Do we need an Internet Policing Force with all power? I can still download malware from a site that was published weeks ago…..

Most of the readers here know that I am not a fan of over policing and abuse of power…etc. However, the internet isn’t under just any one jurisdiction (although just about most people think the USA is that).

 

There are a lot more sites out there now then ever scanning and posting malicious sites and content for security teams to block and analyze as well as be added into your anti-virus on true positives. The majority of executables (like posted below) are from e-mail malspam that includes a maco based attachment that when opened and the macro runs, it connects to these sites to download and install the malware without you none the wiser.

 

Another one of our sites connects to these links and downloads the samples in a cyber range and publishes the traffic and any other information pertinent to it to help with writing snort rules, etc.

Look at the image below from vxvault, today is the 12th and I am able to download files that were posted and scanned published from about ten days ago and sometimes up to and beyond 30 days.  If the malware is hosted on a hacked website the service provider and webmaster will usually be notified and the account suspended or file removed within a few hours or days – the FBI also can under court order seize any TLD that is US owned, problem solved quickly then right?

 

What happens when the malware is hosted in a 3rd world country? What if it is hosted by the crimeware actors themselves knowing that there is no extradite law and their government has bigger problems to worry about?

 

 

 

 

 

 

 

 

Malc0de Database Feed

whitelabel.tradetoolsfx.com — URL: whitelabel.tradetoolsfx.com/tmp/1c.jpg, IP Address: 85.93.145.251, Country: RU, ASN: 34300, MD5: 78be5b87f4282ad396ba0cdb3219a8c411:35 PM

188.166.74.218 — URL: 188.166.74.218/dog.exe, IP Address: 188.166.74.218, Country: NL, ASN: 14061, MD5: 775e871065821f70c34594acd97b2cc811:35 PM

jgcarpetcleaning.com — URL: jgcarpetcleaning.com/wp-content/themes/bb-theme/classes/1.pdf, IP Address: 69.16.213.18, Country: US, ASN: 32244, MD5: 821db42aed5076881f1ccf04fb9f302511:35 PM

majedtrading.com — URL: majedtrading.com/wp-content/themes/lawworx/js/wow/1c.jpg, IP Address: 151.80.195.140, Country: IT, ASN: 16276, MD5: cf28320bf297dadc31406788511a3ccf11:35 PM

pepperbagz.com — URL: pepperbagz.com/wp-content/themes/basel/fonts/1c.jpg, IP Address: 202.179.136.69, Country: ID, ASN: 136170, MD5: cf28320bf297dadc31406788511a3ccf11:35 PM

ats.pl — URL: ats.pl/templates/ats/css/1c.jpg, IP Address: 193.106.216.44, Country: PL, ASN: 50505, MD5: 035a27584ca5c489b0f5b3e58fccb13911:35 PM

ideiaambiental.org.br — URL: ideiaambiental.org.br/wp-content/uploads/auu.exe, IP Address: 162.241.2.207, Country: US, ASN: 46606, MD5: c58bfbfc25921c77ef37d338944d072211:35 PM

immunocapaz.com — URL: immunocapaz.com/wp-includes/pomo/hola/welcome.exe, IP Address: 108.167.181.25, Country: US, ASN: 46606, MD5: 0f54edb2f3e48f6b41cd4528a9d77dfa11:35 PM

kommuner.dk — URL: kommuner.dk/1c.jpg, IP Address: 93.191.156.45, Country: DK, ASN: 48854, MD5: 035a27584ca5c489b0f5b3e58fccb13911:35 PM

tyger.ro — URL: tyger.ro/wp-content/themes/twentysixteen/js/1c.jpg, IP Address: 89.33.236.154, Country: RO, ASN: 5588, MD5: 035a27584ca5c489b0f5b3e58fccb13911:35 PM

