195.88.191.46

Malware Related > BIGNESS - AS49093

195.88.191.46

(1/6) > >>

Malware-Web-Threats:
directs to exploits:

--- Code: ---kvumurij.cn/s/in.cgi?3&ab_iframe=0&ab_badtraffic=0&ab_trash=1&antibot_hash=bot

--- End code ---
Wepawet

The site below doesn't seems to work so I will check later if this domain redirects to a new one.

The urls was:

--- Code: ---ssesodoq.cn/uin/
ssesodoq.cn/uin/whichGoodS.pdf
ssesodoq.cn/uin/searchMakeChunk.swf
ssesodoq.cn/uin/update.php?id=5
ssesodoq.cn/uin/update.php?id=6

--- End code ---
Wepawet

also work:

--- Code: ---ssesodoq.cn/uin/update.exe

--- End code ---

VirusTotal - 8/41 (19.51%)
Threat Expert

It connect to 91.207.4.250 (see threatexpert) and start spamming

--- Quote ---GET spm/get_id.php
GET spm/page.php

--- End quote ---

Other on this IP:

http://www.malwareurl.com/listing.php?ip=195.88.191.46
http://www.malwaredomainlist.com/mdl.php?search=195.88.191.46&colsearch=All&quantity=50

Anything else?

http://www.bfk.de/bfk_dnslogger.html?query=195.88.191.46

Malware-Web-Threats:
same as below:

--- Code: ---ns1.vvukufan.com/s/in.cgi?3&ab_iframe=0&ab_badtraffic=0&ab_trash=1&antibot_hash=bot
ns1.jagbibiv.cn/s/in.cgi?3&ab_iframe=0&ab_badtraffic=0&ab_trash=1&antibot_hash=bot
ns2.jagbibiv.cn/s/in.cgi?3&ab_iframe=0&ab_badtraffic=0&ab_trash=1&antibot_hash=bot

--- End code ---

http://wepawet.iseclab.org/view.php?hash=94f15cbfb2fffd42daa369ad1c85eda7&t=1252247278&type=js
http://wepawet.iseclab.org/view.php?hash=e08d6e782c77ed81f7aa041a0aeadbc0&t=1252247286&type=js
http://wepawet.iseclab.org/view.php?hash=879f28c20c7cef91aaade18e0777f45e&t=1252247298&type=js

cleanmx:
payload is not in sub-dir /uin but in root....

hxxp://ssesodoq.cn/update.exe

-- gerhard

Malware-Web-Threats:
Interesting - another MD5

--- Code: ---kvumurij.cn/update.exe

--- End code ---
Wepawet
MD5: 455575b550ae3c6c3d39b44ac5e501c8

--- Code: ---kvumurij.cn/2cv/update.exe

--- End code ---
Wepawet
MD5: 230eb4adb27b2697e2076f34a73cab13

the exploit kit with urls:

--- Code: ---kvumurij.cn/2cv/
kvumurij.cn/2cv/dontLayoutDont.pdf
kvumurij.cn/2cv/wordA.swf
kvumurij.cn/2cv/update.php
kvumurij.cn/2cv/update.exe
kvumurij.cn/2cv/admin.php

--- End code ---
Wepawet
VirusTotal - 4/41 (9.76%)

AVG: Packed.Monder
Kaspersky: Packed.Win32.Krap.x
Microsoft: Spammer:Win32/Tedroo.AA
Rising: Unknown Win32 Virus

Malware-Web-Threats:
the ThreatExpert report also show a connection to 91.207.6.242

The following GET requests were made:

--- Quote ---spm/get_id.php
spm/page.php?id=231828&tick=231828&ver=112&smtp=ok&task=0

--- End quote ---

Threat Expert

Navigation

[0] Message Index

[#] Next page

Go to full version