Author Topic: Fake flashplayer download site  (Read 10839 times)

0 Members and 1 Guest are viewing this topic.

January 14, 2012, 11:22:40 am
Read 10839 times

HGPower

  • Full Member

  • Offline
  • ***

  • 60
Code: [Select]
http://www1.safe-kcleaner.kwik.to/7mc7bgr?jgs2o8luh8=jsnjldh1zdrfptjS2Yui1MepmpGfm5ja0Ndvol7N18qqsLO6sFPX1qmXlZ%2BL4d2k6qimXs7ezHXVwKyrU%2BXc1qLN2srny9rlWNKbqcq7XtzRo5Zkn5GdmJKcl6OYmaVilavg1tyt5p6Xi6TUx6mZk5TZ5takqGOmbaSonW3WlJmLod6gnZiTpJqlop6qaJWc2%2BLJoeGe3dyknpHcytPh1ODL09aa1JvX2tql1ciU0KTUzprZ0JTW1NWk5ajereXm2Vw%3D(nslookup)
Name:   http://www1.safe-kcleaner.kwik.to
Address: 67.208.74.71
scandsk.exe  
Detection ratio:    12 / 43
MD5: 7cd39c59a1071993c6a973ac1bbdd926
https://www.virustotal.com/file/8cc76a847a376a6b7737e17782949126b20b17674d1ff94412fa5fc2d840556c/analysis/1326539743/


January 15, 2012, 02:04:20 am
Reply #1

HGPower

  • Full Member

  • Offline
  • ***

  • 60
Code: [Select]
http://www1.firstgnetwork.kwik.to/g84uwjlp?hrcdvgn=jN3dye7Mq9zP6tbW3pTa3dusp5uZqInU38urmY%2FT1dbZq7fIwpXe3qWkl5Wc1uGj4OiqmsnXybHZzrixjujTy%2BKk0tHK4OTp3JTI17TExZHR4qCVrZqcl6GooamYnJysneLmzNzn1qGnjeXPza%2Bnpo3i2eC01KOcnamWmKuXosmP5uaxmKGXqqyopKKeq4nI5dTPz9ev6uveoZPn4Nzi183fydnpzNza0uDY4JXZ3N3inebajuHc3N2k0Nrb6%2B3mypI%3Dnslookup
Name:www1.firstgnetwork.kwik.to
Address: 79.133.196.110
Payload same as last post on this topic

Code: [Select]
http://www1.strongmasterkdu.kwik.to/a3t9gsrh2h?gqzgqj=i9Lx1Oen4uvZ3uXN1Yfo3cmvoJSmnZfq0NWnpprT0dDZqrPHv4ve3qGnm6Kg1uSn6uqpldDQ0Z7V06u4kdzc29%2B3y9nM19zW55TK0J7Ix4vb26GmnqSomKmgoamjnaWfk9Tn1dnn3qGmjejjy66epZrm49qk0pKkqZyln5mlm9Sg2%2BSnpKekpaSXo5KqqovW2tHW0N%2B33ujhp6Ll4%2BDW28jX2cvX2dfa09ndldzh3N%2Bg492N4MfU36Lm0NboyZU%3Dnslookup
Name:www1.strongmasterkdu.kwik.to
Address: 79.133.196.110
scandsk.exe
MD5:439EA57BEE2961887E4DC0C9ABCD58CA
SHA256: 236e8cebf296735bf536aa7e8f9a55b9799fcf3fb6155630654c39479f007ca0
Detection ratio:    5 / 43
https://www.virustotal.com/file/236e8cebf296735bf536aa7e8f9a55b9799fcf3fb6155630654c39479f007ca0/analysis/1326606499/



