CLEAN MX realtime database    
public access query for virus URL statistics
Totally watched: 3591582 As of 2014-04-19 14:24:34 CEST
Subscribe to the VirusWatch Mailing list, updated hourly

This database consists of Virus URI, collected and verified since Feb 2006
Tweet
If you detect URI'S concerning your netblock, already closed... you have made a good job, otherwise please close them as soon as possible.

to look at some nice charts, there are complete statisticsstatistics for this database
Attention: all URI'S are manually verified, but not cross-checked for real viruses function in this moment you make this query.(Sites may have been closed already..)
Our automatic Viruswalker process is scheduled every hour, so you may see now a incident and this one will be resolved later on.
So please keep on sending close-feedbacks to us...

if you have questions, criticism, wishes or ... do not hesitate to contact us at abuse@clean-mx.de
Our PBX is down you may reach us by cell phone +49 171 4802507 ...
Query as xml: Same query as xml output
TIMERS: Runtime Query: 0.1708 Seconds 10 hits
helpLine help#descendigascending helpDatedescendigascending helpCloseddescendigascending helphours helpcontributordescendigascending helpvirusnamedescendigascending helpURLdescendigascending helpip state helpresponsedescendigascending helpIp initialdescendigascending helpAS#descendigascending helpip reviewdescendigascending helpURLdescendigascending helpDomaindescendigascending helpcountrydescendigascending helpsourcedescendigascending helpemaildescendigascending helpinetnumdescendigascending helpnetnamedescendigascending helpdescrdescendigascending helpns1descendigascending helpns2descendigascending helpns3descendigascending helpns4descendigascending helpns5descendigascending helpURLdescendigascending
1 follow up this item(21726170) 21726170  2014-02-26 11:01:44 2014-03-11 19:06:03 320.1 follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
10/48 (20.8%) 
 Riskware
(
1c84efad0
)
W32/Heuristic-300!Eldorado
Suspect.DoubleExtension-zippwd-15
Troj/Malit-K
Heur.Dual.Extensions
Trojan.Ciusky.Gen.3
HEUR_NAMETRICK.A
RAR/Agent.U
PE:Attention.APT-Bait.DisguisedAsDocument/Heur!1.9DF3
Malware.QVM06.Gen 
 lookup in virustotal.com (3dcf29954accaff34d1ff3fc44dd7891)-->[http://www.virustotal.com/latest-report.html?resource=3dcf29954accaff34d1ff3fc44dd7891]lookup in threatexpert.comlookup the sha256(b983c7c3281bf1e136d453203f9252a7558699eb67816818b11b6b8d384af228) in comodo.comfollow up this md5sum(3dcf29954accaff34d1ff3fc44dd7891)follow up this itemfollow up this virusname (Suspect.DoubleExtension-zippwd-15) as RSS-Feedlookup Virusname at viruspoolfollow up this malware(Suspect.DoubleExtension-zippwd-15) for scanner (clamav) in md5 table10/48 (20.8%) Suspect.DoubleExtension-zippwd-15
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://www.attachements.comuv.com/Dotazn ...  up Saved evidence (2783204 Bytes) of first contact as txt February 25 2014 11:56:56 CET.Saved evidence (2783204 Bytes) of last contact as txt February 25 2014 11:56:56 CET. deadSaved log of last contact as txt March 11 2014 19:03:23 CET. follow up this ip (ip=31.170.163.150) as RSS-FeedSenderBaselookup 31.170.163.150 at virustotallookup 31.170.163.150 at Rus CERT university stuttgart germanylookup 31.170.163.150 at Ripefollow up this item(ip) in same window 31.170.163.150 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS47583) in networks tablefollow up this itemfollow up this AS (AS47583) as RSS-Feed AS47583 follow up this ip (review=31.170.163.150) as RSS-FeedSenderBaselookup 31.170.163.150 at virustotallookup 31.170.163.150 at Rus CERT university stuttgart germanylookup 31.170.163.150 at Ripefollow up this item(review) in same window 31.170.163.150 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://www.attachements.comuv.com/Dotazn ... follow up this domain (comuv.com) as RSS-Feedlookup comuv.com at virustotalfollow up this domain(comuv.com) comuv.com follow up this itemfollow up this country (US) as RSS-Feed US follow up this itemfollow up this region (RIPE) as RSS-Feed RIPE follow up this itemfollow up this enail (abuse@main-hosting.com) as RSS-Feed abuse@main-hosting.com follow up this itemfollow up this item 31.170.160.32 - 31.170.163.255 follow up this item MAIN-HOSTING-SERVERS follow up this item Main Hosting Servers follow up this item ns2.000webhost.com follow up this item ns1.000webhost.com follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://www.attachements.comuv.com/Dotazn ...
