CLEAN MX realtime database
public access query for virus URL statistics
Totally watched: 20282, to down: 0, to up: 0, changed ip: 0
As of 2010-09-02 22:05:27 CEST
Subscribe to the VirusWatch Mailing list, updated hourly

This database consists of Virus URI, collected and verified since Feb 2006

If you detect URI'S concerning your netblock, already closed... you have made a good job, otherwise please close them as soon as possible.

to look at some nice charts, there are complete statisticsstatistics for this database
Attention: all URI'S are manually verified, but not cross-checked for real viruses function in this moment you make this query.(Sites may have been closed already..)
Our automatic Viruswalker process is scheduled every hour, so you may see now a incident and this one will be resolved later on.
So please keep on sending close-feedbacks to us...

if you have questions, criticism, wishes or ... do not hesitate to contact us at abuse@clean-mx.de
Our PBX is down you may reach us by cell phone +49 171 4802507 ...
Welcome back, would be fine to get some feedback from your site..
Query as xml: Same query as xml output
TIMERS: Runtime Query: 0.0063 Seconds
helpLine help#descendigascending helpDatedescendigascending helpCloseddescendigascending helphours helpcontributordescendigascending helpvirusnamedescendigascending helpURLdescendigascending helpip state helpresponsedescendigascending helpIp initialdescendigascending helpAS#descendigascending helpip reviewdescendigascending helpURLdescendigascending helpDomaindescendigascending helpcountrydescendigascending helpsourcedescendigascending helpemaildescendigascending helpinetnumdescendigascending helpnetnamedescendigascending helpdescrdescendigascending helpns1descendigascending helpns2descendigascending helpns3descendigascending helpns4descendigascending helpns5descendigascending helpURLdescendigascending
1 631176 2010-08-02 16:01:52 2010-08-12 16:43:33 240.7 follow up this itemfollow up this contributor (sub19) as RSS-Feed sub19possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
Saved local log of joebox August 02 2010 16:10:22 CEST.1/42 (2.38%) Virustotal. MD5: 54a03dd8517877525e9ba066d9aef419 Malware-Cryptor.Win32.General.4 lookup in virustotal.com (54a03dd8517877525e9ba066d9aef419)-->[http://www.virustotal.com/analisis/17da44faf7e7868c60e37741cfeb7e6769702849ef60e0c3cc6c7824257fd599-1280758076]lookup in threatexpert.comlookup the sha256(17da44faf7e7868c60e37741cfeb7e6769702849ef60e0c3cc6c7824257fd599) in comodo.comfollow up this md5sum(54a03dd8517877525e9ba066d9aef419)follow up this itemfollow up this virusname (Malware-Cryptor.Win32.General.4) as RSS-FeedBlocked by google safebrowsing malwarelist click for analyse pagefollow up this malware(Malware-Cryptor.Win32.General.4) for scanner (VBA32) in md5 table1/42 (2.38%) Malware-Cryptor.Win32.General.4
 Safe Virus-Viewer and Analyser may take a minute to complete http://85.234.191.111/krab07_heroaergggg ...  up Saved evidence (1021952 Bytes) of first contact as txt August 02 2010 16:02:42 CEST.No evidence recorded deadSaved log of last contact as txt August 12 2010 16:43:33 CEST. SenderBaselookup 85.234.191.111 at Rus CERT university stuttgart germanylookup 85.234.191.111 at Ripefollow up this item(ip) in same window 85.234.191.111 SenderBaselookup 85.234.191.111 at Rus CERT university stuttgart germanylookup 85.234.191.111 at Ripefollow up this item(review) in same window 85.234.191.111 Safe Virus-Viewer and Analyser may take a minute to complete http://85.234.191.111/krab07_heroaergggg ... follow up this domain(85.234.191.111) 85.234.191.111 follow up this itemfollow up this country (LV) as RSS-Feed LV follow up this itemfollow up this region (RIPE) as RSS-Feed RIPE follow up this itemfollow up this enail (bkc@bkc.lv) as RSS-Feed bkc@bkc.lv follow up this itemfollow up this item 85.234.191.0 - 85.234.191.255 follow up this item UBR6-8-IZZI follow up this item DOCSIS IP pool for cable customers follow up this item  follow up this item  follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://85.234.191.111/krab07_heroaergggg ...
