CLEAN MX realtime database
public access query for virus URL statistics
Totally watched: 20282, to down: 0, to up: 0, changed ip: 0
As of 2010-09-02 22:05:27 CEST
Subscribe to the VirusWatch Mailing list, updated hourly

This database consists of Virus URI, collected and verified since Feb 2006

If you detect URI'S concerning your netblock, already closed... you have made a good job, otherwise please close them as soon as possible.

to look at some nice charts, there are complete statisticsstatistics for this database
Attention: all URI'S are manually verified, but not cross-checked for real viruses function in this moment you make this query.(Sites may have been closed already..)
Our automatic Viruswalker process is scheduled every hour, so you may see now a incident and this one will be resolved later on.
So please keep on sending close-feedbacks to us...

if you have questions, criticism, wishes or ... do not hesitate to contact us at abuse@clean-mx.de
Our PBX is down you may reach us by cell phone +49 171 4802507 ...
Query as xml: Same query as xml output
TIMERS: Runtime Query: 0.0048 Seconds
helpLine help#descendigascending helpDatedescendigascending helpCloseddescendigascending helphours helpcontributordescendigascending helpvirusnamedescendigascending helpURLdescendigascending helpip state helpresponsedescendigascending helpIp initialdescendigascending helpAS#descendigascending helpip reviewdescendigascending helpURLdescendigascending helpDomaindescendigascending helpcountrydescendigascending helpsourcedescendigascending helpemaildescendigascending helpinetnumdescendigascending helpnetnamedescendigascending helpdescrdescendigascending helpns1descendigascending helpns2descendigascending helpns3descendigascending helpns4descendigascending helpns5descendigascending helpURLdescendigascending
1 631058Report false positive Report closed case make a suggestion 2010-08-02 13:13:48 OVERDUE! Overdue!753.2 follow up this itemfollow up this contributor (sub10) as RSS-Feed sub10possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
possible lookup in wepawet0/42 (0.00%) Virustotal. MD5: f23f0bb3831bac62b030a7f415d29c7d lookup in virustotal.com (f23f0bb3831bac62b030a7f415d29c7d)-->[http://www.virustotal.com/analisis/aedfc7ab8cc2c96ce1c6f93fe910d5a086110f5c4a4fe7aedce1db32bb22e09b-1280750829]follow up this md5sum(f23f0bb3831bac62b030a7f415d29c7d)follow up this itemfollow up this virusname (unknown_html_RFI_eval) as RSS-Feedfollow up this malware(unknown_html_RFI_eval) for scanner (undef) in md5 table0/42 (0.00%) unknown_html_RFI_eval
 Safe Virus-Viewer and Analyser may take a minute to complete http://livetv.ru  up Saved evidence (101880 Bytes) of first contact as txt August 02 2010 18:03:08 CEST.Saved evidence (111610 Bytes) of last contact as txt August 30 2010 00:52:07 CEST. alive9730Saved log of last contact as txt August 29 2010 20:52:22 CEST. SenderBaselookup 91.189.86.79 at Rus CERT university stuttgart germanylookup 91.189.86.79 at Ripefollow up this item(ip) in same window 91.189.86.79 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS8342) in networks tablefollow up this itemfollow up this AS (AS8342) as RSS-Feed AS8342 SenderBaselookup 91.189.86.79 at Rus CERT university stuttgart germanylookup 91.189.86.79 at Ripefollow up this item(review) in same window 91.189.86.79 Safe Virus-Viewer and Analyser may take a minute to complete http://livetv.ru follow up this domain(livetv.ru) livetv.ru follow up this itemfollow up this country (RU) as RSS-Feed RU follow up this itemfollow up this region (RIPE) as RSS-Feed RIPE follow up this itemfollow up this enail (abuse@eserver.ru) as RSS-Feed abuse@eserver.ru follow up this itemfollow up this item 91.189.80.0 - 91.189.87.255 follow up this item ESERVER follow up this item eServer.ru - hosting operatoreServer.ru web-hosting companyESERVERESERVER follow up this item ns2.nameself.com follow up this item ns1.nameself.com follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://livetv.ru
2 629606Report false positive Report closed case make a suggestion 2010-07-30 10:11:01 OVERDUE! Overdue!828.2 follow up this itemfollow up this contributor (sub10) as RSS-Feed sub10possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
