«

»

Aug 13

Sites of the FakeRean Rogue

Sites of the FakeRean Rogue 

The main sites used by a person or persons that whois information uses Win32Parit.B in emails, and is constantly using free domain forwarding sites for the PDF Exploits and the FakeRean downloader’s.

Main Sites:
directredirection DOT com
imeemer DOT cn
lastfmer DOT cn
nsrecord DOT org
picspics DOT cn
redspacetube DOT com
redtubeviewer DOT com
searchenginecenter DOT org
searchengineclub DOT org
seoholding DOT com
seonetwizard DOT com
seosafeweb DOT com
universesearches DOT com

The downloader site for 12 August 2011 that changes ever few minutes can total over 100 in 24 hours.

acaruiluyahi DOT homepc DOT it
adypykonumoje DOT homepc DOT it
ahiluqykigemeli DOT homepc DOT it
ameiuruhiq DOT ns0 DOT it
anukoicecugy DOT ns0 DOT it
apeomimyhuysy DOT ns0 DOT it
asyoqaqanomedu DOT ns0 DOT it
aububiojufap DOT homepc DOT it
bucorecubyod DOT ns0 DOT it
deisuniajoqa DOT ns0 DOT it
duojykyqaeg DOT ns0 DOT it
eacyeminohi DOT ns0 DOT it
ekiiqyynofit DOT homepc DOT it
ekyropajinadu DOT homepc DOT it
emodyratieso DOT homepc DOT it
erudykerotocaek DOT homepc DOT it
etecicynogoryp DOT homepc DOT it
etejaotudya DOT ns0 DOT it
faeotogemyqir DOT homepc DOT it
fasapydajeyjy DOT homepc DOT it
gicokijucepuqe DOT homepc DOT it
guhafafakifyup DOT ns0 DOT it
hilataqycofuta DOT ns0 DOT it
hygilereqeqacyf DOT homepc DOT it
iapuaqokucof DOT homepc DOT it
ibenoimeomyj DOT homepc DOT it
igeubilyafanuf DOT homepc DOT it
igylihubuogibug DOT ns0 DOT it
ihaidamoiony DOT homepc DOT it
iihuuhigiofi DOT homepc DOT it
ipaikihuusa DOT ns0 DOT it
ituosidelaac DOT ns0 DOT it
jepimuocaiso DOT homepc DOT it
jyryqeqahebies DOT homepc DOT it
kigehutofaryqed DOT ns0 DOT it
lidetagegaqihob DOT ns0 DOT it
mihiridonaboa DOT ns0 DOT it
neosaqiderau DOT homepc DOT it
nusequaetiu DOT homepc DOT it
ocujiaticyoni DOT homepc DOT it
ofoealufyqy DOT homepc DOT it
ofukukekicures DOT homepc DOT it
ofydamidihufe DOT ns0 DOT it
oikenecyguita DOT homepc DOT it
otigihimafypir DOT homepc DOT it
pihonicidyfor DOT homepc DOT it
piliysapobedus DOT ns0 DOT it
qiosisudodeopu DOT homepc DOT it
raceylamimarale DOT ns0 DOT it
ranopebeuloje DOT homepc DOT it
reqykudodiek DOT ns0 DOT it
rutoatucusyru DOT homepc DOT it
sugybycunamehy DOT ns0 DOT it
todonahyyhyet DOT homepc DOT it
tunuucydonyheta DOT ns0 DOT it
tyhyanogabaka DOT homepc DOT it
uauducyau DOT homepc DOT it
ubakyteluuaqi DOT ns0 DOT it
ucegyjuipasiy DOT homepc DOT it
ufoaisukehe DOT ns0 DOT it
uhifeyryniqohu DOT ns0 DOT it
unelypotiuy DOT homepc DOT it
urupejyqysyqotiq DOT ns0 DOT it
usenutequpysi DOT ns0 DOT it
uylysouqidi DOT homepc DOT it
uyukaociralu DOT homepc DOT it
ygucacoaiiu DOT homepc DOT it
yidirayqumyla DOT homepc DOT it
yqeqyluemuhu DOT homepc DOT it
ysafyqaoipip DOT homepc DOT it
yukodymimoha DOT ns0 DOT it

Every time the rogue makes transmissions, they call a controlling server which are also sites that keep changing:

cinuherijugeg DOT com/1006000113
civivicuqekexo DOT com/1006000113
daqitufigaj DOT com/1006000113
dipolakiri DOT com/1006000113
dirohymydupi DOT com/1125000112
dokejecufinulo DOT com/1006000113
febysaholubaro DOT com/1005000212
fiwyjogymeba DOT com/1006000113
fopuvuwupode DOT com/1006000113
gikekypowaqa DOT com/1006000113
hemusyheduf DOT com/1006000113
jylemufisanu DOT com/1006000113
mutytahyxar DOT com/1006000113
pejozehywe DOT com/1006000113
porozybaru DOT com/1006000113
putijucyvazym DOT com/1006000113
qotasifelaw DOT com/1006000113
qypinironysos DOT com/1005000112
sivycaqilugoq DOT com/1006000113
suzehebaq DOT com/1006000113
syqivolurypugi DOT com/1006000113
tibumuqel DOT com/1006000113
tuzycekenuqi DOT com/1006000113
tyqonelaresuz DOT com/1005000212
vehegutuk DOT com/1006000113
waciroqohuli DOT com/1006000113
wuxobalitezum DOT com/1120000112
wywazediwo DOT com/1006000113
xecehozul DOT com/1013000412
xoxakipowu DOT com/1006000113
zarapetahuryp DOT com/1006000113

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>