2 629301 2010-07-29 23:03:45 2010-08-07 23:05:25 216 follow up this itemfollow up this contributor (sub1) as RSS-Feed sub1possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
Saved local log of joebox July 30 2010 00:20:00 CEST.2/42 (4.76%) Virustotal. MD5: b81c944c5e96b7546fcc72a7ca07d706 Trojan.Generic.KD.23623 Mal/FakeAV-EE lookup in virustotal.com (b81c944c5e96b7546fcc72a7ca07d706)-->[http://www.virustotal.com/analisis/cfea53f8c4b30458587efb5e5508e5ca9d8fdef6b0599338a24563a1e5822a32-1280480522]lookup in threatexpert.comlookup the sha256(cfea53f8c4b30458587efb5e5508e5ca9d8fdef6b0599338a24563a1e5822a32) in comodo.comfollow up this md5sum(b81c944c5e96b7546fcc72a7ca07d706)follow up this itemfollow up this virusname (Trojan.Generic.KD.23623) as RSS-FeedBlocked by google safebrowsing malwarelist click for analyse pagefollow up this malware(Trojan.Generic.KD.23623) for scanner (BitDefender) in md5 table2/42 (4.76%) Trojan.Generic.KD.23623
 Safe Virus-Viewer and Analyser may take a minute to complete http://85.234.191.111/Hiro_esrhohlshgaqw ...  up Saved evidence (1127936 Bytes) of first contact as txt July 29 2010 22:53:23 CEST.No evidence recorded closedSaved log of last contact as txt August 07 2010 23:05:23 CEST. SenderBaselookup 85.234.191.111 at Rus CERT university stuttgart germanylookup 85.234.191.111 at Ripefollow up this item(ip) in same window 85.234.191.111 SenderBaselookup 85.234.191.111 at Rus CERT university stuttgart germanylookup 85.234.191.111 at Ripefollow up this item(review) in same window 85.234.191.111 Safe Virus-Viewer and Analyser may take a minute to complete http://85.234.191.111/Hiro_esrhohlshgaqw ... follow up this domain(85.234.191.111) 85.234.191.111 follow up this itemfollow up this country (LV) as RSS-Feed LV follow up this itemfollow up this region (RIPE) as RSS-Feed RIPE follow up this itemfollow up this enail (bkc@bkc.lv) as RSS-Feed bkc@bkc.lv follow up this itemfollow up this item 85.234.191.0 - 85.234.191.255 follow up this item UBR6-8-IZZI follow up this item DOCSIS IP pool for cable customers follow up this item  follow up this item  follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://85.234.191.111/Hiro_esrhohlshgaqw ...
3 625828 2010-07-24 11:02:43 2010-08-07 23:49:48 348.8 follow up this itemfollow up this contributor (sub9) as RSS-Feed sub9possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
Saved local log of joebox July 24 2010 11:29:42 CEST.12/42 (28.57%) Virustotal. MD5: 804c4a2e875e2e5bc111601d8ed29e3d Heuristic.BehavesLike.Win32.AdSpyware.A Gen:Variant.Bredo.2 Gen:Variant.Bredo.2 lookup in virustotal.com (804c4a2e875e2e5bc111601d8ed29e3d)-->[http://www.virustotal.com/analisis/e264e6745aa2500f766ced9974ba1eb6b726a198af634a57dd1369e4a6e70a40-1279962331]lookup in threatexpert.comlookup the sha256(e264e6745aa2500f766ced9974ba1eb6b726a198af634a57dd1369e4a6e70a40) in comodo.comfollow up this md5sum(804c4a2e875e2e5bc111601d8ed29e3d)follow up this itemfollow up this virusname (Win-Trojan%2FBredolab.55808) as RSS-FeedBlocked by google safebrowsing malwarelist click for analyse pagefollow up this malware(Win-Trojan%2FBredolab.55808) for scanner (AhnLab_V3) in md5 table12/42 (28.57%) Win-Trojan/Bredolab.55808
 Safe Virus-Viewer and Analyser may take a minute to complete http://85.234.191.111/bat.exe  up Saved evidence (256000 Bytes) of first contact as txt July 24 2010 10:13:38 CEST.No evidence recorded closedSaved log of last contact as txt August 07 2010 23:49:47 CEST. SenderBaselookup 85.234.191.111 at Rus CERT university stuttgart germanylookup 85.234.191.111 at Ripefollow up this item(ip) in same window 85.234.191.111 SenderBaselookup 85.234.191.111 at Rus CERT university stuttgart germanylookup 85.234.191.111 at Ripefollow up this item(review) in same window 85.234.191.111 Safe Virus-Viewer and Analyser may take a minute to complete http://85.234.191.111/bat.exe follow up this domain(85.234.191.111) 85.234.191.111 follow up this itemfollow up this country (LV) as RSS-Feed LV follow up this itemfollow up this region (RIPE) as RSS-Feed RIPE follow up this itemfollow up this enail (bkc@bkc.lv) as RSS-Feed bkc@bkc.lv follow up this itemfollow up this item 85.234.191.0 - 85.234.191.255 follow up this item UBR6-8-IZZI follow up this item DOCSIS IP pool for cable customers follow up this item  follow up this item  follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://85.234.191.111/bat.exe
4 623817 2010-07-20 17:03:06 2010-07-30 12:18:49 235.3 follow up this itemfollow up this contributor (sub15) as RSS-Feed sub15possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
