SHARE
TWEET

#WARNING #Phishing URL of MalwareMustDie!

MalwareMustDie Apr 1st, 2013 443 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. // #MalwareMustDie! @unixfreaxjp ~]$ date
  2. // First post: Mon Apr  1 22:01:39 JST 2013
  3. // Updates-1: Tue Apr  2 14:40:45 JST 2013
  4.  
  5. // This is the silly childish effort of the MalwareMoronz Bad Actor
  6. // to make the infections by using fake domain of MalwareMustDie
  7. // by using the parked domain name: MALWAREMUSTDIE.BLOGSPOT.ORG
  8. // Please be aware and block the domain of BLOGSPOT.ORG.
  9. // We are sure there are many Researcher's site located in BLOGSPOT
  10. // can also be threaten in the same way.
  11. // Please be noted, below is the link - We sniffed & expose this right away.
  12. // Thanks for the friends who mentioned this URL with the malware download detection:
  13.  
  14. h00p://malwaremustdie.blogspot.org/info/Debt.html?ses=Y3JlPTEzNjQ4MjA4MzMmdGNpZD1tYWx3YXJlbXVzdGRpZS5ibG9nc3BvdC5vcmc1MTU5ODM2MThhODY2OC4wOTQzMTQ5OCZma2k9MTUyMzE2NTA2JnRhc2s9c2VhcmNoJmRvbWFpbj1ibG9nc3BvdC5vcmcmcz0xMGZjNjY0ZGY5Y2I5M2M4ODAwZCZsYW5ndWFnZT1lbiZhX2lkPTM=&category=Finance&keyword=Debt&token=
  15. h00p://malwaremustdie.blogspot.org/info/Insurance.html?ses=Y3JlPTEzNjQ4MjA4MzMmdGNpZD1tYWx3YXJlbXVzdGRpZS5ibG9nc3BvdC5vcmc1MTU5ODM2MThhODY2OC4wOTQzMTQ5OCZma2k9MTUyMzE2NTA2JnRhc2s9c2VhcmNoJmRvbWFpbj1ibG9nc3BvdC5vcmcmcz0xMGZjNjY0ZGY5Y2I5M2M4ODAwZCZsYW5ndWFnZT1lbiZhX2lkPTM=&category=Finance&keyword=Insurance&token=
  16. h00p://malwaremustdie.blogspot.org/info/Shopping.html?ses=Y3JlPTEzNjQ4MjA4MzMmdGNpZD1tYWx3YXJlbXVzdGRpZS5ibG9nc3BvdC5vcmc1MTU5ODM2MThhODY2OC4wOTQzMTQ5OCZma2k9MTUyMzE2NTA2JnRhc2s9c2VhcmNoJmRvbWFpbj1ibG9nc3BvdC5vcmcmcz0xMGZjNjY0ZGY5Y2I5M2M4ODAwZCZsYW5ndWFnZT1lbiZhX2lkPTM=&category=Shopping&keyword=Shopping&token=
  17. h00p://malwaremustdie.blogspot.org/info/Lingerie.html?ses=Y3JlPTEzNjQ4MjA4MzMmdGNpZD1tYWx3YXJlbXVzdGRpZS5ibG9nc3BvdC5vcmc1MTU5ODM2MThhODY2OC4wOTQzMTQ5OCZma2k9MTUyMzE2NTA2JnRhc2s9c2VhcmNoJmRvbWFpbj1ibG9nc3BvdC5vcmcmcz0xMGZjNjY0ZGY5Y2I5M2M4ODAwZCZsYW5ndWFnZT1lbiZhX2lkPTM=&category=Shopping&keyword=Lingerie&token=
  18. h00p://malwaremustdie.blogspot.org/info/Shoes.html?ses=Y3JlPTEzNjQ4MjA4MzMmdGNpZD1tYWx3YXJlbXVzdGRpZS5ibG9nc3BvdC5vcmc1MTU5ODM2MThhODY2OC4wOTQzMTQ5OCZma2k9MTUyMzE2NTA2JnRhc2s9c2VhcmNoJmRvbWFpbj1ibG9nc3BvdC5vcmcmcz0xMGZjNjY0ZGY5Y2I5M2M4ODAwZCZsYW5ndWFnZT1lbiZhX2lkPTM=&category=Shopping&keyword=Shoes&token=
  19. h00p://malwaremustdie.blogspot.org/info/Sales.html?ses=Y3JlPTEzNjQ4MjA4MzMmdGNpZD1tYWx3YXJlbXVzdGRpZS5ibG9nc3BvdC5vcmc1MTU5ODM2MThhODY2OC4wOTQzMTQ5OCZma2k9MTUyMzE2NTA2JnRhc2s9c2VhcmNoJmRvbWFpbj1ibG9nc3BvdC5vcmcmcz0xMGZjNjY0ZGY5Y2I5M2M4ODAwZCZsYW5ndWFnZT1lbiZhX2lkPTM=&category=Shopping&keyword=Sales&token=
  20. h00p://malwaremustdie.blogspot.org/info/Lifestyle.html?ses=Y3JlPTEzNjQ4MjA4MzMmdGNpZD1tYWx3YXJlbXVzdGRpZS5ibG9nc3BvdC5vcmc1MTU5ODM2MThhODY2OC4wOTQzMTQ5OCZma2k9MTUyMzE2NTA2JnRhc2s9c2VhcmNoJmRvbWFpbj1ibG9nc3BvdC5vcmcmcz0xMGZjNjY0ZGY5Y2I5M2M4ODAwZCZsYW5ndWFnZT1lbiZhX2lkPTM=&category=Lifestyle&keyword=Lifestyle&token=
