17.178	 to 221.209.17.178	qq275.com	http://w3.youxi.qq275.com/cwlianliankan.exe
Down:	NA	APNIC	CN	abuse at chinaunicom.cn	221.209.17.178	 to 221.209.17.178	qq275.com	http://w3.youxi.qq275.com/brewxmow.exe
Up(nil):	PUA.Packed.ASPack	ARIN	US	abuse at theplanet.com	74.53.3.23	 to 74.53.3.23	motodicas.co.cc	http://motodicas.co.cc/support/ulapril.gif
Up(nil):	PUA.Packed.ASPack	ARIN	US	abuse at theplanet.com	74.53.3.23	 to 74.53.3.23	motodicas.co.cc	http://motodicas.co.cc/support/probe.gif
Up(nil):	TR/Dropper.Gen	ARIN	US	abuse at theplanet.com	74.53.3.23	 to 74.53.3.23	motodicas.co.cc	http://motodicas.co.cc/support/deth.gif
Up(nil):	Trojan.Agent-119128	ARIN	US	abuse at theplanet.com	74.53.3.23	 to 74.53.3.23	motodicas.co.cc	http://motodicas.co.cc/contact/xena.gif
Up(nil):	unknown_exe	ARIN	US	abuse at dimenoc.com	66.7.199.82	 to 66.7.199.82	hdfree.in	http://larau20.hdfree.in/xpra/zmosz.jpg
Up(nil):	unknown_exe	ARIN	US	abuse at dimenoc.com	66.7.199.82	 to 66.7.199.82	hdfree.in	http://larau20.hdfree.in/xpra/nek2.jpg
Up(nil):	TR/Crypt.XPACK.Gen	LACNIC	BR	l-registrobr-uol at corp.uol.com.br	200.98.197.44	 to 200.98.197.44	dominiotemporario.com	http://laranjainf.dominiotemporario.com/img/titles/moduloa.jpg
Up(nil):	PHP/RemoteAdmi.6444	RIPE	AT	abuse at uta.at	212.152.181.197	 to 212.152.181.197	stuhlpfarrer.at	http://www.stuhlpfarrer.at/vero.txt??
Togglevirusname:	mdl_zeus v2 trojan to TR/Dropper.Gen	ARIN	US	abuse at singlehop.com	184.154.231.8	 to 184.154.231.8	ognir.info	http://ognir.info/magento/svchost.exe
Up(nil):	TR/Dropper.Gen	ARIN	US	abuse at singlehop.com	184.154.231.8	 to 184.154.231.8	ognir.info	http://ognir.info/magento/svchost.exe
Togglevirusname:	mdl_zeus v2 trojan to TR/Dropper.Gen	ARIN	US	abuse at singlehop.com	184.154.231.8	 to 184.154.231.8	ognir.info	http://ognir.info/magento/MORPH_A9D3129CFC96.EXE
Up(nil):	TR/Dropper.Gen	ARIN	US	abuse at singlehop.com	184.154.231.8	 to 184.154.231.8	ognir.info	http://ognir.info/magento/MORPH_A9D3129CFC96.EXE
Down:	mdl_zeus v2 config file	ARIN	US	abuse at singlehop.com	184.154.231.8	 to 184.154.231.8	ognir.info	http://ognir.info/magento/.../.../config.bin
Down:	mdl_zeus v2 drop zone	ARIN	US	abuse at singlehop.com	184.154.231.8	 to 184.154.231.8	ognir.info	http://ognir.info/magento/.../.../gate.php
Down:	mdl_zeus v2 trojan	ARIN	US	abuse at singlehop.com	184.154.231.8	 to 184.154.231.8	ognir.info	http://ognir.info/magento/.../.../bot.exe
Down:	mdl_zeus v2 drop zone	RIPE	ES	abuse at ovh.net	87.98.231.19	 to 87.98.231.19	cc4real.es	http://cc4real.es/systtem/gate.php
Togglevirusname:	mdl_zeus v2 trojan to TR/Crypt.ZPACK.Gen	RIPE	ES	abuse at ovh.net	87.98.231.19	 to 87.98.231.19	cc4real.es	http://cc4real.es/systtem/bot.exe