2 follow up this item(20314684) 20314684  2014-02-09 00:02:39 2014-02-17 21:39:56 213.6 follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
26/45 (57.8%) 
 
FakeAlert
TR/Remtasu.U.1
Trojan/MSIL.Zapchast
Win32:Malware-gen
Trojan.Win32.Clicker.ALa
W32.HfsAutoA.A5d0
Suspect.DoubleExtension-zippwd-15
UnclassifiedMalware
Win32/Remtasu.U
W32/Heuristic-300!Eldorado
W32/Clicker.CI!tr
Win32.Trojan.Agent.14LJ3I
Worm. 
 lookup in virustotal.com (b9bcb80120f889c086f708944b4bca9c)-->[http://www.virustotal.com/latest-report.html?resource=b9bcb80120f889c086f708944b4bca9c]lookup in threatexpert.comlookup the sha256(869fe277158779b9b38cc352b96b1e77eae1dc52f1f3522eac73e1cffb5cb298) in comodo.comfollow up this md5sum(b9bcb80120f889c086f708944b4bca9c)follow up this itemfollow up this virusname (Suspect.DoubleExtension-zippwd-15) as RSS-Feedlookup Virusname at viruspoolfollow up this malware(Suspect.DoubleExtension-zippwd-15) for scanner (clamav) in md5 table26/45 (57.8%) Suspect.DoubleExtension-zippwd-15
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://www.radio-tv-burkhardt.ch/images/ ...  up Saved evidence (1004642 Bytes) of first contact as txt February 01 2014 14:12:44 CET.Saved evidence (1004642 Bytes) of last contact as txt February 01 2014 14:12:44 CET. deadSaved log of last contact as txt February 17 2014 21:39:15 CET. follow up this ip (ip=212.243.197.19) as RSS-FeedSenderBaselookup 212.243.197.19 at virustotallookup 212.243.197.19 at Rus CERT university stuttgart germanylookup 212.243.197.19 at Ripefollow up this item(ip) in same window 212.243.197.19 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS3303) in networks tablefollow up this itemfollow up this AS (AS3303) as RSS-Feed AS3303 follow up this ip (review=212.243.197.19) as RSS-FeedSenderBaselookup 212.243.197.19 at virustotallookup 212.243.197.19 at Rus CERT university stuttgart germanylookup 212.243.197.19 at Ripefollow up this item(review) in same window 212.243.197.19 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://www.radio-tv-burkhardt.ch/images/ ... follow up this domain (radio-tv-burkhardt.ch) as RSS-Feedlookup radio-tv-burkhardt.ch at virustotalfollow up this domain(radio-tv-burkhardt.ch) radio-tv-burkhardt.ch follow up this itemfollow up this country (CH) as RSS-Feed CH follow up this itemfollow up this region (RIPE) as RSS-Feed RIPE follow up this itemfollow up this enail (abuse@ip-plus.net) as RSS-Feed abuse@ip-plus.net follow up this itemfollow up this item 212.243.197.0 - 212.243.197.127 follow up this item NETZONE-NET follow up this item Netzone Internet-ServicesSwisscom AGProvider follow up this item ns2.netzone.ch follow up this item ns1.netzone.ch follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://www.radio-tv-burkhardt.ch/images/ ...