  21. h00p://malwaremustdie.blogspot.org/info/Fitness.html?ses=Y3JlPTEzNjQ4MjA4MzMmdGNpZD1tYWx3YXJlbXVzdGRpZS5ibG9nc3BvdC5vcmc1MTU5ODM2MThhODY2OC4wOTQzMTQ5OCZma2k9MTUyMzE2NTA2JnRhc2s9c2VhcmNoJmRvbWFpbj1ibG9nc3BvdC5vcmcmcz0xMGZjNjY0ZGY5Y2I5M2M4ODAwZCZsYW5ndWFnZT1lbiZhX2lkPTM=&category=Lifestyle&keyword=Fitness&token=
  22. h00p://malwaremustdie.blogspot.org/info/Diet.html?ses=Y3JlPTEzNjQ4MjA4MzMmdGNpZD1tYWx3YXJlbXVzdGRpZS5ibG9nc3BvdC5vcmc1MTU5ODM2MThhODY2OC4wOTQzMTQ5OCZma2k9MTUyMzE2NTA2JnRhc2s9c2VhcmNoJmRvbWFpbj1ibG9nc3BvdC5vcmcmcz0xMGZjNjY0ZGY5Y2I5M2M4ODAwZCZsYW5ndWFnZT1lbiZhX2lkPTM=&category=Lifestyle&keyword=Diet&token=
  23. h00p://malwaremustdie.blogspot.org/info/Games.html?ses=Y3JlPTEzNjQ4MjA4MzMmdGNpZD1tYWx3YXJlbXVzdGRpZS5ibG9nc3BvdC5vcmc1MTU5ODM2MThhODY2OC4wOTQzMTQ5OCZma2k9MTUyMzE2NTA2JnRhc2s9c2VhcmNoJmRvbWFpbj1ibG9nc3BvdC5vcmcmcz0xMGZjNjY0ZGY5Y2I5M2M4ODAwZCZsYW5ndWFnZT1lbiZhX2lkPTM=&category=Games&keyword=Games&token=
  24. h00p://malwaremustdie.blogspot.org/info/Wii.html?ses=Y3JlPTEzNjQ4MjA4MzMmdGNpZD1tYWx3YXJlbXVzdGRpZS5ibG9nc3BvdC5vcmc1MTU5ODM2MThhODY2OC4wOTQzMTQ5OCZma2k9MTUyMzE2NTA2JnRhc2s9c2VhcmNoJmRvbWFpbj1ibG9nc3BvdC5vcmcmcz0xMGZjNjY0ZGY5Y2I5M2M4ODAwZCZsYW5ndWFnZT1lbiZhX2lkPTM=&category=Games&keyword=Wii&token=
  25. h00p://malwaremustdie.blogspot.org/info/XBox360.html?ses=Y3JlPTEzNjQ4MjA4MzMmdGNpZD1tYWx3YXJlbXVzdGRpZS5ibG9nc3BvdC5vcmc1MTU5ODM2MThhODY2OC4wOTQzMTQ5OCZma2k9MTUyMzE2NTA2JnRhc2s9c2VhcmNoJmRvbWFpbj1ibG9nc3BvdC5vcmcmcz0xMGZjNjY0ZGY5Y2I5M2M4ODAwZCZsYW5ndWFnZT1lbiZhX2lkPTM=&category=Games&keyword=XBox360&token=
  26. h00p://malwaremustdie.blogspot.org/info/PS3.html?ses=Y3JlPTEzNjQ4MjA4MzMmdGNpZD1tYWx3YXJlbXVzdGRpZS5ibG9nc3BvdC5vcmc1MTU5ODM2MThhODY2OC4wOTQzMTQ5OCZma2k9MTUyMzE2NTA2JnRhc2s9c2VhcmNoJmRvbWFpbj1ibG9nc3BvdC5vcmcmcz0xMGZjNjY0ZGY5Y2I5M2M4ODAwZCZsYW5ndWFnZT1lbiZhX2lkPTM=&category=Games&keyword=PS3&token=
  27. h00p://malwaremustdie.blogspot.org/info/Internet.html?ses=Y3JlPTEzNjQ4MjA4MzMmdGNpZD1tYWx3YXJlbXVzdGRpZS5ibG9nc3BvdC5vcmc1MTU5ODM2MThhODY2OC4wOTQzMTQ5OCZma2k9MTUyMzE2NTA2JnRhc2s9c2VhcmNoJmRvbWFpbj1ibG9nc3BvdC5vcmcmcz0xMGZjNjY0ZGY5Y2I5M2M4ODAwZCZsYW5ndWFnZT1lbiZhX2lkPTM=&category=Internet&keyword=Internet&token=
  28. h00p://malwaremustdie.blogspot.org/info/Broadband.html?ses=Y3JlPTEzNjQ4MjA4MzMmdGNpZD1tYWx3YXJlbXVzdGRpZS5ibG9nc3BvdC5vcmc1MTU5ODM2MThhODY2OC4wOTQzMTQ5OCZma2k9MTUyMzE2NTA2JnRhc2s9c2VhcmNoJmRvbWFpbj1ibG9nc3BvdC5vcmcmcz0xMGZjNjY0ZGY5Y2I5M2M4ODAwZCZsYW5ndWFnZT1lbiZhX2lkPTM=&category=Internet&keyword=Broadband&token=
  29. h00p://malwaremustdie.blogspot.org/info/Travel.html?ses=Y3JlPTEzNjQ4MjA4MzMmdGNpZD1tYWx3YXJlbXVzdGRpZS5ibG9nc3BvdC5vcmc1MTU5ODM2MThhODY2OC4wOTQzMTQ5OCZma2k9MTUyMzE2NTA2JnRhc2s9c2VhcmNoJmRvbWFpbj1ibG9nc3BvdC5vcmcmcz0xMGZjNjY0ZGY5Y2I5M2M4ODAwZCZsYW5ndWFnZT1lbiZhX2lkPTM=&category=Travel&keyword=Travel&token=