Up(nil):	TR/Crypt.ZPACK.Gen	RIPE	ES	abuse at ovh.net	87.98.231.19	 to 87.98.231.19	cc4real.es	http://cc4real.es/systtem/bot.exe
Togglevirusname:	mdl_zeus v2 config file to unknown_html_RFI	RIPE	ES	abuse at ovh.net	87.98.231.19	 to 87.98.231.19	cc4real.es	http://cc4real.es/systtem/cfg.bin
Up(nil):	unknown_html_RFI	RIPE	ES	abuse at ovh.net	87.98.231.19	 to 87.98.231.19	cc4real.es	http://cc4real.es/systtem/cfg.bin
Down:	mdl_zeus v1 drop zone	ARIN	US	abuse at godaddy.com	208.109.119.216	 to 208.109.119.216	modelosymodelos.com	http://www.modelosymodelos.com/clases/video.php
Down:	mdl_zeus v1 trojan	ARIN	US	abuse at godaddy.com	208.109.119.216	 to 208.109.119.216	modelosymodelos.com	http://www.modelosymodelos.com/clases/cafe.exe
Down:	mdl_zeus v1 config file	ARIN	US	abuse at godaddy.com	208.109.119.216	 to 208.109.119.216	modelosymodelos.com	http://www.modelosymodelos.com/clases/cafe.bin
Togglevirusname:	Trojan.Win32.FakeAV.dgbw to unknown_html_RFI_shell	ARIN	US	abuse at godaddy.com	173.201.198.128	 to 173.201.198.128	win-monitoring-software.com	http://www.win-monitoring-software.com/
Up(nil):	unknown_html_RFI_shell	ARIN	US	abuse at godaddy.com	173.201.198.128	 to 173.201.198.128	win-monitoring-software.com	http://www.win-monitoring-software.com/
Up(nil):	PHP/Pbot.A.6	LACNIC	BR	fapesp at corp.globo.com	201.7.184.2	 to 201.7.184.2	kit.net	http://astronis.kit.net/hahaha/bot.txt
Down:	mdl_fake AV	RIPE	RO	abuse at evolva.ro	94.60.32.217	 to 94.60.32.217	imacdefence.com	http://imacdefence.com/download.php
Down:	mdl_fake AV	RIPE	RO	abuse at evolva.ro	94.60.32.217	 to 94.60.32.217	mac-protection.com	http://mac-protection.com/download.php
Down:	mdl_fake AV	RIPE	RO	abuse at evolva.ro	94.60.32.217	 to 94.60.32.217	essclean-online.com	http://essclean-online.com/download.php
Down:	mdl_fake AV	RIPE	RO	abuse at evolva.ro	94.60.32.217	 to 94.60.32.217	esscleaner.com	http://esscleaner.com/download.php
Togglevirusname:	mdl_trojan downloader to unknown_exe	RIPE	DE	abuse at xsserver.eu	109.230.213.187	 to 109.230.213.187	hotxvideoskhc.tk	http://hotxvideoskhc.tk/new/dogsex02.avi.exe
Up(nil):	unknown_exe	RIPE	DE	abuse at xsserver.eu	109.230.213.187	 to 109.230.213.187	hotxvideoskhc.tk	http://hotxvideoskhc.tk/new/dogsex02.avi.exe
Down:	mdl_fake av	RIPE	NL	ripe at panther-it.nl	78.41.203.13	 to 78.41.203.13	searchwritpigny.co.cc	http://searchwritpigny.co.cc/89cee4d8557f1a1a/n3p/0/freevideoplugin.exe
Down:	Virus.Win32.KME	RIPE	RU	noc at msk-adsl.ru	31.184.237.46	 to 31.184.237.46	31.184.237.46	http://31.184.237.46/
Togglevirusname:	Virus.Win32.KME to HTML/Frame.loo	RIPE	PL	abuse at home.pl	89.161.166.243	 to 89.161.166.243	tesaart.pl	http://www.tesaart.pl/
Up(nil):	HTML/Frame.loo	RIPE	PL	abuse at home.pl	89.161.166.243	 to 89.161.166.243	tesaart.pl	http://www.tesaart.pl/
