CLEAN MX realtime database    
public access query for virus URL statistics
Totally watched: 3635605 As of 2014-04-25 09:06:11 CEST
Subscribe to the VirusWatch Mailing list, updated hourly

This database consists of Virus URI, collected and verified since Feb 2006
Tweet
If you detect URI'S concerning your netblock, already closed... you have made a good job, otherwise please close them as soon as possible.

to look at some nice charts, there are complete statisticsstatistics for this database
Attention: all URI'S are manually verified, but not cross-checked for real viruses function in this moment you make this query.(Sites may have been closed already..)
Our automatic Viruswalker process is scheduled every hour, so you may see now a incident and this one will be resolved later on.
So please keep on sending close-feedbacks to us...

if you have questions, criticism, wishes or ... do not hesitate to contact us at abuse@clean-mx.de
Our PBX is down you may reach us by cell phone +49 171 4802507 ...
Query as xml: Same query as xml output
TIMERS: Runtime Query: 0.0935 Seconds 6 hits
helpLine help#descendigascending helpDatedescendigascending helpCloseddescendigascending helphours helpcontributordescendigascending helpvirusnamedescendigascending helpURLdescendigascending helpip state helpresponsedescendigascending helpIp initialdescendigascending helpAS#descendigascending helpip reviewdescendigascending helpURLdescendigascending helpDomaindescendigascending helpcountrydescendigascending helpsourcedescendigascending helpemaildescendigascending helpinetnumdescendigascending helpnetnamedescendigascending helpdescrdescendigascending helpns1descendigascending helpns2descendigascending helpns3descendigascending helpns4descendigascending helpns5descendigascending helpURLdescendigascending
1 follow up this item(693123) 693123  2010-11-18 19:28:00 2010-11-24 12:06:07 136.6 follow up this itemfollow up this contributor (malwaredomainlist.com) as RSS-Feed sub4lookup Evidence at malwaredomainlist.com
7/40 (17.5%) 
 
Win32:FakeAlert-TB
Win32:FakeAlert-TB
Gen:Variant.FakeAlert.40
Trojan.Fakesec-123
Win32:FakeAlert-TB

a
variant
of
Win32/Kryptik.IGU
Mal/FakeAV-EE 
 lookup in virustotal.com (eafd47b41b3c9487a981b86f0766efe5)-->[http://www.virustotal.com/latest-report.html?resource=eafd47b41b3c9487a981b86f0766efe5]lookup in threatexpert.comlookup the sha256(eb80985c5e55757f75ddd1f40dd062fa3747b02a0efef076b367eea677649a60) in comodo.comfollow up this md5sum(eafd47b41b3c9487a981b86f0766efe5)follow up this itemfollow up this virusname (Trojan.Fakesec-123) as RSS-Feedlookup Virusname at viruspoolfollow up this malware(Trojan.Fakesec-123) for scanner (clamav) in md5 table7/40 (17.5%) Trojan.Fakesec-123
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://kamz.net/inst.exe  up No previous evidence recordedNo evidence recorded deadSaved log of last contact as txt November 24 2010 12:06:07 CET. follow up this ip (ip=95.169.190.224) as RSS-FeedSenderBaselookup 95.169.190.224 at virustotallookup 95.169.190.224 at Rus CERT university stuttgart germanylookup 95.169.190.224 at Ripefollow up this item(ip) in same window 95.169.190.224 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS31103) in networks tablefollow up this itemfollow up this AS (AS31103) as RSS-Feed AS31103 follow up this ip (review=95.169.190.224) as RSS-FeedSenderBaselookup 95.169.190.224 at virustotallookup 95.169.190.224 at Rus CERT university stuttgart germanylookup 95.169.190.224 at Ripefollow up this item(review) in same window 95.169.190.224 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://kamz.net/inst.exe follow up this domain (kamz.net) as RSS-Feedlookup kamz.net at virustotalfollow up this domain(kamz.net) kamz.net follow up this itemfollow up this country (RU) as RSS-Feed RU follow up this itemfollow up this region (RIPE) as RSS-Feed RIPE follow up this itemfollow up this enail (abuse@keyweb.ru) as RSS-Feed abuse@keyweb.ru follow up this itemfollow up this item 95.169.190.0 - 95.169.191.254 follow up this item RU-KEYWEB follow up this item Keyweb Online Limited IP NetworkKeyweb AG IP Network follow up this item ns1.regway.com follow up this item ns2.regway.com follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://kamz.net/inst.exe
2 follow up this item(692947) 692947  2010-11-18 14:35:15 2010-11-24 12:19:11 141.7 follow up this itemfollow up this contributor (commodo results) as RSS-Feed sub20possible lookup Evidence at malwaredomainlist.com
1/41 (2.4%) 
 