3 follow up this item(19841143) 19841143 Report false positive Report closed case make a suggestion 2014-01-27 09:10:17 OVERDUE! Overdue!1973.1 follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
10/45 (22.2%) 
 
Gen:Variant.Kazy.329219
Suspect.DoubleExtension-zippwd-15
Gen:Variant.Kazy.329219
(B)
Gen:Variant.Kazy.329219
W32/Agent.AFPX!tr
Gen:Variant.Kazy.329219
Gen:Variant.Kazy.329219
PE:Attention.APT-Bait.DisguisedAsDocument/Heur!1.9DF3
Mal/BredoZp-C
HEUR_NAME 
 lookup in virustotal.com (2c044ee102885cd05455766b38b4ab8d)-->[http://www.virustotal.com/latest-report.html?resource=2c044ee102885cd05455766b38b4ab8d]lookup in threatexpert.comlookup the sha256(40cd7eecab08b72ee493595b7282aed844f63ae0648eafadd9f103ef82832b37) in comodo.comfollow up this md5sum(2c044ee102885cd05455766b38b4ab8d)follow up this itemfollow up this virusname (Suspect.DoubleExtension-zippwd-15) as RSS-Feedlookup Virusname at viruspoolfollow up this malware(Suspect.DoubleExtension-zippwd-15) for scanner (clamav) in md5 table10/45 (22.2%) Suspect.DoubleExtension-zippwd-15
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://armedmommy.com/get_private.php  up No previous evidence recordedSaved evidence (16638 Bytes) of last contact as txt January 27 2014 09:26:38 CET. aliveSaved log of last contact as txt January 27 2014 09:26:38 CET. follow up this ip (ip=64.6.101.102) as RSS-FeedSenderBaselookup 64.6.101.102 at virustotallookup 64.6.101.102 at Rus CERT university stuttgart germanylookup 64.6.101.102 at ARINfollow up this item(ip) in same window 64.6.101.102 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS30266) in networks tablefollow up this itemfollow up this AS (AS30266) as RSS-Feed AS30266 follow up this ip (review=64.6.101.102) as RSS-FeedSenderBaselookup 64.6.101.102 at virustotallookup 64.6.101.102 at Rus CERT university stuttgart germanylookup 64.6.101.102 at ARINfollow up this item(review) in same window 64.6.101.102 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://armedmommy.com/get_private.php follow up this domain (armedmommy.com) as RSS-Feedlookup armedmommy.com at virustotalfollow up this domain(armedmommy.com) armedmommy.com follow up this itemfollow up this country (US) as RSS-Feed US follow up this itemfollow up this region (ARIN) as RSS-Feed ARIN follow up this itemfollow up this enail (poc@a1colo.com) as RSS-Feed poc@a1colo.com follow up this itemfollow up this item 64.6.96.0 - 64.6.111.255 follow up this item A1COLO follow up this item A1COLO.COM A1COL PMB #241 3089 - C CLAIREMONT DR. San Diego CA 92117 follow up this item ns2.amerinoc.com follow up this item ns1.amerinoc.com follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://armedmommy.com/get_private.php
4 follow up this item(18169969) 18169969 Report false positive Report closed case make a suggestion 2013-12-14 01:10:18 OVERDUE! Overdue!3037.1 follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
possible lookup in wepawet35/46 (76.1%) 
 
BAT/Qhost
Trojan.Bicololo!NQNkKs7v1/o
Trojan/Win32.Bicololo
TR/Bicololo.BC
VBS:Bicololo-KN
Trj
Trojan.Win32.Bicololo.aiRb
Gen:Heur.SMHeist.2
Trojan.Qhost
UnclassifiedMalware
Trojan.Hosts.24070
Win32/Bicololo.A
W32/Heuristic-300!Eldorado
Gen:Heur.SMHeist 
 lookup in virustotal.com (0ebfa218afc9126d0f651d9c648845f0)-->[http://www.virustotal.com/latest-report.html?resource=0ebfa218afc9126d0f651d9c648845f0]lookup in threatexpert.comlookup the sha256(daa08bca7ad883e439f54ece70ce2bc1e605112afc7b4c093c145bd77832de6c) in comodo.comfollow up this md5sum(0ebfa218afc9126d0f651d9c648845f0)follow up this itemfollow up this virusname (Suspect.DoubleExtension-zippwd-15) as RSS-Feedlookup Virusname at viruspoolfollow up this malware(Suspect.DoubleExtension-zippwd-15) for scanner (clamav) in md5 table35/46 (76.1%) Suspect.DoubleExtension-zippwd-15
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://kratovo-dom.ru/cgi_binn/w2c1sM/gd ...  up No previous evidence recordedSaved evidence (106115 Bytes) of last contact as txt December 14 2013 04:45:15 CET. aliveSaved log of last contact as txt December 14 2013 04:45:13 CET. follow up this ip (ip=90.156.201.46) as RSS-FeedSenderBaselookup 90.156.201.46 at virustotallookup 90.156.201.46 at Rus CERT university stuttgart germanylookup 90.156.201.46 at Ripefollow up this item(ip) in same window 90.156.201.46 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS25532) in networks tablefollow up this itemfollow up this AS (AS25532) as RSS-Feed AS25532 follow up this ip (review=90.156.201.62) as RSS-FeedSenderBaselookup 90.156.201.62 at virustotallookup 90.156.201.62 at Rus CERT university stuttgart germanylookup 90.156.201.62 at Ripefollow up this item(review) in same window 90.156.201.62 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://kratovo-dom.ru/cgi_binn/w2c1sM/gd ... follow up this domain (kratovo-dom.ru) as RSS-Feedlookup kratovo-dom.ru at virustotalfollow up this domain(kratovo-dom.ru) kratovo-dom.ru follow up this itemfollow up this country (RU) as RSS-Feed RU follow up this itemfollow up this region (RIPE) as RSS-Feed RIPE follow up this itemfollow up this enail (abuse@masterhost.ru) as RSS-Feed abuse@masterhost.ru follow up this itemfollow up this item 90.156.201.0 - 90.156.201.255 follow up this item MASTERHOST-HOSTING follow up this item Masterhost.ru is a hosting and technical support organization. follow up this item ns2.masterhost.ru follow up this item ns.masterhost.ru follow up this item ns1.masterhost.ru follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://kratovo-dom.ru/cgi_binn/w2c1sM/gd ...