82.146.34.203 — URL: 82.146.34.203/putty.exe, IP Address: 82.146.34.203, Country: RU, ASN: 29182, MD5: 454cb12605847fdb27914540c0e314b611:35 PM

clogwars.com — URL: clogwars.com/~zadmin/sk/mods/miner32, IP Address: 194.87.110.175, Country: RU, ASN: 48347, MD5: 9a42240e492da2ede05c8acee18676ea11:35 PM

showroom.trdesign.org — URL: showroom.trdesign.org/profiles/minimal/translations/1.pdf, IP Address: 88.99.148.81, Country: DE, ASN: 24940, MD5: 821db42aed5076881f1ccf04fb9f302511:35 PM

194.67.223.90 — URL: 194.67.223.90/dw/zipblock.exe, IP Address: 194.67.223.90, Country: RU, ASN: 48666, MD5: 823e16590766e9cdd32bae11adaca93511:35 PM

92.63.197.59 — URL: 92.63.197.59/11.exe, IP Address: 92.63.197.59, Country: RU, ASN: 60307, MD5: 46b8f15de8a233aa4f0866a1e63a0f2a11:35 PM

92.63.197.60 — URL: 92.63.197.60/11.exe, IP Address: 92.63.197.60, Country: RU, ASN: 60307, MD5: 46b8f15de8a233aa4f0866a1e63a0f2a11:35 PM

ccleaner.top — URL: ccleaner.top/1.exe, IP Address: 95.81.0.29, Country: UA, ASN: 31343, MD5: b70f7a3c049ed1afd2815e0cf662f47711:35 PM

teboxin.ir — URL: teboxin.ir/oo/uz.exe, IP Address: 5.144.130.36, Country: IR, ASN: 59441, MD5: 40f56d61800a6621072cda8fff4a921f11:35 PM

canadastuff.top — URL: canadastuff.top/1.exe, IP Address: 95.81.0.29, Country: UA, ASN: 31343, MD5: cefd6ec4b29303c0d08a2d0d799ba93c11:35 PM

www.kemostarlogistics.co.ke — URL: www.kemostarlogistics.co.ke/wpp-admin/player2.exe, IP Address: 173.254.126.115, Country: US, ASN: 46606, MD5: d86d2cb12111422ad0b401afa523e30811:35 PM

31.204.154.75 — URL: 31.204.154.75/baldr.exe, IP Address: 31.204.154.75, Country: NL, ASN: 49544, MD5: 9b65ac22c13833ebbf512ef39acdfce611:35 PM

5.188.231.47 — URL: 5.188.231.47/2, IP Address: 5.188.231.47, Country: RU, ASN: 62088, MD5: f5ee17938d7c545bf62ad955803661c711:35 PM

coinspottechrem.com — URL: coinspottechrem.com/lmon/ytSetupUS.exe, IP Address: 81.177.141.30, Country: RU, ASN: 8342, MD5: fb46fcac2d17b14c30e8d68a0f0a002311:35 PM

getcars.pk — URL: getcars.pk/ping64.exe, IP Address: 46.232.113.12, Country: RU, ASN: 202984, MD5: 6207ceae4841b2af7e10fc1e1e4490a811:35 PM

risingindianews.com — URL: risingindianews.com/wp-includes/l2/index.html, IP Address: 69.175.87.74, Country: US, ASN: 32475, MD5: d5b20cef163933d399d312b29c34e76811:35 PM

92.63.197.153 — URL: 92.63.197.153/1.exe, IP Address: 92.63.197.153, Country: RU, ASN: 60307, MD5: 46b8f15de8a233aa4f0866a1e63a0f2a11:35 PM

jetstd.ru — URL: jetstd.ru/scripts/1.pdf, IP Address: 95.213.184.187, Country: RU, ASN: 49505, MD5: 4dc6394261c4404164c1061deef9afb311:35 PM

theme2.msparkgaming.com — URL: theme2.msparkgaming.com/wp-includes/ID3/1c.jpg, IP Address: 103.83.81.144, Country: IN, ASN: 135822, MD5: 78be5b87f4282ad396ba0cdb3219a8c4Jan 18