Trojan.Fakesec-123 
 lookup in virustotal.com (cc3bcddfb9ae04df6b701e4375b6fe65)-->[http://www.virustotal.com/latest-report.html?resource=cc3bcddfb9ae04df6b701e4375b6fe65]lookup in threatexpert.comlookup the sha256(4fe002a5c9977b9d80316398fd2dd61e27c438f04f63bc15e438b017863778e3) in comodo.comfollow up this md5sum(cc3bcddfb9ae04df6b701e4375b6fe65)follow up this itemfollow up this virusname (Trojan.Fakesec-123) as RSS-Feedlookup Virusname at viruspoolfollow up this malware(Trojan.Fakesec-123) for scanner (clamav) in md5 table1/41 (2.4%) Trojan.Fakesec-123
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://ekms.net/saz22/load.php?file=1  down No previous evidence recordedNo evidence recorded deadSaved log of last contact as txt November 24 2010 12:19:11 CET. follow up this ip (ip=95.169.190.224) as RSS-FeedSenderBaselookup 95.169.190.224 at virustotallookup 95.169.190.224 at Rus CERT university stuttgart germanylookup 95.169.190.224 at ARINfollow up this item(ip) in same window 95.169.190.224 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS31103) in networks tablefollow up this itemfollow up this AS (AS31103) as RSS-Feed AS31103 undef Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://ekms.net/saz22/load.php?file=1 follow up this domain (ekms.net) as RSS-Feedlookup ekms.net at virustotalfollow up this domain(ekms.net) ekms.net follow up this itemfollow up this country (RU) as RSS-Feed RU follow up this itemfollow up this region (ARIN) as RSS-Feed ARIN follow up this itemfollow up this enail (abuse@keyweb.ru) as RSS-Feed abuse@keyweb.ru follow up this itemfollow up this item 95.169.190.0 - 95.169.191.254 follow up this item RU-KEYWEB follow up this item Keyweb Online Limited IP NetworkKeyweb AG IP Network follow up this item cheapreg.venus.orderbox-dns.com follow up this item cheapreg.mars.orderbox-dns.com follow up this item cheapreg.mercury.orderbox-dns.com follow up this item cheapreg.earth.orderbox-dns.com follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://ekms.net/saz22/load.php?file=1
3 follow up this item(689651) 689651  2010-11-12 22:02:41 2010-11-18 12:16:42 134.2 follow up this itemfollow up this contributor (malekal.com) as RSS-Feed sub9possible lookup Evidence at malwaredomainlist.com
7/43 (16.3%) 
 
TR/Crypt.XPACK.Gen3
Gen:Variant.Kazy.3217
Gen:Variant.Kazy.3217
a
variant
of
Win32/Kryptik.IDC
Trojan.Agent/Gen-Backdoor
TROJ_FAKEAV.SMES
TROJ_FAKEAV.SMES 
 lookup in virustotal.com (291a900a3acec15d6899bff17043907d)-->[http://www.virustotal.com/latest-report.html?resource=291a900a3acec15d6899bff17043907d]lookup in threatexpert.comlookup the sha256(7cc4d17f5e213ff4aa15d5685902136dddd8a3342b072dce61d08555da59e764) in comodo.comfollow up this md5sum(291a900a3acec15d6899bff17043907d)follow up this itemfollow up this virusname (Trojan.Fakesec-123) as RSS-Feedlookup Virusname at viruspoolfollow up this malware(Trojan.Fakesec-123) for scanner (clamav) in md5 table7/43 (16.3%) Trojan.Fakesec-123
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://109.196.143.136/bljat_eghoerhpiyn ...  up No previous evidence recordedNo evidence recorded deadSaved log of last contact as txt November 18 2010 12:16:42 CET. follow up this ip (ip=109.196.143.136) as RSS-FeedSenderBaselookup 109.196.143.136 at virustotallookup 109.196.143.136 at Rus CERT university stuttgart germanylookup 109.196.143.136 at Ripefollow up this item(ip) in same window 109.196.143.136 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS39150) in networks tablefollow up this itemfollow up this AS (AS39150) as RSS-Feed AS39150 follow up this ip (review=109.196.143.136) as RSS-FeedSenderBaselookup 109.196.143.136 at virustotallookup 109.196.143.136 at Rus CERT university stuttgart germanylookup 109.196.143.136 at Ripefollow up this item(review) in same window 109.196.143.136 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://109.196.143.136/bljat_eghoerhpiyn ... follow up this domain (109.196.143.136) as RSS-Feedlookup 109.196.143.136 at virustotalfollow up this domain(109.196.143.136) 109.196.143.136 follow up this itemfollow up this country (RU) as RSS-Feed RU follow up this itemfollow up this region (RIPE) as RSS-Feed RIPE follow up this itemfollow up this enail (abuse@vline.ru) as RSS-Feed abuse@vline.ru follow up this itemfollow up this item 109.196.128.0 - 109.196.143.255 follow up this item VLINERU-COLOCATION-M9 follow up this item Net of VLine Ltd, Hosting & Colocation service provider,which provides shared hosting, mail hosting, Colocationand domain name registration.VLine, Ltd.VLine Telecom BlockMoscow, Russiahttp follow up this item  follow up this item  follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://109.196.143.136/bljat_eghoerhpiyn ...
4 follow up this item(689102) 689102  2010-11-12 06:42:49 2010-11-18 12:32:48 149.8 follow up this itemfollow up this contributor (commodo results) as RSS-Feed sub20possible lookup Evidence at malwaredomainlist.com
4/43 (9.3%) 
 
