Author Topic: hs.2-95.zlkon.lv (94.247.2.95)  (Read 5125 times)

0 Members and 1 Guest are viewing this topic.

April 06, 2009, 09:26:02 am
Read 5125 times

CM_MWR

  • Special Members
  • Hero Member

  • Offline
  • *

  • 319
First Reference
http://www.malwaredomainlist.com/forums/index.php?topic=2638.0

Todays is same thing but did notice something when it doesnt get a current response from host at 94.247.2.95

Lots of these re transmissions
Code: [Select]
52.4d.364a.static.theplanet.comHTTP[TCPRetransmission]GET/40E8001442563833373364346533642D66333835326220666C000001AB66000000007600000642EB000530B1B9BDC2

52.4d.364a.static.theplanet.com (74.54.77.82)

Code: [Select]
ca.87.364a.static.theplanet.comHTTP[TCPRetransmission]GET/40E8001442563833373364346533642D66333835326220666C000001AB6600000000760000005DEB0005301534383E
ca.87.364a.static.theplanet.com (74.54.135.202)


April 06, 2009, 10:32:11 am
Reply #1

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
You have posted some of them. I have checked them, but I can't detect what it is ?
Therefore I haven't listed those urls.
Do you know what it is ?


Ruining the bad guy's day

April 06, 2009, 10:36:27 am
Reply #2

CM_MWR

  • Special Members
  • Hero Member

  • Offline
  • *

  • 319
Malware??  ;D

Pandex/Cutwail I spec is what it would be called.

April 06, 2009, 10:38:14 am
Reply #3

CM_MWR

  • Special Members
  • Hero Member

  • Offline
  • *

  • 319
Ah holger, you need PM me, Ill send you somewhere get a tool make those links work for you, I cant recall dload link so Ill have to email somone....these links when save to disc are BN**.tmp usually dropped in temps.