  30. h00p://malwaremustdie.blogspot.org/info/Flights.html?ses=Y3JlPTEzNjQ4MjA4MzMmdGNpZD1tYWx3YXJlbXVzdGRpZS5ibG9nc3BvdC5vcmc1MTU5ODM2MThhODY2OC4wOTQzMTQ5OCZma2k9MTUyMzE2NTA2JnRhc2s9c2VhcmNoJmRvbWFpbj1ibG9nc3BvdC5vcmcmcz0xMGZjNjY0ZGY5Y2I5M2M4ODAwZCZsYW5ndWFnZT1lbiZhX2lkPTM=&category=Travel&keyword=Flights&token=
  31. h00p://malwaremustdie.blogspot.org/info/Vacations.html?ses=Y3JlPTEzNjQ4MjA4MzMmdGNpZD1tYWx3YXJlbXVzdGRpZS5ibG9nc3BvdC5vcmc1MTU5ODM2MThhODY2OC4wOTQzMTQ5OCZma2k9MTUyMzE2NTA2JnRhc2s9c2VhcmNoJmRvbWFpbj1ibG9nc3BvdC5vcmcmcz0xMGZjNjY0ZGY5Y2I5M2M4ODAwZCZsYW5ndWFnZT1lbiZhX2lkPTM=&category=Travel&keyword=Vacations&token=
  32. h00p://malwaremustdie.blogspot.org/info/Electronics.html?ses=Y3JlPTEzNjQ4MjA4MzMmdGNpZD1tYWx3YXJlbXVzdGRpZS5ibG9nc3BvdC5vcmc1MTU5ODM2MThhODY2OC4wOTQzMTQ5OCZma2k9MTUyMzE2NTA2JnRhc2s9c2VhcmNoJmRvbWFpbj1ibG9nc3BvdC5vcmcmcz0xMGZjNjY0ZGY5Y2I5M2M4ODAwZCZsYW5ndWFnZT1lbiZhX2lkPTM=&category=Electronics&keyword=Electronics&token=
  33. h00p://malwaremustdie.blogspot.org/info/Telephones.html?ses=Y3JlPTEzNjQ4MjA4MzMmdGNpZD1tYWx3YXJlbXVzdGRpZS5ibG9nc3BvdC5vcmc1MTU5ODM2MThhODY2OC4wOTQzMTQ5OCZma2k9MTUyMzE2NTA2JnRhc2s9c2VhcmNoJmRvbWFpbj1ibG9nc3BvdC5vcmcmcz0xMGZjNjY0ZGY5Y2I5M2M4ODAwZCZsYW5ndWFnZT1lbiZhX2lkPTM=&category=Electronics&keyword=Telephones&token=
  34. h00p://malwaremustdie.blogspot.org/info/PDAs.html?ses=Y3JlPTEzNjQ4MjA4MzMmdGNpZD1tYWx3YXJlbXVzdGRpZS5ibG9nc3BvdC5vcmc1MTU5ODM2MThhODY2OC4wOTQzMTQ5OCZma2k9MTUyMzE2NTA2JnRhc2s9c2VhcmNoJmRvbWFpbj1ibG9nc3BvdC5vcmcmcz0xMGZjNjY0ZGY5Y2I5M2M4ODAwZCZsYW5ndWFnZT1lbiZhX2lkPTM=&category=Electronics&keyword=PDAs&token=
  35. h00p://malwaremustdie.blogspot.org/info/Computers.html?ses=Y3JlPTEzNjQ4MjA4MzMmdGNpZD1tYWx3YXJlbXVzdGRpZS5ibG9nc3BvdC5vcmc1MTU5ODM2MThhODY2OC4wOTQzMTQ5OCZma2k9MTUyMzE2NTA2JnRhc2s9c2VhcmNoJmRvbWFpbj1ibG9nc3BvdC5vcmcmcz0xMGZjNjY0ZGY5Y2I5M2M4ODAwZCZsYW5ndWFnZT1lbiZhX2lkPTM=&category=Computers&keyword=Computers&token=
  36. h00p://malwaremustdie.blogspot.org/info/Hardware.html?ses=Y3JlPTEzNjQ4MjA4MzMmdGNpZD1tYWx3YXJlbXVzdGRpZS5ibG9nc3BvdC5vcmc1MTU5ODM2MThhODY2OC4wOTQzMTQ5OCZma2k9MTUyMzE2NTA2JnRhc2s9c2VhcmNoJmRvbWFpbj1ibG9nc3BvdC5vcmcmcz0xMGZjNjY0ZGY5Y2I5M2M4ODAwZCZsYW5ndWFnZT1lbiZhX2lkPTM=&category=Computers&keyword=Hardware&token=
  37. h00p://malwaremustdie.blogspot.org/info/Laptops.html?ses=Y3JlPTEzNjQ4MjA4MzMmdGNpZD1tYWx3YXJlbXVzdGRpZS5ibG9nc3BvdC5vcmc1MTU5ODM2MThhODY2OC4wOTQzMTQ5OCZma2k9MTUyMzE2NTA2JnRhc2s9c2VhcmNoJmRvbWFpbj1ibG9nc3BvdC5vcmcmcz0xMGZjNjY0ZGY5Y2I5M2M4ODAwZCZsYW5ndWFnZT1lbiZhX2lkPTM=&category=Computers&keyword=Laptops&token=
  38. h00p://malwaremustdie.blogspot.org/info/Jobs.html?ses=Y3JlPTEzNjQ4MjA4MzMmdGNpZD1tYWx3YXJlbXVzdGRpZS5ibG9nc3BvdC5vcmc1MTU5ODM2MThhODY2OC4wOTQzMTQ5OCZma2k9MTUyMzE2NTA2JnRhc2s9c2VhcmNoJmRvbWFpbj1ibG9nc3BvdC5vcmcmcz0xMGZjNjY0ZGY5Y2I5M2M4ODAwZCZsYW5ndWFnZT1lbiZhX2lkPTM=&category=Jobs&keyword=Jobs&token=
  39. h00p://malwaremustdie.blogspot.org/info/Entertainment.html?ses=Y3JlPTEzNjQ4MjA4MzMmdGNpZD1tYWx3YXJlbXVzdGRpZS5ibG9nc3BvdC5vcmc1MTU5ODM2MThhODY2OC4wOTQzMTQ5OCZma2k9MTUyMzE2NTA2JnRhc2s9c2VhcmNoJmRvbWFpbj1ibG9nc3BvdC5vcmcmcz0xMGZjNjY0ZGY5Y2I5M2M4ODAwZCZsYW5ndWFnZT1lbiZhX2lkPTM=&category=Entertainment&keyword=Entertainment&token=