94.156.133.65 — URL: 94.156.133.65/22.exe, IP Address: 94.156.133.65, Country: BG, ASN: 201640, MD5: eb20f30659f74ef978061f2fbd934231Jan 18

217.8.117.24 — URL: 217.8.117.24/rz44.exe, IP Address: 217.8.117.24, Country: RU, ASN: 60031, MD5: 83b0817543b25380d1ba82878c89fb60Jan 18

proapp.icu — URL: proapp.icu/putty.exe, IP Address: 5.8.88.251, Country: RU, ASN: 62088, MD5: a6dcf8deeb35f9fb2a81d62a31b1f045Jan 18

5.206.225.104 — URL: 5.206.225.104/dll/upnp.exe, IP Address: 5.206.225.104, Country: PT, ASN: 49349, MD5: ee03ca33712e4ee518cb7b046d0f64ecJan 18

rebbyanngray.com — URL: rebbyanngray.com/original/presentation.pptx, IP Address: 69.162.80.125, Country: US, ASN: 46475, MD5: 70a949e3f53ee037373cb58df844d65bJan 18

pool.ug — URL: pool.ug/tesptc/penelop/updatewin.exe, IP Address: 46.232.113.8, Country: RU, ASN: 202984, MD5: e3083483121cd288264f8c5624fb2cd1Jan 18

95.81.0.83 — URL: 95.81.0.83/baldr/m.exe, IP Address: 95.81.0.83, Country: UA, ASN: 31343, MD5: e05680e8f026f7effaafc7844961f666Jan 18

142.11.206.184 — URL: 142.11.206.184/admin.exe, IP Address: 142.11.206.184, Country: US, ASN: 54290, MD5: 22e5b3de6ab509f7490c52fe77d9f1ceJan 18

kataroma.top — URL: kataroma.top/game.exe, IP Address: 46.232.113.8, Country: RU, ASN: 202984, MD5: f99c0709d4c3a106357736edde477c4eJan 18

aktpl.com — URL: aktpl.com/wp-includes/zv1x90/index.html, IP Address: 207.58.136.190, Country: US, ASN: 25847, MD5: 6257bf6ef5a6fedbfdd8ee47a21e30cdJan 18

95.81.1.43 — URL: 95.81.1.43/11.exe, IP Address: 95.81.1.43, Country: UA, ASN: 31343, MD5: 6286813e23f3d047d8fb7038c9191990Jan 18

abovethecrowd.site — URL: abovethecrowd.site/download_app/uber_app_install.exe, IP Address: 46.232.113.18, Country: RU, ASN: 202984, MD5: 90373b8695c7b2d267c9549d01fbb0efJan 18

ghostru.biz — URL: ghostru.biz/glora.exe, IP Address: 195.161.62.191, Country: RU, ASN: 8342, MD5: 69616732492347072b9acac37c09e40aJan 18

ashleywalkerfuns.com — URL: ashleywalkerfuns.com/au3_pr.exe, IP Address: 89.223.88.238, Country: RU, ASN: 201848, MD5: de54e0ff3e98da80d2d22c15e09c762eJan 18

mixflow.top — URL: mixflow.top/reboot.exe, IP Address: 95.81.0.29, Country: UA, ASN: 31343, MD5: f14b4670f200d29db5a4c1fda41e03fcJan 18

marakusta.at — URL: marakusta.at/file.exe, IP Address: 185.103.110.32, Country: RU, ASN: 51765, MD5: ca39060bfe50fe644715103a99fbeb5cJan 18