January 15, 2012, 05:29:20 pm
Reply #2

HGPower

  • Full Member

  • Offline
  • ***

  • 60
Code: [Select]
http://www1.savexgysecurity.kwik.to/d1e8ya?wd39=m9uknuLRs9za1OrZi9je1qapqaiaWancxbOYnsjb1degx8a0muXqoWVspIfl2LXe76qLxd7WptbYvapZqunPs9%2Fw1unt1sqb1cyxzsqKnKmwkq2YppixqZOXqKCap7Gd16ea59bpoqmN8NzJoKmkj%2Bjt46GYaqSWrZisnKmnyInp5aalrKmaaW2qmqqbnsvo4MbM46%2Fg6%2FCqkqeo49vu0OvK2uHK1aPd4N3kpdiiX9jW587ipOLo383q1s%2BYnslookup
Name:www1.savexgysecurity.kwik.to
Address: 79.133.196.110

scandsk.exe
MD5: e8bcc7ca6fb37bb518c4aa9d98f41823
6 out of 20 scanners reported malware.
http://virusscan.jotti.org/en/scanresult/6192847926c986ed96621fe1f85d760f4525f1f3





January 15, 2012, 07:31:33 pm
Reply #3

HGPower

  • Full Member

  • Offline
  • ***

  • 60
Rogue AV-Win 7 Antispyware 2012
Code: [Select]
http://sijarukocejyyni.ns02.info/land/?n=loli&id=1nslookup
Name:sijarukocejyyni.ns02.info
Address: 80.91.176.192

adobeflashplayerv10.2.152.32.exe
MD5: 60B7CD6211BBAB53A2DC46AD71965A1D
SHA256:    fcac88a130955c295a29b3c2e1ed2b07026075b0d2a33310546a947a5987a7c6
Detection ratio:    1 / 43
https://www.virustotal.com/file/fcac88a130955c295a29b3c2e1ed2b07026075b0d2a33310546a947a5987a7c6/analysis/1326655308/

Code: [Select]
http://pics263-flash.servepics.com/?n=teen&id=1nslookup
Name: pics263-flash.servepics.com
Address: 188.95.54.8

flash_player_installer.exe
MD5: FE74EB4D85A4956BC87E5F7C39E75F84
SHA256:    36665f7bd03db60bd499086531818c375619b6e871da602febd61b0b192147bd
Detection ratio:    1 / 43
https://www.virustotal.com/file/36665f7bd03db60bd499086531818c375619b6e871da602febd61b0b192147bd/analysis/






January 16, 2012, 12:23:43 am
Reply #4

HGPower

  • Full Member

  • Offline
  • ***

  • 60
Code: [Select]
http://www2.bestnetworkl.kwik.to/d7qtht9?728iaa=W5us4trXn93e5tjJ49uV59TQdGdompeH0s7XsaGL1dnR5Ki%2Bi31e1dSelJikmt3Yse7lqZHOoJZ1y8CnqIvj5NvXseXp6NvPqKpezMSet7iZ3d6ipa6ioJykbWBsnI%2BSlZ2Z5%2BLG6Ozir5ySrpucppWTiNnn4KvJpdukpp7RbGZtmYfV1aKkp6Cbqq6iop2kXZan1sLK0KLq6%2BWYoufU5N7bpZOklsLP1s7p3eDR2%2BKd3eLVomCs2IfPztHt7KvH3N%2Fj2o8%3Dnslookup
Name:www2.bestnetworkl.kwik.to
Address: 79.133.196.110

scandsk.exe
MD5: E8BCC7CA6FB37BB518C4AA9D98F41823
SHA256:    ecbc38cda48cec6f6f894c23d450a4112cef7a8178a1bf5efe1a7f8dbcf91c2f
Detection ratio:    14 / 43
https://www.virustotal.com/file/ecbc38cda48cec6f6f894c23d450a4112cef7a8178a1bf5efe1a7f8dbcf91c2f/analysis/1326673264/

Code: [Select]
http://www2.tope-sentinel.kwik.to/u3ja8cg9?kh7e1=j%2BCazJux3unPl9aL493Nq5qcnJ5d1ZrYrKOLjtXH4LG7wrCS19t0l2Wlld%2FYaurbpZrL18mpzcd9q1fl3d7Im7DR19Xcz4vPzqWMuFfd362WZKaTn6yfnJmfmZlqnVfn49HZouain5rg18mpn5pd2aXgrNSWkaiZodmeopqckdyqomKnoaabZKuYoaWP0tTZzNGloqjr5qOTndjX4ePXz9GZzNarzqfd4dzMmKHQ5d3UnNnbkcqfxqHjrNbfptfO25g%3D
nslookup
Name:www2.tope-sentinel.kwik.to
Address: 79.133.196.110

scandsk.exe
MD5: CAF7BDEA1C78CA0761F6B0F9B6293093
SHA256:    62d5e85ef3b9fbf6e20431c49ceb46a3055a67fc9f57d41e40cf161114bee47a
Detection ratio:    11 / 43
https://www.virustotal.com/file/62d5e85ef3b9fbf6e20431c49ceb46a3055a67fc9f57d41e40cf161114bee47a/analysis/1326678638/


