Another fake av site:rodaco.org
Domain Hash 94f43071befdbcaf02482e09e2a7a3ef
IP Address 66.96.131.89 [SCAN]
IP Hostname 89.131.96.66.static.eigbox.net
IP Country US (United States)
AS Number 29873
AS Name BIZLAND-SD - The Endurance International Group
:
Threat Name: HTTP Fake AV Redirect Request
Location: hxtp://rodaco.org/vlruf.php?pageid=april%20fools%20day%20history
Threat Name: HTTP Fake AV Redirect Request
Location: htxp://rodaco.org/vlruf.php?pageid=auhsd
Threat Name: HTTP Fake AV Redirect Request
Location: htxp://rodaco.org/vlruf.php?pageid=cesar%20chavez%20biography
Threat Name: HTTP Fake AV Redirect Request
Location: htxp://rodaco.org/vlruf.php?pageid=fledgling%20foundation
Threat Name: HTTP Fake AV Redirect Request
Location: htxp://rodaco.org/vlruf.php?pageid=siohvaughn%20wade%20std
Another one from Moldova:
Threats found: 58
Here a sample of them:
Threat Name: HTTP Fake AV Redirect Request
Location: htxp://lariska12.osa.pl/in.php?t=cc&d=30-06-2010_t_0107_08&h=baby-shower-4u.com&p=http%3A%2F%2Fwww.google.com%2Fsearch%3Fnum%3D100%26sourceid%3Dchrome%26ie%3DUTF-8%26q%3D%EF%BB%BFThe%2BTwilight%2BSaga%3A%2BEclipse
Threat Name: HTTP Fake AV Redirect Request
Location: htxp://lariska12.osa.pl/in.php?t=cc&d=30-06-2010_t_0107_08&h=bluehillsmoto.com&p=http%3A%2F%2Fwww.google.com%2Fsearch%3Fnum%3D100%26sourceid%3Dchrome%26ie%3DUTF-8%26q%3D%EF%BB%BFThe%2BTwilight%2BSaga%3A%2BEclipse
Threat Name: HTTP Fake AV Redirect Request
Location: htxp://lariska12.osa.pl/in.php?t=cc&d=30-06-2010_t_0107_08&h=comnicity.com&p=http%3A%2F%2Fwww.google.com%2Fsearch%3Fnum%3D100%26sourceid%3Dchrome%26ie%3DUTF-8%26q%3D%EF%BB%BFThe%2BTwilight%2BSaga%3A%2BEclipse
Threat Name: HTTP Fake AV Redirect Request
Location: htxp://lariska12.osa.pl/in.php?t=cc&d=30-06-2010_t_0107_08&h=donsrcmodels.com&p=http%3A%2F%2Fwww.google.com%2Fsearch%3Fnum%3D100%26sourceid%3Dchrome%26ie%3DUTF-8%26q%3D%EF%BB%BFThe%2BTwilight%2BSaga%3A%2BEclipse
Threat Name: HTTP Fake AV Redirect Request
Location: htxp://lariska12.osa.pl/in.php?t=cc&d=30-06-2010_t_0107_08&h=earlsauction.com&p=http%3A%2F%2Fwww.google.com%2Fsearch%3Fnum%3D100%26sourceid%3Dchrome%26ie%3DUTF-8%26q%3D%EF%BB%BFThe%2BTwilight%2BSaga%3A%2BEclipse
Threat Name: HTTP Fake AV Redirect Request
Location: htxp://lariska12.osa.pl/in.php?t=cc&d=30-06-2010_t_0107_08&h=helix-x.com&p=http%3A%2F%2Fwww.google.com%2Fsearch%3Fnum%3D100%26sourceid%3Dchrome%26ie%3DUTF-8%26q%3D%EF%BB%BFThe%2BTwilight%2BSaga%3A%2BEclipse
Threat Name: HTTP Fake AV Redirect Request
Location: hxtp://lariska12.osa.pl/in.php?t=cc&d=30-06-2010_t_0107_08&h=kalpulli.org&p=http%3A%2F%2Fwww.google.com%2Fsearch%3Fnum%3D100%26sourceid%3Dchrome%26ie%3DUTF-8%26q%3D%EF%BB%BFThe%2BTwilight%2BSaga%3A%2BEclipse
Threat Name: HTTP Fake AV Redirect Request
Location: htxp://lariska12.osa.pl/in.php?t=cc&d=30-06-2010_t_0107_08&h=kwzone.com&p=http%3A%2F%2Fwww.google.com%2Fsearch%3Fnum%3D100%26sourceid%3Dchrome%26ie%3DUTF-8%26q%3D%EF%BB%BFThe%2BTwilight%2BSaga%3A%2BEclipse
Threat Name: HTTP Fake AV Redirect Request
Location: htxp://lariska12.osa.pl/in.php?t=cc&d=30-06-2010_t_0107_08&h=kwzone.com&p=http%3A%2F%2Fwww.google.com%2Fsearch%3Fnum%3D100%26sourceid%3Dchrome%26ie%3DUTF-8%26q%3Declipse%2Bpremiere
Threat Name: HTTP Fake AV Redirect Request
Location: htxp://lariska12.osa.pl/in.php?t=cc&d=30-06-2010_t_0107_08&h=marylandvisiontherapy.com&p=http%3A%2F%2Fwww.google.com%2Fsearch%3Fnum%3D100%26sourceid%3Dchrome%26ie%3DUTF-8%26q%3Declipse%2Bpremiere
Threats found: 25
Here is a sample:
Threat Name: HTTP Fake AV Redirect Request
Location: htxp://barbolafuneralchapel.com/cbyrt.php?off=roy%20williams%20youtube
Threat Name: HTTP Fake AV Redirect Request
Location: htxp://barbolafuneralchapel.com/cbyrt.php?off=s1%20homes
Threat Name: HTTP Fake AV Redirect Request
Location: htxp://barbolafuneralchapel.com/cbyrt.php?off=schnepf%20farms%20twitter
Threat Name: HTTP Fake AV Redirect Request
Location: hxtp://barbolafuneralchapel.com/cbyrt.php?off=sertraline%20and%20alcohol
Threat Name: HTTP Fake AV Redirect Request
Location: htxp://barbolafuneralchapel.com/cbyrt.php?off=shukufuku%20no%20campanella%20ep%201
Threat Name: HTTP Fake AV Redirect Request
Location: htxp://barbolafuneralchapel.com/cbyrt.php?off=shukufuku%20no%20campanella%20tv
Threat Name: HTTP Fake AV Redirect Request
Location: htxp://barbolafuneralchapel.com/cbyrt.php?off=stella%20marie%20ray
Threat Name: HTTP Fake AV Redirect Request
Location: hxtp://barbolafuneralchapel.com/cbyrt.php?off=watch%20one%20piece
Threat Name: HTTP Fake AV Redirect Request
Location: hxtp://barbolafuneralchapel.com/cbyrt.php?off=world%20cup%20finals
Threat Name: HTTP Fake AV Redirect Request
Location: htxp://barbolafuneralchapel.com/cbyrt.php?off=www.applegiftgiveaway.info
This site was hosted on 1 network including AS29671 (SERVAGE),
computer symptoms upon infection are:
Unexpected connection to the unsafe domains frequently,
New added Registry keys files detailed or Registry modification,
System always crash for no man-made reason at all,
The memory of your System reduces unusually,
Further info on: htxp://ksu-antispyware.co.cc/fast-scan/
Initially most likely “TROJAN.HTML.FRAUD!IK” will not appear because it is in IE temp. location,
but it will reveal itself with the proper cleansing routine…