Malware Domain List

Malware Related => Malicious Domains => Topic started by: SysAdMini on September 15, 2008, 10:00:00 am

Title: 67.55.81.200
Post by: SysAdMini on September 15, 2008, 10:00:00 am

Quote from: sowhat-x on September 15, 2008, 05:17:45 am

mistikotitatuipologisti.com is by far the most interesting from the above (ip 67.55.81.200)...
http://www.robtex.com/ip/67.55.81.200.html
http://www.robtex.com/dns/mistikotitatuipologisti.com.html#a2

Couple more of rogue anti-virus 'products' shared in the same ip as well...

Ok, lets take a closer look at it.

adioserrores.com

Code: [Select]

adioserrores.com/landing/support
deobfuscated code leads to

Code: [Select]

hxxp://cdn.bestdownloadsoft.com/adioserrores.com/AdiosErrores/setup_es.cab
http://www.virustotal.com/analisis/9b178a61afbac8d7cb5ba2ad32ec0aab

Code: [Select]

hxxp://cdn.bestdownloadsoft.com/adioserrores.com/AdiosErrores/setup_es.exe
http://www.virustotal.com/analisis/b1af69e304bf6c12e94b69564094ceba

Code: [Select]

hxxp://adioserrores.com/out/installer.php?4a520-60c50-42595-95d5e-08524-a5f5e-6c421-03c43-0a0e5-f580d-554e0-c5c
http://www.virustotal.com/analisis/2c1741f3dac37e249fb29c55762d9658

Title: Re: 67.55.81.200
Post by: JohnC on September 15, 2008, 09:21:40 pm

adioserrores.com was previously listed with a different IP. It has now been updated.

Thank you.