daily something......

[jackberri]

IP Location:  United States - NETVMG , Inc
IP 173.252.194.242
[173-252-194-242.take2hosting.com]
AS20248
Registrant/Email Registrant: DOMAIN WHOIS PROTECTION SERVIC/domian@whoisprotectionservices.net
Registrant/Email Registrant: lv xing/476415437@qq.com

Code: [Select]

hxxp://cfbingdian.com:2004/xp.txt              md5sum ===> 559af37d0f6471d1775fef54e152d162
hxxp://higgame.com:2004/xp.txt                 md5sum ===> e5cec2bfddb0bbb51985f7cedb755fb8
hxxp://xydnf.com:2004/xp.txt                   md5sum ===> 0c370c45abdc42b727c3c5a17b5af070
hxxp://173.252.194.242:2004/xp.txt             md5sum ===> bfbb1f1104c736a1902c060ee821d431http://www.virustotal.com/file-scan/report.html?id=92f3c189a6769e785a27ee90bf0168944f16f47d941256727baddaccc2f2be0b-1320223585
VT 24/41 (58.5%)
http://www.virustotal.com/file-scan/report.html?id=1a282cf6dafac65388a0a7811d042c46c9cbeec3539d8dbe122c627e9d2684d0-1320223065
VT 19/37 (51.4%)
http://www.virustotal.com/file-scan/report.html?id=bcf6ec8de225a654b613b167716cb73191f81223a959b43d9d782b0366a35bb4-1320222810
VT 24/41 (59.5%)
http://www.virustotal.com/file-scan/report.html?id=f7462053d153a9f643ba136ebd69ed7522748de6c396280b2ad3b6b93398aa08-1320222116
VT 25/42 (59.5%)

[jackberri]

IP Location:  Portugal - Novis Telecom S.A.
[mx.salemaquintela.com]
AS2860

Code: [Select]

hxxp://195.23.154.196/images/sabac.dll        md5sum ===> bacff0d163a2ca8afdb886f8f9cbe354http://www.virustotal.com/file-scan/report.html?id=eced54013a867ab9cc6dec76fa81914c439ce5029257072004468e8acc0cee7f-1320256533
VT 8/41 (19.5%)

IP Location: Brazil  - ZIPNET BR AS
IP  200.147.1.41
[200-147-1-41.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://proctomed.sites.uol.com.br/sul.jpg         md5sum ===> 33e02c7e6ff50304f36b100a3d048b78
hxxp://nilton.silveira.sites.uol.com.br/midia01.ico        md5sum ===> 97247c7994509890226c23cfe1b06bbehttp://www.virustotal.com/file-scan/report.html?id=72f65984f999562bc017ffc41a6f133417d5549f4f9949bcfcab8332074ceda0-1320256745
VT 2843 (65.1%)
http://www.virustotal.com/file-scan/report.html?id=b900902350082811a014834300b180c4bc2132a7e9c912d6132abe7aaf0195a2-1320256908
VT 3643 (83.7%)

IP Location: Brazil  - ZIPNET BR AS
IP  200.147.33.21
[200-147-33-21.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://dentalsg.sites.uol.com.br/lamborghini.ico        md5sum ===> 28b75a6f8f0c9d93f7957768f722e9e7
hxxp://casateixeira.sites.uol.com.br/portoalegre.jpg         md5sum ===> e67c5fe48b8b983b1bc1d9d08dadf80f
hxxp://nerepiccoli.sites.uol.com.br/liona.swf         md5sum ===> 93629aa84e60d8af5a2a6ceb756ccadb
hxxp://nerepiccoli.sites.uol.com.br/lionc.swf         md5sum ===> 6a027dacb4f00bbfea9bb39caca36e46
hxxp://nerepiccoli.sites.uol.com.br/msn.swf        md5sum ===> 331beee4808dd3fd1d379959eb1a406ahttp://www.virustotal.com/file-scan/report.html?id=8fe1c2236135b44343f52506577623d03eb557ae7e6de7d4fd781ddf61e42a42-1320257383
VT 26/44 (60.5%)
http://www.virustotal.com/file-scan/report.html?id=199ce75d83e5b2854904ab40fe88d6d5e9be254dbe15cc2ba908e9fd1d6ed4ce-1320257507
VT 21/39 (53.8%)
http://www.virustotal.com/file-scan/report.html?id=445e82e4a7fa6b01a58652330b9fcd88547b18325c208ec3cc04201af052912e-1320257435
VT 34/43 (79.1%)
http://www.virustotal.com/file-scan/report.html?id=1a807f0750fff9d51681f52d2f60552f85a504c38d4eaaaa72471e7073f27c8c-1320257889
VT 34/43 (79.1%)
http://www.virustotal.com/file-scan/report.html?id=bbed1a77acad799272a9c59943f4ce7a067b9ffa950bffd761e7dbd6c0f037e8-1320257727
VT 38/40 (95.0%)