5 follow up this item(18169968) 18169968 Report false positive Report closed case make a suggestion 2013-12-14 01:10:18 OVERDUE! Overdue!3037.1 follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
possible lookup in wepawet34/44 (77.3%) 
 
BAT/Qhost
Trojan.Bicololo!NQNkKs7v1/o
TR/Bicololo.BC
VBS:Bicololo-KN
Trj
Trojan.Win32.Bicololo.aiRb
Gen:Heur.SMHeist.2
Trojan.Qhost
UnclassifiedMalware
Trojan.Hosts.24070
Win32/Bicololo.A
W32/Heuristic-300!Eldorado
Gen:Heur.SMHeist.2
Riskware/Sim
Gen:He 
 lookup in virustotal.com (b8e08bbaeb6aef7034b74f533d4e3474)-->[http://www.virustotal.com/latest-report.html?resource=b8e08bbaeb6aef7034b74f533d4e3474]lookup in threatexpert.comlookup the sha256(4cff00f80bd4770df47b1f9adcb0e8579a2ae6a47fa22743c09821367e258610) in comodo.comfollow up this md5sum(b8e08bbaeb6aef7034b74f533d4e3474)follow up this itemfollow up this virusname (Suspect.DoubleExtension-zippwd-15) as RSS-Feedlookup Virusname at viruspoolfollow up this malware(Suspect.DoubleExtension-zippwd-15) for scanner (clamav) in md5 table34/44 (77.3%) Suspect.DoubleExtension-zippwd-15
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://kratovo-dom.ru/cgi_binn/rigtw9/gd ...  up No previous evidence recordedSaved evidence (106131 Bytes) of last contact as txt December 14 2013 04:45:39 CET. aliveSaved log of last contact as txt December 14 2013 04:45:39 CET. follow up this ip (ip=90.156.201.62) as RSS-FeedSenderBaselookup 90.156.201.62 at virustotallookup 90.156.201.62 at Rus CERT university stuttgart germanylookup 90.156.201.62 at Ripefollow up this item(ip) in same window 90.156.201.62 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS25532) in networks tablefollow up this itemfollow up this AS (AS25532) as RSS-Feed AS25532 follow up this ip (review=90.156.201.70) as RSS-FeedSenderBaselookup 90.156.201.70 at virustotallookup 90.156.201.70 at Rus CERT university stuttgart germanylookup 90.156.201.70 at Ripefollow up this item(review) in same window 90.156.201.70 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://kratovo-dom.ru/cgi_binn/rigtw9/gd ... follow up this domain (kratovo-dom.ru) as RSS-Feedlookup kratovo-dom.ru at virustotalfollow up this domain(kratovo-dom.ru) kratovo-dom.ru follow up this itemfollow up this country (RU) as RSS-Feed RU follow up this itemfollow up this region (RIPE) as RSS-Feed RIPE follow up this itemfollow up this enail (abuse@masterhost.ru) as RSS-Feed abuse@masterhost.ru follow up this itemfollow up this item 90.156.201.0 - 90.156.201.255 follow up this item MASTERHOST-HOSTING follow up this item Masterhost.ru is a hosting and technical support organization. follow up this item ns2.masterhost.ru follow up this item ns.masterhost.ru follow up this item ns1.masterhost.ru follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://kratovo-dom.ru/cgi_binn/rigtw9/gd ...