  40. h00p://malwaremustdie.blogspot.org/info/Music.html?ses=Y3JlPTEzNjQ4MjA4MzMmdGNpZD1tYWx3YXJlbXVzdGRpZS5ibG9nc3BvdC5vcmc1MTU5ODM2MThhODY2OC4wOTQzMTQ5OCZma2k9MTUyMzE2NTA2JnRhc2s9c2VhcmNoJmRvbWFpbj1ibG9nc3BvdC5vcmcmcz0xMGZjNjY0ZGY5Y2I5M2M4ODAwZCZsYW5ndWFnZT1lbiZhX2lkPTM=&category=Entertainment&keyword=Music&token=
  41. h00p://malwaremustdie.blogspot.org/info/MP3s.html?ses=Y3JlPTEzNjQ4MjA4MzMmdGNpZD1tYWx3YXJlbXVzdGRpZS5ibG9nc3BvdC5vcmc1MTU5ODM2MThhODY2OC4wOTQzMTQ5OCZma2k9MTUyMzE2NTA2JnRhc2s9c2VhcmNoJmRvbWFpbj1ibG9nc3BvdC5vcmcmcz0xMGZjNjY0ZGY5Y2I5M2M4ODAwZCZsYW5ndWFnZT1lbiZhX2lkPTM=&category=Entertainment&keyword=MP3s&token=
  42. h00p://malwaremustdie.blogspot.org/info/Movies.html?ses=Y3JlPTEzNjQ4MjA4MzMmdGNpZD1tYWx3YXJlbXVzdGRpZS5ibG9nc3BvdC5vcmc1MTU5ODM2MThhODY2OC4wOTQzMTQ5OCZma2k9MTUyMzE2NTA2JnRhc2s9c2VhcmNoJmRvbWFpbj1ibG9nc3BvdC5vcmcmcz0xMGZjNjY0ZGY5Y2I5M2M4ODAwZCZsYW5ndWFnZT1lbiZhX2lkPTM=&category=Entertainment&keyword=Movies&token=
  43. h00p://malwaremustdie.blogspot.org/info/Sports.html?ses=Y3JlPTEzNjQ4MjA4MzMmdGNpZD1tYWx3YXJlbXVzdGRpZS5ibG9nc3BvdC5vcmc1MTU5ODM2MThhODY2OC4wOTQzMTQ5OCZma2k9MTUyMzE2NTA2JnRhc2s9c2VhcmNoJmRvbWFpbj1ibG9nc3BvdC5vcmcmcz0xMGZjNjY0ZGY5Y2I5M2M4ODAwZCZsYW5ndWFnZT1lbiZhX2lkPTM=&category=Entertainment&keyword=Sports&token=
  44. h00p://malwaremustdie.blogspot.org/info/Gifts.html?ses=Y3JlPTEzNjQ4MjA4MzMmdGNpZD1tYWx3YXJlbXVzdGRpZS5ibG9nc3BvdC5vcmc1MTU5ODM2MThhODY2OC4wOTQzMTQ5OCZma2k9MTUyMzE2NTA2JnRhc2s9c2VhcmNoJmRvbWFpbj1ibG9nc3BvdC5vcmcmcz0xMGZjNjY0ZGY5Y2I5M2M4ODAwZCZsYW5ndWFnZT1lbiZhX2lkPTM=&category=Gifts&keyword=Gifts&token=
  45. h00p://malwaremustdie.blogspot.org/info/Wedding.html?ses=Y3JlPTEzNjQ4MjA4MzMmdGNpZD1tYWx3YXJlbXVzdGRpZS5ibG9nc3BvdC5vcmc1MTU5ODM2MThhODY2OC4wOTQzMTQ5OCZma2k9MTUyMzE2NTA2JnRhc2s9c2VhcmNoJmRvbWFpbj1ibG9nc3BvdC5vcmcmcz0xMGZjNjY0ZGY5Y2I5M2M4ODAwZCZsYW5ndWFnZT1lbiZhX2lkPTM=&category=Gifts&keyword=Wedding&token=
  46. h00p://malwaremustdie.blogspot.org/info/Flowers.html?ses=Y3JlPTEzNjQ4MjA4MzMmdGNpZD1tYWx3YXJlbXVzdGRpZS5ibG9nc3BvdC5vcmc1MTU5ODM2MThhODY2OC4wOTQzMTQ5OCZma2k9MTUyMzE2NTA2JnRhc2s9c2VhcmNoJmRvbWFpbj1ibG9nc3BvdC5vcmcmcz0xMGZjNjY0ZGY5Y2I5M2M4ODAwZCZsYW5ndWFnZT1lbiZhX2lkPTM=&category=Gifts&keyword=Flowers&token=
  47. h00p://malwaremustdie.blogspot.org/info/Rings.html?ses=Y3JlPTEzNjQ4MjA4MzMmdGNpZD1tYWx3YXJlbXVzdGRpZS5ibG9nc3BvdC5vcmc1MTU5ODM2MThhODY2OC4wOTQzMTQ5OCZma2k9MTUyMzE2NTA2JnRhc2s9c2VhcmNoJmRvbWFpbj1ibG9nc3BvdC5vcmcmcz0xMGZjNjY0ZGY5Y2I5M2M4ODAwZCZsYW5ndWFnZT1lbiZhX2lkPTM=&category=Gifts&keyword=Rings&token=
  48. h00p://malwaremustdie.blogspot.org/info/Watches.html?ses=Y3JlPTEzNjQ4MjA4MzMmdGNpZD1tYWx3YXJlbXVzdGRpZS5ibG9nc3BvdC5vcmc1MTU5ODM2MThhODY2OC4wOTQzMTQ5OCZma2k9MTUyMzE2NTA2JnRhc2s9c2VhcmNoJmRvbWFpbj1ibG9nc3BvdC5vcmcmcz0xMGZjNjY0ZGY5Y2I5M2M4ODAwZCZsYW5ndWFnZT1lbiZhX2lkPTM=&category=Gifts&keyword=Watches&token=