IP Location: Brazil - ZIPNET BR AS
IP  200.147.33.17
[200-147-33-17.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://potymotos.sites.uol.com.br/modua.ico         md5sum ===> a65bbd2e819e6336534e9048842bb1ffhttp://www.virustotal.com/file-scan/report.html?id=80b4fdc6b7d336e61cca3b47ae34cacd2587d6609bc4f4f0979cb249b5a29fab-1320257910
VT 36/43 (83.7%)

IP Location: Brazil - ZIPNET BR AS
IP  200.147.33.19
[200-147-33-19.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://adrianamolgao.sites.uol.com.br/paraiba.ico         md5sum ===> 266e3aab4f5832da975a1c0238f3c2bc
hxxp://ricolombard.sites.uol.com.br/blog/novobho/001.gif         md5sum ===> 2148e8e2779fe53f2ad3b439966f8a91http://www.virustotal.com/file-scan/report.html?id=2f2a34ee8778d57e3b430645e140aa1ff7e85a9f5028c21e15a7f95f598690d4-1320258091
VT 30/43 (69.8%)
http://www.virustotal.com/file-scan/report.html?id=515019dd4f0ed0365dbf562796d6341705efe02714dec565f843cf22f874ebfa-1320258534
VT 0/43 (0.0%)

[jackberri]

IP Location: Netherlands - LeaseWeb B.V.
IP 85.17.156.80
[hosted.by.sorcer.nl]
AS16265
Name Server: ns1.urnewlook.net | ns2.urnewlook.net
Registrant/Email Registrant: PrivacyProtect.org/contact@privacyprotect.org

Code: [Select]

hxxp://urnewlook.net/files/loa.exe  md5sum ===> 7032dab41d0fa60407400f11cb9be281
hxxp://urnewlook.net/files/d.exe    md5sum ===> 42bf9872f67f8fdc9b99157b6e2fc920
hxxp://urnewlook.net/files/a1.exe   md5sum ===> 3d28592cf1b7caee12ed019ad2fe8396http://www.virustotal.com/file-scan/report.html?id=d45221751f45cc631ab42e0077dc4b8e78a1c680b8372d740b7058478bc1ec2b-1320327136
VT 20/43 (46.5%)
http://www.virustotal.com/file-scan/report.html?id=ba30eb372fbaa4239d62f65decce7fb01a6faa6396b2c14e24c2f5c8c9da2235-1320327220
VT 18/43 (41.9%)
http://www.virustotal.com/file-scan/report.html?id=bee19c5fb2f77b1f3306e40faabff93816d6671ce158a216d85c429e29f0e202-1320327726
VT 21/42 (50.0%)

[jackberri]

IP Location:  Germany - STRATO AG
IP 81.169.145.65
[w01.rzone.de]
AS6724
Name Server: docks14.rzone.de  | shades04.rzone.de
Registrant/Email Registrant: Zonemaster STRATO AG Webhosting/zonemaster@strato.de

Code: [Select]

hxxp://gbbr.de/page/anbieter/php_d.exe        md5sum ===> d1df8c8887dd63dea38ea23dba130ce7http://www.virustotal.com/file-scan/report.html?id=3597708e0e10c0c8ba67db3e0d461f7f677ed5351239762cd938b8c4acc899fc-1320401424
VT 2/43 (4.7%)

Code: [Select]

hxxp://dl.dropbox.com/u/47683355/flying.exe        md5sum ===> 1411ca8c48d2092277fb4850eeb77ac3http://www.virustotal.com/file-scan/report.html?id=5dc54fcda94ab24530088c97d7dabe2016f3465d45eeedc7d32c7f8437e679c4-1320402050
VT 11/43 (25.6%)

IP Location: United States - SOFTLAYER Technologies Inc.
IP 67.228.31.224
[ns7.nethorizontes.com.br]
AS36351
Name Server: ns7.nethorizontes.com.br | ns8.nethorizontes.com.br
Registrant/Email Registrant: JOAO DA SILVA FREITAS/jaaosilva5412@yahoo.com.br

Code: [Select]

hxxp://www.transportejfltdarcj.com/pets/winadds.jpeg    md5sum ===> 37c86698bfa56b34212c3f30627fdea3
hxxp://www.transportejfltdarcj.com/pets/vnchooks.jpeg   md5sum ===> 49d6e2074501c6a6ff5a126d0423ab40
hxxp://www.transportejfltdarcj.com/pets/bguadn.jpeg     md5sum ===> 6c141ceed23b9b84f0222e447676073a
hxxp://www.transportejfltdarcj.com/pets/gbinfs.jpeg     md5sum ===> cc1f537056e408ba8909236736be9a8d
hxxp://www.transportejfltdarcj.com/pets/hguardc.jpeg    md5sum ===> 808c4aed9be2d6cab45857a2763d0cf8http://www.virustotal.com/file-scan/report.html?id=f4240c78f38883961945ff93a1628fdb82c65a42ac151ffb336b5ec101ccb722-1320335688
VT 9/43 (20.9%)
http://www.virustotal.com/file-scan/report.html?id=a008130b2059b1a73ed8b4a80bbbb88e761d69c6367f4d62d4deb0b57ff84e70-1320335635
VT 5/43 (11.6%)

