« previous next »
Pages: 1 ... 76 77 [78] 79 80 ... 84   Go Down

Author Topic: daily something......  (Read 202750 times)

0 Members and 2 Guests are viewing this topic.

September 16, 2011, 10:46:37 am
Reply #1155

EP_X0FF

  • Special Members
  • Hero Member
  • Offline
  • *
  • 254
    • KernelMode.info
Re: daily something......
Carberp from Blackhole exploit kit

Quote
hxxp://url2.pc-porno.ru/w.php?f=18&e=4

Blackhole

Quote
hxxp://jwolg.info/internet.php?top=22759bc74b40ca51

Payload

(Trojan Hosts)
Quote
hxxp://jwolg.info/w.php?f=16&e=2

more trojans
Quote
hxxp://jwolg.info/w.php?f=21&e=2
hxxp://jwolg.info/w.php?f=19&e=2
Logged
September 21, 2011, 05:18:59 pm
Reply #1156

EP_X0FF

  • Special Members
  • Hero Member
  • Offline
  • *
  • 254
    • KernelMode.info
Re: daily something......
Blackhole Exploit kit

Quote
hxxp://klegt.info/pages.php?login=22759bc74b40ca51

Payload

Quote
hxxp://klegt.info/w.php?f=19&e=2
hxxp://klegt.info/w.php?f=16&e=2
hxxp://klegt.info/w.php?f=21&e=2
Logged
September 23, 2011, 09:04:37 am
Reply #1157

EP_X0FF

  • Special Members
  • Hero Member
  • Offline
  • *
  • 254
    • KernelMode.info
Re: daily something......
Blackhole Exploit Kit

Quote
hxxp://viuhe.info/pages.php?login=22759bc74b40ca51

Payload (Trojan Hosts)

Quote
hxxp://viuhe.info/w.php?f=16&e=2
hxxp://viuhe.info/w.php?f=19&e=2
hxxp://viuhe.info/w.php?f=21&e=2
Logged
September 24, 2011, 06:56:44 pm
Reply #1158

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: daily something......
IP Location: Brazil  - ZIPNET BR AS
IP  200.147.1.41
[200-147-1-41.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/
Code: [Select]
http://sanaped.sites.uol.com.br/live.jpg         md5sum ===> a80d036e9ddf13961575c12e7499a89b
http://sanaped.sites.uol.com.br/musica.jpg         md5sum ===> cf084ae399decd1ff219d410f823c290
http://adcmafersa.sites.uol.com.br/principal.swf         md5sum ===> 8b4ac4e783c376fcba7b8ca6f4b735efhttp://www.virustotal.com/file-scan/report.html?id=3bcf5a2518bb666f2b38805af9628f9d6430630cb86c97183fb4e7b8ced8c60c-1316889362
VT 24/44 (54.5%)
http://www.virustotal.com/file-scan/report.html?id=f77e24c83ddf29396b3f67fa1876cb6e55db270d6bd44d626d9ae015b7d61173-1316889495
VT 27/44 (61.4%)
http://www.virustotal.com/file-scan/report.html?id=22de704dc33c7ef08c830ce1877e452dea4c98e2d2566b4e32ca47c29a203649-1316889645
VT 34/44 (77.3%)

IP Location: Brazil  - PLUGIN VANET ISP
IP  187.84.224.245
AS18479
Registrant/Email Registrant: Elianna Alves - UOL/info@redehost.com.br
Code: [Select]
http://multprint2011.com/mod/img01.png         md5sum ===> 08ee2aa1d001e90bd86faf11061f5150
http://multprint2011.com/mod/img02.png         md5sum ===> f389235006bc6712fd520cc5e5f210da
http://multprint2011.com/mod/img03.png         md5sum ===> f2f9f2216ee2e2fdc9c11cade6a98dc6http://www.virustotal.com/file-scan/report.html?id=257d95213c7c6d775a6b3d9651da2f71ae9d0a8573e307595dddd32ba62473f9-1316888934
VT 22/43 (51.2%)
http://www.virustotal.com/file-scan/report.html?id=271803723ed4654da2e6295f738b8514c3aa18720fc46a208c92d00f8ec368f5-1316888668
VT 23/43 (53.5%)

related onlinegames malware:
IP Location:  China - CHINA-TELECOM
IP 122.224.32.21
AS4134
Code: [Select]
http://So.ffok.Info:86/Le01.js
http://So.ffok.Info:86/Le02.js
http://So.ffok.Info:86/Le03.js
http://So.ffok.Info:86/Le04.js
http://So.ffok.Info:86/Le05.js
http://So.ffok.Info:86/Le06.js
http://So.ffok.Info:86/Le07.js
http://So.ffok.Info:86/Le08.js
http://So.ffok.Info:86/Le09.js
http://So.ffok.Info:86/Le10.js
http://So.ffok.Info:86/Le11.js
http://So.ffok.Info:86/Le12.js
http://So.ffok.Info:86/Le13.js
http://So.ffok.Info:86/Le14.js
http://So.ffok.Info:86/Le15.js
http://So.ffok.Info:86/Le16.js
http://So.ffok.Info:86/Le17.js
http://So.ffok.Info:86/Le18.js
http://So.ffok.Info:86/Le19.js
http://So.ffok.Info:86/Le20.jshttps://www.virustotal.com/file-scan/report.html?id=423dfb3e47c42995e2f342e0a3dfa4b01d7c139d584f061a92188cfaf578225f-1316864207
VT 31/44 (70.5%)