January 16, 2012, 02:01:19 pm
Reply #5

HGPower

  • Full Member

  • Offline
  • ***

  • 60
Code: [Select]
http://www1.power-kyisecurity.kwik.to/o8jxkk?1rh0p3c=VenLla2kydve392YotTdpqiVlKuY2d3dbqWOkdKV1a3By7CYmd62m6eWieTlpuvvaJjKmdRwxc%2B1vYvhod624NjN2umYzNe2hsWOmeBwlKeipZaqY5mtnKGWlq2Y3OjapefbbaFZ2tnTtJmkU9%2Ft1bDJlNmnnafeZqadYJan1q2gqpeoZJ2rmayVidnh1tXin6%2Ffp%2BdnkeDU6djhm8zl2%2BnMkOjVyuLeo6DTp9mekeTendDboszjpujazdzajQ%3D%3Dnslookup
Name:www1.power-kyisecurity.kwik.to
Address: 79.133.196.110

scandsk.exe
MD5: 2E227A156A1C6B2BA6B5A714EA3EA531
SHA256:    b03c3d498991986d896142a137f55aa06da44b5fc2808326cb1615f4cff5357d
Detection ratio:    6 / 42
https://www.virustotal.com/file/b03c3d498991986d896142a137f55aa06da44b5fc2808326cb1615f4cff5357d/analysis/1326722357/



January 16, 2012, 02:49:22 pm
Reply #6

HGPower

  • Full Member

  • Offline
  • ***

  • 60
Code: [Select]
http://www2.topanetwork.kwik.to/gfdp?61w106x=Wpbfq22d4evn0djYi%2Bng06%2BgZmKtV6Cf3LGilsLQx%2Ba0wca2XJ3qbmJpqZre457l26ud0dvPc5PWd3Zc3dbl0Z7X0%2Brn2ZjOmW7MhFaf6LGgp5SclqytnaaeZGKqaVap7NXj5dSrlpru2NaoamOdpaSitdig1JaimNmso6ebXKXqbmFpqqqmopaelaWd0%2BHYl5rlbqet76id48LUyuTn1J%2FSq5LplV6h793antXdi9zm4a%2FYrqfxn1Q%3Dnslookup
Name:   www2.topanetwork.kwik.to
Address: 79.133.196.110

scandsk.exe
MD5: 3DEA1D943E58EFE42A5A86EC4BDE0B34
SHA256: 9a403496ab4cae35596adf4fa26aa392c47ec739e7799cca4aea4d024184ca75
Detection ratio: 6 / 43
https://www.virustotal.com/file/9a403496ab4cae35596adf4fa26aa392c47ec739e7799cca4aea4d024184ca75/analysis/1326725241/

January 18, 2012, 07:56:44 am
Reply #7

HGPower

  • Full Member

  • Offline
  • ***

  • 60
Code: [Select]
http://www2.strongiscanner.kwik.to/u1bd?qiqy23azg8=ldXU22%2Bl2uHOm%2BDjmOTXy6aok5KklNXb1aakn5OVw%2Bykise%2FmNvhpJumlIfd4aLp56CX25uXntzGfrma5N3Tzdyw3djP1dqY1MyuzoVZyuqkb6SipKecm5mhlJSnlNjm0t3m7G9kh%2FHQnLCopJXi29WwxJKgo5alqZ6msGRZ1e2kaaamqKelmpmnl4fS3dLT2teu8KmqlKjaoeDk3tTQ0NzY0dXX3Mren9To4p1h1emNnuzr6tmryc3Y18zS1ok%3D
Name: www2.strongiscanner.kwik.to
Address: 79.133.196.110

scandsk.exe
MD5: 3ABE18350B99A5E636DB92473783D4D4
SHA256: 2d043f9823d5fa2411e9c34913097c7af07af4cc1254b6f1721c422b0e337900
Detection ratio: 9 / 43
https://www.virustotal.com/file/2d043f9823d5fa2411e9c34913097c7af07af4cc1254b6f1721c422b0e337900/analysis/1326873266/