Saved local log of joebox July 23 2010 04:48:20 CEST.8/42 (19.05%) Virustotal. MD5: 8272d4db2e78428b4ade93382929c776 Gen:Variant.TDss.3 a variant of Win32/Kryptik.FOF Gen:Variant.TDss.3 lookup in virustotal.com (8272d4db2e78428b4ade93382929c776)-->[http://www.virustotal.com/analisis/94a05c72a53d840339a5c46586ff0bb979aeb77bc23cc2b84a8040f83e204f0f-1279638540]lookup in threatexpert.comlookup the sha256(94a05c72a53d840339a5c46586ff0bb979aeb77bc23cc2b84a8040f83e204f0f) in comodo.comfollow up this md5sum(8272d4db2e78428b4ade93382929c776)follow up this itemfollow up this virusname (Gen%3AVariant.TDss.3) as RSS-FeedBlocked by google safebrowsing malwarelist click for analyse pagefollow up this malware(Gen%3AVariant.TDss.3) for scanner (BitDefender) in md5 table8/42 (19.05%) Gen:Variant.TDss.3
 Safe Virus-Viewer and Analyser may take a minute to complete http://85.234.191.111/mrmun_sgjlgdsjrthr ...  up Saved evidence (1176064 Bytes) of first contact as txt July 20 2010 16:53:13 CEST.Saved evidence (1017856 Bytes) of last contact as txt July 30 2010 11:56:46 CEST. closed-158208Saved log of last contact as txt July 30 2010 12:18:46 CEST. SenderBaselookup 85.234.191.111 at Rus CERT university stuttgart germanylookup 85.234.191.111 at Ripefollow up this item(ip) in same window 85.234.191.111 SenderBaselookup 85.234.191.111 at Rus CERT university stuttgart germanylookup 85.234.191.111 at Ripefollow up this item(review) in same window 85.234.191.111 Safe Virus-Viewer and Analyser may take a minute to complete http://85.234.191.111/mrmun_sgjlgdsjrthr ... follow up this domain(85.234.191.111) 85.234.191.111 follow up this itemfollow up this country (LV) as RSS-Feed LV follow up this itemfollow up this region (RIPE) as RSS-Feed RIPE follow up this itemfollow up this enail (bkc@bkc.lv) as RSS-Feed bkc@bkc.lv follow up this itemfollow up this item 85.234.191.0 - 85.234.191.255 follow up this item UBR6-8-IZZI follow up this item DOCSIS IP pool for cable customers follow up this item  follow up this item  follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://85.234.191.111/mrmun_sgjlgdsjrthr ...
5 623818 2010-07-20 17:03:06 2010-07-30 12:18:44 235.3 follow up this itemfollow up this contributor (sub15) as RSS-Feed sub15possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
Saved local log of joebox July 23 2010 05:58:30 CEST.4/41 (9.76%) Virustotal. MD5: 23e00cc153c1b63b9beb6fd5e65db168 a variant of Win32/Kryptik.FOF Trojan:Win32/Winwebsec Trojan.Generic.Fakesec.3232 lookup in virustotal.com (23e00cc153c1b63b9beb6fd5e65db168)-->[http://www.virustotal.com/analisis/ff80d8b1c19d005fff2d4caa762f66382158186d8d17b1cde6b84193cfdbe31f-1279638372]lookup in threatexpert.comlookup the sha256(ff80d8b1c19d005fff2d4caa762f66382158186d8d17b1cde6b84193cfdbe31f) in comodo.comfollow up this md5sum(23e00cc153c1b63b9beb6fd5e65db168)follow up this itemfollow up this virusname (Trojan.Generic.Fakesec.3232) as RSS-FeedBlocked by google safebrowsing malwarelist click for analyse pagefollow up this malware(Trojan.Generic.Fakesec.3232) for scanner (ClamAV) in md5 table4/41 (9.76%) Trojan.Generic.Fakesec.3232
 Safe Virus-Viewer and Analyser may take a minute to complete http://85.234.191.111/lavi_elkrewrnkehyl ...  up Saved evidence (1176064 Bytes) of first contact as txt July 20 2010 16:56:51 CEST.Saved evidence (1036800 Bytes) of last contact as txt July 30 2010 12:02:26 CEST. closed-139264Saved log of last contact as txt July 30 2010 12:18:42 CEST. SenderBaselookup 85.234.191.111 at Rus CERT university stuttgart germanylookup 85.234.191.111 at Ripefollow up this item(ip) in same window 85.234.191.111 SenderBaselookup 85.234.191.111 at Rus CERT university stuttgart germanylookup 85.234.191.111 at Ripefollow up this item(review) in same window 85.234.191.111 Safe Virus-Viewer and Analyser may take a minute to complete http://85.234.191.111/lavi_elkrewrnkehyl ... follow up this domain(85.234.191.111) 85.234.191.111 follow up this itemfollow up this country (LV) as RSS-Feed LV follow up this itemfollow up this region (RIPE) as RSS-Feed RIPE follow up this itemfollow up this enail (bkc@bkc.lv) as RSS-Feed bkc@bkc.lv follow up this itemfollow up this item 85.234.191.0 - 85.234.191.255 follow up this item UBR6-8-IZZI follow up this item DOCSIS IP pool for cable customers follow up this item  follow up this item  follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://85.234.191.111/lavi_elkrewrnkehyl ...