6 follow up this item(17597095) 17597095 Report false positive Report closed case make a suggestion 2013-11-29 10:43:24 OVERDUE! Overdue!3387.5 follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
26/48 (54.2%) 
 Gen:Variant.Strictor.45500
Artemis!39FEC4D73963
W32/Heuristic-300!Eldorado
Troj_Generic.RKWOC
TROJ_GEN.F47V1127
Win32:Malware-gen
Suspect.DoubleExtension-zippwd-15
HEUR:Trojan.Win32.Generic
Gen:Variant.Strictor.45500
Suspicious!SA
Gen:Variant.Strictor.45 
 lookup in virustotal.com (be4fe56ff9be956a1cbdf6d601caab17)-->[http://www.virustotal.com/latest-report.html?resource=be4fe56ff9be956a1cbdf6d601caab17]lookup in threatexpert.comlookup the sha256(cbedacdffc119ddf6e3cf62a7cb588e10efd84a9151acf8533137a086ed64363) in comodo.comfollow up this md5sum(be4fe56ff9be956a1cbdf6d601caab17)follow up this itemfollow up this virusname (Suspect.DoubleExtension-zippwd-15) as RSS-Feedlookup Virusname at viruspoolfollow up this malware(Suspect.DoubleExtension-zippwd-15) for scanner (clamav) in md5 table26/48 (54.2%) Suspect.DoubleExtension-zippwd-15
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://ge.tt/api/1/files/6J76eo01/1/blob ...  up No previous evidence recordedSaved evidence (922253 Bytes) of last contact as txt November 22 2013 20:15:35 CET. aliveSaved log of last contact as txt November 29 2013 17:02:39 CET. follow up this ip (ip=79.125.123.149) as RSS-FeedSenderBaselookup 79.125.123.149 at virustotallookup 79.125.123.149 at Rus CERT university stuttgart germanylookup 79.125.123.149 at Ripefollow up this item(ip) in same window 79.125.123.149 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS39111) in networks tablefollow up this itemfollow up this AS (AS39111) as RSS-Feed AS39111 follow up this ip (review=79.125.123.149) as RSS-FeedSenderBaselookup 79.125.123.149 at virustotallookup 79.125.123.149 at Rus CERT university stuttgart germanylookup 79.125.123.149 at Ripefollow up this item(review) in same window 79.125.123.149 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://ge.tt/api/1/files/6J76eo01/1/blob ... follow up this domain (ge.tt) as RSS-Feedlookup ge.tt at virustotalfollow up this domain(ge.tt) ge.tt follow up this itemfollow up this country (IE) as RSS-Feed IE follow up this itemfollow up this region (RIPE) as RSS-Feed RIPE follow up this itemfollow up this enail (ec2-abuse@amazon.com) as RSS-Feed ec2-abuse@amazon.com follow up this itemfollow up this item 79.125.64.0 - 79.125.127.255 follow up this item AMAZON-EU-AWS follow up this item Amazon Web Services, Elastic Compute Cloud, EC2, EU follow up this item ns-766.awsdns-31.net follow up this item ns-1403.awsdns-47.org follow up this item ns-1939.awsdns-50.co.uk follow up this item ns-39.awsdns-04.com follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://ge.tt/api/1/files/6J76eo01/1/blob ...
