daily something......

[DnlMrx]

Have somebody infos about the risk of the url gal-axy.net?

I found a lots of redirects today to this url, but at first view it seems to be a normal p*** site.

[jackberri]

IP Location:  Vietnam - FPT-AS-AP FPT Telecom Company
IP 210.245.81.224
AS18403
Name Server: NS35.DOMAINCONTROL.COM  | NS36.DOMAINCONTROL.COM
Registrant/Email Registrant: Le Van Hai Chau/levanhaichau@gmail.com

Code: [Select]

hxxp://chipchipchip.com/images/listo18.exe         md5sum ===> 4a31608e29793e84748eb64876eedf74http://www.virustotal.com/file-scan/report.html?id=5089c58d76b7c15fc1e0b21a05e97d1c13e4728604f3a6612ab1812873d5dfce-1319132349
VT 8/42 (19.0%)


IP Location:  China  - China Telecom
AS4134

Code: [Select]

hxxp://58.215.241.13:8088/BDDZL/S301.exe         md5sum ===> c27719c165d8a3fb1e803082c4b2c3bahttp://www.virustotal.com/file-scan/report.html?id=ee96a5df56a886845e6e1bf016ab2204be02c83dd878e878ad56c1f0e886fa94-1319101007
VT 9/42 (21.4%)

IP Location: Brazil - ZIPNET BR AS
IP  200.147.1.41
[200-147-1-41.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://robertovmachado.sites.uol.com.br/1bandeira.txt         md5sum ===> 39c0c78dcb0feb7a103dc1ff70b95fc8
hxxp://robertovmachado.sites.uol.com.br/2ne3x.txt        md5sum ===> 3ad097333047ca656fcb224bc308cc66
hxxp://robertovmachado.sites.uol.com.br/3natela.txt         md5sum ===> 0dc11f95e12a03a2d4264202129a1148
hxxp://robertovmachado.sites.uol.com.br/4itabb.txt         md5sum ===> 5ed3a6782104d9e3b62f6f63108ea20bhttp://www.virustotal.com/file-scan/report.html?id=2ef4e461211da7e6deae68251376745e4d0d0c6fffcb2fd2c9ddeee8fed37fd6-1319132424
VT 18/43 (41.9%)
http://www.virustotal.com/file-scan/report.html?id=1ddec57706e81d21ae2288752d47d62067b314a4c2ae859d74d085cfcc458d01-1319132471
VT 26/43 (60.5%)
http://www.virustotal.com/file-scan/report.html?id=fb2ec43618796398c922c3b1a7f8c8433ca36e6b68dbed4b0054d4bdbfedf168-1319132394
VT 25/43 (58.1%)
http://www.virustotal.com/file-scan/report.html?id=3a56ce1f6b924243cb067d04f3eb50d33ca3df7a3a4c21f093ccb3a8d14139c5-1319132381
VT 25/42 (59.5%)

IP Location: Brazil - ZIPNET BR AS
IP  200.147.33.21
[200-147-1-41.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://susanamleal.sites.uol.com.br/840.ico         md5sum ===> dfc669c0d34fe682a60d8177c06696b2
hxxp://susanamleal.sites.uol.com.br/730.ico         md5sum ===> e53fe700d6ab1d195974d67fd686add3
hxxp://jkishii.sites.uol.com.br/ludes.ico         md5sum ===> 2f2f32460f8f84d100eb4a013f4ce955
hxxp://jkishii.sites.uol.com.br/marisa.ico        md5sum ===> 0c0ae2b88a918b8209bf8502d27fa78b
hxxp://vxalves.sites.uol.com.br/1drioid.txt         md5sum ===> 623cc85375d70bc959b3a71183015edf
hxxp://vxalves.sites.uol.com.br/2psaect.txt         md5sum ===> ec1eba32a00635a3b3894bb4ff913e02
hxxp://vxalves.sites.uol.com.br/3dfswuy.txt         md5sum ===> 49efc9d04650c7fecdb2bc5544f58e31
hxxp://vxalves.sites.uol.com.br/4dpvjec.txt        md5sum ===> 9b3016c7787858f3888705a189cb3692
hxxp://vxalves.sites.uol.com.br/5btxusb.txt         md5sum ===> 3b66bc3bf4970111fd9cd100398e86ff[urlhttp://www.virustotal.com/file-scan/report.html?id=67d1100073b3b7de2bf5cb91432a71088596fadcb51f5574c3d9e582fba68dd5-1319136020[/url]
VT 29/42 (69.0%)
http://www.virustotal.com/file-scan/report.html?id=74fdab1cdbf6cc593fb4c579cf06e21f41c37e514ba44ab0c0de1b2bb7bb6cd2-1319136218
VT 22/41 (53.7%)
http://www.virustotal.com/file-scan/report.html?id=ba9b71ad423f5f5b60ff7beaa96199a70e43c2d7329deaae0d47e85395c53646-1319132499
VT 30/43 (69.8%)
http://www.virustotal.com/file-scan/report.html?id=85ae74fcfff678d1f7f577e9065e0226dbdd84b1de03bd140c0c3e11a733d823-1319133078
VT 27/43 (62.8%)
http://www.virustotal.com/file-scan/report.html?id=3278a9efe261feb409f278b6517a585790b7341bdf82d3e9d73aa6daf6738006-1319132993
VT 16/42 (38.1%)
http://www.virustotal.com/file-scan/report.html?id=e530d463110b5c6c74ef8e231228e951868e5d259412b249ca21d53bb8bf5b37-1319136507
VT 16/42 (38.1%)
http://www.virustotal.com/file-scan/report.html?id=512ffb9529d184d939e15ee55e298ec5120ab49ba3dab55952a783bd537a6208-1319133078
VT 16/43 (37.2%)
http://www.virustotal.com/file-scan/report.html?id=a2c8e9d5228747d08ae91ed82dc063a0514a6e400834b741b91febf9365148b7-1319136784
VT 16/43 (37.2%)
http://www.virustotal.com/file-scan/report.html?id=83b7f26de92e6310888a01c995b1c5968178591f48bd7e1ba47491479f7395f1-1319132381
VT 18/43 (41.9%)