6 623819 2010-07-20 17:03:06 2010-07-25 20:12:21 123.2 follow up this itemfollow up this contributor (sub15) as RSS-Feed sub15possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
Saved local log of joebox July 23 2010 01:19:34 CEST.4/42 (9.52%) Virustotal. MD5: 54459a6ef502fd5fac6ea516a8f89b3f a variant of Win32/Kryptik.FOF Trojan:Win32/Winwebsec Trojan.Generic.Fakesec.3232 lookup in virustotal.com (54459a6ef502fd5fac6ea516a8f89b3f)-->[http://www.virustotal.com/analisis/d1378b80e23b21fc3066ee1bdf5658da8d3944fdcef9535d6bd328d3b5380e53-1279638373]lookup in threatexpert.comlookup the sha256(d1378b80e23b21fc3066ee1bdf5658da8d3944fdcef9535d6bd328d3b5380e53) in comodo.comfollow up this md5sum(54459a6ef502fd5fac6ea516a8f89b3f)follow up this itemfollow up this virusname (Trojan.Generic.Fakesec-7) as RSS-FeedBlocked by google safebrowsing malwarelist click for analyse pagelookup Virusname at viruspoolfollow up this malware(Trojan.Generic.Fakesec-7) for scanner (clamav) in md5 table4/42 (9.52%) Trojan.Generic.Fakesec-7
 Safe Virus-Viewer and Analyser may take a minute to complete http://85.234.191.111/varag_sdfgkwlkgadf ...  up Saved evidence (1176064 Bytes) of first contact as txt July 20 2010 16:56:20 CEST.No evidence recorded deadSaved log of last contact as txt July 25 2010 20:12:21 CEST. SenderBaselookup 85.234.191.111 at Rus CERT university stuttgart germanylookup 85.234.191.111 at Ripefollow up this item(ip) in same window 85.234.191.111 SenderBaselookup 85.234.191.111 at Rus CERT university stuttgart germanylookup 85.234.191.111 at Ripefollow up this item(review) in same window 85.234.191.111 Safe Virus-Viewer and Analyser may take a minute to complete http://85.234.191.111/varag_sdfgkwlkgadf ... follow up this domain(85.234.191.111) 85.234.191.111 follow up this itemfollow up this country (LV) as RSS-Feed LV follow up this itemfollow up this region (RIPE) as RSS-Feed RIPE follow up this itemfollow up this enail (bkc@bkc.lv) as RSS-Feed bkc@bkc.lv follow up this itemfollow up this item 85.234.191.0 - 85.234.191.255 follow up this item UBR6-8-IZZI follow up this item DOCSIS IP pool for cable customers follow up this item  follow up this item  follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://85.234.191.111/varag_sdfgkwlkgadf ...
7 623647 2010-07-20 10:03:40 2010-07-30 12:21:21 242.3 follow up this itemfollow up this contributor (sub15) as RSS-Feed sub15possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
Saved local log of joebox July 23 2010 09:15:12 CEST.4/42 (9.52%) Virustotal. MD5: badfff3c3884f96875374874a996e517 a variant of Win32/Kryptik.FOF Trojan:Win32/Winwebsec Trojan.Generic.Fakesec.3232 lookup in virustotal.com (badfff3c3884f96875374874a996e517)-->[http://www.virustotal.com/analisis/ee181a7745d9d39ed407908113b86a7191be7dbafac235cfc2e70386bfcf9cec-1279613207]lookup in threatexpert.comlookup the sha256(ee181a7745d9d39ed407908113b86a7191be7dbafac235cfc2e70386bfcf9cec) in comodo.comfollow up this md5sum(badfff3c3884f96875374874a996e517)follow up this itemfollow up this virusname (Trojan.Generic.Fakesec.3232) as RSS-FeedBlocked by google safebrowsing malwarelist click for analyse pagefollow up this malware(Trojan.Generic.Fakesec.3232) for scanner (ClamAV) in md5 table4/42 (9.52%) Trojan.Generic.Fakesec.3232
 Safe Virus-Viewer and Analyser may take a minute to complete http://85.234.191.111/5can_girnogsdnohrw ...  up Saved evidence (1176064 Bytes) of first contact as txt July 20 2010 09:48:28 CEST.Saved evidence (1036800 Bytes) of last contact as txt July 30 2010 12:03:00 CEST. closed-139264Saved log of last contact as txt July 30 2010 12:21:19 CEST. SenderBaselookup 85.234.191.111 at Rus CERT university stuttgart germanylookup 85.234.191.111 at Ripefollow up this item(ip) in same window 85.234.191.111 SenderBaselookup 85.234.191.111 at Rus CERT university stuttgart germanylookup 85.234.191.111 at Ripefollow up this item(review) in same window 85.234.191.111 Safe Virus-Viewer and Analyser may take a minute to complete http://85.234.191.111/5can_girnogsdnohrw ... follow up this domain(85.234.191.111) 85.234.191.111 follow up this itemfollow up this country (LV) as RSS-Feed LV follow up this itemfollow up this region (RIPE) as RSS-Feed RIPE follow up this itemfollow up this enail (bkc@bkc.lv) as RSS-Feed bkc@bkc.lv follow up this itemfollow up this item 85.234.191.0 - 85.234.191.255 follow up this item UBR6-8-IZZI follow up this item DOCSIS IP pool for cable customers follow up this item  follow up this item  follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://85.234.191.111/5can_girnogsdnohrw ...
