Malware Related > Malicious Domains
clean mx's daily dirt
cleanmx:
Hi @all
update 20th Aug.2009 new as parameter
update 26th Aug.2009 new md5 parameter
update 16th Feb.2010 rss-feed for malware (see bottom of this posting...)
update 5th Apr.2010 new query interface on each viruses.php and phishing.php page
update 27th May 2010 contributors list update
I start now a new thread posting all urls (Rfi's and malware) detect by our managed anti-spam Service http://www.clean-mx.de.
you may query our database online @ any time, but please not every microsecond...
http://support.clean-mx.de/clean-mx/viruses?response=alive
or you may checkout either by xml or csv
http://support.clean-mx.de/clean-mx/xmlviruses?format=xml&response=alive this will dump all active entries currently aprox. 4200 ...
http://support.clean-mx.de/clean-mx/xmlviruses?format=csv&response=alive
for only getting urls *not* yet in malwaredomainlist specifiy &sub=!sub4
example:
http://support.clean-mx.de/clean-mx/xmlviruses?format=xml&fields=id,scanner,virusname,email,url&sub=!sub4&response=alive for all entries not in malwaredomainlist
or
http://support.clean-mx.de/clean-mx/xmlviruses?format=xml&fields=id,scanner,virusname,email,url&sub=sub4&response=alive&sort=first%20asc for all entries from malwaredomainlist still active sort by oldest first
List of contributers:
sub1=clean-mx.de
sub2=volunteers
sub3=google malware
sub4=malwaredomainlist.com
sub5=Project Glastopf(honeypot...)
>>>>>> sub6=malwareurl.com Suspended feed <<<<<<<<<<<<<<
sub7=own RFI's from netpilot.net hosting platform
sub8=malwarepatrol.com
sub9=malekal.com
sub10=Paretologic.com
sub11=RFI's from Host europe
sub12=jsunpack
sub13=secuboxlabs.fr
sub14=malc0de.com
sub15=vxvault.siri-urz.net
list of scanners:
avira
clamav
trendmicro
undef
You may specify a parameter &fields to control output of xml and csv
for all three databases at clean-mx xml or csv query options are:
you may invoke: (xmlsviruses|xmlphishing|xmlportals)
http://support.clean-mx.de/clean-mx/xmlviruses?response=alive&format=xml&fields=review,url
for only getting active urls with reviewed ip and url
note: &format=csv will give you a csv list (1-st line are column
headers...) & format=xml will give you xml stuff...
fields maybe in any order seperated by ",":
line
id
firsttime
lasttime
first
last
scanner -- only for xmlsviruses and xmlportals
virusname -- only for xmlsviruses and xmlportals
url
recent
response
ip
as
review
domain
country
source
email
inetnum
netname
descr
ns1
ns2
ns3
ns4
ns5
Query parameters may be:
id
delta -- only id's greater delta value .. if you remeber your last high id you may query this in delate on your next vist..
scanner -- only for xmlsviruses and xmlportals
virusname -- only for xmlviruses or xmlportals
url
md5
recent
response
ip
as
review
domain
country
source
email
inetnum
netname
descr
ns1
ns2
ns3
ns4
ns5
nsx -- any nameserver out of ns1...ns5
sort option may be any of these obove fields either asc or desc
example: &sort=url%20desc or &sort=firstseen%20asc
update 16th Feb.2010 rss-feed for malware
complete list:
http://support.clean-mx.de/clean-mx/rss?scope=viruses
only as or email or country or region:
--- Code: ---http://support.clean-mx.de/clean-mx/rss?scope=viruses&as=AS#####
http://support.clean-mx.de/clean-mx/rss?scope=viruses&email=email@example.com
http://support.clean-mx.de/clean-mx/rss?scope=viruses&country=de
http://support.clean-mx.de/clean-mx/rss?scope=viruses&source=RIPE | ARIN|LACNIC|AFRINIC|APNIC
--- End code ---
-- gerhard
cleanmx:
Perhaps all are now happy, sort is virusname,date so you may cut off a block of urls ...
--- Code: ---+---------------------+------------+--------------------------+----------------+----------------------------------+---------+--------+-----------------------------------+--------------------------------------------------------------------------------------+
| date | scanner | virusname | review | email | country | source | netname | url |
+---------------------+------------+--------------------------+----------------+----------------------------------+---------+--------+-----------------------------------+--------------------------------------------------------------------------------------+
| 2009-08-03 16:02:08 | avira | BDS/Backdoor.Gen | 125.65.45.138 | anti-spam@ns.chinanet.cn.net | CN | APNIC | CHINANET-SC | http://www.xkcode.com/329329/3.exe |
| 2009-08-03 06:26:01 | avira | BDS/PHP.Agent.DW.8 | 64.62.181.43 | abuse@he.net | US | ARIN | HURRICANE-4 | http://femaw.fileave.com/arielcerewet2.txt |
| 2009-08-03 06:24:23 | avira | BDS/PHP.Agent.DW.8 | 64.62.181.43 | abuse@he.net | US | ARIN | HURRICANE-4 | http://femaw.fileave.com/arielcerewet.txt |
| 2009-08-03 08:55:07 | avira | BDS/PHP.Agent.EI | 91.121.67.7 | abuse@ovh.net | FR | RIPE | OVH | http://www.ac-metrology.com/idx |
| 2009-08-03 06:49:47 | trendmicro | BKDR_CSHELL.E | 205.134.160.74 | nc@ai.net | US | ARIN | AINET-BLK | http://gnomo.100free.com/shells/c100.txt |
| 2009-08-03 16:02:07 | avira | DR/BHO.160978 | 58.221.254.94 | ip@jsinfo.net | CN | APNIC | CHINANET-JS | http://www.photics.cn/c/3.exe |
| 2009-08-03 16:02:08 | avira | DR/BHO.vnk.13 | 58.221.254.94 | ip@jsinfo.net | CN | APNIC | CHINANET-JS | http://www.photics.cn/c/7.exe |
| 2009-08-03 16:02:04 | avira | DR/Fake.Antivirus.Pro.NC | 95.168.183.81 | info@netdirekt.de | DE | RIPE | NETDIRECT-NET | http://moneyracing.ru/d_program_all.cgi?host=host&id=2597 |
| 2009-08-03 16:02:08 | avira | DR/Zhongsou.170576 | 58.221.254.94 | ip@jsinfo.net | CN | APNIC | CHINANET-JS | http://www.photics.cn/c/9.exe |
| 2009-08-03 16:02:19 | avira | PERL/Shellbot.a.6 | 66.45.237.219 | abuse@trouble-free.net | US | ARIN | INTERSERVER | http://rodolfim.t35.com/esc.txt |
| 2009-08-03 16:02:19 | avira | PERL/Shellbot.a.6 | 213.180.84.130 | abuse@ipeer.se | SE | RIPE | SE-VEGASYS-20000303 | http://uxsw.be/sh.txt |
| 2009-08-03 16:02:19 | avira | PERL/Shellbot.a.6 | 212.158.128.88 | abuse@bluetone.cz | CZ | RIPE | BLUETONE | http://www.tenis-prerov.cz/albums/Kanar07/pwn.txt |
| 2009-08-03 16:02:18 | avira | PERL/Shellbot.aa | 74.50.30.131 | hostmaster@lunarpages.com | US | ARIN | ADDD2NET-DOT-COM | http://death32.com/bishits.txt |
| 2009-08-03 16:02:19 | avira | PERL/Shellbot.AI | 98.137.46.72 | network-abuse@cc.yahoo-inc.com | US | ARIN | A-YAHOO-US9 | http://www.geocities.com/tia.dintha/mysql.txt |
| 2009-08-03 16:02:19 | avira | PERL/Shellbot.B.3 | 213.180.84.130 | abuse@ipeer.se | SE | RIPE | SE-VEGASYS-20000303 | http://uxsw.be//well.txt |
| 2009-08-03 16:02:19 | avira | PERL/Shellbot.B.3 | 213.180.84.130 | abuse@ipeer.se | SE | RIPE | SE-VEGASYS-20000303 | http://uxsw.be/well.txt |
| 2009-08-03 10:01:22 | avira | PERL/Shellbot.BF | 88.131.30.115 | ripe@fsdata.se | SE | RIPE | FSDATA-NET | http://www.internetfoto.se/libraries/c.txt |
| 2009-08-03 01:26:01 | clamav | PHP.Bot-4 | 38.100.19.122 | abuse@cogentco.com | US | ARIN | PSINETA | http://eggyadis.webng.com/egGy.txt |
| 2009-08-03 13:34:12 | clamav | PHP.Bot-6 | 66.45.237.219 | abuse@trouble-free.net | US | ARIN | INTERSERVER | http://yureka.t35.com/ping2 |
| 2009-08-03 13:17:38 | clamav | PHP.Bot-6 | 117.110.74.195 | jjh83@dacom.net | KR | APNIC | PUBNETPLUS | http://www.kwangsung.es.kr//UserFiles/shirohige/thebot.txt |
| 2009-08-03 13:15:34 | clamav | PHP.Bot-6 | 211.174.63.122 | hostmaster@nic.or.kr | KR | APNIC | KIDC-INFRA-SERVERHOSTING-INEMPIRE | http://www.skyhd.or.kr/Lboard/img/botphp.txt |