7 follow up this item(12989824) 12989824 Report false positive Report closed case make a suggestion 2013-07-12 06:30:03 OVERDUE! Overdue!6752.8 follow up this itemfollow up this contributor (cross posting from portals) as RSS-Feed sub17possible lookup Evidence at malwaredomainlist.com
17/47 (36.2%) 
 Generic
StartPage.sim
W32/Generic!zip-dobleextension
W32/Heuristic-300!Eldorado
Bicololo.PW
Suspect.DoubleExtension-zippwd-15
Gen:Heur.SMHeist.1
Heur.Dual.Extensions
Gen:Heur.SMHeist.1
Trojan.Hosts.6838
Trojan.Zip.Bredozp.b
(v)
HEUR_NAMETRICK.A
Generic
S 
 lookup in virustotal.com (fe88cf2c24ee2655463204895a888a69)-->[http://www.virustotal.com/latest-report.html?resource=fe88cf2c24ee2655463204895a888a69]lookup in threatexpert.comlookup the sha256(f1ac6ba857ca2190dffbe46a2e9bd084e8f94850b3228c08741e9eb3fd2aa443) in comodo.comfollow up this md5sum(fe88cf2c24ee2655463204895a888a69)follow up this itemfollow up this virusname (Suspect.DoubleExtension-zippwd-15) as RSS-Feedlookup Virusname at viruspoolfollow up this malware(Suspect.DoubleExtension-zippwd-15) for scanner (clamav) in md5 table17/47 (36.2%) Suspect.DoubleExtension-zippwd-15
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://platinumcustomconstruction.net/wp ...  up No previous evidence recordedSaved evidence (68658 Bytes) of last contact as txt July 12 2013 11:34:41 CEST. aliveSaved log of last contact as txt July 12 2013 11:34:41 CEST. follow up this ip (ip=67.227.166.10) as RSS-FeedSenderBaselookup 67.227.166.10 at virustotallookup 67.227.166.10 at Rus CERT university stuttgart germanylookup 67.227.166.10 at ARINfollow up this item(ip) in same window 67.227.166.10 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS32244) in networks tablefollow up this itemfollow up this AS (AS32244) as RSS-Feed AS32244 follow up this ip (review=67.227.166.10) as RSS-FeedSenderBaselookup 67.227.166.10 at virustotallookup 67.227.166.10 at Rus CERT university stuttgart germanylookup 67.227.166.10 at ARINfollow up this item(review) in same window 67.227.166.10 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://platinumcustomconstruction.net/wp ... follow up this domain (platinumcustomconstruction.net) as RSS-Feedlookup platinumcustomconstruction.net at virustotalfollow up this domain(platinumcustomconstruction.net) platinumcustomconstruction.net follow up this itemfollow up this country (US) as RSS-Feed US follow up this itemfollow up this region (ARIN) as RSS-Feed ARIN follow up this itemfollow up this enail (abuse@liquidweb.com) as RSS-Feed abuse@liquidweb.com follow up this itemfollow up this item 67.227.128.0 - 67.227.191.255 follow up this item LIQUIDWEB-9 follow up this item Liquid Web, Inc. LQWB 4210 Creyts Rd. Lansing MI 48917 follow up this item ns1.kellhost.com follow up this item ns2.kellhost.com follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://platinumcustomconstruction.net/wp ...
8 follow up this item(12962191) 12962191 Report false positive Report closed case make a suggestion 2013-07-11 08:30:03 OVERDUE! Overdue!6774.8 follow up this itemfollow up this contributor (cross posting from portals) as RSS-Feed sub17possible lookup Evidence at malwaredomainlist.com
15/33 (45.5%) 
 
Generic
StartPage.sim
W32/Generic!zip-dobleextension
W32/Heuristic-300!Eldorado
Bicololo.PW
Suspect.DoubleExtension-zippwd-15
Gen:Heur.SMHeist.1
Heur.Dual.Extensions
Trojan.Hosts.6838
HEUR_NAMETRICK.A
Generic
StartPage.sim
Gen:Heur.SMHeist.1
(B)
Trojan/ 
 lookup in virustotal.com (afdaa56c14efef9dd1753ecf73508ab9)-->[http://www.virustotal.com/latest-report.html?resource=afdaa56c14efef9dd1753ecf73508ab9]lookup in threatexpert.comlookup the sha256(a3dabfef9f9c5183766a0c4aa1a61483468dea6cbbf036a6b80e8f4cbfdedf78) in comodo.comfollow up this md5sum(afdaa56c14efef9dd1753ecf73508ab9)follow up this itemfollow up this virusname (Suspect.DoubleExtension-zippwd-15) as RSS-Feedlookup Virusname at viruspoolfollow up this malware(Suspect.DoubleExtension-zippwd-15) for scanner (clamav) in md5 table15/33 (45.5%) Suspect.DoubleExtension-zippwd-15
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://platinumcustomconstruction.net/wp ...  up No previous evidence recordedSaved evidence (68596 Bytes) of last contact as txt July 11 2013 15:36:19 CEST. aliveSaved log of last contact as txt July 11 2013 15:36:19 CEST. follow up this ip (ip=67.227.166.10) as RSS-FeedSenderBaselookup 67.227.166.10 at virustotallookup 67.227.166.10 at Rus CERT university stuttgart germanylookup 67.227.166.10 at ARINfollow up this item(ip) in same window 67.227.166.10 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS32244) in networks tablefollow up this itemfollow up this AS (AS32244) as RSS-Feed AS32244 follow up this ip (review=67.227.166.10) as RSS-FeedSenderBaselookup 67.227.166.10 at virustotallookup 67.227.166.10 at Rus CERT university stuttgart germanylookup 67.227.166.10 at ARINfollow up this item(review) in same window 67.227.166.10 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://platinumcustomconstruction.net/wp ... follow up this domain (platinumcustomconstruction.net) as RSS-Feedlookup platinumcustomconstruction.net at virustotalfollow up this domain(platinumcustomconstruction.net) platinumcustomconstruction.net follow up this itemfollow up this country (US) as RSS-Feed US follow up this itemfollow up this region (ARIN) as RSS-Feed ARIN follow up this itemfollow up this enail (abuse@liquidweb.com) as RSS-Feed abuse@liquidweb.com follow up this itemfollow up this item 67.227.128.0 - 67.227.191.255 follow up this item LIQUIDWEB-9 follow up this item Liquid Web, Inc. LQWB 4210 Creyts Rd. Lansing MI 48917 follow up this item ns1.kellhost.com follow up this item ns2.kellhost.com follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://platinumcustomconstruction.net/wp ...