Gen:Variant.FakeAlert.38
Gen:Variant.FakeAlert.38
Gen:Variant.FakeAlert.38
a
variant
of
Win32/Kryptik.HZW 
 lookup in virustotal.com (9a294d89bf07936185b8c4da48925c45)-->[http://www.virustotal.com/latest-report.html?resource=9a294d89bf07936185b8c4da48925c45]lookup in threatexpert.comlookup the sha256(bb2112d2bfcd60d700c4e063879f5d2c0b954d373524b2f6a0f94881212f46a3) in comodo.comfollow up this md5sum(9a294d89bf07936185b8c4da48925c45)follow up this itemfollow up this virusname (Trojan.Fakesec-123) as RSS-Feedlookup Virusname at viruspoolfollow up this malware(Trojan.Fakesec-123) for scanner (clamav) in md5 table4/43 (9.3%) Trojan.Fakesec-123
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://109.196.143.134/swnd_fdlshgheroia ...  up No previous evidence recordedNo evidence recorded deadSaved log of last contact as txt November 18 2010 12:32:48 CET. follow up this ip (ip=109.196.143.134) as RSS-FeedSenderBaselookup 109.196.143.134 at virustotallookup 109.196.143.134 at Rus CERT university stuttgart germanylookup 109.196.143.134 at Ripefollow up this item(ip) in same window 109.196.143.134 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS39150) in networks tablefollow up this itemfollow up this AS (AS39150) as RSS-Feed AS39150 follow up this ip (review=109.196.143.134) as RSS-FeedSenderBaselookup 109.196.143.134 at virustotallookup 109.196.143.134 at Rus CERT university stuttgart germanylookup 109.196.143.134 at Ripefollow up this item(review) in same window 109.196.143.134 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://109.196.143.134/swnd_fdlshgheroia ... follow up this domain (109.196.143.134) as RSS-Feedlookup 109.196.143.134 at virustotalfollow up this domain(109.196.143.134) 109.196.143.134 follow up this itemfollow up this country (RU) as RSS-Feed RU follow up this itemfollow up this region (RIPE) as RSS-Feed RIPE follow up this itemfollow up this enail (abuse@vline.ru) as RSS-Feed abuse@vline.ru follow up this itemfollow up this item 109.196.128.0 - 109.196.143.255 follow up this item VLINERU-COLOCATION-M9 follow up this item Net of VLine Ltd, Hosting & Colocation service provider,which provides shared hosting, mail hosting, Colocationand domain name registration.VLine, Ltd.VLine Telecom BlockMoscow, Russiahttp follow up this item  follow up this item  follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://109.196.143.134/swnd_fdlshgheroia ...
5 follow up this item(687290) 687290  2010-11-09 19:34:01 2010-11-18 13:25:49 209.9 follow up this itemfollow up this contributor (malekal.com) as RSS-Feed sub9possible lookup Evidence at malwaredomainlist.com
4/42 (9.5%) 
 
