Author Topic: 91.212.41.236  (Read 9780 times)

0 Members and 1 Guest are viewing this topic.

May 22, 2009, 10:15:50 pm
Read 9780 times

Malware-Web-Threats

  • Special Members
  • Hero Member

  • Offline
  • *

  • 354
    • MalwareURL
can also be downloaded using the IP
Code: [Select]
hxxp://91.212.41.236/PCAntiMalwareScannerSetup.exe
http://www.malwaredomainlist.com/mdl.php?search=91.212.41.236&colsearch=All&quantity=50

with exploits on 91.212.41.102:
redirects:
Code: [Select]
hxxp://cacbuhub.cn/pa.html
hxxp://hotxasib.cn/su/in.cgi?18
Wepawet

exploits:
Code: [Select]
hxxp://kiskecaq.cn/pages/index.php
Anubis

call
Quote
From ANUBIS:1042 to 91.212.41.236:80 - [91.212.41.236] 
Request: GET /download/?aff_id=6015&wm_id=0&v=19&s=m 
Response: 302 "Found" 
Request: GET /PCAntiMalwareScannerSetup.exe 
Response: 200 "OK" 

call
Quote
From ANUBIS:1034 to 91.212.41.102:80 - [kiskecaq.cn] 
Request: GET /pages/index.php 
Response: 200 "OK" 
Request: GET /pages/load.php?id=0 
Response: 200 "OK"
VirusTotal - 7/40 (17.50%)

calls from load.exe:
Quote
From ANUBIS:1033 to 91.212.41.29:80 - [91.212.41.29] 
Request: GET /l2.php?aff_id=6015 
Response: 302 "Found" 
Request: GET /m2/m.dll 
Response: 200 "OK" 
Request: POST /log19.php 
Response: 200 "OK" 
Request: GET /start.php?aff_id=6015&wm_id=0&v=19&s=m 
Response: 200 "OK" 
VirusTotal - 7/37 (18.92%)