8 623559 2010-07-19 21:04:00 2010-07-30 12:22:29 255.3 follow up this itemfollow up this contributor (sub4) as RSS-Feed sub4lookup Evidence at malwaredomainlist.com
Saved local log of joebox July 23 2010 07:49:24 CEST.5/41 (12.20%) Virustotal. MD5: 3d3108a2d4ae5b4c83263aaf1af516b2 a variant of Win32/Kryptik.FOF Trojan:Win32/Winwebsec Trojan/Win32.FakeAV lookup in virustotal.com (3d3108a2d4ae5b4c83263aaf1af516b2)-->[http://www.virustotal.com/analisis/eba93213dcd02d7420744d18051aefe2907ac90572128e1453c95a0703946de1-1279577664]lookup in threatexpert.comlookup the sha256(eba93213dcd02d7420744d18051aefe2907ac90572128e1453c95a0703946de1) in comodo.comfollow up this md5sum(3d3108a2d4ae5b4c83263aaf1af516b2)follow up this itemfollow up this virusname (Trojan%2FWin32.FakeAV) as RSS-FeedBlocked by google safebrowsing malwarelist click for analyse pagefollow up this malware(Trojan%2FWin32.FakeAV) for scanner (AhnLab_V3) in md5 table5/41 (12.20%) Trojan/Win32.FakeAV
 Safe Virus-Viewer and Analyser may take a minute to complete http://85.234.191.111/click3r_ghurtyjmar ...  up Saved evidence (1176064 Bytes) of first contact as txt July 19 2010 23:56:38 CEST.Saved evidence (1017856 Bytes) of last contact as txt July 30 2010 11:59:16 CEST. closed-158208Saved log of last contact as txt July 30 2010 12:22:25 CEST. SenderBaselookup 85.234.191.111 at Rus CERT university stuttgart germanylookup 85.234.191.111 at Ripefollow up this item(ip) in same window 85.234.191.111 SenderBaselookup 85.234.191.111 at Rus CERT university stuttgart germanylookup 85.234.191.111 at Ripefollow up this item(review) in same window 85.234.191.111 Safe Virus-Viewer and Analyser may take a minute to complete http://85.234.191.111/click3r_ghurtyjmar ... follow up this domain(85.234.191.111) 85.234.191.111 follow up this itemfollow up this country (LV) as RSS-Feed LV follow up this itemfollow up this region (RIPE) as RSS-Feed RIPE follow up this itemfollow up this enail (bkc@bkc.lv) as RSS-Feed bkc@bkc.lv follow up this itemfollow up this item 85.234.191.0 - 85.234.191.255 follow up this item UBR6-8-IZZI follow up this item DOCSIS IP pool for cable customers follow up this item  follow up this item  follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://85.234.191.111/click3r_ghurtyjmar ...
9 623298 2010-07-19 08:11:22 2010-07-25 20:28:55 156.3 follow up this itemfollow up this contributor (sub10) as RSS-Feed sub10possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
Saved local log of joebox July 22 2010 14:53:14 CEST.9/42 (21.43%) Virustotal. MD5: b96c29b93115c7e656b51c4c2eeb9276 Gen:Heur.Krypt.4 a variant of Win32/Kryptik.FNT Gen:Heur.Krypt.4 lookup in virustotal.com (b96c29b93115c7e656b51c4c2eeb9276)-->[http://www.virustotal.com/analisis/4a56d5aaca44b4299114a05cf06d6217b3fb581086cc15c5545fc34af2176ebc-1279524216]lookup in threatexpert.comlookup the sha256(4a56d5aaca44b4299114a05cf06d6217b3fb581086cc15c5545fc34af2176ebc) in comodo.comfollow up this md5sum(b96c29b93115c7e656b51c4c2eeb9276)follow up this itemfollow up this virusname (Trojan.Generic.Fakesec-7) as RSS-FeedBlocked by google safebrowsing malwarelist click for analyse pagelookup Virusname at viruspoolfollow up this malware(Trojan.Generic.Fakesec-7) for scanner (clamav) in md5 table9/42 (21.43%) Trojan.Generic.Fakesec-7
 Safe Virus-Viewer and Analyser may take a minute to complete http://85.234.191.111/pzeclawski_gsdhrth ...  up Saved evidence (936960 Bytes) of first contact as txt July 19 2010 09:03:06 CEST.No evidence recorded deadSaved log of last contact as txt July 25 2010 20:28:55 CEST. SenderBaselookup 85.234.191.111 at Rus CERT university stuttgart germanylookup 85.234.191.111 at Ripefollow up this item(ip) in same window 85.234.191.111 SenderBaselookup 85.234.191.111 at Rus CERT university stuttgart germanylookup 85.234.191.111 at Ripefollow up this item(review) in same window 85.234.191.111 Safe Virus-Viewer and Analyser may take a minute to complete http://85.234.191.111/pzeclawski_gsdhrth ... follow up this domain(85.234.191.111) 85.234.191.111 follow up this itemfollow up this country (LV) as RSS-Feed LV follow up this itemfollow up this region (RIPE) as RSS-Feed RIPE follow up this itemfollow up this enail (bkc@bkc.lv) as RSS-Feed bkc@bkc.lv follow up this itemfollow up this item 85.234.191.0 - 85.234.191.255 follow up this item UBR6-8-IZZI follow up this item DOCSIS IP pool for cable customers follow up this item  follow up this item  follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://85.234.191.111/pzeclawski_gsdhrth ...
