Hi Pondus,
If I go here and open op unmasked parasites on http://www.google.com/safebrowsing/diagnostic?site=tongho.co.th
then initially I get clean, but when I really click through for this page I get:
http://www.google.com/safebrowsing/diagnostic?site=tongho.co.th
The last time Google visited this site was on 29/03/2011. The last time suspicious content was found on this site was on 29/03/2011.
Malicious software includes 203 trojan (s), 111 scripting exploit (s).
This site was hosted on a network (s) including AS23884 (PROENNET).
Has this site acted as an intermediary resulting in further distribution of malware?
It seems that tongho.co.th the past 90 days has functioned as an intermediary for the infection of 168 site (s) including freephotopaper.com /, webandgraphicsolutions.com /, componentesdebisuteria.es /.
Has this site hosted malware?
Yes, this site has in the past 90 days hosted malicious software. It infected 387 domain (s), including babyinfanti.cl /, m-indya.com /, freephotopaper.com /.
I also experience that on URLVoid all seems clean but inspecting further by clicking the sublinks the site is flagged somewhere… So you better always verify when you are checking these resources…
And now at the original scan site there unmasked parasites finds reason for suspicion now:
http://www.google.com/safebrowsing/diagnostic?site=www.showfilmfirst.com
Malicious software includes 2 scripting exploits. Successful infection resulted in an average of 1 new process on the target machine.
Malicious software is hosted on 4 domains,e.g. guardwinscan.com/, solomon-vl.cz.cc/, tournamentwinscan.com/.
2 domains appear to be functioning as intermediaries for distributing malware to visitors of this site, including 86.55.140.0 /, protectprofitscan.com /.
This site was hosted on 1 network(s) including AS20738 (AS20738).
See for the origin of distributed malware: http://safeweb.norton.com/report/show?name=protectprofitscan.com
Firefox Malware site
G-Data Malware site
Google Safebrowsing Malware site
Small wonder it now appears here on the netblocks list during the last 24 hrs: http://www.pyrenean.com/Netblocks
and a nice article on the DNS Super Black Hole can be found here: http://www.computersecurityarticles.info/tag/hunting/
source: computersecurityarticles dot info
pol