Malware Domain List

Malware Related => Malicious Domains => BIGNESS - AS49093 => Topic started by: Malware-Web-Threats on September 05, 2009, 02:39:48 pm

Title: AS49093
Post by: Malware-Web-Threats on September 05, 2009, 02:39:48 pm
IP for exploits

work with

/s/in.cgi?3&ab_iframe=0&ab_badtraffic=0&ab_trash=1&antibot_hash=bot

Code: [Select]
bfivuzop.cn
cazkafuq.cn
cqodezuz.cn
dhoqoyal.cn
jagbibiv.cn
kgapofef.cn
khumemit.cn
nfovidab.cn
qtorifik.cn
qmesanic.cn
rjilegiv.cn
sjimilah.cn
ssesodoq.cn
vkodewol.cn
wjaxoxeh.cn
zekxowiv.cn
zyejanag.cn

Trojan Tedroo (Spammer)
Code: [Select]
bzefowum.cn/de/
bzefowum.cn/de/evenLooksBelief.pdf
bzefowum.cn/de/oldEven.swf
bzefowum.cn/de/update.php
bzefowum.cn/de/update.exe
bzefowum.cn/de/admin.php (liberty control panel)

Wepawet (http://wepawet.iseclab.org/view.php?hash=ffdae836bfe5a7a9a9a7c809c1a788cb&t=1252129830&type=js)
ThreatExpert (http://www.threatexpert.com/report.aspx?md5=5ebac641128fc568bb4e448597e77b7c)

VirusTotal: 10/41 (24.39%) (http://www.virustotal.com/analisis/72e90625b0298da7b0113bb152344da30f5b9dfbd76655311fc0f1730477c09f-1252050340)
Title: Re: AS49093
Post by: SysAdMini on September 05, 2009, 08:16:23 pm
This network is really interesting and we should keep an eye on it.
We have seen exploit kits like Fragus, Liberty and LuckySploit at this net in the last weeks.

http://www.malwaredomainlist.com/mdl.php?inactive=on&sort=Date&search=49093&colsearch=ASN&ascordesc=DESC&quantity=All&page=0

The registrant Steven Lucas and the fact, that this company is located in St.Petersburg,
makes it even more interesting.

Let's open a dedicated board for urls from this AS.
Title: Re: AS49093
Post by: CkreM on September 05, 2009, 08:20:37 pm
maybe add a new child board for it?
Title: Re: AS49093
Post by: CkreM on September 05, 2009, 08:47:29 pm
there are many domains on the IP range with a default blog page(wordpress) in russian
Title: Re: AS49093
Post by: cleanmx on September 05, 2009, 09:02:38 pm
follow up these

http://support.clean-mx.de/clean-mx/viruses.php?as=AS49093&response=alive