10 623134 2010-07-18 20:35:00 2010-07-25 20:33:18 168 follow up this itemfollow up this contributor (sub4) as RSS-Feed sub4lookup Evidence at malwaredomainlist.com
Saved local log of joebox July 23 2010 04:22:04 CEST.10/42 (23.81%) Virustotal. MD5: c66259d45dadde9345cab1061bd6de97 Gen:Heur.Krypt.4 a variant of Win32/Kryptik.FNT Gen:Heur.Krypt.4 lookup in virustotal.com (c66259d45dadde9345cab1061bd6de97)-->[http://www.virustotal.com/analisis/1ae2a8a02853cbd111d668cc8a0488d6850147011a4d88a34a5d7075639f3f82-1279487354]lookup in threatexpert.comlookup the sha256(1ae2a8a02853cbd111d668cc8a0488d6850147011a4d88a34a5d7075639f3f82) in comodo.comfollow up this md5sum(c66259d45dadde9345cab1061bd6de97)follow up this itemfollow up this virusname (Trojan.Generic.Fakesec-7) as RSS-FeedBlocked by google safebrowsing malwarelist click for analyse pagelookup Virusname at viruspoolfollow up this malware(Trojan.Generic.Fakesec-7) for scanner (clamav) in md5 table10/42 (23.81%) Trojan.Generic.Fakesec-7
 Safe Virus-Viewer and Analyser may take a minute to complete http://85.234.191.111/trololo_guorehguao ...  up Saved evidence (936960 Bytes) of first contact as txt July 18 2010 22:55:19 CEST.No evidence recorded deadSaved log of last contact as txt July 25 2010 20:33:18 CEST. SenderBaselookup 85.234.191.111 at Rus CERT university stuttgart germanylookup 85.234.191.111 at Ripefollow up this item(ip) in same window 85.234.191.111 SenderBaselookup 85.234.191.111 at Rus CERT university stuttgart germanylookup 85.234.191.111 at Ripefollow up this item(review) in same window 85.234.191.111 Safe Virus-Viewer and Analyser may take a minute to complete http://85.234.191.111/trololo_guorehguao ... follow up this domain(85.234.191.111) 85.234.191.111 follow up this itemfollow up this country (LV) as RSS-Feed LV follow up this itemfollow up this region (RIPE) as RSS-Feed RIPE follow up this itemfollow up this enail (bkc@bkc.lv) as RSS-Feed bkc@bkc.lv follow up this itemfollow up this item 85.234.191.0 - 85.234.191.255 follow up this item UBR6-8-IZZI follow up this item DOCSIS IP pool for cable customers follow up this item  follow up this item  follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://85.234.191.111/trololo_guorehguao ...
