polonus
1
Update for Riskware/Generic.AC.18053 APNIC CN antispam at dcb.hz.zj dot cn 122.225.96.132 to 122.226.102.76 sh5y dot com htxp://xiazai9.sh5y.com/setup_361.exe
See: https://www.virustotal.com/nl/url/c13305ac6dbbb96d65475d9c6f15bec30a00bae019e0a0771d76c64d270672a1/analysis/1420725973/
Filescan: https://herdprotect.com/setup_361.exe-35e8fe7d3aa073c08c4067ce3f2d6bc2c41d9e4a.aspx
System Details:
Running on: nginx
Via proxy: 1.0 Netcraft Risk Status: http://toolbar.netcraft.com/site_report/?url=xiazai9.sh5y.com & http://totalhash.com/network/ip:122.226.102.76
Unable to properly scan your site. Site returning error (40x): HTTP/1.0 403 Forbidden
IP badness → https://www.virustotal.com/nl/ip-address/122.226.102.76/information/
Malware on IP: http://www.scumware.org/report/122.226.102.76.html
IDS alerts: http://urlquery.net/report.php?id=1418323679450
Cannot get DNS for parent server! → http://www.dnsinspect.com/sh5y.com/1420727499
Direct link to a malware file: https://app.webinspector.com/public/reports/28562072
Link to Malware File. Found by Antivirus Engine.
SHA1: a765610ea32ada1338c027971799d63207b162e6
Only 1 flags: fortinet 23.543, 23.543 5.1.158 2015-01-07 Riskware/Generic.AC.18053
500 Took to long to download - URL Domain Result: Blacklisted in multiple real-time domain blocklists
See: http://support.clean-mx.de/clean-mx/viruses.php?id=51240418
Does avast detect in PUP-mode? → https://www.virustotal.com/nl/file/0584d22455f05a3a19438f00083d595f5ab089ece49e11f0cc063752d8f6fc4c/analysis/
malware up an d active now since 2014-12-24 - 21:08:51 hrs.
polonus
Pondus
3