January 26, 2012, 01:18:58 am
Reply #8

HGPower

  • Full Member

  • Offline
  • ***

  • 60
Code: [Select]
http://www1.thebestqsentinel.com/wtjtr74d?k64cq=j6Ofya7d29fb1eHkl%2BjO0rGenpaikaadx66njsbEx%2BWxw8ewlODcq5efnFyj1q7r3pyIx9zYrtXEtLqP1dHN43Og2N7b2daIyNaxxsaL1%2BSmp52anG1ilKetlpaanJnn5dTZ4%2Bemn4vj1Jpxl6Oa3NnOoqel1KjLoamfoprNkaqnoKKnmpyXmaOnpKeL0uPWz87aqK2r2qSi29LD1%2BfbnubK3OjS3MrYmZ%2Biienu19qf3ebn2diJnslookup
Name: www1.thebestqsentinel.com
Address: 217.23.8.104

scandsk.exe
Detection ratio:   5 / 42
MD5:   3669275312a0686ed17b9d2bbb7f8d1a
https://www.virustotal.com/file/24f6c50c2f7504b8f29a1eb7f779518f17e51775eeaaa68cd67a5e6a0ae2b58c/analysis/1327540536/


January 26, 2012, 03:03:50 am
Reply #9

HGPower

  • Full Member

  • Offline
  • ***

  • 60
Code: [Select]
http://www1.power-holderqg.in/akio231_5016.php?cgbe1l0kh=h9TNy27Vo93h4N3ni%2BeWzKyhlJaol9fMy5%2BYV82SzdqtwcuwmJnbrJ6Xlpjg2qDe2JxXzpnPpdLOvauYlNTQ5KHR597O1NiIyJSphb6O2d%2B0nqpbmaaalZurn5ibnojYpc2k4NutoJ3c25Glo56K2ebdpJeYxZqXn2WhnKXQndnlapminpuapqGalpuIyaDZkdTWrebu3KVb29zN1tnZntrI1dbOn9GcmdHele%2Ff4aKl59%2FXzdeX2tjJpdKVqaPQ1tS14NHXUQ%3D%3Dnslookup
Name:www1.power-holderqg.in
Address: 82.103.142.44

scandsk.exe
Detection ratio:    6 / 43
MD5: 3669275312a0686ed17b9d2bbb7f8d1a
https://www.virustotal.com/file/24f6c50c2f7504b8f29a1eb7f779518f17e51775eeaaa68cd67a5e6a0ae2b58c/analysis/1327546623/
Note;
Sites are accessible with IE or Firefox, Chrome will not render url's.



January 28, 2012, 02:43:34 am
Reply #10

HGPower

  • Full Member

  • Offline
  • ***

  • 60
Code: [Select]
http://www1.firstjbarmy.in/mpjj?t017l7=mKehmNp02dTp69aQ18rWqq6kYWdd3KDKpqWZ1czE06%2B%2Fzb9WnaqpaZmamOLnp9nXqZPb3ZRumct9rI%2Fh3uLXn9vkz%2BPVqFeaz3S7vJjc5KeTl6SbraReYmWdbZmP5efV3tfUr56f65mVdKBpjN3m37Gdk5anpaylZmduoF3a3K%2Bkp5yZmKOkrq1hV5vbpMfS4LDr4dmUoODm1aKlnpmqy9fm3OLPzo%2Fb25%2Fhnaqq0HTRztTZ4Y4%3Dnslookup>
www1.firstjbarmy.in
217.23.8.104

File name: scandsk.exe
Detection ratio:    4 / 42
MD5:    8345ee87876dc6df5ad9000a37f96fed
https://www.virustotal.com/file/5def1e5caa84c945aee628676087bb55e99a861562aa27d88d43bdb0cbbfb19a/analysis/1327718062/