From the Immortal list of malicious DNS domains...avast! detects!

[polonus]

Hi folks,

Just an example of such a domain: https://spyeyetracker.abuse.ch/monitor.php?ipaddress=31.3.245.212
See: http://sameid.net/ip/31.3.245.212/
More information can be found via a new service of VT: https://www.virustotal.com/en/ip-address/31.3.245.212/information/
Specific example od a malicious DNS and SpyeEye domain is this domain: https://spyeyetracker.abuse.ch/monitor.php?host=bronetbro.com
Let us explore therefore: -bronetbro.com/bad.php
See the recent reports mentioned here: http://urlquery.net/report.php?id=2394235
Also see this malware report for the AS: http://support.clean-mx.de/clean-mx/viruses.php?as=AS35662&response=
Some of the malware from there now dead and earlier detected by avast! https://www.virustotal.com/en/file/8f37a1e1b6dcd98275cdfab380611699fa7a794ce500c0f1f438cde17bce5e65/analysis/
Here avast! detection just one of three that detect: https://www.virustotal.com/en/file/a46d2ec51d7b2110802075408c2a78b95ebe30fea73fdea6ba60df3096a34508/analysis/

polonus

[polonus]

Found suspicious here: http://siteinspector.comodo.com/public/reports/13978679
On shell script attack code, see: http://urlquery.net/report.php?id=2159175
We have a resource to explore here: http://www.bothunter.net/live/2012-07-16/index.html
Example
192.168.1.40
1.1   VIEW 2   
122.169.240.178 122.169.240.178 , , , .
1:22009200 {tcp} Inbound Attack: ET CURRENT_EVENTS Conficker.a Shellcode MAC_Dst: 00:30:48:30:03:AE; 445<-4753
Snorts Alerts triggered by data analyzed...
Latest from Bothunter 10 detections added: http://www.bothunter.net/live/2013-05-09/index.html

polonus