FakeAlert-SecurityTool.q
SecurityToolFraud!Gen4
VirTool.Win32.Obfuscator.ah!e
(v)
SecurityToolFraud!Gen4 
 lookup in virustotal.com (9e930dfa86320ea9c2ce718d4951b82d)-->[http://www.virustotal.com/latest-report.html?resource=9e930dfa86320ea9c2ce718d4951b82d]lookup in threatexpert.comlookup the sha256(78e4aff1f6452a35ccc0b84d58043ac069983833ea882a1f43ae40e0588d04a0) in comodo.comfollow up this md5sum(9e930dfa86320ea9c2ce718d4951b82d)follow up this itemfollow up this virusname (Trojan.Fakesec-123) as RSS-Feedlookup Virusname at viruspoolfollow up this malware(Trojan.Fakesec-123) for scanner (clamav) in md5 table4/42 (9.5%) Trojan.Fakesec-123
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://109.196.143.136/test_severyan_sdh ...  up No previous evidence recordedNo evidence recorded deadSaved log of last contact as txt November 18 2010 13:25:49 CET. follow up this ip (ip=109.196.143.136) as RSS-FeedSenderBaselookup 109.196.143.136 at virustotallookup 109.196.143.136 at Rus CERT university stuttgart germanylookup 109.196.143.136 at Ripefollow up this item(ip) in same window 109.196.143.136 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS39150) in networks tablefollow up this itemfollow up this AS (AS39150) as RSS-Feed AS39150 follow up this ip (review=109.196.143.136) as RSS-FeedSenderBaselookup 109.196.143.136 at virustotallookup 109.196.143.136 at Rus CERT university stuttgart germanylookup 109.196.143.136 at Ripefollow up this item(review) in same window 109.196.143.136 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://109.196.143.136/test_severyan_sdh ... follow up this domain (109.196.143.136) as RSS-Feedlookup 109.196.143.136 at virustotalfollow up this domain(109.196.143.136) 109.196.143.136 follow up this itemfollow up this country (RU) as RSS-Feed RU follow up this itemfollow up this region (RIPE) as RSS-Feed RIPE follow up this itemfollow up this enail (abuse@vline.ru) as RSS-Feed abuse@vline.ru follow up this itemfollow up this item 109.196.128.0 - 109.196.143.255 follow up this item VLINERU-COLOCATION-M9 follow up this item Net of VLine Ltd, Hosting & Colocation service provider,which provides shared hosting, mail hosting, Colocationand domain name registration.VLine, Ltd.VLine Telecom BlockMoscow, Russiahttp follow up this item  follow up this item  follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://109.196.143.136/test_severyan_sdh ...
6 follow up this item(653909) 653909  2010-09-21 18:31:07 2010-11-25 00:14:35 1542.7 follow up this itemfollow up this contributor (malekal.com) as RSS-Feed sub9possible lookup Evidence at malwaredomainlist.com
2/39 (5,13%) 
 
Trojan.Fakesec-111
FakeAlert-SpyPro.gen.p 
 lookup in virustotal.com (34de20931d2a1977e046db815ee4595a)-->[http://www.virustotal.com/latest-report.html?resource=34de20931d2a1977e046db815ee4595a]lookup in threatexpert.comlookup the sha256(0c61eeee0ed5ec5e1584d94055023e8ec2f88dcc8e8e9bfd9e881ee7d95b0501) in comodo.comfollow up this md5sum(34de20931d2a1977e046db815ee4595a)follow up this itemfollow up this virusname (Trojan.Fakesec-123) as RSS-Feedlookup Virusname at viruspoolfollow up this malware(Trojan.Fakesec-123) for scanner (clamav) in md5 table2/39 (5,13%) Trojan.Fakesec-123
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://hotfreetubemovies.com/mov524/movi ...  down No previous evidence recordedNo evidence recorded deadSaved log of last contact as txt November 25 2010 00:14:35 CET. follow up this ip (ip=91.188.59.74) as RSS-FeedSenderBaselookup 91.188.59.74 at virustotallookup 91.188.59.74 at Rus CERT university stuttgart germanylookup 91.188.59.74 at Ripefollow up this item(ip) in same window 91.188.59.74 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS6851) in networks tablefollow up this itemfollow up this AS (AS6851) as RSS-Feed AS6851 undef Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://hotfreetubemovies.com/mov524/movi ... follow up this domain (hotfreetubemovies.com) as RSS-Feedlookup hotfreetubemovies.com at virustotalfollow up this domain(hotfreetubemovies.com) hotfreetubemovies.com follow up this itemfollow up this country (MD) as RSS-Feed MD follow up this itemfollow up this region (RIPE) as RSS-Feed RIPE follow up this itemfollow up this enail (donstroitel@mail.com) as RSS-Feed donstroitel@mail.com follow up this itemfollow up this item 91.188.32.0 - 91.188.63.255 follow up this item Donstroy-1 follow up this item Donstroy Ltd.donstroy-route-1 follow up this item ns1.iil10oil0.com follow up this item ns2.iil10oil0.com follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://hotfreetubemovies.com/mov524/movi ...
Click here for other vital incidents



Protected by clean MX [Valid RSS] Valid HTML 4.01 Transitional CSS ist valide!
Access is provided for free and subject to these Terms and Conditions.