| 2009-08-03 16:02:01 | clamav | PHP.Defacer | 66.40.56.10 | dhswip@peer1.com | US | ARIN | MAXIM-4 | http://webdesmark.50webs.com/home/tool25.txt |
| 2009-08-03 08:02:28 | clamav | PHP.Defash.A | 203.78.160.39 | nsg@vitro.epldt.net | PH | APNIC | INFOCOM | http://www.kimudconsultants.com/lime2.txt |
| 2009-08-03 14:23:53 | clamav | PHP.Remoteadmin-1 | 87.238.162.10 | phone: +32.92450713 | BE | RIPE | STONE-IS | http://prinsesmaxima.allthingsroyal.net/albums/c.txt |
| 2009-08-03 12:41:30 | clamav | PHP.Shell | 79.203.201.89 | abuse@t-ipnet.de | DE | RIPE | DTAG-DIAL24 | http://www.schnuffel.eisfair.net/components/com_freechat/themes/phpbb2/smileys/x |
| 2009-08-03 12:58:12 | clamav | PHP.ShellExec | 83.3.132.70 | abuse@tpnet.pl | PL | RIPE | CUSTOMER-IDSL-020865 | http://83.3.132.70/iGeoMap/www//tmp/beast-test.txt |
| 2009-08-03 12:30:52 | clamav | PHP.ShellExec | 79.203.201.89 | abuse@t-ipnet.de | DE | RIPE | DTAG-DIAL24 | http://www.schnuffel.eisfair.net/components/com_freechat/themes/phpbb2/smileys/s |
| 2009-08-03 01:04:09 | clamav | PHP.ShellExec | 64.62.181.46 | abuse@he.net | US | ARIN | HURRICANE-4 | http://h1.ripway.com/repking/backupz.txt |
| 2009-08-03 11:36:28 | avira | PHP/Agent.G | 62.140.23.185 | abuse@level3.com | DE | RIPE | EVANZO-DE | http://bildpunktlinden.de/administrator/components/com_joomlapack/language/copyright |
| 2009-08-03 00:37:22 | avira | PHP/Agent.G | 200.58.113.248 | marketing@DATTATEC.COM | AR | LACNIC | AR-DATT-LACNIC | http://www.trac-juegos.com.ar/cms/components/com_virtuemart/oil2.txt |
| 2009-08-03 14:38:14 | avira | PHP/BackDoor.AR | 78.129.205.96 | abuse_rs@altervista.it | IT | RIPE | AlterVista_1 | http://dronek.altervista.org/id2.txt |
| 2009-08-03 13:02:35 | avira | PHP/BackDoor.AR | 95.168.166.185 | atillayasar@lnwservers.com.tr | TR | RIPE | NETDIRECT-LNWSERVERS | http://www.elbistanlilarinsesi.com/forum/images/avatars/fx29id2.txt |
| 2009-08-03 11:53:10 | avira | PHP/BackDoor.AR | 213.201.21.158 | ripe-tech@ono.es | ES | RIPE | ES-ONO-991122 | http://alandar.net/www2/log2.txt |
| 2009-08-03 11:32:20 | avira | PHP/BackDoor.AR | 117.110.74.195 | jjh83@dacom.net | KR | APNIC | PUBNETPLUS | http://www.kwangsung.es.kr//UserFiles/shirohige/zfxid2.txt |
| 2009-08-03 03:31:42 | avira | PHP/BackDoor.AR | 88.131.30.115 | ripe@fsdata.se | SE | RIPE | FSDATA-NET | http://www.internetfoto.se/libraries/id2.txt |
| 2009-08-03 12:28:28 | avira | PHP/BDS/H.C | 88.131.17.179 | abuse@tdcsong.se | SE | RIPE | INFLIGHT-SERVICE-EUROPE-NET | http://www.inflightservice.se/sas/id.txt |
| 2009-08-03 16:02:01 | avira | PHP/C99Shell.B | 66.40.56.10 | dhswip@peer1.com | US | ARIN | MAXIM-4 | http://webdesmark.50webs.com/home/c99.txt |
| 2009-08-03 12:12:37 | avira | PHP/C99Shell.C | 69.89.20.59 | abuse@bluehost.com | US | ARIN | BLUEHOST-NETWORK-1 | http://joomlaexcellence.com/r57.txt |
| 2009-08-03 10:58:18 | avira | PHP/C99Shell.C | 195.24.39.97 | ngorchilov@orbitel.bg | BG | RIPE | HIT-BG-1 | http://xpls.hit.bg/shell/devil.gif |
| 2009-08-03 08:57:08 | avira | PHP/C99Shell.C | 219.117.207.76 | jpnic@victokai.co.jp | JP | APNIC | JPNIC-NET-JP | http://ashi-tsubo.com/docs/isap.swf |
| 2009-08-03 11:42:26 | avira | PHP/C99Shell.F | 222.96.156.74 | abuse@kornet.net | KR | APNIC | KORNET | http://www.ctseng.co.kr/bbs//icon/private_icon/private/biru.txt |
| 2009-08-03 13:01:33 | avira | PHP/IrcBot.E.3 | 62.140.23.185 | abuse@level3.com | DE | RIPE | EVANZO-DE | http://bildpunktlinden.de/administrator/components/com_joomlapack/language/pbotb |
| 2009-08-03 12:59:17 | avira | PHP/IrcBot.F | 64.62.181.46 | abuse@he.net | US | ARIN | HURRICANE-4 | http://h1.ripway.com/apunk/diam.txt |
| 2009-08-03 01:28:33 | avira | PHP/Pbot.A | 204.2.183.12 | abuse@ntt.net | US | ARIN | NTTA-204 | http://vzr1.webs.com/vzr.txt |
| 2009-08-03 13:50:07 | avira | PHP/Pbot.A.6 | 78.129.205.96 | abuse_rs@altervista.it | IT | RIPE | AlterVista_1 | http://dronek.altervista.org/dark.txt |
| 2009-08-03 13:00:22 | avira | PHP/Pbot.A.6 | 62.140.23.185 | abuse@level3.com | DE | RIPE | EVANZO-DE | http://bildpunktlinden.de/administrator/components/com_joomlapack/language/pbott |
| 2009-08-03 05:31:51 | avira | PHP/Rst.F | 200.98.197.36 | l-registrobr-uol@corp.uol.com.br | BR | LACNIC | 001.109.184/0001-95 | http://novo2009ho.dominiotemporario.com/r57.txt |
| 2009-08-03 16:02:01 | trendmicro | PHP_CHAPLOIT.R | 66.40.56.10 | dhswip@peer1.com | US | ARIN | MAXIM-4 | http://webdesmark.50webs.com/home/cmd.txt |
| 2009-08-03 14:43:53 | clamav | PUA.Script.MassMail | 65.19.155.2 | abuse@he.net | US | ARIN | HURRICANE-4 | http://rat.he.net/~beyondhe/mof15/invoices/feek.txt |
| 2009-08-03 16:02:06 | avira | RKIT/Agent.nrb | 98.126.186.27 | hostmaster@krypt.com | US | ARIN | VPLSNET | http://se.11aaa.info/av/av.exe |
| 2009-08-03 16:02:06 | avira | RKIT/Small.aef | 92.114.157.146 | suprunov@moldtelecom.md | md | RIPE | JSC-MOLDTELECOM-SA | http://web.reg.md/1/pdrv.exe |
| 2009-08-03 15:08:23 | avira | SPR/PHP.ID | 83.3.132.70 | abuse@tpnet.pl | PL | RIPE | CUSTOMER-IDSL-020865 | http://83.3.132.70/iGeoMap/www//tmp/bugis-id.txt |
| 2009-08-03 16:02:05 | avira | TR/ATRAPS.Gen | 195.95.151.176 | ea-maint@ea.com | US | ARIN | EASTNET-UA-NET | http://nextantivirusplus.com/install/AntivirusPlus.grn |
| 2009-08-03 16:02:03 | avira | TR/ATRAPS.Gen | 195.95.151.174 | ea-maint@ea.com | US | ARIN | EASTNET-UA-NET | http://befovby.cn/installer_1.exe |
| 2009-08-03 16:02:03 | avira | TR/ATRAPS.Gen | 195.95.151.174 | ea-maint@ea.com | US | ARIN | EASTNET-UA-NET | http://befvazi.cn/installer_1.exe |
| 2009-08-03 16:02:03 | avira | TR/BHO.Gen | 85.92.157.141 | abuse@webair.net | PH | RIPE | RecurringInternational | http://85.92.157.141/bun/smb/bundles/6-adw_funxy-4.6.3.1.exe |
| 2009-08-03 16:02:03 | avira | TR/BHO.Gen | 89.248.168.79 | noc@ecatel.net | NL | RIPE | NL-ECATEL | http://downloadsoftwareserver4.com/gdi32lib.dll |
| 2009-08-03 16:02:05 | avira | TR/BHO.vrm | 220.196.59.23 | ip_address@cnuninet.com | CN | APNIC | UNICOM | http://od32qjx6meqos.cn/ue.php |
| 2009-08-03 16:02:03 | avira | TR/Crypt.FKM.Gen | 60.28.196.23 | abuse@cnc-noc.net | CN | APNIC | CNCGROUP-TJ | http://bt9.5qzone.net/post/c_editor/cj/030.exe |
| 2009-08-03 16:02:08 | avira | TR/Crypt.NSPM.Gen | 58.221.254.94 | ip@jsinfo.net | CN | APNIC | CHINANET-JS | http://www.photics.cn/c/ap.exe |
| 2009-08-03 16:02:08 | avira | TR/Crypt.XDR.Gen | 58.221.254.94 | ip@jsinfo.net | CN | APNIC | CHINANET-JS | http://www.photics.cn/c/get.exe |
| 2009-08-03 16:02:08 | avira | TR/Crypt.XPACK.Gen | 58.221.254.94 | ip@jsinfo.net | CN | APNIC | CHINANET-JS | http://www.photics.cn/c/b.css |
| 2009-08-03 16:02:04 | avira | TR/Crypt.XPACK.Gen | 91.207.116.22 | ethnicola@gmail.com | CZ | RIPE | DENTAGLOBAL-NET | http://kervinly.com/bs2/file.exe |
| 2009-08-03 16:02:03 | avira | TR/Crypt.XPACK.Gen | 92.241.176.188 | abuse@netplace.ru | RU | RIPE | NETPLACE | http://downloadavr.com/cgi-bin/download.pl?code=0000834 |
| 2009-08-03 16:02:08 | avira | TR/Crypt.ZPACK.Gen | 125.65.45.138 | anti-spam@ns.chinanet.cn.net | CN | APNIC | CHINANET-SC | http://www.xkcode.com/329329/qq27.exe |
| 2009-08-03 16:02:04 | avira | TR/Crypt.ZPACK.Gen | 218.93.205.108 | ip@jsinfo.net | CN | APNIC | CHINANET-JS | http://iframecash.net/base/static.exe |
| 2009-08-03 16:02:03 | avira | TR/Dldr.Agent.vzm | 212.117.174.14 | abuse@root.lu | LU | RIPE | SERVER-LU | http://212.117.174.14/installnew6.exe |
| 2009-08-03 16:02:08 | avira | TR/Dldr.Delphi.Gen | 222.133.9.106 | abuse@cnc-noc.net | CN | APNIC | CNCGROUP-SD | http://www.qqbbbb.cn/avast/tcp.exe |
| 2009-08-03 16:02:08 | avira | TR/Downloader.Gen | 219.139.81.6 | ip_admin_hb@public.wh.hb.cn | CN | APNIC | CHINANET-HB | http://www.xz-2-vc.net.cn/files/image.jpg |
| 2009-08-03 16:02:08 | avira | TR/Downloader.Gen | 219.139.81.6 | ip_admin_hb@public.wh.hb.cn | CN | APNIC | CHINANET-HB | http://www.xz-2-vc.net.cn/nba/image.jpg |
| 2009-08-03 16:02:08 | avira | TR/Downloader.Gen | 219.139.81.6 | ip_admin_hb@public.wh.hb.cn | CN | APNIC | CHINANET-HB | http://www.xz-2-vc.net.cn/news/image.jpg |
| 2009-08-03 16:02:08 | avira | TR/Downloader.Gen | 219.139.81.6 | ip_admin_hb@public.wh.hb.cn | CN | APNIC | CHINANET-HB | http://www.xz-2-vc.net.cn/sports/image.jpg |
| 2009-08-03 16:02:08 | avira | TR/Downloader.Gen | 219.139.81.6 | ip_admin_hb@public.wh.hb.cn | CN | APNIC | CHINANET-HB | http://www.xzwrn.cn/files/image.jpg |
| 2009-08-03 16:02:08 | avira | TR/Downloader.Gen | 219.139.81.6 | ip_admin_hb@public.wh.hb.cn | CN | APNIC | CHINANET-HB | http://www.xzwrn.cn/nba/image.jpg |
| 2009-08-03 16:02:08 | avira | TR/Downloader.Gen | 219.139.81.6 | ip_admin_hb@public.wh.hb.cn | CN | APNIC | CHINANET-HB | http://www.xzwrn.cn/news/image.jpg |
| 2009-08-03 16:02:08 | avira | TR/Downloader.Gen | 219.139.81.6 | ip_admin_hb@public.wh.hb.cn | CN | APNIC | CHINANET-HB | http://www.xzwrn.cn/sports/image.jpg |
| 2009-08-03 16:02:07 | avira | TR/Dropper.Gen | 67.212.162.250 | netops@singlehop.com | US | ARIN | MIDPHASE | http://www.hotlife.us/mediastream/components/SecureLiveVideo.exe |
| 2009-08-03 16:02:06 | avira | TR/Dropper.Gen | 209.44.126.36 | abuse@tpnet.pl | PL | RIPE | NETEL-ARIN-BLK02 | http://scanonlinedirect.com/download.php?affid=26900 |
| 2009-08-03 16:02:03 | avira | TR/Dropper.Gen | 78.109.25.216 | complaint@7webgroup.ru | NA | RIPE | semweb2 | http://4sx2.cn/ld0/exe/install.exe |
| 2009-08-03 16:02:03 | avira | TR/Dropper.Gen | 61.174.59.9 | antispam@dcb.hz.zj.cn | CN | APNIC | CHINANET-ZJ-LS | http://800810down.cn/addown2009800/download/winshou.exe |
| 2009-08-03 16:02:03 | avira | TR/Dropper.Gen | 60.28.196.23 | abuse@cnc-noc.net | CN | APNIC | CNCGROUP-TJ | http://bt9.5qzone.net/post/c_editor/cj/1313.exe |
| 2009-08-03 16:02:03 | avira | TR/Dropper.Gen | 216.157.136.64 | abuse@vortechhosting.com | US | ARIN | VORTECH-BLK-1 | http://escolademusicaliverpool.com.br/webalizer/install.exe |
| 2009-08-03 16:02:02 | avira | TR/Dropper.Gen | 202.62.224.16 | hm-changed@apnic.net | IN | APNIC | ORTELCOMMUNICATIONS-IN | http://202.62.224.16/icons/wmkl.png |
| 2009-08-03 10:01:22 | avira | TR/Dropper.Gen | 212.117.174.14 | abuse@root.lu | LU | RIPE | SERVER-LU | http://212.117.174.14/racing.exe |
| 2009-08-03 16:02:03 | avira | TR/FakeRean.A.45 | 89.248.168.79 | noc@ecatel.net | NL | RIPE | NL-ECATEL | http://downloadsoftwareserver4.com/xpdeluxe.exe |
| 2009-08-03 16:02:08 | avira | TR/Koobface.21501.A | 66.96.145.101 | kwitt@bizland-inc.com | US | ARIN | BIZLAND-FC01 | http://www.sbestfood.com/video/fb/codecsetup.exe |
| 2009-08-03 16:02:03 | avira | TR/Obfuscated.KU.325 | 61.174.59.9 | antispam@dcb.hz.zj.cn | CN | APNIC | CHINANET-ZJ-LS | http://800810down.cn/addown2009800/download/winyy.exe |
| 2009-08-03 16:02:06 | avira | TR/Obfuscated.KU.326 | 59.53.88.231 | hostmaster@public1.nc.jx.cn | CN | APNIC | CHINANET-JX | http://update.51edm.net/20090728/01.kdg |
| 2009-08-03 16:02:03 | avira | TR/Pasta.aoq.1 | 60.28.196.23 | abuse@cnc-noc.net | CN | APNIC | CNCGROUP-TJ | http://bt9.5qzone.net/post/c_editor/cj/468534.exe |
| 2009-08-03 16:02:08 | avira | TR/PSW.Online.33792 | 58.221.254.94 | ip@jsinfo.net | CN | APNIC | CHINANET-JS | http://www.photics.cn/c/dn.exe |
| 2009-08-03 16:02:06 | avira | TR/PWS.188416.6 | 59.53.88.231 | hostmaster@public1.nc.jx.cn | CN | APNIC | CHINANET-JX | http://update.51edm.net/20090728/01.dll |
| 2009-08-03 16:02:07 | avira | TR/Spy.Banker.Gen | 66.71.244.130 | wnoc@wiresix.com | US | ARIN | WIRESIX | http://www.hotlinkfiles.com/files/2690561_lztso/word.gif |
| 2009-08-03 16:02:07 | avira | TR/Spy.Gen | 58.221.254.94 | ip@jsinfo.net | CN | APNIC | CHINANET-JS | http://www.photics.cn/c/12.exe |
| 2009-08-03 16:02:02 | avira | TR/Spy.ZBot.afb | 122.70.145.140 | wangpei@chinatietong.com | CN | APNIC | CTTNET | http://122.70.145.140/portal/exe/file.exe |
| 2009-08-03 16:02:08 | avira | TR/VB.Downloader.Gen | 201.7.184.2 | fapesp@corp.globo.com | BR | LACNIC | | http://www.xiruz.kit.net/mola.jpg |
| 2009-08-03 16:02:03 | avira | TR/VB.Downloader.Gen | 61.174.59.9 | antispam@dcb.hz.zj.cn | CN | APNIC | CHINANET-ZJ-LS | http://800810down.cn/addown2009800/download/winwps.exe |
| 2009-08-03 16:02:08 | clamav | Trojan.Buzus-4860 | 66.79.189.11 | abuse@managedsg-inc.com | US | ARIN | NET-MANAGED | http://www.remoteinstruments.com/progdvbremote/ProgDVBRemote1_Setup.exe |
| 2009-08-03 16:02:08 | undef | unknown_exe | 66.79.165.46 | abuse@managedsg-inc.com | US | ARIN | NET-MANAGED | http://www.uniball-central.net/ubupdate/patcher.exe |
| 2009-08-03 16:02:08 | undef | unknown_exe | 66.79.163.84 | abuse@managedsg-inc.com | US | ARIN | NET-MANAGED | http://www.techlogica.us/software/httpserver/techlogica_httpserver_setup.exe |
| 2009-08-03 16:02:08 | undef | unknown_exe | 66.79.165.46 | abuse@managedsg-inc.com | US | ARIN | NET-MANAGED | http://www.uniball-central.net/ubupdate/BRChat.exe |
| 2009-08-03 16:02:07 | undef | unknown_exe | 200.155.63.6 | registrobr@sercomtel.com.br | BR | LACNIC | 004.459.311/0001-74 | http://www.ecovillas.com.br/imagens/32.dll |
| 2009-08-03 16:02:07 | undef | unknown_exe | 200.155.63.6 | registrobr@sercomtel.com.br | BR | LACNIC | 004.459.311/0001-74 | http://www.ecovillas.com.br/imagens/un.dll |
| 2009-08-03 16:02:07 | undef | unknown_exe | 198.63.208.35 | abuse@ntt.net | US | ARIN | NTTA-198-63 | http://www.fairdell.com/hexcmp/HexCmp2_Setup.exe |
| 2009-08-03 16:02:07 | undef | unknown_exe | 66.79.186.132 | abuse@managedsg-inc.com | US | ARIN | NET-MANAGED | http://www.macgamesandmore.com/free/harmonicasetup.exe |
| 2009-08-03 16:02:07 | undef | unknown_exe | 66.79.186.132 | abuse@managedsg-inc.com | US | ARIN | NET-MANAGED | http://www.macgamesandmore.com/games/frenesiasetup.exe |
| 2009-08-03 16:02:07 | undef | unknown_exe | 66.79.186.131 | abuse@managedsg-inc.com | US | ARIN | NET-MANAGED | http://www.phelios.net/files/pc/littlesoldiers.exe |
| 2009-08-03 16:02:07 | undef | unknown_exe | 66.79.186.131 | abuse@managedsg-inc.com | US | ARIN | NET-MANAGED | http://www.phelios.net/files/tools/epidemosetup.exe |
| 2009-08-03 16:02:06 | undef | unknown_exe | 221.5.74.34 | abuse@cnc-noc.net | CN | APNIC | CNCGROUP-GD | http://varrugilanto-2.com/2/update.exe |
| 2009-08-03 16:02:03 | undef | unknown_exe | 91.212.198.36 | abuse.lirkz@gmail.com | RU | RIPE | NEVAL | http://91.212.198.36/imgs/149/v52/file.exe |
| 2009-08-03 16:02:03 | undef | unknown_exe | 221.231.138.81 | ip@jsinfo.net | CN | APNIC | CHINANET-JS | http://cyswlj.b121.53dns.com/vbs/winlogon.exe |
| 2009-08-03 16:02:03 | undef | unknown_exe | 58.215.240.96 | ip@jsinfo.net | CN | APNIC | CHINANET-JS | http://dl.heima8.com/pv/dl.htm?adid=20132&sid=0211 |
| 2009-08-03 16:02:03 | undef | unknown_exe | 61.141.5.119 | anti-spam@ns.chinanet.cn.net | CN | APNIC | CHINANET-GD | http://down6.flashget.com/unxp/flashget_22324_1.exe |
| 2009-08-03 16:02:03 | undef | unknown_exe | 60.191.187.14 | antispam@dcb.hz.zj.cn | CN | APNIC | CHINANET-ZJ-TZ | http://download.leeboo.com/leeboo11_747.exe |
| 2009-08-03 16:02:01 | undef | unknown_exe | 125.214.64.143 | abuse@web24.com.au | AU | APNIC | WEB24 | http://karunathilake.com/admin/formulario.exe |
| 2009-08-03 02:18:40 | undef | unknown_exe | 221.5.74.45 | abuse@cnc-noc.net | CN | APNIC | CNCGROUP-GD | http://liffils.us/download/Keygen.BumpTop.Pro.1.05.exe |
| 2009-08-03 16:02:19 | undef | unknown_html | 62.119.28.115 | abuse@utfors.se | SE | RIPE | FSDATA-NET | http://www.internetfoto.se/libraries/cmd.exe |
| 2009-08-03 16:02:18 | undef | unknown_html | 82.151.138.131 | noc@doruk.net.tr | TR | RIPE | TR-DORUK-NET-20030910 | http://ftp.powernet.com.tr/supermail/debug/k3 |
| 2009-08-03 16:02:08 | undef | unknown_html | 98.126.32.203 | hostmaster@krypt.com | US | ARIN | VPLSNET | http://www.ustqun.us/xz/seee.exe |
| 2009-08-03 16:02:07 | undef | unknown_html | 98.126.35.27 | hostmaster@krypt.com | US | ARIN | VPLSNET | http://www.isexsexsex.com/svchoi.exe |
| 2009-08-03 16:02:06 | undef | unknown_html | 209.11.241.194 | hostmaster@krypt.com | US | ARIN | VPLSNET | http://update.qs1t.com/iedll.exe |
| 2009-08-03 16:02:04 | undef | unknown_html | 121.14.156.48 | anti-spam@ns.chinanet.cn.net | CN | APNIC | CHINANET-GD | http://iis.mo.cn/lv/10.ocx |
| 2009-08-03 16:02:04 | undef | unknown_html | 121.14.156.48 | anti-spam@ns.chinanet.cn.net | CN | APNIC | CHINANET-GD | http://iis.mo.cn/lv/cpa.exe |
| 2009-08-03 16:02:03 | undef | unknown_html | 76.177.132.209 | abuse@rr.com | US | ARIN | RRACI | http://76.177.132.209/pid=10940/type=exp/?ch=&ea=/setup.exe |
| 2009-08-03 16:02:01 | undef | unknown_html | 195.82.153.90 | abuse@clano-it.com | NL | RIPE | CLANOTOPIA-AMS-NET1 | http://antivir.lad-runter.org/download/antivir.html |
| 2009-08-03 02:18:49 | undef | unknown_html | 144.206.186.112 | noc@kiae.ru | RU | RIPE | KIAE-MOSCOW | http://144.206.186.112:2666/index.html |
| 2009-08-03 14:48:18 | undef | unknown_html_RFI | 216.57.210.200 | support@fibercloud.com | US | ARIN | FIBERC-BLK-2 | http://host.com/spread/nuker.txt |
| 2009-08-03 09:57:44 | undef | unknown_html_RFI | 66.40.52.67 | dhswip@peer1.com | US | ARIN | MAXIM-4 | http://selalucinta.com/a.txt |
| 2009-08-03 08:53:44 | undef | unknown_html_RFI | 115.89.119.221 | shkim082@chol.com | KR | APNIC | BORANET | http://hongju.es.kr/bbs/images/file/tes.txt |
| 2009-08-03 06:32:04 | undef | unknown_html_RFI | 203.19.59.5 | andrew@digitalpacific.com.au | AU | APNIC | DIGITALPACIFIC-AU | http://simplymagic.com.au/post.txt%20-o%20sakle.php |
| 2009-08-03 16:02:19 | undef | unknown_html_RFI_perl | 202.162.193.186 | hostmaster@apnic.net | ID | APNIC | NUSANET | http://penyayathati.info/abouts |
| 2009-08-03 16:02:19 | undef | unknown_html_RFI_perl | 202.198.16.130 | abuse@net.edu.cn | CN | APNIC | JLU-CN | http://swzx.jlu.edu.cn/test/editor/my.txt |
| 2009-08-03 02:18:45 | undef | unknown_html_RFI_perl | 208.109.78.120 | abuse@godaddy.com | US | ARIN | GO-DADDY-SOFTWARE-INC | http://www.002mag.com/oneadmin/photogallery/perl.txt |
| 2009-08-03 15:09:52 | undef | unknown_html_RFI_php | 91.93.132.31 | dns@hosthane.com | TR | RIPE | Hosthane | http://www.casgem.gov.tr/images/baner.txt |
| 2009-08-03 14:38:10 | undef | unknown_html_RFI_php | 66.135.42.57 | ipadmin@serverbeach.com | US | ARIN | SERVER-ALLOC-1 | http://uniaodosmodulos.com.br/env |
| 2009-08-03 14:37:49 | undef | unknown_html_RFI_php | 78.129.205.96 | abuse_rs@altervista.it | IT | RIPE | AlterVista_1 | http://dronek.altervista.org/id1.txt |
| 2009-08-03 14:35:47 | undef | unknown_html_RFI_php | 98.137.46.72 | network-abuse@cc.yahoo-inc.com | US | ARIN | A-YAHOO-US9 | http://geocities.com/sbs_kdr1/injektor.txt |
| 2009-08-03 13:40:14 | undef | unknown_html_RFI_php | 78.129.205.96 | abuse_rs@altervista.it | IT | RIPE | AlterVista_1 | http://roxd.altervista.org/id1.txt |
| 2009-08-03 13:02:33 | undef | unknown_html_RFI_php | 95.168.166.185 | atillayasar@lnwservers.com.tr | TR | RIPE | NETDIRECT-LNWSERVERS | http://www.elbistanlilarinsesi.com/forum/images/avatars/fx29id1.txt |
| 2009-08-03 11:57:24 | undef | unknown_html_RFI_php | 62.211.68.12 | abuse@retail.telecomitalia.it | IT | RIPE | TIN | http://xoomer.virgilio.it/d3athr0xcr3w/id.txt |
| 2009-08-03 11:41:20 | undef | unknown_html_RFI_php | 98.137.46.72 | network-abuse@cc.yahoo-inc.com | US | ARIN | A-YAHOO-US9 | http://www.geocities.com/clonnytools/cp.jpg |
| 2009-08-03 11:32:35 | undef | unknown_html_RFI_php | 117.110.74.195 | jjh83@dacom.net | KR | APNIC | PUBNETPLUS | http://www.kwangsung.es.kr//UserFiles/shirohige/bacok.txt |
| 2009-08-03 11:32:28 | undef | unknown_html_RFI_php | 117.110.74.195 | jjh83@dacom.net | KR | APNIC | PUBNETPLUS | http://www.kwangsung.es.kr//UserFiles/shirohige/mildbot.txt |
| 2009-08-03 10:01:22 | undef | unknown_html_RFI_php | 66.29.129.99 | abuse@advantagecom.net | US | ARIN | ADVCOM-001 | http://www.techtradeinc.com/images/531.jpg |
| 2009-08-03 10:01:21 | undef | unknown_html_RFI_php | 66.40.56.10 | dhswip@peer1.com | US | ARIN | MAXIM-4 | http://webdesmark.50webs.com/home/bay.txt |
| 2009-08-03 09:10:22 | undef | unknown_html_RFI_php | 98.137.46.72 | network-abuse@cc.yahoo-inc.com | US | ARIN | A-YAHOO-US9 | http://www.geocities.com/soteng_boy/dork.txt |
| 2009-08-03 09:10:04 | undef | unknown_html_RFI_php | 64.62.181.46 | abuse@he.net | US | ARIN | HURRICANE-4 | http://h1.ripway.com/duduldudul/ping.txt |
| 2009-08-03 07:07:57 | undef | unknown_html_RFI_php | 200.149.77.40 | abuse@oi.net.br | BR | LACNIC | 033.087.586/0001-22 | http://www.mateusjp.xpg.com.br/negavai.txt |
| 2009-08-03 06:44:47 | undef | unknown_html_RFI_php | 216.134.25.251 | larry.wilke@sweetwater.tstc.edu | US | ARIN | WTTC-NET | http://www.snyder.esc14.net/applications/calendar/ic/IMG/idade1.txt |
| 2009-08-03 05:18:47 | undef | unknown_html_RFI_php | 62.149.140.20 | hostmaster@technorail.com | IT | RIPE | TECHNORAIL-NET | http://www.giandomenicolombardi.it/listing/exploit/fx29id.txt |
| 2009-08-03 05:06:35 | undef | unknown_html_RFI_php | 161.58.63.225 | abuse@ntt.net | US | ARIN | NTTA-161-58 | http://www.milanoinc.com/id.txt |
| 2009-08-03 05:00:34 | undef | unknown_html_RFI_php | 65.254.67.115 | abuse@ecommerce.com | US | ARIN | HOSTING-NETWORK | http://goodeye.ws/Frameworks/textsanitizer/googlebot |
| 2009-08-03 02:57:52 | undef | unknown_html_RFI_php | 64.62.181.43 | abuse@he.net | US | ARIN | HURRICANE-4 | http://armand.fileave.com/injection.txt |
| 2009-08-03 00:44:58 | undef | unknown_html_RFI_php | 78.129.205.19 | abuse_rs@altervista.it | IT | RIPE | AlterVista_1 | http://romahack.altervista.org/id.txt |
| 2009-08-03 13:02:40 | undef | unknown_html_RFI_shell | 87.242.78.57 | abuse@masterhost.ru | RU | RIPE | MASTERHOST-COLOCATION | http://c00x.by.ru/spread.txt |
| 2009-08-03 03:31:47 | undef | unknown_html_RFI_shell | 88.131.30.115 | ripe@fsdata.se | SE | RIPE | FSDATA-NET | http://www.internetfoto.se/libraries/jalan.txt |
| 2009-08-03 16:02:03 | undef | unknown_install.exe | 91.212.198.169 | abuse.lirkz@gmail.com | RU | RIPE | NEVAL | http://happycoinbox.com/files/530.exe |
| 2009-08-03 10:01:22 | undef | unknown_PC_protect.exe | 95.169.190.147 | abuse@keyweb.ru | RU | RIPE | RU-KEYWEB | http://core2623.racingmoney-0110.com/d_program_all.cgi?host=host&id=0 |
+---------------------+---------+------------------------+-----------------+---------------------------------+---------+--------+-----------------------+-----------------------------------------------------------------------+
157 rows in set (1.06 sec)
--- End code ---
CM_MWR:
Dont think anyone was angry, simple as....
I dont have much use for rfi material, orac on the other hand has this odd fetish for those things, I myself just like the meat and taters only. ;)
I guess for you, this is your daily something and maybe I was out of line for saying anything, for that I apologize, spec in the end, as long as the urls somehow point to malware thats all that really matters.
cleanmx:
up to 2009-08-04 08:59:38 CET
--- Code: ---+---------------------+------------+------------------------------+-----------------+--------------------------------------------------+---------+--------+-----------------------------------+---------------------------------------------------------------------------------------+
| date | scanner | virusname | review | email | country | source | netname | url |
+---------------------+------------+------------------------------+-----------------+--------------------------------------------------+---------+--------+-----------------------------------+---------------------------------------------------------------------------------------+
| 2009-08-03 21:54:37 | avira | BDS/PHP.Agent.DW.3 | 217.160.76.101 | abuse@schlund.de | DE | RIPE | SCHLUND-CUSTOMERS | http://www.mediatrix-germany.de/cms/error |
| 2009-08-04 06:29:01 | avira | BDS/PHP.Agent.DW.3 | 69.89.27.236 | abuse@bluehost.com | US | ARIN | BLUEHOST-NETWORK-1 | http://www.koreanschoolcal.org/bbs/lib/wiach.jpg |
| 2009-08-04 06:54:20 | avira | BDS/PHP.ali.15 | 64.62.181.46 | abuse@he.net | US | ARIN | HURRICANE-4 | http://h1.ripway.com/rebon121/dinda.txt |
| 2009-08-03 17:36:28 | avira | EXP/PHP.E | 200.149.77.40 | abuse@oi.net.br | BR | LACNIC | 033.087.586/0001-22 | http://www.infu.xpg.com.br/cmdlist.txt |
| 2009-08-03 22:13:34 | trendmicro | JS_NIMDA.A | 66.40.52.17 | dhswip@peer1.com | US | ARIN | MAXIM-4 | http://xcaixax.100webspace.net/envio.txt |
| 2009-08-03 20:58:15 | avira | PERL/Shellbot.a.6 | 213.180.84.130 | abuse@ipeer.se | SE | RIPE | SE-VEGASYS-20000303 | http://uxsw.be//sh.txt |
| 2009-08-03 20:58:15 | avira | PERL/Shellbot.a.6 | 201.7.184.2 | fapesp@corp.globo.com | BR | LACNIC | | http://www.avast-ownz-you.kit.net/gon.txt |
| 2009-08-03 20:58:15 | avira | PERL/Shellbot.aa | 78.129.205.82 | abuse_rs@altervista.it | IT | RIPE | AlterVista_1 | http://ametistaviola48.altervista.org/pri/tra/pippo.txt |
| 2009-08-03 20:58:15 | avira | PERL/Shellbot.aa | 201.7.184.2 | fapesp@corp.globo.com | BR | LACNIC | | http://www.shells.kit.net/box2.txt |
| 2009-08-03 20:58:15 | avira | PERL/Shellbot.aa | 201.7.184.2 | fapesp@corp.globo.com | BR | LACNIC | | http://www.shells.kit.net/box.txt |
| 2009-08-03 20:58:15 | avira | PERL/Shellbot.AB | 201.7.184.2 | fapesp@corp.globo.com | BR | LACNIC | | http://eskentx.kit.net/ctr.txt |
| 2009-08-03 20:58:15 | avira | PERL/Shellbot.BF | 81.196.20.134 | abuse@rcs-rds.ro | RO | RIPE | RO-RDS-HOME-RO | http://ematrimoniale.go.ro/r.txt |
| 2009-08-03 20:58:15 | avira | PERL/Shellbot.BF | 98.137.46.72 | network-abuse@cc.yahoo-inc.com | US | ARIN | A-YAHOO-US9 | http://geocities.com/retyohet/bjorks.txt |
| 2009-08-03 20:58:15 | avira | PERL/Shellbot.BF | 83.227.196.13 | Please report improper use to abuse@bredband.com | SE | RIPE | B2-FAST | http://www.merlions.se/pages/b.txt |
| 2009-08-03 16:53:55 | clamav | PHP.Bot-6 | 64.62.181.43 | abuse@he.net | US | ARIN | HURRICANE-4 | http://ghambas.fileave.com/botpingha.txt |
| 2009-08-03 17:22:52 | clamav | PHP.Bot-6 | 64.62.181.43 | abuse@he.net | US | ARIN | HURRICANE-4 | http://cepak.fileave.com/ping.txt |
| 2009-08-03 18:27:18 | clamav | PHP.Bot-6 | 74.221.208.85 | abuse@gowebman.com | US | ARIN | GOWEBMAN | http://unitarstudents.com/portal/modules/Reviews/admin/language/ping |
| 2009-08-03 19:14:40 | clamav | PHP.Bot-6 | 64.62.181.43 | abuse@he.net | US | ARIN | HURRICANE-4 | http://iennnn.fileave.com/Ping.txt |
| 2009-08-03 21:10:18 | clamav | PHP.Bot-6 | 64.62.181.43 | abuse@he.net | US | ARIN | HURRICANE-4 | http://esa.fileave.com/ping1.txt |
| 2009-08-04 01:21:46 | clamav | PHP.Bot-6 | 64.62.181.43 | abuse@he.net | US | ARIN | HURRICANE-4 | http://walangx.fileave.com/yogaz.txt |
| 2009-08-04 06:17:40 | clamav | PHP.Bot-6 | 64.62.181.43 | abuse@he.net | US | ARIN | HURRICANE-4 | http://blackshadow.fileave.com/botping.txt |
| 2009-08-04 08:59:37 | clamav | PHP.Downloader | 212.244.48.53 | abuse@tpnet.pl | PL | RIPE | GRUPA-ONET-PL | http://suziii.republika.pl/wabik.voo? |
| 2009-08-04 04:05:23 | clamav | PHP.Downloader-4 | 63.247.94.234 | abuse@gnax.net | US | ARIN | GNAXNET | http://psdenergoinvest.net/mambots/system/css/load.txt |
| 2009-08-04 03:09:09 | clamav | PHP.Id-2 | 64.62.181.46 | abuse@he.net | US | ARIN | HURRICANE-4 | http://h1.ripway.com/joweygothic/id.txt |
| 2009-08-03 18:54:17 | clamav | PHP.Id-3 | 218.150.78.203 | abuse@kornet.net | KR | APNIC | KORNET | http://www.sanri.org/img/10.jpg |
| 2009-08-03 21:31:30 | clamav | PHP.Shell-22 | 98.137.46.72 | network-abuse@cc.yahoo-inc.com | US | ARIN | A-YAHOO-US9 | http://www.geocities.com/aldo_doank@ymail.com/rac.txt |
| 2009-08-03 21:25:35 | clamav | PHP.ShellExec | 98.137.46.72 | network-abuse@cc.yahoo-inc.com | US | ARIN | A-YAHOO-US9 | http://www.geocities.com/jagad_blitar/ku.txt |
| 2009-08-04 03:02:14 | clamav | PHP.ShellExec | 64.62.181.46 | abuse@he.net | US | ARIN | HURRICANE-4 | http://h1.ripway.com/mranonymousx/lol.txt |
| 2009-08-04 00:52:55 | avira | PHP/Agent.G | 211.43.212.48 | hm-changed@apnic.net | KR | APNIC | NPIX | http://www.simsanschool.com//bbs//skin/ggambo7002_board/id_superscan.txt |
| 2009-08-03 19:25:31 | avira | PHP/BackDoor.AR | 211.174.63.122 | hostmaster@nic.or.kr | KR | APNIC | KIDC-INFRA-SERVERHOSTING-INEMPIRE | http://www.skyhd.or.kr/Lboard/fx29id2.txt |
| 2009-08-03 21:46:34 | avira | PHP/BackDoor.AR | 66.71.244.130 | wnoc@wiresix.com | US | ARIN | WIRESIX | http://www.hotlinkfiles.com/files/2697514_0rl3n/spread1.txt |
| 2009-08-04 01:39:30 | avira | PHP/BackDoor.AR | 211.196.153.123 | ipabuse@samsung.com | KR | APNIC | KRNIC-KR | http://scgh.hs.kr/zboard//skin/zero_vote/fx29id2.txt |
| 2009-08-04 01:51:55 | avira | PHP/BackDoor.AR | 208.109.78.120 | abuse@godaddy.com | US | ARIN | GO-DADDY-SOFTWARE-INC | http://www.002mag.com/oneadmin/photogallery/id2.txt |
| 2009-08-04 05:03:15 | avira | PHP/BackDoor.AR | 110.45.144.47 | support@kidc.net | KR | APNIC | KIDC | http://www.loveject.com/board//data/.log/id.txt |
| 2009-08-04 06:21:22 | avira | PHP/BackDoor.AR | 211.202.2.220 | abuse@hanaro.com | KR | APNIC | HANANET | http://dwno.or.kr/bbs/data/swat/tes2.txt |
| 2009-08-04 06:36:57 | avira | PHP/BackDoor.AR | 69.89.27.236 | abuse@bluehost.com | US | ARIN | BLUEHOST-NETWORK-1 | http://www.koreanschoolcal.org/bbs/lib/id2.txt |
| 2009-08-04 08:59:35 | avira | PHP/BackDoor.AR | 81.196.20.134 | abuse@rcs-rds.ro | RO | RIPE | RO-RDS-HOME-RO | http://elitewa.go.ro/readme.txt? |
| 2009-08-04 03:27:01 | avira | PHP/C99Shell.C | 201.33.17.118 | contato@datacorpore.com.br | BR | LACNIC | 008.210.265/0001-26 | ftp://oceanovirtual.com.br:200677@oceanovirtual.com.br/teste/login.php |
| 2009-08-03 23:49:18 | avira | PHP/C99Shell.F | 67.15.211.4 | abuse@ev1servers.net | US | ARIN | EVRY-BLK-15 | http://www.jaipurghar.com/poll/rm.txt |
| 2009-08-04 04:37:30 | avira | PHP/C99Shell.F | 208.109.78.120 | abuse@godaddy.com | US | ARIN | GO-DADDY-SOFTWARE-INC | http://www.002mag.com/oneadmin/photogallery/cshell.txt |
| 2009-08-04 08:59:37 | avira | PHP/Exploit.C | 201.7.184.2 | fapesp@corp.globo.com | BR | LACNIC | | http://glos.kit.net/xxx.txt? |
| 2009-08-04 05:43:55 | avira | PHP/IrcBot.K | 64.62.181.46 | abuse@he.net | US | ARIN | HURRICANE-4 | http://h1.ripway.com/temot/phpnet.txt |
| 2009-08-04 06:17:50 | avira | PHP/IrcBot.K | 98.137.46.72 | network-abuse@cc.yahoo-inc.com | US | ARIN | A-YAHOO-US9 | http://www.geocities.com/putra_black2/z.txt |
| 2009-08-04 06:34:37 | avira | PHP/IrcBot.K | 98.137.46.72 | network-abuse@cc.yahoo-inc.com | US | ARIN | A-YAHOO-US9 | http://www.geocities.com/api_neraka@rocketmail.com/baka.txt |
| 2009-08-03 18:04:52 | avira | PHP/Pbot.A | 204.2.183.12 | abuse@ntt.net | US | ARIN | NTTA-204 | http://drizao.webs.com/revoLxdri.txt |
| 2009-08-04 01:37:49 | avira | PHP/Pbot.A | 204.2.183.12 | abuse@ntt.net | US | ARIN | NTTA-204 | http://leandrinho0.webs.com/lows2.txt |
| 2009-08-04 04:57:14 | avira | PHP/Pbot.A | 64.62.181.46 | abuse@he.net | US | ARIN | HURRICANE-4 | http://h1.ripway.com/theamor/dal.txt |
| 2009-08-04 07:08:39 | avira | PHP/Pbot.A | 204.2.183.12 | abuse@ntt.net | US | ARIN | NTTA-204 | http://leandrinho0.webs.com/221.txt |
| 2009-08-03 22:27:32 | avira | PHP/Pbot.A.6 | 78.129.205.96 | abuse_rs@altervista.it | IT | RIPE | AlterVista_1 | http://smisuratello.altervista.org/federico.txt |
| 2009-08-03 23:20:15 | avira | PHP/Pbot.A.6 | 78.129.205.96 | abuse_rs@altervista.it | IT | RIPE | AlterVista_1 | http://smisuratello.altervista.org/razor.txt |
| 2009-08-03 20:58:15 | avira | PHP/Pbot.C | 122.154.97.151 | ip-noc@cat.net.th | TH | APNIC | CAT-east | http://boyscout.rru.ac.th/administrator/components/com_securityimages/patches/reg.txt |
| 2009-08-03 20:58:15 | avira | PHP/Pbot.C | 66.111.4.54 | inter-eng@nyi.net | US | ARIN | NYIC-2BLK | http://txt.iwannawi.f-m.fm/sc.txt |
| 2009-08-03 20:58:15 | avira | PHP/Pbot.C | 67.19.28.98 | abuse@theplanet.com | US | ARIN | NETBLK-THEPLANET-BLK-11 | http://www.azodn.org/programs/sess_99233d861bfd44fb0fcb25339c65588b |
| 2009-08-03 20:58:15 | avira | PHP/Pbot.C | 66.71.246.26 | wnoc@wiresix.com | US | ARIN | WIRESIX | http://www.fileden.com/files/2008/10/20/2152050/vagina.txt |
| 2009-08-03 23:38:28 | avira | PHP/RemAdmin | 98.137.46.72 | network-abuse@cc.yahoo-inc.com | US | ARIN | A-YAHOO-US9 | http://geocities.com/sleekcs/c.jpg |
| 2009-08-04 02:27:24 | avira | PHP/RemAdmin | 195.144.198.74 | lan@vaz.ru | RU | RIPE | AVTOVAZ-NET | http://www.handball.ru/news/susu.txt |
| 2009-08-03 18:23:59 | avira | PHP/ShellExec.17 | 219.254.35.66 | abuse@hanaro.com | KR | APNIC | HANANET-INFRA | http://www.wonie.net/bbs/data/study_7/test.txt |
| 2009-08-03 22:57:25 | avira | PHP/Small.C | 78.129.205.96 | abuse_rs@altervista.it | IT | RIPE | AlterVista_1 | http://roxd.altervista.org/robots.txt |
| 2009-08-04 08:59:38 | trendmicro | Possible_SCRDL | 61.33.52.59 | abuse@bora.net | KR | APNIC | BORANET-1 | http://www.hjc.or.kr/photo/out_2003_india_01/auto.html |
| 2009-08-04 03:04:45 | clamav | PUA.Script.MassMail | 211.202.2.79 | abuse@hanaro.com | KR | APNIC | HANANET | http://cnucons.or.kr/rlx/system.txt |
| 2009-08-03 17:46:19 | avira | SPR/PHP.ID | 66.147.226.102 | john@hostrocket.com | US | ARIN | HRWEBSERVICES-2 | http://etkbc.org/id.txt |
| 2009-08-04 06:56:43 | avira | SPR/PHP.ID | 64.62.181.46 | abuse@he.net | US | ARIN | HURRICANE-4 | http://h1.ripway.com/rebon121/new.txt |
| 2009-08-04 08:59:35 | avira | SPR/PHP.ID | 202.198.16.130 | abuse@net.edu.cn | CN | APNIC | JLU-CN | http://swzx.jlu.edu.cn/test/media/wy.txt? |
| 2009-08-04 08:59:37 | avira | TR/ATRAPS.Gen | 195.95.151.174 | ea-maint@ea.com | US | ARIN | EASTNET-UA-NET | http://befynru.cn/installer_70106.exe |
| 2009-08-03 20:58:15 | avira | TR/Dropper.Gen | 91.214.45.73 | abuse@altushost.com | BZ | RIPE | ALTUSHOST-NET | http://viretruniz.com/download/2b37744269413d3d77f3a0ff20090715/MediaCodec.exe |
| 2009-08-04 08:59:37 | undef | unknown_av-scanner.48040.exe | 95.211.8.20 | abuse@leaseweb.com | NL | RIPE | NL-LEASEWEB-20080724 | http://eraexe.com/av-scanner.48040.exe |
| 2009-08-04 08:59:36 | undef | unknown_exe | 209.235.195.251 | operations@inetu.net | US | ARIN | INETU | http://www.fatvine.com/realblack/xmlcache/allcats%2Ddl%2D4.xml |
| 2009-08-04 08:59:36 | undef | unknown_exe | 209.235.195.251 | operations@inetu.net | US | ARIN | INETU | http://www.fatvine.com/realblack/xmlcache/allcats-dl-4.xml |
| 2009-08-04 08:59:34 | undef | unknown_html | 188.120.33.8 | abuse@ruweb.net | RU | RIPE | RUWEB | http://alimamed.pp.ru/md5/?md5e |
| 2009-08-04 08:59:35 | undef | unknown_html | 92.122.188.35 | abuse@akamai.com | EU | RIPE | EU-AKAMAI-20071113 | http://cdn-www.golflink.com/community/GolfLink/images/avatars/0_s.jpg |
| 2009-08-04 08:59:35 | undef | unknown_html | 74.54.82.151 | abuse@theplanet.com | US | ARIN | NETBLK-THEPLANET-BLK-14 | http://danunah.info/?lonya |
| 2009-08-04 08:59:35 | undef | unknown_html | 65.49.55.253 | abuse@he.net | US | ARIN | HURRICANE-9 | http://euroseek.com/system/search.cgi?language |
| 2009-08-04 08:59:35 | undef | unknown_html | 98.137.46.72 | network-abuse@cc.yahoo-inc.com | US | ARIN | A-YAHOO-US9 | http://geocities.com/dhieqwebmarker/irc/ |
| 2009-08-04 08:59:35 | undef | unknown_html | 69.46.120.10 | IPadmin@q9.com | CA | ARIN | Q9-NET3 | http://mamma.com/Mamma?utfout |
| 2009-08-04 08:59:35 | undef | unknown_html | 75.119.205.123 | abuse@dreamhost.com | US | ARIN | DREAMHOST-BLK8 | http://md5.benramsey.com/md5.php?hash |
| 2009-08-04 08:59:35 | undef | unknown_html | 78.46.94.5 | abuse@hetzner.de | DE | RIPE | DE-HETZNER-20070416 | http://md5.rednoize.com/?p&s |
| 2009-08-04 08:59:35 | undef | unknown_html | 213.203.223.3 | admin@dynamic-net.ch | CH | RIPE | CH-DYNAMICNET-DUS | http://md5.xpzone.de/?string |
| 2009-08-04 08:59:35 | undef | unknown_html | 200.98.254.12 | l-registrobr-uol@corp.uol.com.br | BR | LACNIC | 001.109.184/0001-95 | http://mundo.busca.uol.com.br/buscar.html?q |
| 2009-08-04 08:59:35 | undef | unknown_html | 74.54.82.151 | abuse@theplanet.com | US | ARIN | NETBLK-THEPLANET-BLK-14 | http://perfume1line.com/?fp |
| 2009-08-04 08:59:35 | undef | unknown_html | 74.54.82.151 | abuse@theplanet.com | US | ARIN | NETBLK-THEPLANET-BLK-14 | http://qtraff.com/?fp |
| 2009-08-04 08:59:35 | undef | unknown_html | 74.54.82.151 | abuse@theplanet.com | US | ARIN | NETBLK-THEPLANET-BLK-14 | http://storeonlinesite.com/?fp |
| 2009-08-04 08:59:35 | undef | unknown_html | 74.54.82.193 | abuse@theplanet.com | US | ARIN | NETBLK-THEPLANET-BLK-14 | http://ultrasofts.com/?fp |
| 2009-08-04 08:59:35 | undef | unknown_html | 74.54.82.151 | abuse@theplanet.com | US | ARIN | NETBLK-THEPLANET-BLK-14 | http://vpornmovies.com/?fp |
| 2009-08-04 08:59:35 | undef | unknown_html | 74.54.82.151 | abuse@theplanet.com | US | ARIN | NETBLK-THEPLANET-BLK-14 | http://vpornmovies.com/?NDAxfGltYWNoZWF0IHwwNTozN3wzfDk2OSAyMDN8dGVlbnM |
| 2009-08-04 08:59:35 | undef | unknown_html | 202.169.224.34 | hostmaster@jmn.net.id | ID | APNIC | JOGJAMEDIANET-ID | http://www.allnetwork.org/Pendaftaran/Personal_spoof/?mode |
| 2009-08-04 08:59:36 | undef | unknown_html | 202.169.224.34 | hostmaster@jmn.net.id | ID | APNIC | JOGJAMEDIANET-ID | http://www.allnetwork.or.id/Pendaftaran/Personal_spoof/?mode |
| 2009-08-04 08:59:36 | undef | unknown_html | 72.30.186.25 | network-abuse@cc.yahoo-inc.com | US | ARIN | INKTOMI-BLK-5 | http://www.altavista.com/web/results?itag |
| 2009-08-04 08:59:36 | undef | unknown_html | 72.9.154.20 | joseq@tailoredservers.com | US | ARIN | TAILORMADESERVERS | http://www.alternateurl.com/show?memid |
| 2009-08-04 08:59:36 | undef | unknown_html | 209.202.252.41 | nic-tech@lycos-inc.com | US | ARIN | NETBLK-LYCOS-1 | http://www.angelfire.com/psy/omaster/ |
| 2009-08-04 08:59:36 | undef | unknown_html | 202.59.169.10 | abuse@tpnet.pl | PL | RIPE | NAPINFO | http://www.astaga.com/zodiak/?cat |
| 2009-08-04 08:59:36 | undef | unknown_html | 66.48.81.155 | abuse-mail@mci.com | US | ARIN | UUNETCA8-A | http://www.clicksor.com/new_aa_site.php?sid |
| 2009-08-04 08:59:36 | undef | unknown_html | 72.52.169.98 | abuse@liquidweb.com | US | ARIN | LIQUIDWEB-6 | http://www.cogumelosmagicos.org/forum/images/devcafe/misc |
| 2009-08-04 08:59:36 | undef | unknown_html | 72.52.169.98 | abuse@liquidweb.com | US | ARIN | LIQUIDWEB-6 | http://www.cogumelosmagicos.org/greybox/ |
| 2009-08-04 08:59:36 | undef | unknown_html | 74.208.62.58 | abuse@1and1.com | US | ARIN | 1AN1-NETWORK | http://www.gdataonline.com/qkhash.php?mode |
| 2009-08-04 08:59:36 | undef | unknown_html | 202.59.169.9 | abuse@tpnet.pl | PL | RIPE | NAPINFO | http://www.kafegaul.com/horoskop/?ch |
| 2009-08-04 08:59:36 | undef | unknown_html | 192.150.18.118 | jifitzge@adobe.com | US | ARIN | ADOBE42 | http://www.macromedia.com/shockwave/download/download.cgi?P1_Prod_Version |
| 2009-08-04 08:59:36 | undef | unknown_html | 174.37.19.12 | abuse@softlayer.com | US | ARIN | SOFTLAYER-NETBLOCK-4-7 | http://www.viveurbano.net/components/com_jomcomment/busy.gif |
| 2009-08-04 08:59:37 | undef | unknown_html | 212.150.123.125 | abuse@013barak.net.il | IL | RIPE | BARAK-11 | http://hafeyot.co.il/index.php |
| 2009-08-04 08:59:37 | undef | unknown_html | 74.54.82.228 | abuse@theplanet.com | US | ARIN | NETBLK-THEPLANET-BLK-14 | http://komp-uter.org/cmd.do |
| 2009-08-04 08:59:37 | undef | unknown_html | 209.51.196.244 | abuse@ee.net | US | ARIN | ENETNAP | http://madrigal.byethost14.com//plugins/content/plugin_googlemap2_proxy.php? |
| 2009-08-04 08:59:37 | undef | unknown_html | 216.36.248.40 | noc@hostway.com | US | ARIN | HOSTWAY-04 | http://clicks.smartbizsearch.com/xtr2_new?q |
| 2009-08-04 08:59:38 | undef | unknown_html | 211.172.232.89 | ipabuse@samsung.com | KR | APNIC | KRNIC-KR | http://tux.praha-school.com/ |
| 2009-08-04 08:59:38 | undef | unknown_html | 194.135.103.135 | ip-reg@ripn.net | RU | RIPE | RU-RELCOM-194-135 | http://www.arhi-house.ru/ |
| 2009-08-04 08:59:38 | undef | unknown_html | 71.18.153.156 | abuse@ecommerce.com | US | ARIN | OPENTRANSFER-ECOMMERCE | http://www.cccgj.org/components/com_xpl/ |
| 2009-08-04 08:59:38 | undef | unknown_html | 200.142.148.142 | dante@mcmtelecom.com.br | BR | LACNIC | 001.099.212/0001-30 | http://www.elaborata.com.br/site/ |
| 2009-08-04 08:59:38 | undef | unknown_html | 64.18.142.220 | info@justedge.net | US | ARIN | JE-BLK-2 | http://www.kimff.org/content/plugins/content/highslide/graphics/ |
| 2009-08-04 08:59:38 | undef | unknown_html | 205.178.145.65 | mark.salerno@inquent.com | CA | ARIN | INQUENT-2 | http://www.teresuelvo.com///administrator/components/com_virtuemart/ |
| 2009-08-03 17:37:25 | undef | unknown_html_RFI
--- End code ---
cleanmx:
up to 2009-08-04 13:19:00 CET
--- Code: ---+---------------------+---------+------------------------+-----------------+---------------------------------+---------+--------+-----------------------------------+----------------------------------------------------------------+
| date | scanner | virusname | review | email | country | source | netname | url |
+---------------------+---------+------------------------+-----------------+---------------------------------+---------+--------+-----------------------------------+----------------------------------------------------------------+
| 2009-08-04 11:32:18 | undef | unknown_html_RFI_shell | 64.62.181.43 | abuse@he.net | US | ARIN | HURRICANE-4 | http://ngagliks.fileave.com/loader.txt |
| 2009-08-04 13:19:00 | undef | unknown_html_RFI_php | 213.201.230.140 | abuse@nl.easynet.net | NL | RIPE | NL-NOVAXESS-20000609 | http://www.trador.nl/language/id1.txt? |
| 2009-08-04 13:18:58 | undef | unknown_html_RFI_php | 81.12.13.152 | mzargar@yahoo.com | IR | RIPE | SINET-SHARIATI | http://www.iran-eschool.com//images/shirohige/fxid.txt?? |
| 2009-08-04 13:18:58 | undef | unknown_html_RFI_php | 218.5.74.92 | fjnic@fjdcb.fz.fj.cn | CN | APNIC | CHINANET-FJ | http://www.kortech.cn/bbs//skin/zero_vote/fx29id1.txt? |
| 2009-08-04 13:18:58 | undef | unknown_html_RFI_php | 189.14.101.4 | admin@corp.plugin.com.br | BR | LACNIC | 000.614.923/0001-33 | http://www.livrariadoglobo.com.br/images/fx29id1.txt?? |
| 2009-08-04 13:18:58 | undef | unknown_html_RFI_php | 69.73.158.14 | greg@jaguarpc.com | US | ARIN | JAGUAR-TECHNOLOGIES-NOC | http://www.masuccessguy.com//docs/book?? |