  49. h00p://malwaremustdie.blogspot.org/info/Dating.html?ses=Y3JlPTEzNjQ4MjA4MzMmdGNpZD1tYWx3YXJlbXVzdGRpZS5ibG9nc3BvdC5vcmc1MTU5ODM2MThhODY2OC4wOTQzMTQ5OCZma2k9MTUyMzE2NTA2JnRhc2s9c2VhcmNoJmRvbWFpbj1ibG9nc3BvdC5vcmcmcz0xMGZjNjY0ZGY5Y2I5M2M4ODAwZCZsYW5ndWFnZT1lbiZhX2lkPTM=&category=Dating&keyword=Dating&token=
  50. h00p://malwaremustdie.blogspot.org/info/Singles.html?ses=Y3JlPTEzNjQ4MjA4MzMmdGNpZD1tYWx3YXJlbXVzdGRpZS5ibG9nc3BvdC5vcmc1MTU5ODM2MThhODY2OC4wOTQzMTQ5OCZma2k9MTUyMzE2NTA2JnRhc2s9c2VhcmNoJmRvbWFpbj1ibG9nc3BvdC5vcmcmcz0xMGZjNjY0ZGY5Y2I5M2M4ODAwZCZsYW5ndWFnZT1lbiZhX2lkPTM=&category=Dating&keyword=Singkes&token=
  51. h00p://malwaremustdie.blogspot.org/info/Chat.html?ses=Y3JlPTEzNjQ4MjA4MzMmdGNpZD1tYWx3YXJlbXVzdGRpZS5ibG9nc3BvdC5vcmc1MTU5ODM2MThhODY2OC4wOTQzMTQ5OCZma2k9MTUyMzE2NTA2JnRhc2s9c2VhcmNoJmRvbWFpbj1ibG9nc3BvdC5vcmcmcz0xMGZjNjY0ZGY5Y2I5M2M4ODAwZCZsYW5ndWFnZT1lbiZhX2lkPTM=&category=Dating&keyword=Chat&token=
  52.  
  53. /*NOTED:
  54. Reports said malware was downloaded from the above site at dated April 1st, 2013
  55. Analysis shown the spam/SCAM sites effort using the phishing act of the MalwareMustDie domains.
  56. Spam categody: Adult scam, pharmacy scam, fake rolex, OnlineJobs scam
  57.  
  58. // Malicious(PHISHING IN THIS CASE) Verdict:
  59.  
  60. @unixfreaxjp ~]$ date
  61. Tue Apr  1 23:17:01 JST 2013
  62. http://urlquery.net/report.php?id=1733178
  63. ====================================
  64. IP ADDRESS: 82.98.86.174
  65. ====================================
  66. inetnum:        82.98.86.0 - 82.98.86.255
  67. netname:        SEDO-1-NET
  68. descr:          Sedo Domain Parking
  69. descr:          c/o Plusline
  70. country:        DE
  71. admin-c:        UP448-RIPE
  72. tech-c:         PLN
  73. status:         ASSIGNED PA
  74. remarks:        --------------------------------
  75. remarks:        For abuse issues, please contact abuse@fhe3.com
  76. remarks:        For networking Issues, please contact notdienst@fhe3.com
  77. remarks:        --------------------------------
  78. mnt-by:         PLUSLINE-MNT
  79. source:         RIPE # Filtered
  80. role:           Plus.Line Noc
  81. address:        Plus.line AG
  82. address:        Mainzer Landstr. 199
  83. address:        60326 Frankfurt
  84. address:        Germany
  85. phone:          +49 69 758915 0
  86. fax-no:         +49 69 758915 33
  87. person:         Ulrich Priesner
  88. address:        Sedo GmbH
  89. address:        Im Mediapark 6
  90. address:        50670 Koeln
  91. address:        Germany
  92. phone:          +49 221 34030-0
  93. nic-hdl:        UP448-RIPE
  94. mnt-by:         PLUSLINE-MNT
  95. source:         RIPE # Filtered
  96. route:          82.98.86.0/24
  97. descr:          Sedo GmbH
  98. descr:          c/o Plus.line AG
  99. origin:         AS47846
  100. mnt-by:         PLUSLINE-MNT
  101. source:         RIPE # Filtered
  102.  
  103. ====================================
  104.  