Togglevirusname:	Virus.Win32.KME to HTML/Frame.loo	RIPE	PL	abuse at home.pl	89.161.166.243	 to 89.161.166.243	tesaart.pl	http://titlewww.tesaart.pl/
Up(nil):	HTML/Frame.loo	RIPE	PL	abuse at home.pl	89.161.166.243	 to 89.161.166.243	tesaart.pl	http://titlewww.tesaart.pl/
Togglevirusname:	Trojan.Generic.1719428 to HTML/Frame.loo	RIPE	DE	abuse at uk.colt.net	217.111.109.30	 to 217.111.109.30	soblonde-game.com	http://www.soblonde-game.com/
Up(nil):	HTML/Frame.loo	RIPE	DE	abuse at uk.colt.net	217.111.109.30	 to 217.111.109.30	soblonde-game.com	http://www.soblonde-game.com/
Up(nil):	unknown_html	ARIN	US	abuse at dreamhost.com	69.163.170.242	 to 69.163.170.242	cr3ation.co.uk	http://www.i.cr3ation.co.uk/dl/s1/exe/
Down:	AdWare.Win32.FunWeb.jp	LACNIC	BR	abuse at comdominio.com.br	201.20.37.231	 to 201.20.37.231	bomdebolanew.com.br	http://www.bomdebolanew.com.br/new/files/biblioteca/musicas/radio/uol/nacionais/
Up(nil):	BDS/PHP.Agent.EI	APNIC	KR	ip at kidc.net	110.45.143.144	 to 110.45.143.144	110.45.143.144	http://110.45.143.144/~kd1/.../.../ID.txt?
Up(nil):	PHP/PHPShell.E	ARIN	US	bnbrock at maileig.com	72.22.89.250	 to 72.22.89.250	h4ck.la	http://cafecrew.h4ck.la/RFI/id.txt?
Down:	mdl_fake av	RIPE	DE	abuse at t-ipnet.de	84.129.12.12	 to 78.41.203.13	dragenlanro.co.cc	http://dragenlanro.co.cc/e23e7f365fce3527/sa1/0/freesystemscan.exe
Down:	mdl_fake scanner page	RIPE	DE	abuse at t-ipnet.de	84.129.12.12	 to 84.129.12.12	dragenlanro.co.cc	http://dragenlanro.co.cc/c3694735a184cb7c/sa1/33/
Down:	mdl_redirects to fake av	RIPE	UA	abuse at uahoster.org	91.217.153.46	 to 91.217.153.46	dorotydiary.org	http://www.dorotydiary.org/tmp/33.php
Down:	mdl_redirects to fake av	RIPE	UA	abuse at uahoster.org	91.217.153.46	 to 91.217.153.46	dorotydiary.org	http://www.dorotydiary.org/tmp/go.php
Down:	mdl_redirects to fake av	RIPE	UA	abuse at uahoster.org	91.217.153.46	 to 91.217.153.46	bradpittfanclub.org	http://www.bradpittfanclub.org/tmp/go.php
Down:	mdl_trojan	RIPE	RO	abuse at powerhost.ro	86.55.210.234	 to 86.55.210.234	86.55.210.234	http://86.55.210.234/d3vic3/bl.php?i=2
Down:	mdl_Phoenix exploit kit	RIPE	RO	abuse at powerhost.ro	86.55.210.234	 to 86.55.210.234	4bfa61.co.cc	http://4bfa61.co.cc/d3vic3/iuivklkq.php?n=173
Down:	AdWare.Win32.FunWeb.jp	ARIN	US	hostmaster at he.net	64.62.181.46	 to 64.62.181.46	ripway.com	http://h1.ripway.com/omipro/
Down:	mdl_zeus v2 drop zone	RIPE	DE	abuse at netdirekt.de	188.72.202.198	 to 188.72.202.198	forppp.net	http://forppp.net/zs/gate.php
Togglevirusname:	mdl_zeus v2 config file to unknown_html_RFI	RIPE	DE	abuse at netdirekt.de	188.72.202.198	 to 188.72.202.198	forppp.net	http://forppp.net/zs/config.bin
Up(nil):	unknown_html_RFI	RIPE	DE	abuse at netdirekt.de	188.72.202.198	 to 188.72.202.198	forppp.net	http://forppp.net/zs/config.bin