| 2009-08-04 13:18:58 | undef | unknown_html_RFI_php | 69.64.76.172 | abuse@aplus.net | US | ARIN | ABAC2006A | http://www.ohmyflash.com/uiu.txt?? |
| 2009-08-04 13:18:58 | undef | unknown_html_RFI_php | 211.174.63.122 | hostmaster@nic.or.kr | KR | APNIC | KIDC-INFRA-SERVERHOSTING-INEMPIRE | http://www.skyhd.or.kr/Lboard/img/zfxid.txt? |
| 2009-08-04 13:18:58 | undef | unknown_html_RFI_php | 72.41.71.145 | abuse@ecommerce.com | US | ARIN | OPENTRANSFER-ECOMMERCE | http://dyc.org/administrator/components/com_virtuemart/x? |
| 2009-08-04 13:18:58 | undef | unknown_html_RFI_php | 74.208.183.30 | abuse@1and1.com | US | ARIN | 1AN1-NETWORK | http://mykorus.com//technote7/img/passimg/office1.jpg??? |
| 2009-08-04 13:18:58 | undef | unknown_html_RFI_php | 69.64.76.172 | abuse@aplus.net | US | ARIN | ABAC2006A | http://ohmyflash.com/bbs/data/text/idade1.txt??? |
| 2009-08-04 13:18:58 | undef | unknown_html_RFI_php | 211.100.30.148 | support@ctid.com.cn | cn | APNIC | cditnet | http://rss.jiaoshi.com.cn/data/cache/cq/eclass/copyright.txt?? |
| 2009-08-04 13:18:58 | undef | unknown_html_RFI_php | 222.76.215.25 | fjnic@fjdcb.fz.fj.cn | CN | APNIC | CHINANET-FJ | http://www.2u264.com/bbs//include/id1.txt?? |
| 2009-08-04 13:18:58 | undef | unknown_html_RFI_php | 80.150.6.143 | hostmaster@t-online.net | DE | RIPE | TOIAG-ULM-001 | http://www.die-grenzreiter.com/content/download/fx29id.txt?? |
| 2009-08-04 13:18:58 | undef | unknown_html_RFI_php | 80.150.6.143 | hostmaster@t-online.net | DE | RIPE | TOIAG-ULM-001 | http://www.die-grenzreiter.com/content/download/fx29id.txt??? |
| 2009-08-04 13:18:57 | undef | unknown_html_RFI_php | 200.234.200.146 | regcom@locaweb.com.br | BR | LACNIC | | http://www.phoxlab.com.br//xmlrpc/includes/fx29id.txt |
| 2009-08-04 13:18:57 | undef | unknown_html_RFI_php | 74.208.183.30 | abuse@1and1.com | US | ARIN | 1AN1-NETWORK | http://mykorus.com//technote7/img/passimg/office1.jpg |
| 2009-08-04 13:18:57 | undef | unknown_html_RFI_php | 66.118.142.108 | abuse@sagonet.com | US | ARIN | SAGONET-IPV4-1 | http://aokgroup.co.uk/cms/components/fx29id1.txt?? |
| 2009-08-04 13:18:57 | undef | unknown_html_RFI_php | 202.28.24.57 | unnop@uni.net.th | TH | APNIC | THAINET-TH | http://assess.vet.cmu.ac.th//m1.gif?? |
| 2009-08-04 13:18:53 | undef | unknown_html_RFI_php | 98.137.46.72 | network-abuse@cc.yahoo-inc.com | US | ARIN | A-YAHOO-US9 | http://geocities.com/dhieqwebmarker/dQ.txt? |
| 2009-08-04 10:06:58 | undef | unknown_html_RFI_php | 88.84.128.40 | abuse@1blu.de | DE | RIPE | IXEUROPE-1BLU-2 | http://btz-computerservice.de/owa/templates_c/spyd.txt |
| 2009-08-04 10:06:49 | undef | unknown_html_RFI_php | 88.84.128.40 | abuse@1blu.de | DE | RIPE | IXEUROPE-1BLU-2 | http://btz-computerservice.de/owa/templates_c/fx29id1.txt |
| 2009-08-04 09:53:38 | undef | unknown_html_RFI_php | 98.137.46.72 | network-abuse@cc.yahoo-inc.com | US | ARIN | A-YAHOO-US9 | http://www.geocities.com/iroel_jr@Ymail.com/inject.txt |
| 2009-08-04 13:18:58 | undef | unknown_html_RFI_perl | 208.52.167.208 | moken@broadriver.com | US | ARIN | BROADRIVER-2BLK | http://ludastore.com/images/id.txt? |
| 2009-08-04 13:18:52 | undef | unknown_html | 91.213.83.21 | info@doi-ltd.com | GB | RIPE | DE-DOUBLEOPTIN | http://www.Virenschutz-download.info/ |
| 2009-08-04 13:18:58 | avira | SPR/PHP.ID | 210.114.175.174 | abuse@kornet.net | KR | APNIC | KRNIC-KR | http://www.gayawater.co.kr/technote/..../id.txt??? |
| 2009-08-04 13:18:58 | avira | SPR/PHP.ID | 112.216.26.76 | shkim082@chol.com | KR | APNIC | BORANET | http://dhcom.co.kr/pds/photo/child.gif??? |
| 2009-08-04 13:18:58 | avira | SPR/PHP.ID | 91.197.130.18 | info@data-xata.com | UA | RIPE | DATAXATA-NET | http://plengeh.wen.ru/id.txt???? |
| 2009-08-04 13:18:58 | avira | SPR/PHP.ID | 222.76.215.25 | fjnic@fjdcb.fz.fj.cn | CN | APNIC | CHINANET-FJ | http://www.2u264.com/bbs//include/idi.txt??? |
| 2009-08-04 11:03:15 | avira | SPR/PHP.ID | 93.190.41.97 | hostmaster@ukrainianhosting.com | UA | RIPE | UHC-VH1 | http://artimagebazar.net//opr/admin/id.txt |
| 2009-08-04 11:22:37 | avira | PHP/C99Shell.C | 98.137.46.72 | network-abuse@cc.yahoo-inc.com | US | ARIN | A-YAHOO-US9 | http://www.geocities.com/soteng_boy/r57.txt |
| 2009-08-04 13:18:58 | avira | PHP/BackDoor.E | 203.151.20.19 | noc@inet.co.th | TH | APNIC | INET-TH | http://giffarine.co.th/includes/id.txt?? |
| 2009-08-04 13:19:00 | avira | PHP/Agent.G | 208.112.84.242 | abuse@hostmysite.com | US | ARIN | HOSTMYSITE | http://www.superlaundry.com//images/.bash/id.txt? |
| 2009-08-04 13:19:00 | avira | PHP/Agent.G | 124.139.48.131 | ip-tech@sknetworks.co.kr | KR | APNIC | SKNETWORKS | http://yongsin.es.kr/oil2.txt?? |
| 2009-08-04 09:36:42 | clamav | PHP.Shell-14 | 216.15.161.10 | abuse@cybercon.com | US | ARIN | CYBERCON-BLK1 | http://cards.centralpets.com/images/html/utopia.txt |
| 2009-08-04 13:18:58 | clamav | PHP.Id-2 | 216.108.237.12 | noc@premianet.com | US | ARIN | PREMIANET | http://imagehut.ws/images/tops.gif??? |
| 2009-08-04 13:18:58 | clamav | PHP.Id-14 | 216.108.237.12 | noc@premianet.com | US | ARIN | PREMIANET | http://imagehut.ws/img/pandegaid.txt?? |
| 2009-08-04 13:18:58 | clamav | PHP.Id | 211.152.36.200 | liu.xiaoqiu@21vianet.com | CN | APNIC | SH-21VIANET | http://shanghaisisa.com/skin/ide.txt?? |
| 2009-08-04 13:18:57 | clamav | PHP.Bot-6 | 98.137.46.72 | network-abuse@cc.yahoo-inc.com | US | ARIN | A-YAHOO-US9 | http://www.geocities.com/jagad_blitar/ugant.txt?? |
| 2009-08-04 11:56:22 | clamav | PHP.Bot-6 | 98.137.46.72 | network-abuse@cc.yahoo-inc.com | US | ARIN | A-YAHOO-US9 | http://www.geocities.com/api_neraka@rocketmail.com/lumut1.txt |
| 2009-08-04 09:44:44 | clamav | PHP.Bot-6 | 64.62.181.43 | abuse@he.net | US | ARIN | HURRICANE-4 | http://kara.Fileave.Com/bot.Txt |
| 2009-08-04 13:18:57 | avira | BDS/PHP.ali.13 | 64.202.163.148 | abuse@godaddy.com | US | ARIN | GO-DADDY-SOFTWARE-INC | http://tommymartin.info//project/projects/bot.txt |
| 2009-08-04 12:16:38 | avira | BDS/PHP.Agent.DW.3 | 110.45.144.47 | support@kidc.net | KR | APNIC | KIDC | http://www.loveject.com/board//data/.log/cyberz.txt |
+---------------------+---------+------------------------+-----------------+---------------------------------+---------+--------+-----------------------------------+----------------------------------------------------------------+
43 rows in set (0.70 sec)
--- End code ---
Navigation
[0] Message Index
[#] Next page
Go to full version