IP Location: Brazil  - ZIPNET BR AS
IP  200.147.33.17
[200-147-33-17.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://claudiomaia1969.sites.uol.com.br/horoscopo.ico         md5sum ===> e96dec12081fe7196684c04b4c00ef97
hxxp://ri.elias.sites.uol.com.br/amigos.jpg                   md5sum ===> bc203f9babc57f0648c0d25674c66073http://www.virustotal.com/file-scan/report.html?id=fb3eeca5079b8aeb826076d8739ecddf2681d69c7e3cdc4654a5cded8be5c639-1320403264
VT 31/43 (72.1%)
http://www.virustotal.com/file-scan/report.html?id=e27285cbc9d4d78fa5fdaa802878d53e45f59398d66fc6c82c3bee44f73c9030-1320402974
VT 26/42 (61.9%%)

[EP_X0FF]

SpyEye C&C

hxxp://faterininc.ru:9564/formg/uk/index.php

[jackberri]

IP Location: Hong Kong - ReliableHosting
IP 216.131.105.237
[237.105.131.216.srv.co150.reliablehosting.com]
AS22781
Name Server: NS1.CALIFORNIA.NET | NS1.OAKWEB.COM
Registrant/Email Registrant: WIDJAJA, DIANA/famous@hktrade.com

Code: [Select]

hxxp://htcrepairparts.com/sims2.exe                 md5sum ===> 621087965493c431fd8730fb74358a1bhttp://www.virustotal.com/file-scan/report.html?id=8fa50a46b9cd3efb2c5ff64ea4d6e1648abc217a4241eb873dddfd64eafe1d3a-1320487075
VT 24/42 (57.1%)

IP Location: Vietnam - VDC-ASN-1
IP 123.30.110.29
[vina026.vinacis.net]
AS7643
Name Server: mdns1.nhanhoa.com | mdns2.nhanhoa.com | mdns3.nhanhoa.com | mdns4.nhanhoa.com
Registrant/Email Registrant: Nguyen Thanh Binh/binhcomputer@yahoo.com

Code: [Select]

hxxp://stylesno1.com/images/f22.png                 md5sum ===> d8f45e5bc80cd2f3e39ba098fe07c55bhttp://www.virustotal.com/file-scan/report.html?id=f5ae37bb803d5892f300b7f7909e14ebaf1824956c1aed93e6fe163ae95cf3e4-1320447658
VT 23/43 (53.5%)

[jackberri]

IP Location: Brazil  - ZIPNET BR AS
IP  200.147.33.21
[200-147-33-21.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://wgl35.sites.uol.com.br/1drioid.txt                md5sum ===> 4e3c39280894d8cafbb374052924836b
hxxp://wgl35.sites.uol.com.br/2psaect.txt                md5sum ===> 6fce255d1eb76ab61ef0664706e3f2c7
hxxp://wgl35.sites.uol.com.br/3dfswuy.txt                md5sum ===> 2fde2460c823999aeffd52f0e3a880cf
hxxp://r.rafas.sites.uol.com.br/ERIUKDFIUYERE.tmp        md5sum ===> 3fe7613a955b9db407fc0afad0e4c114
hxxp://r.rafas.sites.uol.com.br/IOWEOISDJHF.tmp          md5sum ===> 01a9cdff1c5b6c356cbc8fc14806244f
hxxp://r.rafas.sites.uol.com.br/HOUOIERFWWER.tmp         md5sum ===> ab8a43d5ab8d1dae800f7a6765d6a18ahttp://www.virustotal.com/file-scan/report.html?id=af18d2fcd4f61094de599dfa54f281e2b9d345b2d6ecd6d47fc196e38903fcc5-1320697595
VT 26/43 (60.5%)
http://www.virustotal.com/file-scan/report.html?id=51b8b16b7a5ea5a063ba56cf87d2eac252332767b0825a19d0ba011e0785e644-1320697661
VT 27/43 (62.8%)
http://www.virustotal.com/file-scan/report.html?id=940f947da7494004079864ab1c94722e911fd6f43ebf616ccd14f06c7db9d28f-1320697684
VT 25/43 (58.1%)
http://www.virustotal.com/file-scan/report.html?id=3d81209d6331ae512133bd211e4034b3a2322615f3e8e035980b3764bcac0f56-1320697181
VT 25/43 (58.1%)
http://www.virustotal.com/file-scan/report.html?id=fcc39551ca8e82eb58fb51252062725ecd03c95e8c299e2afbcec478a78108ad-1320697354
VT 19/40 (45.2%)
http://www.virustotal.com/file-scan/report.html?id=1e26253a6f8895509c4f11dedab7b1a5735cba677763b0ed1411b709db2c0f5e-1320697361
VT 24/43 (55.8%)

