Malware Related > Gaztransitstroyinfo

91.212.41.236

(1/1)

Malware-Web-Threats:
can also be downloaded using the IP

--- Code: ---hxxp://91.212.41.236/PCAntiMalwareScannerSetup.exe

--- End code ---
http://www.malwaredomainlist.com/mdl.php?search=91.212.41.236&colsearch=All&quantity=50

with exploits on 91.212.41.102:
redirects:

--- Code: ---hxxp://cacbuhub.cn/pa.html
hxxp://hotxasib.cn/su/in.cgi?18

--- End code ---
Wepawet

exploits:

--- Code: ---hxxp://kiskecaq.cn/pages/index.php

--- End code ---
Anubis

call

--- Quote ---From ANUBIS:1042 to 91.212.41.236:80 - [91.212.41.236] 
Request: GET /download/?aff_id=6015&wm_id=0&v=19&s=m 
Response: 302 "Found" 
Request: GET /PCAntiMalwareScannerSetup.exe 
Response: 200 "OK" 

--- End quote ---

call

--- Quote ---From ANUBIS:1034 to 91.212.41.102:80 - [kiskecaq.cn] 
Request: GET /pages/index.php 
Response: 200 "OK" 
Request: GET /pages/load.php?id=0 
Response: 200 "OK"

--- End quote ---
VirusTotal - 7/40 (17.50%)

calls from load.exe:

--- Quote ---From ANUBIS:1033 to 91.212.41.29:80 - [91.212.41.29] 
Request: GET /l2.php?aff_id=6015 
Response: 302 "Found" 
Request: GET /m2/m.dll 
Response: 200 "OK" 
Request: POST /log19.php 
Response: 200 "OK" 
Request: GET /start.php?aff_id=6015&wm_id=0&v=19&s=m 
Response: 200 "OK" 

--- End quote ---
VirusTotal - 7/37 (18.92%)

Navigation

[0] Message Index

Go to full version