  105. // Another MALICIOUS((PHISHING IN THIS CASE)) (underlined) BLOGSPOT.ORG domains:
  106.     anaznet.blogspot.org
  107.     animationdatabase.blogspot.org
  108.     chantler411.blogspot.org
  109.     filmstreamingdb.blogspot.org
  110.     glamlifehousewife.blogspot.org
  111.     guesshermuff2.blogspot.org
  112.     intercambiosvirtuales.blogspot.org
  113.     malwaremustdie.blogspot.org
  114.     mel-fabregas-does-not-write-his-own-questions-asia-gastro.blogspot.org
  115.     mel-fabregas-does-not-write-his-own-questions-blowjobs-porno.blogspot.org
  116.     mel-fabregas-does-not-write-his-own-questions-quick-and-prof.blogspot.org
  117.     mel-fabregas-does-not-write-his-own-questions.blogspot.org
  118.     mel-fabregas-does-not-write-his-own-veritas-questions.blogspot.org
  119.     mel-fabregas-does-not-write-his-own-veritasradio-questions.blogspot.org
  120.     mel-fabregas-malware-clickfraud-cybercrime-money-laundry.blogspot.org
  121.     moekyashweco.blogspot.org
  122.     organisasiancontact.blogspot.org
  123.     pay-day-online.blogspot.org
  124.     pornilove.blogspot.org
  125.     secondcitycop.blogspot.org
  126.     wejailbreak.blogspot.org
  127.     www.blogspot.org
  128.  
  129. // Bad Domains history of 82.98.86.174:
  130.  
  131. ////Fake Antivirus & fake security products/infector domains:
  132. antispyscan.com
  133. antispyware-xp2009.com
  134. antispywaredirect.com
  135. antivirus-deluxe.com
  136. antivirus-scanner-online.com
  137. antivirus-scanner.net
  138. antivirus-xp-pro2009.com
  139. blockspam.com
  140. ////Russian infector domains:
  141. 6via-net.ru
  142. anna-babe.ru
  143. exefiles.ru
  144. ipatovsoft.ru
  145.  odnoklasik.ru
  146. odnoklassnili.ru
  147. rp3.ru
  148. ////other phishing (NOTED THE MISSPELL/for phishing)
  149. cynamonowe-dni.blogdpot.com
  150. inzamam99.blogsopt.in
  151.  
  152. //CURRENT (PhishingDomains).BLOGSPOT.ORG Network Analysis:
  153.  
  154. @unixfreaxjp ~]$ date
  155. Tue Apr  2 13:47:28 JST 2013 // They moved to US network now..
  156.  
  157. //TODAY's checking result of all A records of the used BLOGSPOT.ORG
  158. anaznet.blogspot.org,72.52.4.90,
  159. animationdatabase.blogspot.org,72.52.4.90,
  160. chantler411.blogspot.org,72.52.4.90,
  161. filmstreamingdb.blogspot.org,72.52.4.90,
  162. glamlifehousewife.blogspot.org,72.52.4.90,
  163. guesshermuff2.blogspot.org,72.52.4.90,
  164. intercambiosvirtuales.blogspot.org,72.52.4.90,
  165. malwaremustdie.blogspot.org,72.52.4.90,
  166. mel-fabregas-does-not-write-his-own-questions-asia-gastro.blogspot.org,72.52.4.90,
  167. mel-fabregas-does-not-write-his-own-questions-blowjobs-porno.blogspot.org,72.52.4.90,
  168. mel-fabregas-does-not-write-his-own-questions-quick-and-prof.blogspot.org,72.52.4.90,
  169. mel-fabregas-does-not-write-his-own-questions.blogspot.org,72.52.4.90,
  170. mel-fabregas-does-not-write-his-own-veritas-questions.blogspot.org,72.52.4.90,
  171. mel-fabregas-does-not-write-his-own-veritasradio-questions.blogspot.org,72.52.4.90,
  172. mel-fabregas-malware-clickfraud-cybercrime-money-laundry.blogspot.org,72.52.4.90,
  173. moekyashweco.blogspot.org,72.52.4.90,
  174. organisasiancontact.blogspot.org,72.52.4.90,
  175. pay-day-online.blogspot.org,72.52.4.90,
  176. pornilove.blogspot.org,72.52.4.90,
  177. secondcitycop.blogspot.org,72.52.4.90,
  178. wejailbreak.blogspot.org,72.52.4.90,
  179. www.blogspot.org,72.52.4.90,
  180. ===============================
  181. IP Address: 72.52.4.90
  182. ===============================
  183. NetRange:       72.52.0.0 - 72.52.63.255
  184. CIDR:           72.52.0.0/18
  185. OriginAS:       AS32787
  186. NetName:        PROLEXIC
  187. NetHandle:      NET-72-52-0-0-1
  188. Parent:         NET-72-0-0-0-0
  189. NetType:        Direct Allocation
  190. Comment:        http://www.prolexic.com / NOC hours are 24/7
  191. RegDate:        2005-07-11
  192. Updated:        2012-02-24
  193. Ref:            http://whois.arin.net/rest/net/NET-72-52-0-0-1
  194.  