[jackberri]

IP Location:  China - CHINA-TELECOM
IP 61.191.55.56
AS4134
Name Server: ns8.01isp.net  | ns7.01isp.net
Registrant/Email Registrant: chen changqing/elubaba@163.com

Code: [Select]

hxxp://1868.tv/ads/6001xp.jpg        md5sum ===> eca3e542c5d86d3ba653df3dc74fd357http://www.virustotal.com/file-scan/report.html?id=6b3b70ac2083f30d633755904b855ac10f03b32e478571af6f374323535569c3-1320768387
VT 23/40 (57.5%)

IP Location: Brazil - ZIPNET BR AS
IP  200.147.33.19
[200-147-33-19.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://crechemedalha.sites.uol.com.br/100.ico         md5sum ===> 13094a0a3f698d813b262609d5640d00http://www.virustotal.com/file-scan/report.html?id=143ec5a021de4b8ec3460db9da0846b2109252cdcf58b758343d5399344cfb95-1320769402
VT 23/43 (53.5%)

IP Location: Brazil - ZIPNET BR AS
IP  200.147.1.41
[200-147-1-41.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://wilmamanduca.sites.uol.com.br/mod1.png         md5sum ===> 3b05121db9a28a2a4784c0c3de2fb788
hxxp://wilmamanduca.sites.uol.com.br/mod2.png         md5sum ===> 8961c824564f45b09516ab42099ea87a
hxxp://wilmamanduca.sites.uol.com.br/mod3.png         md5sum ===> 5cf1f11c214e663678720c630c02a643http://www.virustotal.com/file-scan/report.html?id=95b7afda06da0cb570ea95475ff5556dbf714e9c622a5270ab9c05765ea364ee-1320671891
VT 2543 (58.1%)
http://www.virustotal.com/file-scan/report.html?id=15af8dd1a7aa19220ff6920862f446415924368228cf81d0e59beb3618ebebc3-1320770037
VT 2043 (46.5%)
http://www.virustotal.com/file-scan/report.html?id=a23331f32911ec731fbb31cd34872e091066d8ae399e2a45eb754c62fd40f928-1320769869
VT 1943 (44.2%)

IP Location:  Brazil - Locaweb Servicos de Internet SA
IP 186.202.95.69
[hm5794.locaweb.com.br]
AS27715
Name Server: ns1.hospedagemdesites.ws  | ns2.hospedagemdesites.ws

Code: [Select]

hxxp://dropdr11.hospedagemdesites.ws/Authot.txt        md5sum ===> b8f80e5c86d5a3b2702daed5cc0115a9
hxxp://dropdr11.hospedagemdesites.ws/mod32.txt         md5sum ===> 93f7712e08f646ffe4bdb32cad3261f8http://www.virustotal.com/file-scan/report.html?id=ec48e0781cbc6289b3edc2f7c7f178c8b79c5839f6979e1323708b089148f932-1320697593
VT 25/43 (58.1%)
http://www.virustotal.com/file-scan/report.html?id=45e547a06d60d1d2114b053ff550af8a210583e5463e3852f4aa824739330bdc-1320697581
VT 17/43 (39.5%)

[jackberri]

IP Location:  United States - INTERNAP-2BLK
IP 74.201.86.21
[sugarsync.com]
AS12182
Name Server: PDNS1.ULTRADNS.NET  | PDNS2.ULTRADNS.NET  | PDNS3.ULTRADNS.NET  | PDNS4.ULTRADNS.NET  | PDNS5.ULTRADNS.NET  | PDNS6.ULTRADNS.NET
Registrant/Email Registrant: Mikami, Jason /itops@sugarsync.com

Code: [Select]

hxxps://sugarsync.com/pf/D6378394_613_33089782        md5sum ===> 028ad4062d863d1642cd9036ac9fb8c9http://www.virustotal.com/file-scan/report.html?id=fe860d1f363ca2305e5e291b7aaa52682983ec08f8a83413de7a0b586013f102-1320855843
VT 29/43 (67.4%)

IP Location:  China - CHINANET-JS-AS-AP
AS23650

Code: [Select]

hxxp://222.186.57.226:8080/1.exe        md5sum ===> 4adb6e7ed46d8f1556339ffe550af2b1http://www.virustotal.com/file-scan/report.html?id=446ec75934e2f2b1f665102ac6aa2ffd727e82186446d2c4b9ac98039d8d075c-1320838965
VT 29/42 (69.0%)

Code: [Select]

hxxp://dl.dropbox.com/u/47958250/atualizador.jpg        md5sum ===> c6c103804bab8a8d2e62b6af0860333ehttp://www.virustotal.com/file-scan/report.html?id=6ed8989a0e0229839dc2aef6d52d289683f2b569174672c722c93715e4a6f46d-1320857510
VT 31/42 (72.1%)