93.189.41.63 — URL: 93.189.41.63/2.php, IP Address: 93.189.41.63, Country: RU, ASN: 41853, MD5: 21bb978b116fa781407e7e0e7892d421Jan 18

voicelsp.com — URL: voicelsp.com/wp-content/themes/oceanwp/assets/css/edd/1c.jpg, IP Address: 67.225.139.170, Country: US, ASN: 32244, MD5: cf28320bf297dadc31406788511a3ccfJan 18

foodera.co — URL: foodera.co/wp-includes/ID3/1c.jpg, IP Address: 69.162.66.34, Country: US, ASN: 46475, MD5: cf28320bf297dadc31406788511a3ccfJan 18

dadukevich.club — URL: dadukevich.club/setup.exe, IP Address: 46.232.113.8, Country: RU, ASN: 202984, MD5: 79ce7521198cdae0ed19e1ded3027fb9Jan 18

matysiak.pl — URL: matysiak.pl/trina/css/1c.jpg, IP Address: 85.128.195.131, Country: PL, ASN: 15967, MD5: cf28320bf297dadc31406788511a3ccfJan 18

prostoloader.ru — URL: prostoloader.ru/upload/Locus/Build.exe, IP Address: 176.119.156.229, Country: RU, ASN: 48347, MD5: f7a092a680badc41fa455fd637af6c49Jan 18

weartexhibitions.com — URL: weartexhibitions.com/eqplsj/b1v3z10/index.html, IP Address: 134.0.11.246, Country: ES, ASN: 197712, MD5: 525485c503291668a6668fd74d1e5fdcJan 18

ascentprint.ru — URL: ascentprint.ru/scripts/1.pdf, IP Address: 88.99.148.81, Country: DE, ASN: 24940, MD5: 821db42aed5076881f1ccf04fb9f3025Jan 18

eyeseepotential.com — URL: eyeseepotential.com/wp/kenny/keny.exe, IP Address: 198.187.31.58, Country: US, ASN: 22612, MD5: fa682f97cf7b490a70b0eedc9009a952Jan 18

gcleaner.info — URL: gcleaner.info/setup.exe, IP Address: 89.223.30.208, Country: RU, ASN: 201848, MD5: b0305d1ad459a94506d7b857af0a80bbJan 18

techhunder.com — URL: techhunder.com/wp-admin/css/colors/blue/1c.jpg, IP Address: 104.18.36.98, Country: US, ASN: 13335, MD5: 78be5b87f4282ad396ba0cdb3219a8c4Jan 18

sgflp.com — URL: sgflp.com/FLP-images/1c.jpg, IP Address: 110.4.45.119, Country: MY, ASN: 46015, MD5: 78be5b87f4282ad396ba0cdb3219a8c4Jan 18

runmureed.com — URL: runmureed.com/wp-content/themes/thegem/js/colorpicker/css/1c.jpg, IP Address: 108.171.216.194, Country: US, ASN: 18450, MD5: 78be5b87f4282ad396ba0cdb3219a8c4Jan 18

promosedu.com — URL: promosedu.com/wp-content/plugins/contact-form-7/admin/css/1c.jpg, IP Address: 184.168.221.43, Country: US, ASN: 26496, MD5: 78be5b87f4282ad396ba0cdb3219a8c4Jan 18

politgroup.top — URL: politgroup.top/1pnfgbk/1c.jpg, IP Address: 185.104.45.20, Country: UA, ASN: 200000, MD5: 78be5b87f4282ad396ba0cdb3219a8c4Jan 18

painterbl.com — URL: painterbl.com/wp-content/themes/noa/languages/1c.jpg, IP Address: 103.129.98.17, Country: IN, ASN: 138251, MD5: 78be5b87f4282ad396ba0cdb3219a8c4Jan 18

noahwindmill.com — URL: noahwindmill.com/templates/beez5/font-awesome/css/1c.jpg, IP Address: 103.253.73.77, Country: TH, ASN: 56309, MD5: 78be5b87f4282ad396ba0cdb3219a8c4Jan 18

mat.tradetoolsfx.com — URL: mat.tradetoolsfx.com/components/com_ajax/1c.jpg, IP Address: 85.93.145.251, Country: RU, ASN: 34300, MD5: 78be5b87f4282ad396ba0cdb3219a8c4Jan 18