  195. //Which this new IP has worse historical malicious domains:
  196. 01.sharedsource.org
  197. fotoshop.ru
  198. fotozhenshin.ru
  199. m-odnoklassniki.ru
  200. mail-rambler.ru
  201. nsddd.ru
  202. pay1.additionalguard.net
  203. pay2.additionalguard.net
  204. platinumbristol.net
  205. setup.ghwr87ytiuwhgf4ihsjdnbbdvsh.com
  206. tv-yandex.ru
  207. update1.additionalguard.net
  208. update2.additionalguard.net
  209. ww1.00000000000000.ce.ms
  210. ww1.00hq.com
  211. ww1.0593tguo.ce.ms
  212. ww1.0s96f4y.ce.ms
  213. ww1.1001stars.porkyhost.com
  214. ww1.123.ce.ms
  215. ww1.2155473454.ce.ms
  216. ww1.21900obo.ce.ms
  217. ww1.2222wrwrwr.ce.ms
  218. ww1.22ahglsjleijvlsjieb.ce.ms
  219. ww1.24hrbackup.ce.ms
  220. ww1.24sjegohmjosee.ce.ms
  221. ww1.2s.ce.ms
  222. ww1.38pp.ce.ms
  223. ww1.3rdkjhgtuhryt67.ce.ms
  224. ww1.44444444444444444.ce.ms
  225. ww1.4efeffeer.ce.ms
  226. ww1.4xsafaxxxxx.ce.ms
  227. ww1.67.pl
  228. ww1.81hja01aala.com
  229. ww1.8787878787878787.ce.ms
  230. ww1.8uskufhsihcslie.ce.ms
  231. ww1.a-bed-pillows.bedcheap.us
  232. ww1.a-futon-into-a-bed.bedcheap.us
  233. ww1.aadsfqle.ce.ms
  234. ww1.abelas.com
  235. ww1.acnada-delievry10proudcts.ce.ms
  236. ww1.adultsiwm.com
  237. ww1.adultwap.mobi
  238. ww1.aetwdvsix.ce.ms
  239. ww1.agerzve.ce.ms
  240. ww1.agwyiqx.ce.ms
  241. ww1.ahoj.com
  242. ww1.ailqay.com-hpalm.ce.ms
  243. ww1.aipfxvtglo.ce.ms
  244. ww1.air-bed-frame.bedcheap.us
  245. ww1.ajgbiccqgh.ce.ms
  246. ww1.ajyxxun.ce.ms
  247. ww1.aknmlvkeho.ce.ms
  248. ww1.akzruyh.ce.ms
  249. ww1.al7al.net
  250. ww1.alexander-sleigh-bed.bedcheap.us
  251. ww1.aljaplyj.ce.ms
  252. ww1.all-day-bed.bedcheap.us
  253. ww1.all-wood-bunk-bed.bedcheap.us
  254. ww1.alpay.ce.ms
  255. ww1.alsarm.com
  256. ww1.alternative-bed-pillows.bedcheap.us
  257. ww1.amateur-hard.com
  258. ww1.amcsslyzxa.ce.ms
  259. ww1.american-iron-bed.bedcheap.us
  260. ww1.american-king-size-bed.bedcheap.us
  261. ww1.ami-hosting.org
  262. ww1.anetgate.com
  263. ww1.antique-king-bed.bedcheap.us
  264. ww1.antique-white-bed.bedcheap.us
  265. ww1.apartliberal.com
  266. ww1.apiuxcoauy.ce.ms
  267. ww1.apnwlly.ce.ms
  268. ww1.apqgbferng.ce.ms
  269. ww1.arfaspd.ce.ms
  270. ww1.artofag.ce.ms
  271. ww1.asdfgggjhwtgrrghpohpihvw.ce.ms
  272. ww1.asjddddhgkjhtgopypqfgqeg.ce.ms
  273. ww1.atacymye.ce.ms
  274. ww1.atmbosyx.ce.ms
  275. ww1.atqnfcn.ce.ms
  276. ww1.atuallizer.fizwig.com
  277. ww1.atuotrader.com
  278. ww1.audio-video.ws
  279. ww1.ausrxvia1epmd.ce.ms
  280. ww1.autostoriche.com
  281. ww1.avtjicn.ce.ms
  282. ww1.awsyhlfj.ce.ms
  283. ww1.axuzhwi.ce.ms
  284. ww1.ayfjzuw.ce.ms
  285. ww1.azmsxdaiok.ce.ms
  286. ww1.bakabt.com
  287. ww1.batqr019k-a.com
  288.    :(etc etc....)
  289.  
  290. // Landing page Analysis: http://urlquery.net/report.php?id=1741772 < Now from TDS URL redirection changed into SEO Domain park....WTF.., PS: 72.52.4.90 reputation is bad for TDS
  291.  
  292. --2013-04-02 14:12:26--  http://malwaremustdie.blogspot.org/info/Watches.html?ses=Y3JlPTEzNjQ4MjA4MzMmdGNpZD1tYWx3YXJlbXVzdGRpZS5ibG9nc3BvdC5vcmc1MTU5ODM2MThhODY2OC4wOTQzMTQ5OCZma2k9MTUyMzE2NTA2JnRhc2s9c2VhcmNoJmRvbWFpbj1ibG9nc3BvdC5vcmcmcz0xMGZjNjY0ZGY5Y2I5M2M4ODAwZCZsYW5ndWFnZT1lbiZhX2lkPTM=&amp;amp;category=Gifts&amp;amp;keyword=Watches&amp;amp;token=
  293. Resolving malwaremustdie.blogspot.org (malwaremustdie.blogspot.org)... 72.52.4.90
  294. Caching malwaremustdie.blogspot.org => 72.52.4.90
  295. Connecting to malwaremustdie.blogspot.org (malwaremustdie.blogspot.org)|72.52.4.90|:80... connected.
  296. GET /info/Watches.html?ses=Y3JlPTEzNjQ4MjA4MzMmdGNpZD1tYWx3YXJlbXVzdGRpZS5ibG9nc3BvdC5vcmc1MTU5ODM2MThhODY2OC4wOTQzMTQ5OCZma2k9MTUyMzE2NTA2JnRhc2s9c2VhcmNoJmRvbWFpbj1ibG9nc3BvdC5vcmcmcz0xMGZjNjY0ZGY5Y2I5M2M4ODAwZCZsYW5ndWFnZT1lbiZhX2lkPTM=&amp;amp;category=Gifts&amp;amp;keyword=Watches&amp;amp;token= HTTP/1.1