[jackberri]

IP Location: Brazil  - ZIPNET BR AS
IP  200.147.1.41
[200-147-1-41.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://godoyadv.sites.uol.com.br/atl.jpg                  md5sum ===> 8e080be762bf0c4ac99c625604ada624
hxxp://eclipse2006.sites.uol.com.br/dado/imgtd.jpg        md5sum ===> 68793d3d26829c49f924398eb26d7b27http://www.virustotal.com/file-scan/report.html?id=cbb6a8b7a095da71cd6924922a4a001a9902b997abfea62514dffc1952475945-1320964531
VT 3142 (73.8%)
http://www.virustotal.com/file-scan/report.html?id=11b9f68384593c4468d20a29fc56d259b29c2bb2b7631f336200354159a7b9c9-1320964668
VT 2843 (65.1%)

IP Location: Brazil - ZIPNET BR AS
IP  200.147.33.21
[200-147-33-21.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://ffu.usinagem.sites.uol.com.br/atualiza.jpg        md5sum ===> c842a9d26df925a76083fd2013a19141http://www.virustotal.com/file-scan/report.html?id=60c7c264b4cc2d81688356629d4679883cccd9cb0ddbddb55b99f006c0c2eb4f-1320964604
VT 3243 (74.4%)

IP Location: Brazil - ZIPNET BR AS
IP  200.147.33.19
[200-147-33-19.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://tia.neia.sites.uol.com.br/sul.jpg         md5sum ===> 8659f33d614e7361c7076375579277d3http://www.virustotal.com/file-scan/report.html?id=3bef852e4b28fe07936562575cda36539338d3bd910937fb94931e8d3b95500a-1320964601
VT 3143 (72.1%)

Code: [Select]

hxxps://www.1868.tv/ads/5tDS802.jpg        md5sum ===> cc96b90a84d611ea69cea5af2358095ehttp://www.virustotal.com/file-scan/report.html?id=1ecc39512d62e23a1a9aae22ddccd0fee669c9e2f8b0521c4f589b7afc3f5df7-1320956513
VT 28/43 (65.1%)

[jackberri]

IP Location:  Argentina - AR-TAST-LACNIC
IP 190.228.29.81
[mx2981.godns.net]
AS7303
Name Server: ns1.godns.net  | ns2.godns.net

Code: [Select]

hxxp://masterturbo.com.ar/com/asual/swfaddress/sxx.exe        md5sum ===> e212f2307faebb111a1e80596ff038e2http://www.virustotal.com/file-scan/report.html?id=98206c5e95fcf9b3255e530cb4e326d6e747aa1fa4366395671837a8b309ae8c-1321359252
VT 29/42 (69.0%)

IP Location:  United States - RACKSPACE
IP 207.97.227.239
AS27357
Name Server: NS1.P16.DYNECT.NET  | NS2.P16.DYNECT.NET  | NS3.P16.DYNECT.NET  | NS4.P16.DYNECT.NET
Registrant/Email Registrant: GitHub, Inc/tom@github.com

Code: [Select]

hxxps://github.com/downloads/taserz/bits/file.zip        md5sum ===> ee3c937049b898e70469db7d41d70704http://www.virustotal.com/file-scan/report.html?id=241b67f35177c565dae65f5cdbf5a02d8746e6e17b361c63b8a895f28a95f91f-1321359617
VT 8/42 (19.0%)

IP Location:  India - ERX-ERNET-AS - Education and Research Network India
IP 202.141.152.108
[cmk-etug-anakinnew.cdacmumbai.in]
AS2697
Name Server: md2.cdacmumbai.in  | dns.cdacmumbai.in  | md1.cdacmumbai.in
Registrant/Email Registrant: George Arakal/george@cdacmumbai.in

Code: [Select]

hxxp://cmk-etug-anakinnew.cdacmumbai.in/mime/Winsoft.exe        md5sum ===> 24de1a08916b9fdea29b40ad63fdf6e7
hxxp://cmk-etug-anakinnew.cdacmumbai.in/mime/fu80.exe           md5sum ===> f9e65fe971e1fe655ef2a275838e4a91
hxxp://cmk-etug-anakinnew.cdacmumbai.in/mime/Perfecto.exe       md5sum ===> c5b60d3d7e70cdc6109e6382cdb5a0e1http://www.virustotal.com/file-scan/report.html?id=d301b4e851189426839fd163dd9719836490b297cd072ee1c92b3f23c8e5ca83-1321359610
VT 29/42 (69.0%)
http://www.virustotal.com/file-scan/report.html?id=43c6f281500ee009fd904edcebae8cf5a356dd0b75bc2d14464de4be5d3b61a5-1321359354
VT 30/42 (71.4%)
http://www.virustotal.com/file-scan/report.html?id=2205d6d28672b1d5dae0ea379d495afcf1af628cec0ff0f59e034b7309f8635c-1321359288
VT 19/42 (45.2%)