possible lookup in wepawet0/42 (0.00%) Virustotal. MD5: 4395c0f242b71386b43d7156059e4893 lookup in virustotal.com (4395c0f242b71386b43d7156059e4893)-->[http://www.virustotal.com/analisis/3fa6afece79cae7867dc85015f345527cef25ca9bd6914043db24eae074297a2-1280480853]follow up this md5sum(4395c0f242b71386b43d7156059e4893)follow up this itemfollow up this virusname (unknown_html_RFI_eval) as RSS-Feedfollow up this malware(unknown_html_RFI_eval) for scanner (undef) in md5 table0/42 (0.00%) unknown_html_RFI_eval
 Safe Virus-Viewer and Analyser may take a minute to complete http://www.livetv.ru  up Saved evidence (105287 Bytes) of first contact as txt July 30 2010 15:06:28 CEST.Saved evidence (111927 Bytes) of last contact as txt August 30 2010 01:05:47 CEST. alive6640Saved log of last contact as txt August 29 2010 21:05:50 CEST. SenderBaselookup 91.189.86.79 at Rus CERT university stuttgart germanylookup 91.189.86.79 at Ripefollow up this item(ip) in same window 91.189.86.79 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS8342) in networks tablefollow up this itemfollow up this AS (AS8342) as RSS-Feed AS8342 SenderBaselookup 91.189.86.79 at Rus CERT university stuttgart germanylookup 91.189.86.79 at Ripefollow up this item(review) in same window 91.189.86.79 Safe Virus-Viewer and Analyser may take a minute to complete http://www.livetv.ru follow up this domain(livetv.ru) livetv.ru follow up this itemfollow up this country (RU) as RSS-Feed RU follow up this itemfollow up this region (RIPE) as RSS-Feed RIPE follow up this itemfollow up this enail (abuse@eserver.ru) as RSS-Feed abuse@eserver.ru follow up this itemfollow up this item 91.189.80.0 - 91.189.87.255 follow up this item ESERVER follow up this item eServer.ru - hosting operatoreServer.ru web-hosting companyESERVERESERVER follow up this item ns1.nameself.com follow up this item ns2.nameself.com follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://www.livetv.ru
3 620052 2010-07-13 11:12:08 2010-08-25 18:09:52 1039 follow up this itemfollow up this contributor (sub15) as RSS-Feed sub15possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
Saved local log of joebox July 13 2010 11:21:44 CEST.8/42 (19.05%) Virustotal. MD5: 9cebe5b44881ae0ff606c25f3217405a Trojan Horse Hoax.Win32.ArchSMS!IK JOKE/ArchSMS.HS lookup in virustotal.com (9cebe5b44881ae0ff606c25f3217405a)-->[http://www.virustotal.com/analisis/23109824b79f292ac49b09857e6e31e96f8f75224ca678befe1ebd3bf34b5984-1279012702]lookup in threatexpert.comlookup the sha256(23109824b79f292ac49b09857e6e31e96f8f75224ca678befe1ebd3bf34b5984) in comodo.comfollow up this md5sum(9cebe5b44881ae0ff606c25f3217405a)follow up this itemfollow up this virusname (Hoax.Win32.ArchSMS%21IK) as RSS-Feedfollow up this malware(Hoax.Win32.ArchSMS%21IK) for scanner (a_squared) in md5 table8/42 (19.05%) Hoax.Win32.ArchSMS!IK
 Safe Virus-Viewer and Analyser may take a minute to complete http://dl24.yanloads.ru/uploads/links/10 ...  up Saved evidence (8367731 Bytes) of first contact as txt July 13 2010 11:01:01 CEST.Saved evidence (8254980 Bytes) of last contact as txt August 25 2010 18:00:01 CEST. closed-112751Saved log of last contact as txt August 25 2010 18:09:41 CEST. SenderBaselookup 91.189.86.120 at Rus CERT university stuttgart germanylookup 91.189.86.120 at Ripefollow up this item(ip) in same window 91.189.86.120 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS8342) in networks tablefollow up this itemfollow up this AS (AS8342) as RSS-Feed AS8342 SenderBaselookup 91.189.86.120 at Rus CERT university stuttgart germanylookup 91.189.86.120 at Ripefollow up this item(review) in same window 91.189.86.120 Safe Virus-Viewer and Analyser may take a minute to complete http://dl24.yanloads.ru/uploads/links/10 ... follow up this domain(yanloads.ru) yanloads.ru follow up this itemfollow up this country (RU) as RSS-Feed RU follow up this itemfollow up this region (RIPE) as RSS-Feed RIPE follow up this itemfollow up this enail (abuse@eserver.ru) as RSS-Feed abuse@eserver.ru follow up this itemfollow up this item 91.189.80.0 - 91.189.87.255 follow up this item ESERVER follow up this item eServer.ru - hosting operatoreServer.ru web-hosting companyESERVERESERVER follow up this item ns2.8dns.ru follow up this item ns1.8dns.ru follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://dl24.yanloads.ru/uploads/links/10 ...