  297. Accept: */*
  298. Host: malwaremustdie.blogspot.org
  299. Connection: Keep-Alive
  300. HTTP request sent, awaiting response...
  301.   :
  302. HTTP/1.0 200 OK
  303. Date: Tue, 02 Apr 2013 05:12:27 GMT
  304. Server: Apache
  305. X-Powered-By: PHP/5.3.3-7+squeeze14
  306. Expires: Mon, 26 Jul 1997 05:00:00 GMT
  307. Last-Modified: Tue, 02 Apr 2013 05:12:27 GMT
  308. Cache-Control: no-store, no-cache, must-revalidate
  309. Cache-Control: post-check=0, pre-check=0
  310. Pragma: no-cache
  311. Set-Cookie: tu=6a471872930814a45627951d92b8bbc1; expires=Tue, 31-Dec-2019 23:00:00 GMT; path=/; domain=blogspot.org; httponly
  312. X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_M9NQvgXpKLzo50v5cQ0OXWTqBn5ObwOXcMHcrl5ZNw6npdAiIlNHp8mtEblP0ETWqVpYDTbTbYQFh53moHt07g==
  313. Vary: User-Agent,Accept-Encoding
  314. Content-Type: text/html
  315. X-Cache: MISS from 276820
  316. Connection: close
  317.   :
  318. 200 OK
  319. cdm: 1 2 3 4 5 6 7 8
  320. Stored cookie blogspot.org -1 (ANY) / <permanent> <insecure> [expiry 2020-01-01 08:00:00] tu 6a471872930814a45627951d92b8bbc1
  321. Length: unspecified [text/html]
  322. Saving to: `test.txt'
  323. 2013-04-02 14:12:28 (39.3 KB/s) - `test.txt' saved [31138]
  324.  
  325. // Domain Analysis:
  326.  
  327. Domain ID:D96652261-LROR
  328. Domain Name:BLOGSPOT.ORG
  329. Created On:20-Mar-2003 12:50:34 UTC
  330. Last Updated On:03-Mar-2013 22:48:36 UTC
  331. Expiration Date:20-Mar-2014 12:50:34 UTC
  332. Sponsoring Registrar:Fabulous.com Pty Ltd. (R133-LROR)
  333. Status:CLIENT TRANSFER PROHIBITED
  334. Registrant ID:ab139aea7121a3ff
  335. Registrant Name:Domain Hostmaster, CustomerID : 14528331844425
  336. Registrant Organization:Whois Privacy Services Pty Ltd
  337. Registrant Street1:PO Box 923
  338. Registrant Street2:
  339. Registrant Street3:
  340. Registrant City:Fortitude Valley
  341. Registrant State/Province:QLD
  342. Registrant Postal Code:4006
  343. Registrant Country:AU
  344. Registrant Phone:+61.730070090
  345. Registrant Phone Ext.:
  346. Registrant FAX:+61.730070091
  347. Registrant FAX Ext.:
  348. Registrant Email:14528331844425-395f10@whoisprivacyservices.com.au
  349.  
  350. // ID analysis:
  351.  
  352. Registrant linked to:
  353. Steve15733@gmail.com
  354. daisy1@dreamwiz.com
  355. steeveforum@email.com
  356. kerryweb@gmail.com
  357. of:
  358. KerryWeb Enterprise, Inc.
  359. North West Enterprise, Inc.
  360. WWW Enterprise, Inc.
  361. Windtree, Inc.
  362.  
  363. Lead to this individual: http://gotcha-whosbad.blogspot.jp/2007/02/taeho-kim-korean-or-american-you-decide.html
  364.  
  365. //Snip of the individual behind blogspot.org
  366. Taeho Kim - Korean or American? You decide.
  367.  
  368. //Addresses which believed relate to Taeho Kim:
  369.  
  370. P.O Box 118,5850 W. 3rd Street
  371. Los Angeles, CA 90036
  372. US Phone: +82.112262899 (Korean Country Code)
  373. Fax: +82.626030969
  374.  
  375. 22915 Telegraph Rd Santa Fe springs
  376. Los Angeles, CA 90670
  377. US
  378. +82-11-226-2899
  379. 2133939001
  380.  
  381. //Incomplete addresses used in registered some of his thousands of domain names:
  382.  
  383. North West Enterprise,Inc
  384. Array
  385. Santa Fe springs CA 90670
  386.  
  387. WWW Enterprise,Inc.
  388. Array
  389. Los Angeles CA 90036
  390. US
  391. +1.4102104279
  392.  
  393. "Array" is obviously not the same of the street. He is supposed to put the correct address there.
  394.  
  395. Here is some Korean data. This data was gotten from WIPO complaints or WHOIS data.
  396.  
  397. taeho
  398. taeho
  399. 948
  400. seoku County Derry
  401. 502-153 KR
  402. +82.112262899
  403. +82.625250625
  404.  
  405. Windtree, Inc.
  406. 303-1304 gumhobestvill,
  407. 808 gumhodong,
  408. Seoku, Gwangju, Jeonnam, Republic of Korea.
  409.  
  410. Mr. Kim Taeho of 101-1213 Dok Lim Jeil Park, 284 Wolsan Dong Namku Gwangsu, Republic of Korea was represented by Canadian counsel Mr. Zak Muscovitch, Barrister & Solicitor of Neinstein & Associates, Toronto, Ontario, Canada
  411.  
  412. 101-1213doklimjeilpark,284wolsan3dong,namku
  413. kwangju, kj 503233
  414. KR 82-11-226-2899 82-62-525-0625 [fax]
  415.  
  416. Enamecorp.com, of 303-1304 Gumhobestvill,
  417. 808 Gumhodong, Seoku – Kwangju,
  418. Kwangju, Republic of Korea 502 - 154
  419.  
  420. Hong yunju
  421. 11-234 SaneopYutongCenter,
  422. 948 seoku 82-19-689-6969 82-62-525-0625 domains@hanafos.com
  423.  
  424. Financial Park (Labuan) Sdn. Bhd.
  425. Level 3, Main Office Tower
  426. Financial Park Labuan Complex
  427. Jalan Merdeka W.P. Labuan 87000
  428. MY
  429. +852.24921169
  430.  
  431. ----
  432.  
  433. #MalwareMustDie
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top