Malware Related > Malicious Domains
daily something......
techhelplist.com:
dyreza downloads, encryped binaries not .doc files:
134.249.63.46/legas4.doc
46.151.48.173/legas4.doc
195.3.157.218/legas4.doc
91.232.157.139/legas4.doc
93.123.40.17/legas4.doc
194.28.190.167/legas4.doc
techhelplist.com:
trapwot fake-av malware download:
pitfaa.nidhog.com/document.php
ilarf.net/document.php
gurutravel.co.nz/document.php
www.lead.com.co/document.php
must use a windows user-agent and have get params like:
pitfaa.nidhog.com/document.php?rnd=9001&id=56565656656565
ilarf.net/document.php?rnd=9001&id=56565656656565
gurutravel.co.nz/document.php?rnd=9001&id=56565656656565
www.lead.com.co/document.php?rnd=9001&id=246924692469
techhelplist.com:
dyreza downloads, encryped binaries not .doc files:
134.249.63.46/file2.doc
46.151.48.173/file2.doc
195.3.157.218/file2.doc
91.232.157.139/file2.doc
93.123.40.17/file2.doc
194.28.190.167/file2.doc
dridex download:
madasi.homepage.t-online.de/dbcfg/32.exe
techhelplist.com:
first one is andromeda, the rest are associated malware downloaded by the andromeda bot. thx to matt mesa for tracking them down.
54.149.214.13/and40a311.exe andromeda
155.133.18.45/107fjr3.exe lethic
155.133.18.45/112fjr3.exe
155.133.18.45/109fjr3.exe
155.133.18.45/121fjr3.exe
155.133.18.45/240fjr3.exe
54.149.214.13/ng40a311.exe
54.149.214.13/bet40a311.exe betabot
54.149.214.13/nut40a311.exe nutrino
54.149.214.13/dqnewand40a311.exe
54.149.214.13/110040a311.exe
155.133.18.45/85fjr3.exe
155.133.18.45/12fjr3.exe
techhelplist.com:
trapwot fakeav malware downloads
avdl.ru/img/ppc.exe
avdl.ru/img/av.exe
avsrv.ru/img/av.exe
181.112.55.130/img/ppc.exe
181.112.55.130/img/av.exe
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version