IP Location: Brazil - ZIPNET BR AS
IP  200.147.33.21
[200-147-33-21.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://cintiahramos.sites.uol.com.br/mininao.jpg       md5sum ===> f1af49a92e4e14842d822af034aeb722http://www.virustotal.com/file-scan/report.html?id=08f587b989318a31ffcf4ac04de217121f66c556aa79e6ff56bf28b25045a23c-1321359569
VT 27/39 (69.2%)

IP Location: Brazil  - ZIPNET BR AS
IP  200.147.33.19
[200-147-33-19.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://eloisagasparin.sites.uol.com.br/mx.ico         md5sum ===> 17f588025af562d45b2ba5810a1945c0http://www.virustotal.com/file-scan/report.html?id=6cc89b49008a5577828c229200c4d61b37617ca2746322e1ce9c92e8233c4c3c-1321359738
VT 31/42 (73.8%)

IP Location: Brazil  - ZIPNET BR AS
IP  200.147.1.41
[200-147-1-41.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://rafiltros.sites.uol.com.br/940.ico         md5sum ===> 05f33cccc854201d8aaeba3d9ceb34dehttp://www.virustotal.com/file-scan/report.html?id=ceda3ba290c7d3f0c73ffc35f15d77fd335d8f4c3e7a592fbb9692a8420806c1-1321359676
VT 33/42 (78.6%)

[jackberri]

IP Location:  Brazil - Locaweb Servicos de Internet SA
IP 186.202.95.77
[hm5917.locaweb.com.br]
AS27715
Name Server: ns1.locaweb.com.br  | ns2.locaweb.com.br  | ns3.locaweb.com.br

Code: [Select]

hxxp://dexbout.hospedagemdesites.ws/mod32.txt        md5sum ===> 2c766b8758901d5e841a45ca8dcef7ed
hxxp://dexbout.hospedagemdesites.ws/Authot.txt       md5sum ===> 55e2955752d51a09993fb27748588cb4http://www.virustotal.com/file-scan/report.html?id=82ba86972ec771ed0640c7a0092ed34c8925b55d34f4619cc25a63ad128d1466-1321457008
VT 16/39 (41.0%)
http://www.virustotal.com/file-scan/report.html?id=af4e63123262ee8b904d211fdf69083069a5ab146edff57a347274b87cd3d6a0-1321456888
VT 25/42 (59.5%)

IP Location: Brazil - ZIPNET BR AS
IP  200.147.33.19
[200-147-33-19.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://ricolombard.sites.uol.com.br/blog/novobho/GetDiskSerial.gif         md5sum ===> 623562c1c0999b216108ffe4da9d3488
hxxp://ricolombard.sites.uol.com.br/blog/novobho/gf.gif                    md5sum ===> 495061a852baa542017bd67bd0d4662ehttp://www.virustotal.com/file-scan/report.html?id=49ecd28bded764e9d04e328d05f72a8899e9c867d9f1527e0fb23148ebb3db59-1321450547
VT 1/42 (2.4%)
http://www.virustotal.com/file-scan/report.html?id=54fdc68ee448b09f5ba9d9fdbd7cd5645067439deda4f42b8d018d9074142ca1-1321450357
VT 31/42 (73.8%)

IP Location:  China - CHINA-TELECOM
AS4134

Code: [Select]

hxxp://58.215.241.199:8088/fSetup.exe        md5sum ===> 4c55d66eb0f195c7ea40102bcf3c40d6http://www.virustotal.com/file-scan/report.html?id=868efd50ae84b407f58ffb9e9e21f46e7db9dc2d3f15af3754a782f19c3804c8-1321450471
VT 29/42 (69.0%)

IP Location:  Russian Federation - Yandex LLC
IP 77.88.21.83
[wrz.yandex.ru]
AS13238
Name Server: ns5.yandex.ru  | ns.narod.ru

Code: [Select]

hxxp://nobodyspeakstruth.narod.ru/upload/main.exe        md5sum ===> 693c2327ad773933ba767e60065b2a39http://www.virustotal.com/file-scan/report.html?id=f02295bdb5347c102631001bbff6712676516604e8681cd787484de96a95ce79-1321450949
VT 34/42 (81.0%)

IP Location:  Germany - HETZNER-AS
IP 78.46.104.42
[www20.subdomain.com]
AS24940
Name Server: ns1.subdomain.com  | ns2.subdomain.com

Code: [Select]

hxxp://www.uygulama.f8t.de/yeni.exe        md5sum ===> 71c50eefee87714f4a833b943c3df19dhttp://www.virustotal.com/file-scan/report.html?id=563ec2cf07299ceab5d7715d111e14021c252c2c9f533917bbab27bff0e307a2-1321450249
VT 35/42 (83.3%)