[jackberri]

IP Location:  China - CHINANET-SH-AP China Telecom (Group) Shanghai
IP 222.73.45.135
AS4812
Name Server: dns27.hichina.com  | dns28.hichina.com
Registrant/Email Registrant: song linliang/2205615167@qq.com

Code: [Select]

hxxp://crr.2uc2.com:81/rc/gx.jpg               md5sum ===> 30e05a4eebca1d87c6f95d002c19840c
http://crr.2uc2.com:81/rc/network.jpg          md5sum ===> c6a35ccaa69b3fcf3d647893d7b27f06
Malware Onlinegames:
IP Location:  CHINA - China Telecom
AS4134

Code: [Select]

hxxp://121.10.107.78:88/b7/0.exe         md5sum ===> fc8d8b572a357b32d96cc19b8e2af3d8
hxxp://121.10.107.78:88/b7/1.exe         md5sum ===> c01b2dafb143c2e517fb2c58a1e87306
hxxp://121.10.107.78:88/b7/3.exe         md5sum ===> 47df78e2b8a1705bfb24015eaccc79d8
hxxp://121.10.107.78:88/b7/4.exe         md5sum ===> 8bf2501f2f5841b013f559f3bfd3c31c
hxxp://121.10.107.78:88/b7/5.exe         md5sum ===> 4d13b2485aea687486c1c5f1f885a389
hxxp://121.10.107.78:88/b7/6.exe         md5sum ===> 7026b6ed4b6a829ea09ecb5193938f5f
hxxp://121.10.107.78:88/b7/7.exe         md5sum ===> e0974042a67ad3db9042e16e4dcb0465
hxxp://121.10.107.78:88/b7/8.exe         md5sum ===> 547ca176d83896204f34ffcd1ddb0289
hxxp://121.10.107.78:88/b7/9.exe         md5sum ===> 78f42e280930042bc54f8a67cc662d6a
hxxp://121.10.107.78:88/b7/10.exe         md5sum ===> 8cc32043560d8b9da8f78191e29a0d7b
hxxp://121.10.107.78:88/b7/11.exe         md5sum ===> 67484b8d353d52fd12ecb5254c82f774
hxxp://121.10.107.78:88/b7/13.exe         md5sum ===> 4cf4964dd56f2ec306092b256c0927b9
hxxp://121.10.107.78:88/b7/14.exe         md5sum ===> 1eb9cd02774a5c704b1f39625be5bcbd
hxxp://121.10.107.78:88/b7/15.exe         md5sum ===> 2a1a78f7de70890a453da3b15d0721ef

[jackberri]

IP Location: Russian Federation - DINET-AS 
IP 95.163.17.151
[95-163-17-151.ovz.vps.reg.ru]
AS12695
Name Server: ns1.reg.ru | ns2.reg.ru
Registrant/Email Registrant: Private Person/admin@leehost.ru

Code: [Select]

hxxp://cash2wm.ru/cache/sber3.exe    md5sum ===> a42597b3cf822c96e876066adab71688
hxxp://cash2wm.ru/cache/sber777.exe  md5sum ===> ab9a4f1d248224d0eb5ab6a7d3b0eaa7
hxxp://cash2wm.ru/cache/super3.exe   md5sum ===> 3279651dafa74e83e9e62b85ef120443http://www.virustotal.com/file-scan/report.html?id=4bd3441c7a67ce20e0d9696c2a51baf33b6d79d931780b490dc9ce69b1b59b3b-1319217717
VT 5/43 (11.6%)
http://www.virustotal.com/file-scan/report.html?id=2968bf2a8ff75d271e4fb3fde0890cbf80b1cd2b5a11800324f3322486fa67e6-1319217501
VT 5/43 (11.6%)
http://www.virustotal.com/file-scan/report.html?id=4bd3441c7a67ce20e0d9696c2a51baf33b6d79d931780b490dc9ce69b1b59b3b-1319217940
VT 5/43 (11.6%)

[jackberri]

IP Location:  Netherlands - SWIFTWAY-AS
IP 46.21.144.125
[125.144.21.46.justquaconnect.com]
AS35017
Name Server: ns1.letnic.ru  | ns2.letnic.ru
Registrant/Email Registrant: song linliang/2205615167@qq.com

Code: [Select]

hxxp://loder.co.cc/load/config.bin         md5sum ===> 7f4b4302b816df65c814fe584e94e467http://www.virustotal.com/file-scan/report.html?id=0b8772d026d8fd26413c602ba8acdb98aa37cee7bea6b8d87fae5a32c5c7ff60-1319361516
VT 17/43 (39.5%)

IP Location:  Russian Federation - Yandex LLC
IP 213.180.204.83
[wrz.yandex.ru]
AS13238
Name Server: ns1.yandex.ru  | ns2.yandex.ru
Registrant/Email Registrant: YANDEX, LLC/noc@yandex.net

Code: [Select]

hxxp://footman47.narod2.ru/action.exe         md5sum ===> 2905fb1ec62d0b57fa87ff5ac456c4c8http://www.virustotal.com/file-scan/report.html?id=9ff5e32445a138324f28e0dcc0246964866b76af076edce5654d16a90b1d837e-1319360578
VT 3/43 (7.0%)