IP Location:  China - CHINA-TELECOM
AS4134
Code: [Select]
http://122.224.4.134/1.exe?affid=11901         md5sum ===> 9244bf8879e722f98af08f18c770e5d0http://www.virustotal.com/file-scan/report.html?id=55b1201477bf2eade416fb78e1a385ebdaa0f20bdfb6743d87f202870095b0f0-1316889781
VT 14/44 (31.8%)

IP Location:  United States - PacketExchange - Global AS
IP 67.201.31.160
AS25973
Name Server: NS33.DOMAINCONTROL.COM  | NS34.DOMAINCONTROL.COM
Registrant/Email Registrant: Vladislav Artua/allpremiumsoft@gmail.com
Code: [Select]
http://cdn.premiumsafe.info/installmate/addons/zugo/indy-indyesigns-dtx.exe         md5sum ===> 3f7ae339721a6a29fee3e8cbbec1a26e
http://www.virustotal.com/file-scan/report.html?id=cb0b91204b71b7b5a2009707e9c2c9fa63af05080f94fcd1d3ae75318eb37d2d-1316779891
VT 4/44 (9.1%)
http://www.virustotal.com/file-scan/report.html?id=df142648aa438ca9ed7780e8540728b27bc8594e9f68fe70403d2d0ceadb1e8f-1316888780
VT 20/43 (46.5%)
Logged
September 25, 2011, 02:01:06 am
Reply #1159

EP_X0FF

  • Special Members
  • Hero Member
  • Offline
  • *
  • 254
    • KernelMode.info
Re: daily something......
Quote from: jackberri on September 24, 2011, 06:56:44 pm
hxxp://122.224.4.134/1.exe?affid=11901

TDL4 servers list extracted from above sample

srv
Quote
hxxps://lo4undreyk.com/
hxxps://sh01cilewk.com/
hxxps://cap01tchaa.com/
hxxps://kur1k0nona.com/
hxxps://u101mnay2k.com/

wsrv
Quote
hxxp://gnarenyawr.com/
hxxp://rinderwayr.com/
hxxp://jukdoout0.com/
hxxp://swltcho0.com/
hxxp://ranmjyuke.com/

psrv
Quote
hxxp://crj71ki813ck.com/
Logged
September 26, 2011, 09:30:51 am
Reply #1160

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: daily something......
IP Location: Brazil - ZIPNET BR AS
IP  200.147.33.21
[200-147-1-41.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/
Code: [Select]
http://raimundont.sites.uol.com.br/midia1.jpg         md5sum ===> b1198df1d21295a5a99b9de871af8374
http://raimundont.sites.uol.com.br/midia2.jpg         md5sum ===> 5dc4ed5e92505796d46efb5f06bd49ab
http://dcmoscon.sites.uol.com.br/yrieryriueyriewyrieyr.tmp         md5sum ===> ece9872e279a4f93a6fcd840e2aca977
http://dcmoscon.sites.uol.com.br/secdemo.tmp         md5sum ===> 714b23337cc9cbc5d4b9ae8a1baca9f4
http://dcmoscon.sites.uol.com.br/Magnatas.tmp         md5sum ===> d6025cabb17a51cc0860e24ea033ad27http://www.virustotal.com/file-scan/report.html?id=283ce1b16880655face82674af2dbf9ecfc03c9dd29c87d12907c06ea599ec1a-1316978251
VT 30/44 (68.2%)
http://www.virustotal.com/file-scan/report.html?id=f40616534c1c263dec23eee30fce59ebad59a178b231952b7bacb3c3e853b50b-1316977956
VT 14/44 (31.8%)
http://www.virustotal.com/file-scan/report.html?id=1e95490b31b7e2d9f032e5cf61c52b07d2ecd09b450d25cf1242f2631894e913-1317028169
VT 34/42 (81.0%)
http://www.virustotal.com/file-scan/report.html?id=48a81e60865b7c77a77b75fbebad8471a0e682db1b94bce59e989319f10dffaf-1317028339
VT 26/44 (59.1%)
http://www.virustotal.com/file-scan/report.html?id=42b504282dd15c0fe545fd7499327e43f4a7c087f819a3783724fbf3c1ba8a7a-1317028121
VT 29/44 (65.9%)

IP Location:  Brazil - ZIPNET BR AS
IP 200.147.33.19
AS7162
Code: [Select]
http://mvandoros.sites.uol.com.br/100.ico         md5sum ===> 253053864dc21d38cea62708330bf7e8
http://mvandoros.sites.uol.com.br/90.ico         md5sum ===> 23b3a684f05f07aa3810beeb3d6c1ba4http://www.virustotal.com/file-scan/report.html?id=0bacf83e1a74ed4d3934a87833666682fad2ab28525c8904330077241568362f-1317028266
VT 30/44 (68.2%)
http://www.virustotal.com/file-scan/report.html?id=fcae84defa0765d1723d200cea7ca5fc2cc4aa733a98ee09b4fa183d7939723c-1317028280
VT 20/44 (45.5%)
Logged
September 26, 2011, 08:30:17 pm
Reply #1161

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: daily something......
IP Location:  China - CHINA-TELECOM
Code: [Select]
http://211.154.153.49/2/1.php?q=1         md5sum ===> 3b2a61e8c6cbe297954eb8635df112bdhttp://www.virustotal.com/file-scan/report.html?id=ff035bdbc3dc10b0949ac7391885066fcf2e183cc8417ffc810b217b79f5d148-1317065461
VT 20/44 (45.5%)


Code: [Select]
http://dl.dropbox.com/u/42834684/mod32.txt         md5sum ===> eb91025af5dd685719864b27a2c1fb81
http://dl.dropbox.com/u/40978335/Authot.txt         md5sum ===> 5c52f03bd4940f0f6ac71da07aacec99http://www.virustotal.com/file-scan/report.html?id=9c690bb2593b2e9cccd91f3502e54876b26e72b0201498d226910d49a9088122-1317046938
VT 8/44 (18.2%)
http://www.virustotal.com/file-scan/report.html?id=9c9ab228c4b9375cdb8039987b4620c9ea96eb6b00713bee1588fa77d64cd29f-1317048084
VT 27/44 (61.4%)

IP Location: Brazil  - ZIPNET BR AS
IP  200.147.1.41
[200-147-1-41.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/
Code: [Select]
http://juniorevaldo.sites.uol.com.br/Mateus.ico         md5sum ===> b2b463cdc547b39259167975bff6393d
http://juniorevaldo.sites.uol.com.br/Lourdes.ico         md5sum ===> d704a175d3be26f550458ab182e5d85e
http://neto.brandao.sites.uol.com.br/Jk.ico         md5sum ===> 331c3741f5630e5c10490d3d1b8ecca7
http://neto.brandao.sites.uol.com.br/Ks.ico         md5sum ===> 12d86b82e097ebe96732dfb8f987625b
http://rickengels.sites.uol.com.br/1bandeira.txt         md5sum ===> 50660679e765448a100ccdb6c926c7e1
http://rickengels.sites.uol.com.br/2ne3x.txt         md5sum ===> fae0a2164db7c46df7067601fa4298bf
http://rickengels.sites.uol.com.br/3natela.txt         md5sum ===> 145dba2804dffd4ee07c28db189cb2bb
http://rickengels.sites.uol.com.br/4itabb.txt         md5sum ===> 02194331f7ef9000ef8f83b05a5d462e
http://rickengels.sites.uol.com.br/5derubavs.txt         md5sum ===> f59fc8c5eec454a74f8f1f96378e068a
http://mcmpessa.sites.uol.com.br/joao.html         md5sum ===> 282c28786cd54112a35ff5e395e72333
http://oaviador.sites.uol.com.br/yrieryriueyriewyrieyr.tmp         md5sum ===> 69147928559fdb2b47cdcf61e482f788
http://oaviador.sites.uol.com.br/secdemo.tmp         md5sum ===> 46b93add13fbfa6add05ba99f1f659e8
http://japinotti.sites.uol.com.br/st13.jpg         md5sum ===> c2f9841baaa9b57b97d06e89641374b1[urlhttp://www.virustotal.com/file-scan/report.html?id=0c8825c6855e911e81bb1b300461337c3b0e06232adbf77e8a1dba95c9939889-1317066171[/url]
VT 31/44 (70.5%)
http://www.virustotal.com/file-scan/report.html?id=6872a8f2bad6d3defc64762363a9cc74f70fbd4a456bcc4ed995d649eff708ba-1317066194
VT 22/44 (50.0%)
http://www.virustotal.com/file-scan/report.html?id=1399ed431a10dd5df6cd078001b14d84d657db01a9ffbbb16c3cb71dc8e8ca41-1317066663
VT 29/42 (69.0%)
http://www.virustotal.com/file-scan/report.html?id=999d0df35dae3083d6a800521cf0527006052722b9340bbf098204fc4a4b8e9a-1317066557
VT 19/44 (43.2%)
http://www.virustotal.com/file-scan/report.html?id=f2310b97e5a8f421428d209a446939df4a7d34cb53f913c64a926a8099bf9f96-1317066981
VT 32/44 (72.7%)
http://www.virustotal.com/file-scan/report.html?id=6a8c8130731cb1dd51221fa40ff7c8047ba8b56f0b9c2e0ccfba923093169330-1317066974
VT 24/44 (54.5%)
http://www.virustotal.com/file-scan/report.html?id=1b0e1e6bb75a4fe5ee6a04360c9ec7e72b1a4651c64661aad12f3e867532e894-1317066565
VT 24/44 (54.5%)
http://www.virustotal.com/file-scan/report.html?id=8618eaaa6981c7d23e17b577847d5ee6d11b192709a683a9c2a797f9c650eb17-1317066573
VT 25/44 (56.8%)
http://www.virustotal.com/file-scan/report.html?id=50e616bc62eccade68617384c7ac3413872fc6a6a1d7a044bd9941f8a6d0262b-1317066991
VT 24/44 (54.5%)
http://www.virustotal.com/file-scan/report.html?id=123f0222409f4c486e32a89f8cc89c98f1f21677830b4716375077aabc5d72ab-1317067620
VT 37/44 (84.1%)
http://www.virustotal.com/file-scan/report.html?id=7fc495c67a9c35922f34e5371ab25ca8422d66e4723c265cd4dd37354ac31ff9-1317067521
VT 35/44 (79.5%)
http://www.virustotal.com/file-scan/report.html?id=e281c82eb2ea705aa63be6cf6d78370caccc68c06d46ae1d248253375e17c86f-1317067532
VT 26/44 (59.1%)
http://www.virustotal.com/file-scan/report.html?id=ec558485b3c23f1aa3a873447e468476eb5795cd34fdeee6bbd3e0345b1e519b-1317067528
VT 27/44 (61.4%)
Logged
September 27, 2011, 10:50:23 am
Reply #1162

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: daily something......
IP Location: Russian Federation - DINET-AS
IP 89.208.141.136
AS12695
Name Server: NS49.DOMAINCONTROL.COM | NS50.DOMAINCONTROL.COM
Registrant/Email Registrant: Emma John/simms1@mail.com
Code: [Select]
http://wonderabas.com/1111.exe  md5sum ===> 74e69fa4cfb1666792fd4138e7c58bd9
http://wonderabas.com/redir.php
http://batteintecn.com/config.phphttp://www.virustotal.com/file-scan/report.html?id=0de9d1bfb912b876565136283a8714efc211dd24613780fd8afcde2525e450d3-1317119594
VT 2/44 (4.5%)
Logged
September 27, 2011, 02:20:00 pm
Reply #1163

HGPower

  • Full Member
  • Offline
  • ***
  • 60
Re: daily something......
(Different MD5 Hash than posted earlier)
Code: [Select]
http://dl.dropbox.com/u/42834684/mod32.txt mod32.txt 6/44
MD5: 3d6bdf9883363db50bef2210d26904ab
http://www.virustotal.com/file-scan/report.html?id=a5e7a5b8c977fac2b01a4020abe8b7cef86cb36535204eb9c9bebb6f62dd0c86-1317132117
Logged
September 29, 2011, 12:17:45 pm
Reply #1164

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: daily something......
Code: [Select]
http://178.162.174.147/api/urls/?affid=15401
http://122.224.4.134/1.exe?affid=15401         md5sum ===> cce73572f30f7f467b296cadb4f79132http://www.virustotal.com/file-scan/report.html?id=5654c4666f25afd8b52316fb16076c3e1254e24bc400d35bb47a9a6c611e67d4-1317252850
VT 18/43 (41.9%)

Code: [Select]
http://www.003zzy.com/ad1in.htm
http://118.126.15.148:8089/wj3.jpg         md5sum ===> 6c587e6aac664d863fd24799fa6f3047http://www.virustotal.com/file-scan/report.html?id=d3519f9aa753316d145323f5c77355f29c562a2e79d1e492efb2953a07bb45b0-1317128138
VT 29/43 (67.4%)

IP Location: Brazil  - ZIPNET BR AS
IP  200.147.1.41
[200-147-1-41.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/
Code: [Select]
hxxp://advanceservicos.sites.uol.com.br/midia01.ico         md5sum ===> ea113996b009543cf5ad162332cf8026
hxxp://advanceservicos.sites.uol.com.br/midia02.ico         md5sum ===> f6e17853326bc034305e3db2e26ecea7
hxxp://gefferson_luiz.sites.uol.com.br/jamau.ico         md5sum ===> 83caa0937402887f96161db1b15d83a8
hxxp://lpbromfman.sites.uol.com.br/Lorena.ico         md5sum ===> b31c0cebe24f59283651e0c091516304
hxxp://lpbromfman.sites.uol.com.br/Mamede.ico         md5sum ===> 073ead803c97eab40c1b98611791bc11
hxxp://phytonordeste.sites.uol.com.br/img/net.gif         md5sum ===> c5354c6ec36f48d734e7a5be60bd506b
hxxp://phytonordeste.sites.uol.com.br/img/ok.gif         md5sum ===> 36052825c4c3a649305abcc3fbcdc835
hxxp://phytonordeste.sites.uol.com.br/img/ok2.gif         md5sum ===> 7b79d59698025b68e0a34970abcab61f
hxxp://ranulfogomes.sites.uol.com.br/yrieryriueyriewyrieyr.jpg         md5sum ===> 1f95eb62229f9fa60b5318a0eed5d232
hxxp://ranulfogomes.sites.uol.com.br/secdemo.txt         md5sum ===> 99cc274df80ef247a2a403c7f777b2f3
hxxp://ranulfogomes.sites.uol.com.br/Key_Magnatas.xml         md5sum ===> dba0441232181f115e67c1752a9a1843http://www.virustotal.com/file-scan/report.html?id=8346af450f556ea7b86d0ee073585b17b6bbd54b830f994b4b0dec562c803a2a-1317287851
VT 23/43 (53.5%)
http://www.virustotal.com/file-scan/report.html?id=a52ba47f90a421e8eb185de05e99360df6ba9624219bd20c7710fcfdac29a145-1317287814
VT 31/43 (72.1%)
http://www.virustotal.com/file-scan/report.html?id=1b3c261b55675d7dcecd3c2ab03a5ad755d96a552b7e9dec662837de5ac3e7ae-1317288830
VT 31/43 (72.1%)
http://www.virustotal.com/file-scan/report.html?id=a95335ac5f096870495639b6cc0b2ce7460cc516a7bada3ba2fa9c270e883471-1317288885
VT 24/43 (55.8%)
http://www.virustotal.com/file-scan/report.html?id=e2190e7d4a7fd26bdaea46d82f818e73c55e50bcd477a5445ac1edeed9718fd2-1317288922
VT 32/43 (74.4%)
http://www.virustotal.com/file-scan/report.html?id=e0b43dcdca303c51c0181588e8c8ec7a319aa2017662711c8a8c6a3d187ccdf6-1317288944
VT 14/43 (32.6%)
http://www.virustotal.com/file-scan/report.html?id=aef2bbd010fc8f25c2a340b97dfeba4a52c7a89d578c15874a7a26c499f6a80c-1317288967
VT 21/43 (48.8%)
http://www.virustotal.com/file-scan/report.html?id=bca7ce1f2d412a2bcd95d86622fe169bbe33e2763285cf292a466e761eb93c91-1317288997
VT 21/43 (48.8%)
http://www.virustotal.com/file-scan/report.html?id=fcdf1ccbb2ebb3fdc353aa15e5093b4a404b7f6b0d9915a1930b6b85953e7981-1317288998
VT 38/43 (88.4%)
http://www.virustotal.com/file-scan/report.html?id=25fa7bce8c5a3fd035c41542cf3aacab95e3065aeb2fac2dfb92bd8bfb06ad04-1317289027
VT 29/43 (67.4%)
http://www.virustotal.com/file-scan/report.html?id=f227911d981cf0240427b241044f6b4400877a7d33606174a6ca989eee04cce6-1317289116
VT 27/43 (62.8%)
Logged
September 29, 2011, 01:25:23 pm
Reply #1165

EP_X0FF

  • Special Members
  • Hero Member
  • Offline
  • *
  • 254
    • KernelMode.info
Re: daily something......
SpyEye v1.3

hxxp://serokfukisp.ru/build.exe

Gates:
Quote
hxxp://koburana.ru/m9-main/gate.php;90
hxxp://hhasdalkjjfasd.ru/m9-main/gate.php;90
hxxp://hdkajhslalskjd.ru/m9-main/gate.php;90
hxxp://iieiwuorwfssf.ru/m9-main/gate.php;90
hxxp://oasffjapsifenjk.ru/m9-main/gate.php;90
hxxp://igsfsdufiwpper.ru/m9-main/gate.php;90
hxxp://xjbchslkjdfpa.ru/m9-main/gate.php;90
hxxp://ieiapppppsfhpa.ru/m9-main/gate.php;90
hxxp://bdfsfowerpasf.ru/m9-main/gate.php;90
hxxp://osdhfsndmllllahdi.ru/m9-main/gate.php;90

Logged
September 29, 2011, 03:08:32 pm
Reply #1166

EP_X0FF

  • Special Members
  • Hero Member
  • Offline
  • *
  • 254
    • KernelMode.info
Re: daily something......
Blackhole exploit kit

Quote
hxxp://nsoxr.info/pages.php?login=22759bc74b40ca51

Payload (all trojan hosts)

Quote
hxxp://nsoxr.info/w.php?f=16&e=2
hxxp://nsoxr.info/w.php?f=19&e=2
hxxp://nsoxr.info/w.php?f=21&e=2
Logged
September 29, 2011, 04:30:52 pm
Reply #1167

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: daily something......
IP Location:  Korea - Hanaro Telecom
IP 210.219.173.220
AS9318
Name Server: ns33.dnsever.com  |ns61.dnsever.com  | ns76.dnsever.com  | ns231.dnsever.com  | ns259.dnsever.com
Registrant/Email Registrant: pinkmode/aa0123aa@daum.net
Code: [Select]
hxxp://update.graycolor.co.kr/down/privacynsetup_table.exe         md5sum ===> 067b01245c13c6bcd7cd8e74682bf01b
hxxp://update.privacyn.com/bin/privacynU.exe         md5sum ===> b90722f666c0650e8ddf37c8580c4a67
hxxp://update.privacyn.com/bin/privacyn.exe         md5sum ===> ea346d4334a622c03bbf610e85e71f62
hxxp://update.privacyn.com/bin/uninst_privacyn.exe         md5sum ===> 6a8c8d75211d788a2b6fa7294c5e3c72
hxxp://update.privacyn.com/bin/privacynBK.exe         md5sum ===> 7f610d0433039b6d019381d3e1be8634
hxxp://update.privacyn.com/bin/privacyndm.exe         md5sum ===> 8ef593e5b9a848aa89c407dd9aae47a7
hxxp://ins.miniwidget.co.kr/haw/lazehttp://www.virustotal.com/file-scan/report.html?id=536f8eeb038c0cdace4bfe123a14484e3234828553c760bf857058f8a7dcd925-1317311915
VT 23/43 (53.5%)
http://www.virustotal.com/file-scan/report.html?id=e414fadae40649a1fd34a807083d4930109cecf6df9f9dff5f604853b5d8c66b-1317312088
VT 25/43 (58.1%)
http://www.virustotal.com/file-scan/report.html?id=4461525df6bb0f067630fa4c348eb6120679d845c2562eb8a37d6c81ee7da454-1317312656
VT 29/43 (67.4%)
http://www.virustotal.com/file-scan/report.html?id=25b12b4ee5121b2e797aab0535a78448b3a8f1739734962df18a1cb579c82362-1317312832
VT 15/43 (34.9%)
http://www.virustotal.com/file-scan/report.html?id=93ac6d5e3e2b4261ec3c94e0698951c261badc9566d739f4120dcecd9ae362af-1317312604
VT 18/43 (41.9%)
http://www.virustotal.com/file-scan/report.html?id=5bce00446c6cd12817164fc4ff680fbfa840dc45bef952676c1857e3e8bbb2ba-1317312674
VT 19/43 (44.2%)

IP Location:  Korea - Hanaro Telecom
IP 218.38.136.45
AS9318
Name Server: NS.WBAPPM.COM
Registrant/Email Registrant: Akorea/akorea@hotmail.co.kr
Code: [Select]
hxxp://wbappm.com/P/programutil.exe         md5sum ===> 98564bce2d93d65171c72f3db88767b4http://www.virustotal.com/file-scan/report.html?id=8d6050b1d92cee779e67445a9a3a6c89fd5f4deb02feba9abecb7429809d36e1-1317313224
VT 20/43 (46.5%)

Code: [Select]
http://dl.dropbox.com/u/38461527/modulo.txt         md5sum ===> 378189300eb4da9457c57395a0619b3d
http://dl.dropbox.com/u/38461527/msnsys.txt         md5sum ===> fd2507bb17460e254106bf5ff4c7513chttp://www.virustotal.com/file-scan/report.html?id=d8f0ee40a272ecd22461ef4c650a0bce57d6fda21bbeb5b9b18dc399d3f7a17e-1317307540
VT 10/43 (23.3%)
http://www.virustotal.com/file-scan/report.html?id=0bcef0442d4f3b3734c1b188999d50f614bbdeec865f242aa82bb0860d7567c7-1317306616
VT 20/43 (46.5%)
Logged
October 02, 2011, 11:34:49 am
Reply #1168

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: daily something......
IP Location: Brazil - ZIPNET BR AS
IP  200.147.1.41
[200-147-1-41.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/
Code: [Select]
hxxp://abesser.sites.uol.com.br/mns.jpg         md5sum ===> 4ac7f4b8f62b0ded195c81150679d7fb
hxxp://tavolaro-silva.sites.uol.com.br/metodoS.swf         md5sum ===> 685047b5cd7b195ea27bbca5810b24c4
hxxp://ludovicoabdalla.sites.uol.com.br/Laudo.ico         md5sum ===> 0e657828100c8053357143c9ef2b4bc5
hxxp://ludovicoabdalla.sites.uol.com.br/Mateus.ico         md5sum ===> 6023c21d796a285f755fda73f1006fc9
hxxp://daiane.gallo.sites.uol.com.br/moduloa.jpg         md5sum ===> 9dbe82a05afb5050cf3313734ebf0dd0
hxxp://vainaraca1.sites.uol.com.br/auto.jpg         md5sum ===> f4c285a6da2ac3f2ab143ef5c56c9289
hxxp://vilela.adv.sites.uol.com.br/875421.ico         md5sum ===> 1c31456627aa16f1cb9b87eac224f1ff
hxxp://vilela.adv.sites.uol.com.br/895623.ico         md5sum ===> 9c18d55712ea665056f29ddb2734f301
hxxp://lilianbela.sites.uol.com.br/atl.jpg         md5sum ===> f636e1b242704436d50a8d27f91d5f1b
hxxp://valdeilma.moraes.sites.uol.com.br/metodoS.swf         md5sum ===> 685047b5cd7b195ea27bbca5810b24c4
hxxp://jeroniandrade.sites.uol.com.br/Laudo.ico         md5sum ===> 978519e5dbb44d1259c95b52fe310f1a
hxxp://jeroniandrade.sites.uol.com.br/Mateus.ico         md5sum ===> 3b1f2664c6f17a2a47038cb2599c9a91
hxxp://v.zappia.sites.uol.com.br/1bandeira.txt         md5sum ===> 014f96aecef803e900aa9e6a7900035f
hxxp://v.zappia.sites.uol.com.br/3natela.txt         md5sum ===> 79e7c2f5e1840500e6dc6e089b0bb1b3http://www.virustotal.com/file-scan/report.html?id=c143862abffb45e00bc7e0e333a56862fc5c5cf44c40ca05dd97bb448630db91-1317551750
VT 31/43 (72.1%)
http://www.virustotal.com/file-scan/report.html?id=1a231b9090d321823c84e171496ea20efedf9df5f00ffaa93853952c8dd0203f-1317551883
VT 30/43 (69.8%)
http://www.virustotal.com/file-scan/report.html?id=92cd1213f3961ca583b69adbba25bef3f67cbbd2acb9bf8adc47567e80521677-1317496843
VT 26/43 (60.5%)
http://www.virustotal.com/file-scan/report.html?id=d84949e181e56bde2ee9b89e05c627fd4c7b944e0aca2b0b96d8ca1367b44530-1317496935
VT 31/43 (72.1%)
http://www.virustotal.com/file-scan/report.html?id=30c752d9c16270e8f3f386d7c06fc6d8c9641db2007d7ab3bc784a60ff688021-1317552840
VT 28/43 (65.1%)
http://www.virustotal.com/file-scan/report.html?id=84886f5857e85576467c898a41b2a11319207212676de06289a84347ae4ca2e8-1317552852
VT 5/43 (11.6%)
http://www.virustotal.com/file-scan/report.html?id=ea4f05d95e3ef83c922c3c4c69b9fbd83a355e8822ac9fb4e3acdf765e0f58a7-1317552924
VT 34/43 (79.1%)
http://www.virustotal.com/file-scan/report.html?id=27a39e2075d98f40afd2c12f6f980a0443c0dc65c14b7da39f5c3b9b8afcb8e2-1317552975
VT 26/43 (60.5%)
http://www.virustotal.com/file-scan/report.html?id=40ec89f78243f400a253e8a823b123c50de9ed7cd61cdda45684ee391783d937-1317552981
VT 21/43 (48.8%)

IP Location: Brazil  - ZIPNET BR AS
IP  200.147.33.21
[200-147-1-41.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/
Code: [Select]
hxxp://palomissima.sites.uol.com.br/index.ico         md5sum ===> 9e7941667fb6ec01b2cb3182f59f7cc5
hxxp://palomissima.sites.uol.com.br/jamal.ico         md5sum ===> 0ea1b9453f8523f19d8168d6c2eaa7f8
hxxp://cemmi.sites.uol.com.br/china.css         md5sum ===> 3d86b88d64cb278b4e9cdde8b0820e02
hxxp://cemmi.sites.uol.com.br/hotlive.css         md5sum ===> d731519cd1fd74b882384633f53ac5eb
hxxp://denialencar.sites.uol.com.br/yrieryriueyriewyrieyr.tmp         md5sum ===> b75413e7c61768579aa26a49978403a3
hxxp://denialencar.sites.uol.com.br/Key_Magnatas.tmp         md5sum ===> c76ff6150acb32d010d4912b85a6f454
hxxp://denialencar.sites.uol.com.br/secdemo.tmp        md5sum ===> 269868f1b8bca211eddba83bbe317495
hxxp://mottatrans.sites.uol.com.br/Emotiom.gif         md5sum ===> 86c1cfd50a0dca1d979f9ffe1fcf3b91
http://mottatrans.sites.uol.com.br/torpedo.gif         md5sum ===> 38999599d484105771e9220b58c12d2e
Logged
October 03, 2011, 12:02:43 pm
Reply #1169

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: daily something......
IP Location:  China - Guangdong Network of China Telecom
AS4134
Code: [Select]
hxxp://121.10.107.78:88/b7/0.exe  md5sum ===> a15e3c686bd1ebf698aa2cb45fdb6abc
hxxp://121.10.107.78:88/b7/1.exe  md5sum ===> 77be21cecd6b910c8935253de58b7c4c
hxxp://121.10.107.78:88/b7/2.exe  md5sum ===> 719bbbe470daadd07a61929987442f37
hxxp://121.10.107.78:88/b7/3.exe  md5sum ===> 04231cb95152365fa0df962e749d2568
hxxp://121.10.107.78:88/b7/4.exe  md5sum ===> 6675c798fefe98bafcdfdff9bae8de94
hxxp://121.10.107.78:88/b7/5.exe  md5sum ===> 4d13b2485aea687486c1c5f1f885a389
hxxp://121.10.107.78:88/b7/6.exe  md5sum ===> 7026b6ed4b6a829ea09ecb5193938f5f
[...]
hxxp://121.10.107.78:88/b7/10.exe  md5sum ===> f11b02b7d80b66847b9326d831cc52f3
[...]
hxxp://121.10.107.78:88/b7/30.exe  md5sum ===> c7bebfb7d8333ffd81b394d7fa3b22e4
[...]
hxxp://121.10.107.78:88/b7/40.exe  md5sum ===> f6ba8b379d84d2caa614fc29dd2aa563http://www.virustotal.com/file-scan/report.html?id=708abd2f3cc2097e371a60f4e7de6859cec4b81a23d847e25e957b6034363a7c-1317636009
VT 31/43 (72.1%)
http://www.virustotal.com/file-scan/report.html?id=29b9619bae77d33ab57cdace5a1d69d8991c65f84d988e3baba701b44c92658b-1317636052
VT 36/43 (83.7%)
http://www.virustotal.com/file-scan/report.html?id=4fb2adcd806717db1ac8edd444306a551a146364f86da25dc8c04f049b826c49-1317636063
VT 38/43 (88.4%)
http://www.virustotal.com/file-scan/report.html?id=cfd9d594d8ea86d91d798731173a64ef0c8bb9fca1c67479243227b33ac3b773-1317636063
VT 38/43 (88.4%)
http://www.virustotal.com/file-scan/report.html?id=b3ef671766f8428dd0eabe0424f63b5f32f9eebde4c4b88a3eac6b271004158a-1317636103
VT 32/43 (74.4%)
http://www.virustotal.com/file-scan/report.html?id=b0d714e8359b831a7c7b77e70c72b60b5dbc0df75cddcbfc659aef721881913c-1317636121
VT 40/43 (93.0%)
http://www.virustotal.com/file-scan/report.html?id=96924d140a4070febeb9012244ebcc134c7709ed69caaceffb83b5b2b5e7a5d4-1317347929
VT 31/42 (73.8%)

IP Location:  Korea - SMILESERV-AS-KR SMILESERV
IP 115.68.7.214
AS38700
Name Server: ns.multicare.co.kr
Registrant/Email Registrant: UCF/ucf@hotmail.co.kr
Code: [Select]
hxxp://update.multicare.co.kr/version/bina/multicareu.exe         md5sum ===> 4201c2e40f7913cedfca651eb2163fb5
hxxp://update.multicare.co.kr/version/bina/uninst_multicare.exe         md5sum ===> 169da7c2e3a8dc341b413869127c98df
hxxp://update.multicare.co.kr/version/bina/multicarestart.exe         md5sum ===> cfd1b815b48fab52caf6595eb723fded
hxxp://update.multicare.co.kr/version/bina/multicare.exe         md5sum ===> 0f146f315eb2c1bbf30cad09d7815e9a
hxxp://upstat.multicare.co.kr/P/mcthenameof.exe         md5sum ===> b5f4d854bbb8f8fe172b920e1ca01674http://www.virustotal.com/file-scan/report.html?id=47a55133726b0bcd1c67175c605b15b933f21dbcb3144cb8e3368b7bb2aeb6d0-1317633009
VT 23/43 (53.5%)
http://www.virustotal.com/file-scan/report.html?id=efa7adc619ec8b0bf655f581068aba851ef0e7da3befbe1318ca1a7ed1931bcb-1317633454
VT 10/43 (23.3%)
http://www.virustotal.com/file-scan/report.html?id=40e56406075374b036fffe0eb09f45af436e62567c325927206b555b2880d334-1317633509
VT 15/43 (34.9%)
http://www.virustotal.com/file-scan/report.html?id=de5abedfb2bca06c4204d5f82d45d056475fe71bbe3d10c2abe793a608baf8e7-1317633576
VT 18/42 (42.9%)
http://www.virustotal.com/file-scan/report.html?id=f260ee085c788040e2d8623383a8240e3c0a03a2158aa4e4cabeee5f8b724f54-1317633606
VT 29/43 (67.4%)

IP Location: Brazil - ZIPNET BR AS
IP  200.147.1.41
[200-147-1-41.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/
Code: [Select]
hxxp://mariareginanetto.sites.uol.com.br/Jack/dik.jpg         md5sum ===> 84139e7be5af0e663fd67386bde4bb49
hxxp://cafeoliveira.sites.uol.com.br/mapas.ico         md5sum ===> a88afff9174a78c7344d931423b17909
hxxp://cafeoliveira.sites.uol.com.br/letras.ico         md5sum ===> 1f09992a2009b639bb9b71e3463cf5f5http://www.virustotal.com/file-scan/report.html?id=0c45d8e6e802c48ef779f1d90d19b08b3b6cc1ebb6e2f99badd066707d687369-1317642572
VT 32/43 (74.4%)
http://www.virustotal.com/file-scan/report.html?id=aeeea18b94be596e6824194dd9a7eeb0c449e1e1df9d91346655136f4a002ef0-1317634067
VT 24/43 (55.8%)
http://www.virustotal.com/file-scan/report.html?id=1536a8cc1c18dc070bd6e0230c0181b0011f3b0859ff2add5b5d79c9ba3c9728-1317634141
VT 23/43 (53.5%)
Logged
Pages: 1 ... 76 77 [78] 79 80 ... 84   Go Up
« previous next »