IP Location: Brazil - ZIPNET BR AS
IP  200.147.1.41
[200-147-1-41.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://genivaldofbarros.sites.uol.com.br/hd.jpg         md5sum ===> 623562c1c0999b216108ffe4da9d3488
hxxp://genivaldofbarros.sites.uol.com.br/pro.jpg        md5sum ===> 9533d287d7b54493178880e3f0d14f40http://www.virustotal.com/file-scan/report.html?id=49ecd28bded764e9d04e328d05f72a8899e9c867d9f1527e0fb23148ebb3db59-1321464603
VT 242 (4.8%)
http://www.virustotal.com/file-scan/report.html?id=da2009e6a70f5e45c217817c4145fc818ccf8cccf97a23fa3a2003135c079d7f-1321450812
VT 30/42 (71.4%)

[jackberri]

IP Location: Brazil - ZIPNET BR AS
IP  200.147.33.19
[200-147-33-19.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://apariciofer.sites.uol.com.br/mod1.png         md5sum ===> 6ab04762a8bff64d66b66d85422dce2c
hxxp://apariciofer.sites.uol.com.br/mod2.png         md5sum ===> 9a5fcd71edd691389ad9d1d6ed3b885c
hxxp://apariciofer.sites.uol.com.br/mod3.png         md5sum ===> e4f4ce38160aa93870674040891ecb8ehttp://www.virustotal.com/file-scan/report.html?id=19f9b626d3390c3a5ad259242564fd83445aee3d539bfd46c7179aa67bd59b6b-1321450345
VT 30/42 (71.4%)
http://www.virustotal.com/file-scan/report.html?id=4ed1811c84131efe667f0a4608ffebd6bc0e9850054fa620b5078a488c9af33e-1321450469
VT 30/42 (71.4%)
http://www.virustotal.com/file-scan/report.html?id=3144b22a5b2f3927de1c682c68e5da96919deb833aa21eeeff18e8b7cfec7fc3-1321450345
VT 24/42 (57.1%)

IP Location: Brazil - ZIPNET BR AS
IP  200.147.33.21
[200-147-33-21.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://carlosvieira1960.sites.uol.com.br/moduloa.jpg      md5sum ===> a895d1f0f71b2eadeebdb7a8e7fa63b5http://www.virustotal.com/file-scan/report.html?id=51b8b16b7a5ea5a063ba56cf87d2eac252332767b0825a19d0ba011e0785e644-1320697661
VT 27/43 (62.8%)

IP Location: Brazil  - ZIPNET BR AS
IP  200.147.1.41
[200-147-1-41.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://vi.quero2.sites.uol.com.br/livia.htm         md5sum ===> a53c12331f6e14e4d8abd96c81a7e04d
hxxp://vi.quero2.sites.uol.com.br/mario.htm        md5sum ===> 374aed344d2263379644f0b1271b949a
hxxp://claudia.reinaldo.sites.uol.com.br/moduloa.jpg         md5sum ===> 47de121ddb9b6a8435c7f46d4eb6c087http://www.virustotal.com/file-scan/report.html?id=fb8a364ae36a571e1b2142fc63b810ebf72f6f62ef08e34d065f799b616eaa1b-1321523211
VT 2542 (59.5%)

VT 28/42 (66.7%)
[url]http://www.virustotal.com/file-scan/report.html?id=b1ba0725f77342dcc7e50bbdc9569ad7952499a93467faf32c87764269ffec39-1321523836]http://www.virustotal.com/file-scan/report.html?id=85a40f5951ad4c3025a62fdfdfe0a13311e19c9f8d5bfd1a12a8809593ccd51c-1321523179/url]
VT 28/42 (66.7%)
[url]http://www.virustotal.com/file-scan/report.html?id=b1ba0725f77342dcc7e50bbdc9569ad7952499a93467faf32c87764269ffec39-1321523836
VT 2343 (7.5%)

[jackberri]