IP Location:  Russian Federation - Yandex LLC
IP 87.250.250.83
[wrz.yandex.ru]
AS13238
Name Server: ns1.yandex.ru  | ns2.yandex.ru
Registrant/Email Registrant: YANDEX, LLC/noc@yandex.net

Code: [Select]

hxxp://maryboo-v.narod2.ru/svchost.exe         md5sum ===> 2905fb1ec62d0b57fa87ff5ac456c4c8http://www.virustotal.com/file-scan/report.html?id=6987b4eea684f25315f2f4800be77d1b5db34ce26cd03ab699b011baf19b49c7-1319364365
VT 2/43 (4.7%)

IP Location:  Argentina - FX-NW IFX Networks
IP 200.80.42.131
[ar31.toservers.com]
AS18747
Name Server: ns1.dnspoint.net  | ns2.dnspoint.net
Registrant/Email Registrant: cinthia buczak/

Code: [Select]

hxxp://kugel3.com.ar/sssss.exe         md5sum ===> 2905fb1ec62d0b57fa87ff5ac456c4c8http://www.virustotal.com/file-scan/report.html?id=900b3ac2c685634f4c383e44a1ae2e24b64564a8b4cc6cabefb9efdab2a0ff45-1319361580
VT 28/43 (65.1%)

IP Location: Brazil - ZIPNET BR AS
IP  200.147.33.21
[200-147-33-21.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://trazom.sula.sites.uol.com.br/910.ico         md5sum ===> 9840adb558de51a14e2eb172abb635bb
hxxp://zilmarch.sites.uol.com.br/omeprazol.ico         md5sum ===> 91ccad780584544da1fac15e302a835dhttp://www.virustotal.com/file-scan/report.html?id=20307f6955428c38a9cdeab9e6d5746a243a5f134baaa0c752dacb9b8880af7e-1319365930
VT 25/43 (58.1%)
http://www.virustotal.com/file-scan/report.html?id=707b30e43f0451e5eba2515c26518834cdf5881f2bc3b0ccd4462f941cb63370-1319366137
VT 27/43 (62.8%)

IP Location: Brazil  - ZIPNET BR AS
IP  200.147.33.17
[200-147-33-17.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://kc.souza.sites.uol.com.br/musica01.ico         md5sum ===> 4a7ab3e02637f169c5e0e37708295f49
hxxp://teixeira-karina.sites.uol.com.br/nordeste.jpg         md5sum ===> ead7f7a366913814c7167613e06022cbhttp://www.virustotal.com/file-scan/report.html?id=0feac52be6a53a80e3df856645002a14e43c7c09e9cde650df877228f98632bf-1319366379
VT 29/43 (67.4%)
http://www.virustotal.com/file-scan/report.html?id=bddfc0c7fd9b0b720e1bc9a0c0d98ba14caa9addadbab07dbb18c27e7d537610-1319366641
VT 30/43 (69.8%%)

IP Location: Brazil  - ZIPNET BR AS
IP  200.147.33.19
[200-147-33-19.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://edmarrios.sites.uol.com.br/omelete.ico         md5sum ===> f09928622f90441c65605807471df8e5
hxxp://helena.imoveis.sites.uol.com.br/moduloa.ico         md5sum ===> a184895296f934bc90159b2b95a3112chttp://www.virustotal.com/file-scan/report.html?id=d86755d3c478c85c2e3b1b90762900493b5ef266108f038c500075fa721a4908-1319366796
VT 20/43 (46.5%)
http://www.virustotal.com/file-scan/report.html?id=10962f87330126d70b2e46fc5a1ead1079d53cc94ff030633432845058df7d15-1319366919
VT 32/43 (74.4%)

[Xylitol]

BlackHole:

Code: [Select]

hXXp://resiery.com/main.php?page=206133a43dda613fhttp://www.virustotal.com/url-scan/report.html?id=f39fce9dc1eb112a547c3fa46e9c1e5d-1319525214
0 /16 >> 0.0%

payload:

Code: [Select]

hXXp://ltes-global.com/~ftpuser/nacha-data/report_871742003648.pdf.exehttp://www.virustotal.com/file-scan/report.html?id=f83ef37feb761f0074dc77918b493b4941ce6ad50111da3c6fb1c1695756eb93-1319537947
2/ 43 >> 4.7%

E-mail received who lead to BH:

Code: [Select]

x-store-info:4r51+eLowCe79NzwdU2kR3P+ctWZsO+J
Authentication-Results: hotmail.com; sender-id=temperror (sender IP is 88.225.103.73) header.from=transfers@nacha.org; dkim=none header.d=nacha.org; x-hmca=none
X-Message-Status: n:0:n
X-SID-PRA: transfers@nacha.org
X-DKIM-Result: None
X-AUTH-Result: NONE
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MjtHRD0yO1NDTD02
X-Message-Info: 11chDOWqoTmjqhOzvWWho7JRFyayOF2GOwYRpr8Z3iGGzkINWxzdCYHEs+e673oPhF2/FB4DjNKOJ/b895e6tVayGmvKYhYfO/ZV50cq6wykjdzQ/AgmDC/LMxm6q6mx
Received: from [88.225.103.73] ([88.225.103.73]) by BAY0-MC1-F11.Bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
Tue, 25 Oct 2011 01:16:40 -0700
Received: from [42.51.206.26] (account dutyk@admail.com.ar HELO ydneeyznrcoih.ajrsuycjp.tv)
by  (CommuniGate Pro SMTP 5.2.3)
with ESMTPA id 143022364 for phoenixbytes@live.fr; Tue, 25 Oct 2011 10:16:40 +0200
Date: Tue, 25 Oct 2011 10:16:40 +0200
From: transfers@nacha.org
X-Mailer: The Bat! (v3.5) Home
X-Priority: 3 (Normal)
Message-ID: <0332481262.YU9J4O85602924@xfhlqctci.ghpzmq.su>
To: <phoenixbytes@live.fr>
Subject: Your ACH transaction
MIME-Version: 1.0
Content-Type: text/html;
  charset=iso-8859-1
Content-Transfer-Encoding: 7bit
Return-Path: created26@taupower.se
X-OriginalArrivalTime: 25 Oct 2011 08:16:41.0240 (UTC) FILETIME=[6CD0D980:01CC92EE]
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE></TITLE>
</HEAD>
<BODY>
<img src="http://nacha.org/images/nacha_logo.gif">
<p>&nbsp;</p>
<p>The ACH  transfer (ID: 86341892866155), recently  sent from your bank account (by you or any other person), was   rejected by the  Electronic Payments Association.</p>
<p> </p>
<table width="100%" border="1">
  <tr>
    <td colspan="2"><div align="center">Canceled transfer</div></td>
  </tr>
  <tr>
    <td>Transaction ID: </td>
    <td>86341892866155</td>
  </tr>
  <tr>
    <td>Reason of rejection</td>
    <td>See details in the report below </td>
  </tr>
  <tr>
    <td>Transaction Report </td>
    <td><a href="http://spmartinelli.com/5k6an5x/index.html">report_86341892866155.pdf.exe</a> (self-extracting archive, Adobe PDF) </td>
  </tr>
</table>
<p> </p><p> </p>
About NACHA <br>
 NACHA advocates the value of the ACH Network and the NACHA Operating Rules to support the ACH Network and preserve the positive attributes of private-sector rulemaking. Activities include the development and communication of messages that define and articulate the value of the ACH Network, ACH payments, and the NACHA Operating Rules through advocacy, education, and other outreach efforts.<br>NACHA manages the development, administration, and governance of the ACH Network, the backbone for the electronic movement of money and data. The ACH Network serves as a safe, secure, reliable network for direct consumer, business, and government payments, and annually facilitates billions of payments such as Direct Deposit and Direct Payment. <br>The ACH Network had its start in the early 1970's when a group of California bankers formed the Special Committee on Paperless Entries (SCOPE) in direct response to the rapid escalation of check volume in the United States. The Committee set out to explore the technical, operational, and legal framework necessary for an automated payments system, leading to the formation of the first ACH association in 1972. Similar groups soon formed around the country.
<p> </p>
<p><font size=2 color=gray>13450 Sunrise Valley Drive, Suite 100 Herndon, VA 20171 (703) 561-1100
</font></p>
<font size=2 color=gray><p>2011 NACHA - The Electronic Payments Association</p>
</font>
</BODY></HTML>


[jackberri]

Code: [Select]

hxxp://dl.dropbox.com/u/46649391/far.exe         md5sum ===> 61c4e43f7ba39da48a27273e2a0b86f4http://www.virustotal.com/file-scan/report.html?id=4d76f6a248082d21fa8bdb1835d2c46de0c1dbc27b4ba0d2d2fdedf284c1c1e2-1319458500
VT 6/43 (37.2%)

IP Location:  Korea - SK-1
IP 222.236.46.239
AS9318
Name Server: ns4.dnsoray.net  | ns3.dnsoray.net
Registrant/Email Registrant: Shanghai Best Oray Information S&T Co., Ltd/yezi@oray.com

Code: [Select]

hxxp://ayex.oicp.net/runs.exe         md5sum ===> ede627544af464d84c49176483fcffa3http://www.virustotal.com/file-scan/report.html?id=bea5400933eaa481db0ed9381fc99a7c37646ba9764849c0c77e2d9ebbd30f4c-1319549568
VT 17/37 (45.9%)

IP Location:  United States - RoadRunner RR-Raleigh
IP 71.75.170.130
[cpe-071-075-170-130.carolina.res.rr.com]
AS11426
Name Server: ns1.coachri.com  | ns2.coachri.com  | ns3.coachri.com  | ns4.coachri.com
Registrant/Email Registrant: Private Whois coachri.com/qfwxavf4e8065c951427@oqjij874d9300d54bd95.privatewhois.net

Code: [Select]

hxxp://dhnvo.coachri.com/upx.exe         md5sum ===> c1df8b92e461d8e9bc106842fb65e1bahttp://www.virustotal.com/file-scan/report.html?id=7aca932e91a352fdc196f292974689d6234154de2d00c240e9e1c5fa7ec68eef-1319549489
VT 8/42 (19.0%)

IP Location:  Germany - INETBONE-AS
IP 213.131.252.251
[251.252.131.213.static.inetbone.net]
AS25074
Name Server: ns2.conversis.de  | ns1.conversis.de
Registrant/Email Registrant: Patrick Kirchhoff/

Code: [Select]

hxxp://members.multimania.co.uk/bornq8/usbupd4t.exe         md5sum ===> 571449973255596ef61ff74f73226806http://www.virustotal.com/file-scan/report.html?id=4a291ba82d4c42d1a7472b0d96af6f1eab4e220f2dbed0fc29f5b189a21c83d0-1318958756
VT 32/43 (74.4%)

IP Location: Brazil  - ZIPNET BR AS
IP  200.147.1.41
[200-147-1-41.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://marcosde1980.sites.uol.com.br/jaragua.jpg         md5sum ===> 1ee3f147491b98c9fd94c3aac06b4210
hxxp://mc.lader.sites.uol.com.br/omegle.ico        md5sum ===> 533322b4ab2a02b487edd2a0acfdd822
hxxp://palley2.sites.uol.com.br/osmar.ico         md5sum ===> c0e4c4676a6acf86495af178e7c34443
hxxp://custodiofaria.sites.uol.com.br/moduloa.ico         md5sum ===> ec9510c3f0e7d1006dca8e613889eed2http://www.virustotal.com/file-scan/report.html?id=14e3bfe4eb161f39d53373e50973002efd9eccde155820e4499bc9af72e580a3-1319388178
VT 25/42 (59.5%)
http://www.virustotal.com/file-scan/report.html?id=1c323fde30651e0bb90f08a8e236262f56a1414f73f29e8cde5edf971534df2e-1319390728
VT 17/43 (39.5%)
http://www.virustotal.com/file-scan/report.html?id=9e2a0a583b38973e3aa107e7d906925ae7f7d0f6a9bb7756677ce473433ab427-1319545188
VT 28/43 (65.1%)
http://www.virustotal.com/file-scan/report.html?id=4c059c70e1b4fdc59e95a3e49d04a30969111b7058b32553080262f2151a83e7-1319545309
VT 34/43 (79.1%)

IP Location: Brazil  - ZIPNET BR AS
IP  200.147.33.17
[200-147-33-17.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://sena.ramos.sites.uol.com.br/moduloa.ico         md5sum ===> 9233a2f612e3d43dec1ee3888bd5f1e7http://www.virustotal.com/file-scan/report.html?id=9d4a072d68a2c2a70523ca5c78398cddbe6dfdd0354511905e0ab0cd64a4c4a3-1319544772
VT 34/42 (81.0%)

IP Location: Brazil - ZIPNET BR AS
IP  200.147.33.19
[200-147-33-19.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://edilsonlopes1986.sites.uol.com.br/md.jpg         md5sum ===> 60c34c54bf9a8f5085c5f010508c1dcb
hxxp://rhbbc.sites.uol.com.br/praia.jpg         md5sum ===> 5dbd02fe8b1f641bcd30cc967fa2517chttp://www.virustotal.com/file-scan/report.html?id=a8f5165b484b9598a94d67ff3836be0abe3443ae7fdb5ffd988af326422a95ab-1319545503
VT 33/43 (76.7%)
http://www.virustotal.com/file-scan/report.html?id=aecf09cc10bb04690fab31f35a69ea2cba4840fff9ec3b4c7a7412c76975547b-1319545970
VT 25/42 (59.5%)

[boston]

xttp://latinopay.ru/allow.php?page=19909cd93a1a78f6 -> xttp://latinopay.ru/w.php?f=84&e=2 (89.208.141.175/w.php?f=84&e=2)
http://urlquery.net/report.php?id=6113
http://www.virustotal.com/file-scan/report.html?id=52861f14b908b8d5d0b893021984b574116080d29a96af417e714e5f44d1a4ef-1319567117

[jackberri]

IP Location: Brazil - ZIPNET BR AS
IP  200.147.1.41
[200-147-1-41.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://evangelistafelix.sites.uol.com.br/yrieryriueyriewyrieyr.tmp         md5sum ===> e002363ae87107606ccb06add44d321f
hxxp://evangelistafelix.sites.uol.com.br/Key_SuperKill.tmp        md5sum ===> 270305ca71a3467b7532b3c835b88b41
hxxp://granovi.sites.uol.com.br/osmarino.ico         md5sum ===> c10c3fc22002d09ba7d01be3521bf058
hxxp://mercadoriaboa10200.sites.uol.com.br/imgcx.jpg         md5sum ===> 90b8f456eead0050e5a45200efaf275a
hxxp://mercadoriaboa10200.sites.uol.com.br/imgbd.jpg         md5sum ===> 33f953d1a2b5f0817b68b0dc02ed1334
hxxp://mercadoriaboa10200.sites.uol.com.br/imggf.jpg         md5sum ===> e0ba74c7fb66eeb58b336468c7d23e41
hxxp://mercadoriaboa10200.sites.uol.com.br/imgbb.jpg         md5sum ===> c13bef6ec8b20f222c2b3d6e1ccdb560http://www.virustotal.com/file-scan/report.html?id=b162b3a4a66495d7edda80b4614e85c308c97913f69ca5630621e33565e9a11d-1319164239
VT 33/43 (76.7%)
http://www.virustotal.com/file-scan/report.html?id=10b0b1f937e8249f3d85c40c1e0049e98d29c9be72ab48c24b441c3377138313-1319653897
VT 29/43 (67.4%)
http://www.virustotal.com/file-scan/report.html?id=a6175e7ac4a64be69136de4b92a09b58bbaffc7e50d0d77a7b440d355d78ac57-1319738189
VT 31/43 (72.1%)
http://www.virustotal.com/file-scan/report.html?id=bef84c0673efaa7fbe4301cd5df540a64210182366d2298c2cb1039a454a9737-1319697423
VT 36/40 (90.0%)
http://www.virustotal.com/file-scan/report.html?id=9c20b3113505c883096c942273c2c3ef284eef1f5024b608ae8080a4f488fca9-1319697453
VT 35/40 (81.4%)
http://www.virustotal.com/file-scan/report.html?id=ac4b53300e90df52db470b0e71c0c52626f9a61b4e1621aedae9ad056cc0e670-1319738920
VT 39/43 (90.7%)
http://www.virustotal.com/file-scan/report.html?id=14871e241ff6e6a8692f766afedac3a4d1536cd1fdfcd0d0e4add99d43a2be12-1319697363
VT 40/43 (93.0%)

IP Location: Brazil - ZIPNET BR AS
IP  200.147.33.21
[200-147-33-21.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://argemiropereira.sites.uol.com.br/monica.ico         md5sum ===> e9dcd4a415a604859beb9804844223efhttp://www.virustotal.com/file-scan/report.html?id=9666c23841f78324b2041d5a9b0e08c13228565d6f25e38054f420fc0878a1d6-1319739513
VT 21/40 (52.5%)

IP Location: Brazil - ZIPNET BR AS
IP  200.147.33.17
[200-147-33-17.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://ademirveras.sites.uol.com.br/6545.ico         md5sum ===> 04d616b98b3835d5ae5480c1d97ff61ahttp://www.virustotal.com/file-scan/report.html?id=009c04c2e1259c737fe3e0a18952d0b9697b414d403151e09c91127555a855bb-1319739401
VT 26/43 (60.5%)

Code: [Select]

hxxp://www.fileden.com/files/2011/1/26/3067567/o.jpg         md5sum ===> 5134be1f79a8408a3d368a325c4b1b53
http://www.fileden.com/files/2011/1/26/3067567/ka.jpg         md5sum ===> 4d14086fdbde3251da1bcc0eaf11584fhttp://www.virustotal.com/file-scan/report.html?id=29d446d155a989d366b66fd40c0088b6894d788d8a638d0e48446ec866409582-1319740025
VT 16/43 (37.2%)
http://www.virustotal.com/file-scan/report.html?id=86eb6c71a1e2c449ee94bf1cc618d58140ca69f9b0e5aea7224ed359b1eb39a2-1319740189
VT 27/43 (62.8%)

IP Location:  Germany - INLINE-AS
IP 178.18.243.195
AS31147
Name Server: ns1.21y3qb.com  | ns2.21y3qb.com
Registrant/Email Registrant: Jonathan Body/abe@cutemail.org

Code: [Select]

hxxp://21y3qb.com/data/3i7ra         md5sum ===> ed485cc5de7ec53b99562592e083fd68http://www.virustotal.com/file-scan/report.html?id=08d03998ae216e26f102a8a8b711fdedbbe85c4ce4a3b8c5f04034fc5fed6140-1319740714
VT 20/43 (46.5%)

[jackberri]

IP Location: Brazil - ZIPNET BR AS
IP  200.147.33.17
[200-147-33-17.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://ricolombard.sites.uol.com.br/blog/novobho/002.gif         md5sum ===> 9fd8411513a500c9480daae7686734ab
hxxp://elainecmcm.sites.uol.com.br/palmas.jpg                           md5sum ===> 38b5b57c9c5707385480fc9119486471http://www.virustotal.com/file-scan/report.html?id=00ee6585fd34649d52c59b187bd14f72b9e9a91a52191a679ab5a9492f6126b2-1319793702
VT 18/43 (41.9%)
http://www.virustotal.com/file-scan/report.html?id=86e14300e4d85f35b19dc761961e0d89ba5234ba355bfabf3ef989a925ced54d-1319793967
VT 26/42 (61.9%%)

IP Location: Brazil  - ZIPNET BR AS
IP  200.147.33.21
[200-147-33-21.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://agfreitas.sites.uol.com.br/OPINIAO.ico         md5sum ===> 995ef1ac582ac853a1c9fbbc6fca185ehttp://www.virustotal.com/file-scan/report.html?id=ca015a853f8013711c293bee8baa79a829436bd1b53562a16fa130cfb88e5b68-1319794150
VT 21/33 (63.6%)

IP Location: Brazil - ZIPNET BR AS
IP  200.147.1.41
[200-147-1-41.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://laservice.sites.uol.com.br/1bandeiras.gif         md5sum ===> 761ff2e75c8e58dd62f0d99f50cbaf74
hxxp://laservice.sites.uol.com.br/2bandeirac.gif        md5sum ===> 841f0ec088df2d2084ea9317abf6a082
hxxp://laservice.sites.uol.com.br/3bandeiram.gif         md5sum ===> e7785b45eb78bb7941473d5d209836f3
hxxp://laservice.sites.uol.com.br/4bandeiraib.gif         md5sum ===> d1331c1b41f358dc8e392ab835c754a4http://www.virustotal.com/file-scan/report.html?id=14b2d3d8d7d16643917eee54205fcf25e32f46841b8aee4f6d009017891a4198-1319794209
VT 20/42 (47.6%)
http://www.virustotal.com/file-scan/report.html?id=4397a81d92f09faafb90ea89f1540ac0c9e84d82c0c16f7ace49907bc9e89d4e-1319794766
VT 2243 (51.2%)
http://www.virustotal.com/file-scan/report.html?id=9f4f86e56ba5d4fe5a2aaa47066caa6c30da540928b6720de24ab7f4480d5e5d-1319795175
VT 20/43 (46.5%)
http://www.virustotal.com/file-scan/report.html?id=d1cf0847a7106c9c1ae4a9afdd1cdd4369dbd500b90c95ee8fe836eea7fea6a5-1319795256
VT 20/43 (46.5%)

Code: [Select]

hxxp://95.168.187.216/2.exe?affid=23698         md5sum ===> 9930e5b3cf538ea10b6ad67245a0ee17http://www.virustotal.com/file-scan/report.html?id=bc36a5fa2ae68e68587b698f8a5f96bf672deb08198efd6f90b7140086979140-1319568609
VT 30/43 (69.8%)

[jackberri]

IP Location:  United States - VOLUMEDRIVE-1
IP 199.115.229.189
AS46664
Name Server: xpro242398.earth.orderbox-dns.com  | xpro242398.mars.orderbox-dns.com  | xpro242398.mercury.orderbox-dns.com  | xpro242398.venus.orderbox-dns.com
Registrant/Email Registrant: PrivacyProtect.org/contact@privacyprotect.org

Code: [Select]

hxxp://juazjuaz.com/fu64.exe         md5sum ===> cc2f0b9cc85f1a0d6f2902a8dcd582b2http://www.virustotal.com/file-scan/report.html?id=8dea72bf77db3c9488273a9d2d5785fb2bd24c201dba31978859fb3b272c85ed-1319847460
VT 21/43 (48.8%)

IP Location:  Lithuania - DC-AS UAB Duomenu Centras
IP 77.79.7.246
[hst-7-246.duomenucentras.lt]
AS16125
Name Server: NS1.MONIKERDNS.NET  | NS2.MONIKERDNS.NET  | NS3.MONIKERDNS.NET  | NS4.MONIKERDNS.NET
Registrant/Email Registrant: Moniker Privacy Services/LMAGESHARE.COM@monikerprivacy.net

Code: [Select]

hxxp://lmageshare.com/srv.exe         md5sum ===> 51387a952a921122628aa710c0b91e64http://www.virustotal.com/file-scan/report.html?id=56fa22f4c9c8198348cfc265ed9a13ece45135aa254d86e2d931d16a90f5f5f4-1319800713
VT 11/43 (48.8%)

IP Location:  China - CHINANET-SH-AP

Code: [Select]

hxxp://118.126.15.148:2004/xp.jpg         md5sum ===> 4546f38f669a147c26d23ef241abea51http://www.virustotal.com/file-scan/report.html?id=759f51d1ecc29d24b289edf0305c5c8552e35efbc1b2014fda3f324078a48317-1319879500
VT 24/43 (55.8%)

IP Location: Korea - SK-1
IP 62.109.24.212
[tanya2.vrazenkova.fvds.ru]
AS9318
Name Server: ns7.zoneedit.com | ns14.zoneedit.com
Registrant/Email Registrant: Tatyana Vrazhenkova/tanya.vrazenkova@yandex.ru

Code: [Select]

hxxp://211.44.250.198/Download/easylinker/1.0.0.2/EndlinkerUpdater.exe               md5sum ===> 48a08fa2d1094638cf68e0f7712a0ad0
hxxp://211.44.250.198/Download/easylinker/1.0.0.2/Endlinker.dll                      md5sum ===> 92ea382769248342051101e4b133a937
hxxp://211.44.250.198/Download/easylinker/1.0.0.2/EndlinkerUninstaller.exe           md5sum ===> f9fb1eb5128dd665c058b0a4ff94c673http://www.virustotal.com/file-scan/report.html?id=792b39121ffafec5faf1a2f963c6b55a48f0999e450a996122636615bfaaa005-1319640842
VT 22/43 (51.2%)
http://www.virustotal.com/file-scan/report.html?id=2378ca081e04e2d06eddfb59350e52f411566bdfbcaf2835adf3667f0d2fa072-1319640820
VT 16/43 (37.2%)
http://www.virustotal.com/file-scan/report.html?id=a9320d66bfca893520d723babbb3a4fa9b765522b74443cf078da9917e7ad00a-1319640716
VT 20/43 (46.5%)

[boston]

xttp://www.shoping-wismart.ru/w.php?f=84&e=2
http://www.virustotal.com/file-scan/report.html?id=515f2f24dd26ef6acbc81909facb67061ef95c5200e6d540f368abb46974ebf3-1319907142

[jackberri]

IP Location: Brazil  - ZIPNET BR AS
IP  200.147.1.41
[200-147-1-41.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://ronaldo.tozato.sites.uol.com.br/moduloa.jpg         md5sum ===> 07f375b114028e0852e4016a4bca8980
hxxp://thalles.siqueira.sites.uol.com.br/space.jpg        md5sum ===> 79afff94daaf398e630b20ab07327a12
hxxp://thalles.siqueira.sites.uol.com.br/fox.jpg         md5sum ===> 1e5a0b5f196c1b94074315a8e068833e
hxxp://ricolombard.sites.uol.com.br/blog/novobho/lixo.gif         md5sum ===> a52d4cd6847993484cb613317c46ddee
hxxp:///ricolombard.sites.uol.com.br/blog/novobho/pegamsn.gif         md5sum ===> 177f5d90942830b53da8d62118854892
hxxp://ricolombard.sites.uol.com.br/blog/novobho/plugin.gif         md5sum ===> 74252c774fa3aa27c69c9de52cba8a47
hxxp://ricolombard.sites.uol.com.br/blog/novobho/lista.gif         md5sum ===> 1c6c788428e2c7c1f124d968d730eb1chttp://www.virustotal.com/file-scan/report.html?id=75004deb93e17a47c09c11144ac4a52340e572406285d93d38960373872cc868-1319992098
VT 2243 (51.2%)
http://www.virustotal.com/file-scan/report.html?id=0a0837ebf5a1a2b2f2916b631f1e469e968463795d21a0e3a3603946dff94bce-1319991914
VT 3843 (88.4%)
http://www.virustotal.com/file-scan/report.html?id=2c73873736dbefedab5fc64581777fbfd18a8ba99c4316e61287a85b4923c946-1319991880
VT 36/43 (83.7%)
http://www.virustotal.com/file-scan/report.html?id=69ce3b2b2c066a9b5602d9a6e81a7d582029acab848e95ace763f9d242e2e4dd-1319991951
VT 22/38 (57.9%)
http://www.virustotal.com/file-scan/report.html?id=342401a8a141ec22cef6386c256c24ee6c38fc422f27e1a3c738c948359a32a9-1319991765
VT 21/43 (48.8%)
http://www.virustotal.com/file-scan/report.html?id=c5cad8fc58a12331cb3a97c739b677cdfc772648894f4d86f16a31a52c0122aa-1319991848
VT 16/43 (37.2%)
http://www.virustotal.com/file-scan/report.html?id=fdaa8c2148399a5462f3d93a57e184ba770dd41711d3ad51d3ac8fe78b40f828-1319991845
VT 32/43 (74.4%)

IP Location: Brazil  - ZIPNET BR AS
IP  200.147.33.21
[200-147-33-21.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://vieirapactual.sites.uol.com.br/verone.jpg         md5sum ===> ec2b96749f2ab70ee3ad81ed5650ac9d
hxxp://vieirapactual.sites.uol.com.br/sirlei.jpg         md5sum ===> 715d7bf699e0f237cb6ff1fd17aeac69http://www.virustotal.com/file-scan/report.html?id=93d9697bb46c9fd945bc6516975c3696d6efeaf6de5a82b89e3e1cfa8958b7bb-1315462144
VT 37/44 (84.1%)
http://www.virustotal.com/file-scan/report.html?id=061078b4f5d4c966565afff748eb507ada827017c07a47874b7264cba4de18b6-1319992152
VT 39/43 (90.7%)

IP Location: Brazil - ZIPNET BR AS
IP  200.147.33.19
[200-147-33-19.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://satojorge.sites.uol.com.br/joinvile.jpg         md5sum ===> 117040b9340a30b6894f5f1708f55b9dhttp://www.virustotal.com/file-scan/report.html?id=430ae47ebab5fa66b4d5c1e4fb60af3a7491c586f89737e23abc53298166e83b-1319992009
VT 22/35 (62.9%)

IP Location:  Netherlands - LEASEWEB
IP 85.17.139.52
AS16265
Name Server: NS1.TREPAIR.ORG  | NS2.TREPAIR.ORG
Registrant/Email Registrant: Maxim Tsarik/carik198@hushmail.com

Code: [Select]

hxxp://trepair.org/0022.exe         md5sum ===> 4cd20fa1f442521e80cbf2563e7c1a56http://www.virustotal.com/file-scan/report.html?id=bfa19842edede4cbd7cd41b5ec46f055c91396fbc95be6c0251c97cf6289c5cc-1319993706
VT 1/40 (2.5%)

[Xylitol]

BlackHole

htXp://vc-business.com/in.php lead to htXp://91.194.214.66/dng311011/c7a44076f6c722eb74725563b0a000a0/spl.php who lead to htXp://30domaaaam.in/main.php?page=c76874df55550a3f

http://urlquery.net/report.php?id=6860
http://urlquery.net/report.php?id=6862
http://urlquery.net/report.php?id=6863
https://www.virustotal.com/url-scan/report.html?id=3d72373ef830535dd952e2c132124ec3-1320148443
https://www.virustotal.com/url-scan/report.html?id=df0ad10f1e260ea3adea80cd18bb5600-1320148484
https://www.virustotal.com/url-scan/report.html?id=7e87bf147129cbc806fc70eb28ad9780-1320148860

[jackberri]

IP Location: Brazil  - ZIPNET BR AS
IP  200.147.33.17
[200-147-33-17.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://franciscosousadv.sites.uol.com.br/parana.ico         md5sum ===> 710cccc894a0cfca9eca6c638fd36ef7http://www.virustotal.com/file-scan/report.html?id=78b6fe77316d06416d5da49e7361c19bfe5326c213f1f6467e47bafa16cf3563-1320171941
VT 23/42 (54.8%)

IP Location: Brazil - ZIPNET BR AS
IP  200.147.33.19
[200-147-33-19.static.uol.com.br]
AS7162
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br/

Code: [Select]

hxxp://hidravale.sites.uol.com.br/1andro.gif         md5sum ===> f2daeec864c98b5144008f89558b98a1
hxxp://hidravale.sites.uol.com.br/2santa.gif         md5sum ===> 57ad9ab5253b1f0ba6d7f5e1a8be200f
hxxp://hidravale.sites.uol.com.br/3carta.gif         md5sum ===> b4474438caf2a5a7f9b1ffd2b0e8a724
hxxp://hidravale.sites.uol.com.br/4natel.gif         md5sum ===> a2e2eddb8a3ffe7c4b6b6223a6878a8f
hxxp://hidravale.sites.uol.com.br/5geral.gif         md5sum ===> f7886aa7d618d993244e6de3b86ea12e
hxxp://hidravale.sites.uol.com.br/6deavs.gif         md5sum ===> e995f93137a0c15b515861c372bfe50ahttp://www.virustotal.com/file-scan/report.html?id=b19b89129785032168f7e62be79fd42dd2b8ff6058fdb415c7f08599f8fa7f20-1320171321
VT 33/42 (78.6%)
http://www.virustotal.com/file-scan/report.html?id=07519513a1c9d9c56e2a550cb9d6e929643a79d5bd8f0e62be21f8553b91df06-1320171539
VT 33/43 (76.7%)
http://www.virustotal.com/file-scan/report.html?id=a3f0f8dcccd42381b7cbba4881e7292e1432320cd80df069a6d91d68238b86cc-1320171378
VT 35/43 (81.4%)
http://www.virustotal.com/file-scan/report.html?id=66c274d71d1cd7099db0f20208bde41d117866c854306490aec03b07b838e31a-1320171796
VT 35/42 (83.3%)
http://www.virustotal.com/file-scan/report.html?id=7208dee01c9b79be36df2558ee54f4c785f65945043bedf87e7d80d8bf66af4c-1320171930
VT 28/43 (65.1%)
http://www.virustotal.com/file-scan/report.html?id=7187fdee5c719e05fa527c09314d2004f218def0035ae7865a5a12dbcd27ee39-1320171757
VT 32/43 (74.4%)