Down:	mdl_zeus v2 drop zone	RIPE	RU	abuse at 2x4.ru	92.241.168.57	 to 92.241.168.57	faint.ir	http://faint.ir/bat/gol.php
Togglevirusname:	mdl_zeus v2 config file to unknown_html_RFI	RIPE	RU	abuse at 2x4.ru	92.241.168.57	 to 92.241.168.57	faint.ir	http://faint.ir/bat/un.bin
Up(nil):	unknown_html_RFI	RIPE	RU	abuse at 2x4.ru	92.241.168.57	 to 92.241.168.57	faint.ir	http://faint.ir/bat/un.bin
Down:	Trojan.Win32.Pasmu.aay	APNIC	JP	whois-rat-admin at rat.jp	27.96.63.245	 to 27.96.63.245	fono.jp	http://fono.jp/uploader/src/
Down:	Backdoor.Win32.Hupigon.eqzd	ARIN	US	aes-noc at amazon.com	50.17.180.175	 to 184.72.247.62	dropbox.com	http://dl.dropbox.com/u/8239246/
Up(nil):	unknown_html	APNIC	CN	abuse at hichina.com	121.199.143.29	 to 121.199.143.29	jingshida.com.cn	http://www.jingshida.com.cn/
Down:	AdWare.Win32.FunWeb.jp	APNIC	TW	idcservice at fareastone.com.tw	122.147.44.18	 to 122.147.44.18	pny.com.tw	http://www.pny.com.tw/pny_ch/upload/
Down:	Trojan-Downloader.Win32.Agent.gpca	LACNIC	BR	abuse at kinghost.com.br	189.38.81.87	 to 189.38.81.87	agromundo.com.br	http://www.agromundo.com.br/nf/
Togglevirusname:	Constructor.Win32.Binder.aap to TSPY_BANKER.SMY	LACNIC	BR	abuse at kinghost.com.br	189.38.81.87	 to 189.38.81.87	agromundo.com.br	http://www.agromundo.com.br/nf/nfe_00007864.pdf/
Up(nil):	TSPY_BANKER.SMY	LACNIC	BR	abuse at kinghost.com.br	189.38.81.87	 to 189.38.81.87	agromundo.com.br	http://www.agromundo.com.br/nf/nfe_00007864.pdf/
Down:	Trojan.Win32.Genome.ckqu	LACNIC	BR	abuse at kinghost.com.br	189.38.90.52	 to 189.38.90.52	agoravai2011.co.cc	http://www.agoravai2011.co.cc/swf/
Togglevirusname:	WebToolbar.Win32.Zango.gen to HTML/Frame.loo	RIPE	DE	abuse at uk.colt.net	217.111.109.30	 to 217.111.109.30	soblonde-game.com	http://soblonde-game.com/
Up(nil):	HTML/Frame.loo	RIPE	DE	abuse at uk.colt.net	217.111.109.30	 to 217.111.109.30	soblonde-game.com	http://soblonde-game.com/
Down:	Trojan-Spy.Win32.Zbot.boxz	ARIN	US	abuse at internap.com	66.150.14.88	 to 66.150.14.87	hotbar.com	http://origin-ics.hotbar.com/IC/GPLHBLite49/17730/0/fb136b54-d8d7-47e7-90b9-8a44f893482a/
Down:	NA	LACNIC	BR	blkadm at NIC.BR	187.73.33.7	 to 187.73.33.7	quintadasaguas.com.br	http://quintadasaguas.com.br/images/allnet.jpg??
Down:	NA	LACNIC	BR	blkadm at NIC.BR	187.73.33.7	 to 187.73.33.7	quintadasaguas.com.br	http://quintadasaguas.com.br/images/byroe.jpg??
Up(nil):	unknown_html_google_malware	RIPE	TR	bilgi at dgn.net.tr	109.235.249.115	 to 109.235.249.115	xxx-boardz.com	http://xxx-boardz.com/pichoster/msd/

---------------------
for online data visit http://support.clean-mx.de/clean-mx/viruses.php
---------------------


More information about the VirusWatch mailing list