manageeguru.com — URL: manageeguru.com/wp-includes/ID3/1c.jpg, IP Address: 50.63.202.57, Country: US, ASN: 26496, MD5: 78be5b87f4282ad396ba0cdb3219a8c4Jan 18

idealadvertising.net — URL: idealadvertising.net/wp-content/themes/bridge/img/1c.jpg, IP Address: 69.167.178.28, Country: US, ASN: 32244, MD5: 78be5b87f4282ad396ba0cdb3219a8c4Jan 18

faqshub.xyz — URL: faqshub.xyz/wp/mexzy/mexzy.exe, IP Address: 199.188.200.233, Country: US, ASN: 22612, MD5: dd9866000a55f0794a551603d90c83d9Jan 18

globalinvestmentwebjoindnsaddress.duckdns.org — URL: globalinvestmentwebjoindnsaddress.duckdns.org/office/vbc.exe, IP Address: 185.174.100.116, Country: UA, ASN: 8100, MD5: 62a4961f760be7eb869769d65cd98e97Jan 18

fefs.it — URL: fefs.it/templates/mx_joofree6/css/1c.jpg, IP Address: 94.23.64.40, Country: FR, ASN: 16276, MD5: 78be5b87f4282ad396ba0cdb3219a8c4Jan 18

dideleszuvys.lt — URL: dideleszuvys.lt/administrator/backups/1c.jpg, IP Address: 79.98.28.30, Country: LT, ASN: 42549, MD5: 78be5b87f4282ad396ba0cdb3219a8c4Jan 18

cryptotrading.flemart.ru — URL: cryptotrading.flemart.ru/site/1c.jpg, IP Address: 85.93.145.251, Country: RU, ASN: 34300, MD5: 78be5b87f4282ad396ba0cdb3219a8c4Jan 18

casasoleada.es — URL: casasoleada.es/wp-content/themes/hotel-lux-child/images/1c.jpg, IP Address: 79.96.191.147, Country: PL, ASN: 12824, MD5: 78be5b87f4282ad396ba0cdb3219a8c4Jan 18

calaquaria.com — URL: calaquaria.com/wp-content/themes/bridge/export/1c.jpg, IP Address: 192.138.20.112, Country: US, ASN: 32244, MD5: 78be5b87f4282ad396ba0cdb3219a8c4Jan 18

c7715.nichost.ru — URL: c7715.nichost.ru/errordocs/style/1c.jpg, IP Address: 91.189.114.7, Country: RU, ASN: 48287, MD5: 78be5b87f4282ad396ba0cdb3219a8c4Jan 18

bhasingroup.in — URL: bhasingroup.in/wp-content/themes/bashin-group/bg-group/css/font/1c.jpg, IP Address: 217.174.152.68, Country: BG, ASN: 31083, MD5: 78be5b87f4282ad396ba0cdb3219a8c4Jan 18

aqrmailadvert15dx.xyz — URL: aqrmailadvert15dx.xyz/zel/zel.exe, IP Address: 185.193.38.74, Country: GB, ASN: 30823, MD5: 9323f1897112a5ff0affabc1829edf05Jan 18

107.175.64.210 — URL: 107.175.64.210/vnc777.exe, IP Address: 107.175.64.210, Country: US, ASN: 36352, MD5: f127eb1149749cbd3c011a0418b7c689Jan 18

flemart.ru — URL: flemart.ru/logs/1c.jpg, IP Address: 62.173.145.104, Country: RU, ASN: 34300, MD5: 78be5b87f4282ad396ba0cdb3219a8c4Jan 18

app.expalglobal.com — URL: app.expalglobal.com/upload/items/img/1.pdf, IP Address: 162.250.126.19, Country: US, ASN: 19318, MD5: 821db42aed5076881f1ccf04fb9f3025Jan 18

flemart.ru
URL: flemart.ru/logs/1c.jpg, IP Address: 62.173.145.104, Country: RU, ASN: 34300, MD5:…

 

Please follow and like us: