Author Topic: 67.55.81.200  (Read 2622 times)

0 Members and 1 Guest are viewing this topic.

September 15, 2008, 10:00:00 am
Read 2622 times

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
mistikotitatuipologisti.com is by far the most interesting from the above (ip 67.55.81.200)...
http://www.robtex.com/ip/67.55.81.200.html
http://www.robtex.com/dns/mistikotitatuipologisti.com.html#a2

Couple more of rogue anti-virus 'products' shared in the same ip as well...

Ok, lets take a closer look at it.

adioserrores.com

Code: [Select]
adioserrores.com/landing/support
deobfuscated code leads to

Code: [Select]
hxxp://cdn.bestdownloadsoft.com/adioserrores.com/AdiosErrores/setup_es.cab
http://www.virustotal.com/analisis/9b178a61afbac8d7cb5ba2ad32ec0aab

Code: [Select]
hxxp://cdn.bestdownloadsoft.com/adioserrores.com/AdiosErrores/setup_es.exe
http://www.virustotal.com/analisis/b1af69e304bf6c12e94b69564094ceba

Code: [Select]
hxxp://adioserrores.com/out/installer.php?4a520-60c50-42595-95d5e-08524-a5f5e-6c421-03c43-0a0e5-f580d-554e0-c5c
http://www.virustotal.com/analisis/2c1741f3dac37e249fb29c55762d9658

Ruining the bad guy's day

September 15, 2008, 09:21:40 pm
Reply #1

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
adioserrores.com was previously listed with a different IP. It has now been updated.

Thank you.