11 623108 2010-07-18 18:29:00 2010-07-25 20:33:27 170.1 follow up this itemfollow up this contributor (sub4) as RSS-Feed sub4lookup Evidence at malwaredomainlist.com
Saved local log of joebox July 23 2010 04:43:46 CEST.10/42 (23.81%) Virustotal. MD5: 60bc1a5bc971aaba38792059c7636574 Gen:Heur.Krypt.4 Gen:Heur.Krypt.4 Trojan:Win32/Winwebsec lookup in virustotal.com (60bc1a5bc971aaba38792059c7636574)-->[http://www.virustotal.com/analisis/c941ba46aa29976b4714a8f337caba9b44e0d101105aaa2da14d30184249a534-1279480231]lookup in threatexpert.comlookup the sha256(c941ba46aa29976b4714a8f337caba9b44e0d101105aaa2da14d30184249a534) in comodo.comfollow up this md5sum(60bc1a5bc971aaba38792059c7636574)follow up this itemfollow up this virusname (Trojan.Generic.Fakesec-7) as RSS-FeedBlocked by google safebrowsing malwarelist click for analyse pagelookup Virusname at viruspoolfollow up this malware(Trojan.Generic.Fakesec-7) for scanner (clamav) in md5 table10/42 (23.81%) Trojan.Generic.Fakesec-7
 Safe Virus-Viewer and Analyser may take a minute to complete http://85.234.191.111/podm_gsdkjgaweeggw ...  up Saved evidence (936960 Bytes) of first contact as txt July 18 2010 21:07:48 CEST.No evidence recorded deadSaved log of last contact as txt July 25 2010 20:33:27 CEST. SenderBaselookup 85.234.191.111 at Rus CERT university stuttgart germanylookup 85.234.191.111 at Ripefollow up this item(ip) in same window 85.234.191.111 SenderBaselookup 85.234.191.111 at Rus CERT university stuttgart germanylookup 85.234.191.111 at Ripefollow up this item(review) in same window 85.234.191.111 Safe Virus-Viewer and Analyser may take a minute to complete http://85.234.191.111/podm_gsdkjgaweeggw ... follow up this domain(85.234.191.111) 85.234.191.111 follow up this itemfollow up this country (LV) as RSS-Feed LV follow up this itemfollow up this region (RIPE) as RSS-Feed RIPE follow up this itemfollow up this enail (bkc@bkc.lv) as RSS-Feed bkc@bkc.lv follow up this itemfollow up this item 85.234.191.0 - 85.234.191.255 follow up this item UBR6-8-IZZI follow up this item DOCSIS IP pool for cable customers follow up this item  follow up this item  follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://85.234.191.111/podm_gsdkjgaweeggw ...
12 621965 2010-07-16 22:52:21 2010-08-12 18:52:57 644 follow up this itemfollow up this contributor (sub9) as RSS-Feed sub9possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
Saved local log of joebox July 20 2010 22:23:40 CEST.7/42 (16.67%) Virustotal. MD5: 4f22f54bcc5672f7ec4cd347182d10a5 Gen:Heur.Krypt.4 a variant of Win32/Kryptik.FNF Gen:Heur.Krypt.4 lookup in virustotal.com (4f22f54bcc5672f7ec4cd347182d10a5)-->[http://www.virustotal.com/analisis/9e4d9590bbd40bcc5d821a0bec000fc2758c5a1a5fcafefffbdb4313043d8e30-1279314563]lookup in threatexpert.comlookup the sha256(9e4d9590bbd40bcc5d821a0bec000fc2758c5a1a5fcafefffbdb4313043d8e30) in comodo.comfollow up this md5sum(4f22f54bcc5672f7ec4cd347182d10a5)follow up this itemfollow up this virusname (Gen%3AHeur.Krypt.4) as RSS-FeedBlocked by google safebrowsing malwarelist click for analyse pagefollow up this malware(Gen%3AHeur.Krypt.4) for scanner (BitDefender) in md5 table7/42 (16.67%) Gen:Heur.Krypt.4
 Safe Virus-Viewer and Analyser may take a minute to complete http://85.234.191.111/flegg2_horetrjjjsr ...  up Saved evidence (925184 Bytes) of first contact as txt July 16 2010 22:42:38 CEST.No evidence recorded deadSaved log of last contact as txt August 12 2010 18:52:57 CEST. SenderBaselookup 85.234.191.111 at Rus CERT university stuttgart germanylookup 85.234.191.111 at Ripefollow up this item(ip) in same window 85.234.191.111 SenderBaselookup 85.234.191.111 at Rus CERT university stuttgart germanylookup 85.234.191.111 at Ripefollow up this item(review) in same window 85.234.191.111 Safe Virus-Viewer and Analyser may take a minute to complete http://85.234.191.111/flegg2_horetrjjjsr ... follow up this domain(85.234.191.111) 85.234.191.111 follow up this itemfollow up this country (LV) as RSS-Feed LV follow up this itemfollow up this region (RIPE) as RSS-Feed RIPE follow up this itemfollow up this enail (bkc@bkc.lv) as RSS-Feed bkc@bkc.lv follow up this itemfollow up this item 85.234.191.0 - 85.234.191.255 follow up this item UBR6-8-IZZI follow up this item DOCSIS IP pool for cable customers follow up this item  follow up this item  follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://85.234.191.111/flegg2_horetrjjjsr ...
