Author Topic: 89.149.227.252/f/getcfg.php ?  (Read 3355 times)

0 Members and 1 Guest are viewing this topic.

August 09, 2010, 08:49:40 pm
Read 3355 times

cr4shm0ney

  • Jr. Member

  • Offline
  • **

  • 27
Anyone know what this is? should it be listed on the MDL?

August 09, 2010, 09:54:42 pm
Reply #1

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Don't know. Returns 404 here.

hxxp://89.149.227.252/

shows a login page . Title is "Pirated-Edition".
Ruining the bad guy's day

August 09, 2010, 10:29:42 pm
Reply #2

eoin.miller

  • Sr. Member

  • Offline
  • ****

  • 179
Could be related to silentbanker?

Code: [Select]
   * The following GET requests were made:
          o ~ipcount/ww8/getcfg.php?id=7BA89979-3476-400F-AF5B-5CD9F895E765&c=10&v=21&b=6&z=21762543
          o ww8/getcfg.php?id=7BA89979-3476-400F-AF5B-5CD9F895E765&c=10&v=21&b=6&z=21762543
          o ~ipcount/ww8/getcfg.php?id=7BA89979-3476-400F-AF5B-5CD9F895E765&c=20&v=21&b=6&z=21762543

    * The data identified by the following URLs was then requested from the remote web server:
          o http://72.29.67.30/~ipcount/ww8/getcfg.php?id=7BA89979-3476-400F-AF5B-5CD9F895E765&v=21&b=6&c=4&z=21762543
          o http://202.71.100.103/ww8/getcfg.php?id=7BA89979-3476-400F-AF5B-5CD9F895E765&v=21&b=6&c=4&z=21762543

http://www.threatexpert.com/report.aspx?md5=3fa46ac7652a1d5ea5275e564b0c60a3

Also:
Code: [Select]
    * The data identified by the following URLs was then requested from the remote web server:
          o http://ertanuskayert.com/Wmo1/1f0SQ0Qlw0or4Pp8Zry
          o http://209.160.20.34/spm/s_alive.php?id=57533320756088734268914066140505&tick=121843&ver=419&smtp=ok
          o http://78.159.121.49/w/getcfg.php
          o http://utorganedoskaw.com/files/_Add_._d_
          o http://utorganedoskaw.com/files/_GUI_._d_
          o http://utorganedoskaw.com/files/_SC_._d_
          o http://utorganedoskaw.com/files/_Upd_._d_
          o http://utorganedoskaw.com/files/avp21_d_/_1_._d_
          o http://utorganedoskaw.com/files/_AVE_._d_
Source: http://www.threatexpert.com/report.aspx?md5=71478079935d11d7ff76164a563f4f31

August 10, 2010, 08:39:31 am
Reply #3

CkreM

  • Special Access
  • Hero Member

  • Offline
  • *

  • 567
Mal-Aware