Domain surveillance of some specific Redirects:
Location Data: San Francisco
------------------------------------
superfilesdocumentsy.asia/v944/?a=1
- https://www.virustotal.com/de/url/062d123c7599a52d5cd1c42edc8a6971c91ddfe2f336b1bac72860611b8f2702/analysis/1384701938/
PUA: not-a-virus:Downloader.Win32.AdLoad.fwz
- https://www.virustotal.com/de/file/8567bc9279ca8e7c2be23bfb513eb285d662233bd8528416afb509faef14b389/analysis/1384701943/
141.101.117.252 (Cloudflare)
- https://www.virustotal.com/de/url/89163a510d694d5717eb5dcb88036e7366c96620f36aec26e62e879efeddbc9e/analysis/1384702693/
- https://www.virustotal.com/de/ip-address/141.101.117.252/information/
141.101.116.252 (Cloudflare)
- https://www.virustotal.com/de/url/5df0642b589152b807eeb5910b26fe8e9c8c2bf4415f9e3a437d8f5ad4836c37/analysis/1384703661/
------------------------------------------------------------------------------------------------------------------------
applicationscenterforally.asia/v944/?INm
- https://www.virustotal.com/de/url/110f167f8b1a5c45cfa1531db3226a1b1bd00f191529b3a3e8c222b992a82df9/analysis/1384704601/
Application.Win32.InstalleRex.LL
- https://www.virustotal.com/de/file/242c3638ad824d612d6ed91823671aaefb503a83f744d6d472d402595d720aac/analysis/1384704604/
- http://urlquery.net/report.php?id=7774362
- http://app.webinspector.com/public/reports/18450113
108.162.197.34 (Cloudflare)
- https://www.virustotal.com/de/url/43ee0d2d8d7a39dc1791a85ded58b26f566d60f704069ebeadd465d2ce13a6e7/analysis/1384705270/
- https://www.virustotal.com/de/ip-address/108.162.197.34/information/
108.162.196.34 (Cloudflare)
- https://www.virustotal.com/de/url/9f497a74dc2bd7ea5c115c98199212d5bbdbaa625b7e612d17144191b5cec29a/analysis/1384707723/
- https://www.virustotal.com/de/ip-address/108.162.196.34/information/
------------------------------------------------------------------------------------------------------------------------
op.applicationscenterforally.asia/sspcQA/ssa/
- https://www.virustotal.com/de/url/5311fc57b109651eb8e1a49d70a580881a9e23e7de21e5676f20c6c4df0cd92d/analysis/1384708370/
ADWARE/InstallRex.Gen
- https://www.virustotal.com/de/file/18a813f5bc905194c727424a17e9b2578d7ee8d76d23804799934b3d76001436/analysis/1384708600/
------------------------------------------------------------------------------------------------------------------------
Other Domains connecting to the same IP 46.165.228.246 :
• amu.downurfiles.info
• downloadkeeper.info
• driveridentifier-download.com
• ezdownloadpro.info
• iframe.applicationsforentirey.asia
• iframe.applicationsforeveryy.asia
• iframe.filesaredirecty.asia
• iframe.filesareonliney.asia
• iframe.superfilesdatay.asia
• lp.ezdownloadpro.info
• lp.livetrafficall.info
• op.alllinuxapplicationsy.asia
• op.applicationsforcompletey.asia
• op.applicationsforentirey.asia
• op.applicationsforeveryy.asia
• op.bestfilesarey.asia
• op.bestfilesdatay.asia
• op.documentsguidey.asia
• op.documentssitey.asia
Domains who responded to 141.101.117.252:
• 2upl.com
• amu.domainforcompany.info
• andyrohr.com
• bookmarkspiral.com
• filecm.net
• hackstore.net
• happysky.heartbrea.kr
• icephoenixbot.com
• krazywap.ws
• octavis.net
Malicious Message Digest Algorithm 5s known to have been downloaded from 141.101.117.252:
MD5: fd4195ef1af7fb49a673633ed57b87ab
MD5: c0d9713acfc46c2a466a9de77292636d
MD5: d3119ed48cb5896d41aeae4b51f2667a
MD5: c6799f5425fbe038778c4c4a22b35a41
MD5: 840fa1e6c0f81f6da1a347ecb3b2db2e
MD5: c27d4537d24aa55df9837479da2ae111
MD5: c77fc69c7b96c53ce762b87c98831327
MD5: dce1c89d7a267b2a4ae925b5a387e5cd
MD5: a868964e1fe66e4a7638f46ba7844b52
MD5: 2acc54f86694e8d7674e8e1afff86aa1
MD5: 5f078de83a9ce3ee2d9d2fe174cd234c
MD5: 0426e6c1fe2aa8681c683428bb3d2dd7
MD5: efcd92d3be23e624bca2db8515f0df20
MD5: 30ac6dd3290ab3c9281e81c2cba2097e
MD5: 9b35dcacd42e6ba1c596a8bc0425d646
Domains who responded to 108.162.197.34:
• 4agent.info
• advancedchirocenter.com
• albertomolteni.altervista.org
• applicationscenterforally.asia
• asoiaf.westeros.org
• br.singlesfind.us
• buker.ru
• chaochui88.com
• client.ferocitybooter.net
• habbokekos.net
• hentaimate.com
• horny-locals.com
• img.b2bage.com
• onvideogames.net
• op.applicationscenterforally.asia
• papermashup.com
• pdiva.ro
• pinoyhideout.com.ph
• prestamosdinerolosangeles.com
• sdx.cc
-------------------------------------------------------------------------------
The following File has been downloaded from 108.162.197.34 :
Download.exe
REFERENCE & Regards to Dancho
I know it's an old post, but there's actually a plethora more domains associated with InstallRex than are listed here.
AntwortenLöschenI've pulled the records from my database for you;
http://temp.it-mate.co.uk/MM_-_InstallRex-10022014.xlsx
Thx MyteryFMC, i will take a look at it.
AntwortenLöschen