13 621966 2010-07-16 22:52:21 2010-08-12 18:52:52 644 follow up this itemfollow up this contributor (sub9) as RSS-Feed sub9possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
Saved local log of joebox July 20 2010 22:20:10 CEST.7/41 (17.07%) Virustotal. MD5: 89ca1997aafddd2baf347304fcadff66 Gen:Heur.Krypt.4 a variant of Win32/Kryptik.FNF Gen:Heur.Krypt.4 lookup in virustotal.com (89ca1997aafddd2baf347304fcadff66)-->[http://www.virustotal.com/analisis/3d62e5d78fb1cfa209d3b25cefb822560e68c550f3c978d2397964e7a7bbaf64-1279314565]lookup in threatexpert.comlookup the sha256(3d62e5d78fb1cfa209d3b25cefb822560e68c550f3c978d2397964e7a7bbaf64) in comodo.comfollow up this md5sum(89ca1997aafddd2baf347304fcadff66)follow up this itemfollow up this virusname (Gen%3AHeur.Krypt.4) as RSS-FeedBlocked by google safebrowsing malwarelist click for analyse pagefollow up this malware(Gen%3AHeur.Krypt.4) for scanner (BitDefender) in md5 table7/41 (17.07%) Gen:Heur.Krypt.4
 Safe Virus-Viewer and Analyser may take a minute to complete http://85.234.191.111/test_severyan_sdhk ...  up Saved evidence (925184 Bytes) of first contact as txt July 16 2010 23:04:11 CEST.No evidence recorded deadSaved log of last contact as txt August 12 2010 18:52:52 CEST. SenderBaselookup 85.234.191.111 at Rus CERT university stuttgart germanylookup 85.234.191.111 at Ripefollow up this item(ip) in same window 85.234.191.111 SenderBaselookup 85.234.191.111 at Rus CERT university stuttgart germanylookup 85.234.191.111 at Ripefollow up this item(review) in same window 85.234.191.111 Safe Virus-Viewer and Analyser may take a minute to complete http://85.234.191.111/test_severyan_sdhk ... follow up this domain(85.234.191.111) 85.234.191.111 follow up this itemfollow up this country (LV) as RSS-Feed LV follow up this itemfollow up this region (RIPE) as RSS-Feed RIPE follow up this itemfollow up this enail (bkc@bkc.lv) as RSS-Feed bkc@bkc.lv follow up this itemfollow up this item 85.234.191.0 - 85.234.191.255 follow up this item UBR6-8-IZZI follow up this item DOCSIS IP pool for cable customers follow up this item  follow up this item  follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://85.234.191.111/test_severyan_sdhk ...
14 621937 2010-07-16 19:06:00 2010-08-12 18:53:33 647.8 follow up this itemfollow up this contributor (sub4) as RSS-Feed sub4lookup Evidence at malwaredomainlist.com
Saved local log of joebox July 23 2010 19:24:18 CEST.7/42 (16.67%) Virustotal. MD5: 8ee5a25dbb14f0aa89a9b4759696f2f3 Gen:Heur.Krypt.4 a variant of Win32/Kryptik.FNF Gen:Heur.Krypt.4 lookup in virustotal.com (8ee5a25dbb14f0aa89a9b4759696f2f3)-->[http://www.virustotal.com/analisis/6d038d197d5b355f84999d4959103e76d05cd4c70ed9a90a50865097586ffac1-1279310852]lookup in threatexpert.comlookup the sha256(6d038d197d5b355f84999d4959103e76d05cd4c70ed9a90a50865097586ffac1) in comodo.comfollow up this md5sum(8ee5a25dbb14f0aa89a9b4759696f2f3)follow up this itemfollow up this virusname (Gen%3AHeur.Krypt.4) as RSS-FeedBlocked by google safebrowsing malwarelist click for analyse pagefollow up this malware(Gen%3AHeur.Krypt.4) for scanner (BitDefender) in md5 table7/42 (16.67%) Gen:Heur.Krypt.4
 Safe Virus-Viewer and Analyser may take a minute to complete http://85.234.191.111/deeprule_sdghwoipg ...  up Saved evidence (924160 Bytes) of first contact as txt July 16 2010 21:49:22 CEST.No evidence recorded deadSaved log of last contact as txt August 12 2010 18:53:33 CEST. SenderBaselookup 85.234.191.111 at Rus CERT university stuttgart germanylookup 85.234.191.111 at Ripefollow up this item(ip) in same window 85.234.191.111 SenderBaselookup 85.234.191.111 at Rus CERT university stuttgart germanylookup 85.234.191.111 at Ripefollow up this item(review) in same window 85.234.191.111 Safe Virus-Viewer and Analyser may take a minute to complete http://85.234.191.111/deeprule_sdghwoipg ... follow up this domain(85.234.191.111) 85.234.191.111 follow up this itemfollow up this country (LV) as RSS-Feed LV follow up this itemfollow up this region (RIPE) as RSS-Feed RIPE follow up this itemfollow up this enail (bkc@bkc.lv) as RSS-Feed bkc@bkc.lv follow up this itemfollow up this item 85.234.191.0 - 85.234.191.255 follow up this item UBR6-8-IZZI follow up this item DOCSIS IP pool for cable customers follow up this item  follow up this item  follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://85.234.191.111/deeprule_sdghwoipg ...
Click here for other already closed incidents for your domain (85.234.191.111)

Click here for other vital incidents