IP Location: Brazil  - ZIPNET BR AS
IP  200.147.33.19
[200-147-33-19.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://adv.orestes.sites.uol.com.br/yrieryriueyriewyrieyr.tmp         md5sum ===> c39cfb4baea1da604b56947c5682a5fa
hxxp://adv.orestes.sites.uol.com.br/PLGPROJETO.tmp                    md5sum ===> 7e437cc26592ec1f00e725e26f1857f1
hxxp://adv.orestes.sites.uol.com.br/SKDFLKSAJFLASJFLF.tmp             md5sum ===> 209596bf872ed14f2f37e6358261b814
hxxp://adv.orestes.sites.uol.com.br/Key_SuperKill.tmp                md5sum ===> 3f3cb00b2ddbf13064bcb0b32c4b2be7
hxxp://joliversouza.sites.uol.com.br/1bbitau.gif               md5sum ===> 107d8684d723c8c2816fe39d34f4f51a
hxxp://joliversouza.sites.uol.com.br/2caixas.gif               md5sum ===> 725999b7e5c53721759fbe7d1f8a9a07
hxxp://joliversouza.sites.uol.com.br/3avastx.gif              md5sum ===> db4360151fee9d3882a6682b3c7ee2b8
hxxp://joliversouza.sites.uol.com.br/4loginto.gif              md5sum ===> 85dc0301d4fc32ac71719814492c4564http://www.virustotal.com/file-scan/report.html?id=5d0abd984101459c84d78a39f58f380e461e979d8b183b5887d406aa023dde4e-1321617731
VT 32/42 (76.2%)
http://www.virustotal.com/file-scan/report.html?id=f5344092c89779c652dba7e1150a776eb2c4fc704773fd58763b8a3933fa4495-1321617624
VT 31/42 (73.8%)
http://www.virustotal.com/file-scan/report.html?id=64e02e885673c6789bf62e43c4f84fb7ffdd5bc80e654dc05e11756469011a4f-1321617760
VT 29/41 (70.7%)
http://www.virustotal.com/file-scan/report.html?id=532ea75cde6cbd2a7a9dceed24b772b48b317a21f31edf2c2edc13ea50488bcd-1321611804
VT 16/42 (38.1%)
http://www.virustotal.com/file-scan/report.html?id=382c577bf071603e935439b4f80ad5ebf4baeeb7fdd1ab903c8db2bbca54ad0e-1321522934
VT 30/42 (71.4%)
http://www.virustotal.com/file-scan/report.html?id=ff0cf61b3af0c324f179fe528e11ed396d5dacac58dc9399d1205c41956e3ea6-1321522933
VT 32/42 (76.2%)
http://www.virustotal.com/file-scan/report.html?id=9a9b8a6116c4d1549ed72e7631f36907827f032aeaed377f13a3144c57d97068-1321522957
VT 13/42 (31.0%)
http://www.virustotal.com/file-scan/report.html?id=0fd00c301512d6203f19d30c9f08cc0febc58050c603616e385d5dd6015166e0-1321522885
VT 23/42 (54.8%)

IP Location: Brazil  - ZIPNET BR AS
IP  200.147.33.17
[200-147-33-17.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://vodito.sites.uol.com.br/1330.ico                      md5sum ===> e79d301be6f30a698fdc2c122ee97c05
hxxp://robertovmachado.sites.uol.com.br/5derubavs.txt        md5sum ===> 6cef11aa2aa8b0cc0379ee9ed71255de
hxxp://glaubertrindade.sites.uol.com.br/1450.ico             md5sum ===> 2a2e4e7ae1a9fc4c77b1868280ee21a0http://www.virustotal.com/file-scan/report.html?id=f248f53e4c9e2d0d1666734da19e542b5ce0b523760fa7488cbf89ab4df45b36-1321618745
VT 30/42 (71.4%)
http://www.virustotal.com/file-scan/report.html?id=6b1ad2e10b3f43156c5df06e21c9e25bd93b3c1b978c2d79308feedb8d713095-1321609754
VT 24/42 (57.1%)
http://www.virustotal.com/file-scan/report.html?id=b79175741b4b33a66a7e233693a3fa057a09862abd2a4aa11a5028fc6f6a8920-1321618885
VT 31/42 (73.8%)

Code: [Select]

hxxp://hotfile.com/dl/135027857/6bc0092/105.exe        md5sum ===> a5b7e93e07236f51b861a186d08644e3http://www.virustotal.com/file-scan/report.html?id=f1684fce7a49d09b37ef238489413bfd4ee9065a3db493b490ce6ac4facd6548-1321618985
VT 29/42 (69.0%)

IP Location:  Brazil - Comite Gestor Da Internet No Brasil
AS28270

Code: [Select]

hxxp://187.18.147.205/images/sabac.dll        md5sum ===> 8a688270664717b59e2ab516b001e6fbhttp://www.virustotal.com/file-scan/report.html?id=8d0edf280018c8c1b35bb24291230a7fcf2f68984123b4f360fb458aa08099b4-1321621587
VT 26/42 (61.9%)

[jackberri]

IP Location: Brazil - ZIPNET BR AS
IP  200.147.33.17
[200-147-33-17.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://elirochasilva.sites.uol.com.br/Defencer2011.png         md5sum ===> dc2cd98dc61a7ff1f0f7d1dbb6ae8b03
hxxp://elirochasilva.sites.uol.com.br/minymem.png              md5sum ===> 8d3fc8ec26fa5d4fa54e73bec11bc3ba
hxxp://elirochasilva.sites.uol.com.br/svhostxy.png             md5sum ===> 690be6ccbb10f1756d455b53b963cc9e
hxxp://elirochasilva.sites.uol.com.br/schovlook.png            md5sum ===> 737e20bcb82d3c64c1ed14fe44522c45