4 224956 2009-10-12 10:05:27 2009-10-12 10:21:53 0.3 follow up this itemfollow up this contributor (sub1) as RSS-Feed sub1possible lookup Evidence at malwareurl.compossible lookup Evidence at malwaredomainlist.com
follow up this itemfollow up this virusname (unknown_html_google_malware) as RSS-FeedBlocked by google safebrowsing malwarelist click for analyse pagefollow up this malware(unknown_html_google_malware) for scanner (undef) in md5 table unknown_html_google_malware
 Safe Virus-Viewer and Analyser may take a minute to complete http://core2846.angeliidemoni.com/log3.c ...  up No previous evidence recordedNo evidence recorded deadSaved log of last contact as txt October 12 2009 10:21:52 CEST. SenderBaselookup 193.169.86.31 at Rus CERT university stuttgart germanylookup 193.169.86.31 at Ripefollow up this item(ip) in same window 193.169.86.31 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS6849) in networks tablefollow up this itemfollow up this AS (AS6849) as RSS-Feed AS6849 SenderBaselookup 91.189.86.96 at Rus CERT university stuttgart germanylookup 91.189.86.96 at Ripefollow up this item(review) in same window 91.189.86.96 Safe Virus-Viewer and Analyser may take a minute to complete http://core2846.angeliidemoni.com/log3.c ... follow up this domain(angeliidemoni.com) angeliidemoni.com follow up this itemfollow up this country (RU) as RSS-Feed RU follow up this itemfollow up this region (RIPE) as RSS-Feed RIPE follow up this itemfollow up this enail (abuse@eserver.ru) as RSS-Feed abuse@eserver.ru follow up this itemfollow up this item 193.169.86.0 - 193.169.87.255 follow up this item ESERVER follow up this item eServer.ru - hosting operatoreServer.ru web-hosting companyESERVERESERVER follow up this item dns1.angeliidemoni.com follow up this item dns2.angeliidemoni.com follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://core2846.angeliidemoni.com/log3.c ...
5 221708 2009-10-07 00:00:00 2009-11-15 23:43:31 960.7 follow up this itemfollow up this contributor (sub6) as RSS-Feed sub6lookup Evidence at malwareurl.com
0/41 (0.00%) Virustotal. MD5: ccb0d406dd7a98d9c4d5e4981bb7f91c lookup in virustotal.com (ccb0d406dd7a98d9c4d5e4981bb7f91c)-->[http://www.virustotal.com/analisis/fde4a12bf79234eb10936081762e95b3ee8f47834b13292526f5b940b008ff89-1254936966]follow up this md5sum(ccb0d406dd7a98d9c4d5e4981bb7f91c)follow up this itemfollow up this virusname (malwareurl_Directs+to+Trojan) as RSS-FeedBlocked by google safebrowsing malwarelist click for analyse pagefollow up this malware(malwareurl_Directs+to+Trojan) for scanner (undef) in md5 table0/41 (0.00%) malwareurl_Directs to Trojan
 Safe Virus-Viewer and Analyser may take a minute to complete http://scanyourpc-newx.com/pr.php?id=278 ...  up Saved evidence (46689 Bytes) of first contact as txt October 07 2009 19:33:28 CEST.No evidence recorded deadSaved log of last contact as txt November 15 2009 23:43:31 CET. SenderBaselookup 91.189.86.96 at Rus CERT university stuttgart germanylookup 91.189.86.96 at Ripefollow up this item(ip) in same window 91.189.86.96 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS8342) in networks tablefollow up this itemfollow up this AS (AS8342) as RSS-Feed AS8342 SenderBaselookup 91.189.86.96 at Rus CERT university stuttgart germanylookup 91.189.86.96 at Ripefollow up this item(review) in same window 91.189.86.96 Safe Virus-Viewer and Analyser may take a minute to complete http://scanyourpc-newx.com/pr.php?id=278 ... follow up this domain(scanyourpc-newx.com) scanyourpc-newx.com follow up this itemfollow up this country (RU) as RSS-Feed RU follow up this itemfollow up this region (RIPE) as RSS-Feed RIPE follow up this itemfollow up this enail (abuse@eserver.ru) as RSS-Feed abuse@eserver.ru follow up this itemfollow up this item 91.189.80.0 - 91.189.87.255 follow up this item ESERVER follow up this item eServer.ru - hosting operatoreServer.ru web-hosting companyESERVERESERVER follow up this item ns1.ename.cn follow up this item ns2.ename.cn follow up this item ns3.ename.cn follow up this item ns4.ename.cn follow up this item ns5.ename.cn Safe Virus-Viewer and Analyser may take a minute to complete http://scanyourpc-newx.com/pr.php?id=278 ...
6 205036 2009-09-25 00:00:00 2009-10-01 16:29:26 160.5 follow up this itemfollow up this contributor (sub6) as RSS-Feed sub6lookup Evidence at malwareurl.com
0/41 (0.00%) Virustotal. MD5: 21fe534d2b5e9ad6528cf3287ac9483a lookup in virustotal.com (21fe534d2b5e9ad6528cf3287ac9483a)-->[http://www.virustotal.com/analisis/dae2d711c29cf0fe8b16f488a7d5eb15bb41ef7a2e623989b0e1cb3f7bea9eb5-1254222672]follow up this md5sum(21fe534d2b5e9ad6528cf3287ac9483a)follow up this itemfollow up this virusname (malwareurl_Malware+deployment+affiliate+program) as RSS-Feedfollow up this malware(malwareurl_Malware+deployment+affiliate+program) for scanner (undef) in md5 table0/41 (0.00%) malwareurl_Malware deployment affiliate program
 Safe Virus-Viewer and Analyser may take a minute to complete http://91.189.86.87  up Saved evidence (3097 Bytes) of first contact as txt July 19 2009 16:43:35 CEST.Saved evidence (1456 Bytes) of last contact as txt January 06 2005 13:11:39 CET. closed-1641Saved log of last contact as txt October 01 2009 16:29:25 CEST. SenderBaselookup 91.189.86.87 at Rus CERT university stuttgart germanylookup 91.189.86.87 at Ripefollow up this item(ip) in same window 91.189.86.87 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS8342) in networks tablefollow up this itemfollow up this AS (AS8342) as RSS-Feed AS8342 SenderBaselookup 91.189.86.87 at Rus CERT university stuttgart germanylookup 91.189.86.87 at Ripefollow up this item(review) in same window 91.189.86.87 Safe Virus-Viewer and Analyser may take a minute to complete http://91.189.86.87 follow up this domain(91.189.86.87) 91.189.86.87 follow up this itemfollow up this country (RU) as RSS-Feed RU follow up this itemfollow up this region (RIPE) as RSS-Feed RIPE follow up this itemfollow up this enail (abuse@eserver.ru) as RSS-Feed abuse@eserver.ru follow up this itemfollow up this item 91.189.80.0 - 91.189.87.255 follow up this item ESERVER follow up this item eServer.ru - hosting operatoreServer.ru web-hosting companyESERVERESERVER follow up this item  follow up this item  follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://91.189.86.87
7 178851 2009-09-06 00:00:00 2009-09-06 20:13:28 20.2 follow up this itemfollow up this contributor (sub6) as RSS-Feed sub6lookup Evidence at malwareurl.com
lookup in anubislookup in virustotal.com (d41d8cd98f00b204e9800998ecf8427e)lookup the sha256(e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855) in comodo.comfollow up this md5sum(d41d8cd98f00b204e9800998ecf8427e) multiple instances recorded!follow up this itemfollow up this virusname (malwareurl_Trojan+FakeScanti+%2F+WindowsAntivirusPro+loader) as RSS-Feedfollow up this malware(malwareurl_Trojan+FakeScanti+%2F+WindowsAntivirusPro+loader) for scanner (undef) in md5 table malwareurl_Trojan FakeScanti / WindowsAntivirusPro loader
