Recent malicious URLs analyzed #3

Report containing malicious urls logged:

POST /kj97hk9878b8j9hb.php?ini=XXX HTTP/1.1
User-Agent: Mozilla/6.0 (Windows; wget 3.0)
Host: simplycomics. in
 
POST /logos/XXX/61e3a327d/logo.gif HTTP/1.1
User-Agent: Mozilla/6.0 (Windows; wget 3.0)
Host: greatwebdata. in
 
POST /werber/b10353d72/217.gif HTTP/1.1
User-Agent: Mozilla/6.0 (Windows; wget 3.0)
Host: droolbuy. in
 
POST /perce/XXX/21c383b7c/qwerce.gif HTTP/1.1
User-Agent: Mozilla/6.0 (Windows; wget 3.0)
Host: migented. in
 
POST /college_news/college_news/college_news/college_news/build.php HTTP/1.0
User-Agent: Mozilla/3.0 (compatible; Indy Library)
Host: www.cnscut. cn
 
GET /zeus/zeus/config.bin HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: 91.206.200.242
 
GET /help.txt HTTP/1.1
User-Agent: Mozilla/3.0 (compatible; Indy Library)
Host: www.cnscut. cn
 
GET /images/Telegrama.exe HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: 80.13.172.136
 
GET /gx/444.txt HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: toxtb. info
 
GET /xztj/555.txt HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: rvvxe. info
 
GET /xztj1/888.txt HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: qvnok. info
 
GET /gx2/333.txt HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: ucfya. info
 
POST /zeus/zeus/server%5bphp%5d/gate.php HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: 91.206.200.242
 
GET /1/210.exe HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: www.nxmtv. info
 
GET /v14/setup.php?act=fb_get HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Host: ddk100. com
 
GET /1015000813 HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: susimumezez. com
 
GET /v14/setup.php?act=fb_start&id=XXX HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Host: ddk100. com
 
GET /1/210.exe HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: udjng. info
 
GET /v14/setup.php?act=fb_get HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Host: ddk100. com
 
GET /xztj/555.txt HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: rvvxe. info
 
POST /1wave.php HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Host: hawfruit. com
 
GET /2wave.php?Yfe6r8E2QkJI0l5aLw0nFAqjiyWNidTqKNSAKIduCPnN2WO7JO4xDtdtjJndzsJ2hg== HTTP/1.0
Referer: hxxp://tubefaster. com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: mattfoy. com
 
POST /1wave.php HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Host: hslibrary. com
 
GET /2wave.php?Yfe6r8M2QkJI0l5aLwkkExXuhTmDw4fxMdTKZ54jDfbUwHqhI/MuDdF/zZvXnLZr HTTP/1.0
Referer: hxxp://ad.adserverplus. com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: utling. com
 
POST /1wave.php HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Host: topsaj. com
 
GET /2wave.php?Yfe6r8U2QkJI0l5aLw0mEQKjiyWNidTqKNSAKIduCPnN2WO7JO4xDtdtjJndzsJ2hg== HTTP/1.0
Referer: http://trailersandvideos. com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: thevehic. com
 
GET /xztj1/888.txt HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: qvnok. info
 
GET /in.cgi?groups HTTP/1.0
Referer: hxxp://sl.servednetworks. com/www/delivery/afr.php?zoneid=57&cb=INSERT_RANDOM_NUMBER_HERE
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: m28m. in
 
GET /2wave.php?Yfe6r8k2QkJI0l5aLQwvHBXuhTmDw4fxMdTKZ54jDfbUwHqhI/MuDdF/zZvXnLZr HTTP/1.0
Referer: hxxp://www.investopedia. com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: thevehic. com

URLVoid domain analysis:

http://www.urlvoid.com/scan/simplycomics.in
http://www.urlvoid.com/scan/greatwebdata.in
http://www.urlvoid.com/scan/droolbuy.in
http://www.urlvoid.com/scan/migented.in
http://www.urlvoid.com/scan/cnscut.cn
http://www.ipvoid.com/scan/91.206.200.242
http://www.ipvoid.com/scan/80.13.172.136
http://www.urlvoid.com/scan/toxtb.info
http://www.urlvoid.com/scan/rvvxe.info
http://www.urlvoid.com/scan/qvnok.info
http://www.urlvoid.com/scan/ucfya.info
http://www.urlvoid.com/scan/nxmtv.info
http://www.urlvoid.com/scan/ddk100.com
http://www.urlvoid.com/scan/susimumezez.com
http://www.urlvoid.com/scan/udjng.info
http://www.urlvoid.com/scan/hawfruit.com
http://www.urlvoid.com/scan/mattfoy.com
http://www.urlvoid.com/scan/hslibrary.com
http://www.urlvoid.com/scan/utling.com
http://www.urlvoid.com/scan/topsaj.com
http://www.urlvoid.com/scan/thevehic.com
http://www.urlvoid.com/scan/qvnok.info
http://www.urlvoid.com/scan/m28m.in
http://www.urlvoid.com/scan/thevehic.com