 Safe Virus-Viewer and Analyser may take a minute to complete http://ingloriousbastardsx.com/action/ac ...  up No previous evidence recordedNo evidence recorded deadSaved log of last contact as txt September 06 2009 20:13:28 CEST. SenderBaselookup 91.189.86.87 at Rus CERT university stuttgart germanylookup 91.189.86.87 at Ripefollow up this item(ip) in same window 91.189.86.87 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS8342) in networks tablefollow up this itemfollow up this AS (AS8342) as RSS-Feed AS8342 SenderBaselookup 91.189.86.87 at Rus CERT university stuttgart germanylookup 91.189.86.87 at Ripefollow up this item(review) in same window 91.189.86.87 Safe Virus-Viewer and Analyser may take a minute to complete http://ingloriousbastardsx.com/action/ac ... follow up this domain(ingloriousbastardsx.com) ingloriousbastardsx.com follow up this itemfollow up this country (RU) as RSS-Feed RU follow up this itemfollow up this region (RIPE) as RSS-Feed RIPE follow up this itemfollow up this enail (abuse@eserver.ru) as RSS-Feed abuse@eserver.ru follow up this itemfollow up this item 91.189.80.0 - 91.189.87.255 follow up this item ESERVER follow up this item eServer.ru - hosting operatoreServer.ru web-hosting companyESERVERESERVER follow up this item dns1.ingloriousbastardsx.com follow up this item dns2.ingloriousbastardsx.com follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://ingloriousbastardsx.com/action/ac ...
8 178853 2009-09-06 00:00:00 2009-09-06 20:13:25 20.2 follow up this itemfollow up this contributor (sub6) as RSS-Feed sub6lookup Evidence at malwareurl.com
lookup in anubislookup in virustotal.com (d41d8cd98f00b204e9800998ecf8427e)lookup the sha256(e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855) in comodo.comfollow up this md5sum(d41d8cd98f00b204e9800998ecf8427e) multiple instances recorded!follow up this itemfollow up this virusname (malwareurl_Trojan+FakeScanti+%2F+WindowsAntivirusPro+loader) as RSS-Feedfollow up this malware(malwareurl_Trojan+FakeScanti+%2F+WindowsAntivirusPro+loader) for scanner (undef) in md5 table malwareurl_Trojan FakeScanti / WindowsAntivirusPro loader
 Safe Virus-Viewer and Analyser may take a minute to complete http://core2623.ingloriousbastardsx.com/ ...  up No previous evidence recordedNo evidence recorded deadSaved log of last contact as txt September 06 2009 20:13:25 CEST. SenderBaselookup 91.189.86.87 at Rus CERT university stuttgart germanylookup 91.189.86.87 at Ripefollow up this item(ip) in same window 91.189.86.87 possible lookup in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS8342) in networks tablefollow up this itemfollow up this AS (AS8342) as RSS-Feed AS8342 SenderBaselookup 91.189.86.87 at Rus CERT university stuttgart germanylookup 91.189.86.87 at Ripefollow up this item(review) in same window 91.189.86.87 Safe Virus-Viewer and Analyser may take a minute to complete http://core2623.ingloriousbastardsx.com/ ... follow up this domain(ingloriousbastardsx.com) ingloriousbastardsx.com follow up this itemfollow up this country (RU) as RSS-Feed RU follow up this itemfollow up this region (RIPE) as RSS-Feed RIPE follow up this itemfollow up this enail (abuse@eserver.ru) as RSS-Feed abuse@eserver.ru follow up this itemfollow up this item 91.189.80.0 - 91.189.87.255 follow up this item ESERVER follow up this item eServer.ru - hosting operatoreServer.ru web-hosting companyESERVERESERVER follow up this item dns1.ingloriousbastardsx.com follow up this item dns2.ingloriousbastardsx.com follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to complete http://core2623.ingloriousbastardsx.com/ ...
Click here for other vital incidents