9 follow up this item(12896598) 12896598 Report false positive Report closed case make a suggestion 2013-07-10 03:35:26 OVERDUE! Overdue!6803.7 follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
18/41 (43.9%) 
 Generic
StartPage.sim
Trojan.Agent.VBS
W32/Generic!zip-dobleextension
W32/Heuristic-300!Eldorado
Bicololo.PW
TROJ_GEN.F47V0710
Suspect.DoubleExtension-zippwd-15
Trojan.VBS.Qhost.dr
Gen:Heur.SMHeist.1
Heur.Dual.Extensions
Gen:Heur.SMHeist.1
TR/Qhost.AF.22 
 lookup in virustotal.com (805a81261783140cace2176e060e5d67)-->[http://www.virustotal.com/latest-report.html?resource=805a81261783140cace2176e060e5d67]lookup in threatexpert.comlookup the sha256(7ce425745eacbfb62a72bfa5282e99862c51775de906860bbfd78f3e3ef2f954) in comodo.comfollow up this md5sum(805a81261783140cace2176e060e5d67)follow up this itemfollow up this virusname (Suspect.DoubleExtension-zippwd-15) as RSS-Feedlookup Virusname at viruspoolfollow up this malware(Suspect.DoubleExtension-zippwd-15) for scanner (clamav) in md5 table18/41 (43.9%) Suspect.DoubleExtension-zippwd-15
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://platinumcustomconstruction.net/wp ...  up No previous evidence recordedSaved evidence (68603 Bytes) of last contact as txt July 10 2013 08:00:39 CEST. aliveSaved log of last contact as txt July 10 2013 08:00:39 CEST. follow up this ip (ip=67.227.166.10) as RSS-FeedSenderBaselookup 67.227.166.10 at virustotallookup 67.227.166.10 at Rus CERT university stuttgart germanylookup 67.227.166.10 at ARINfollow up this item(ip) in same window 67.227.166.10 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS32244) in networks tablefollow up this itemfollow up this AS (AS32244) as RSS-Feed AS32244 follow up this ip (review=67.227.166.10) as RSS-FeedSenderBaselookup 67.227.166.10 at virustotallookup 67.227.166.10 at Rus CERT university stuttgart germanylookup 67.227.166.10 at ARINfollow up this item(review) in same window 67.227.166.10 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://platinumcustomconstruction.net/wp ... follow up this domain (platinumcustomconstruction.net) as RSS-Feedlookup platinumcustomconstruction.net at virustotalfollow up this domain(platinumcustomconstruction.net) platinumcustomconstruction.net follow up this itemfollow up this country (US) as RSS-Feed US follow up this itemfollow up this region (ARIN) as RSS-Feed ARIN follow up this itemfollow up this enail (abuse@liquidweb.com) as RSS-Feed abuse@liquidweb.com follow up this itemfollow up this item 67.227.128.0 - 67.227.191.255 follow up this item LIQUIDWEB-9 follow up this item Liquid Web, Inc. LQWB 4210 Creyts Rd. Lansing MI 48917 follow up this item ns1.kellhost.com follow up this item ns2.kellhost.com follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://platinumcustomconstruction.net/wp ...
10 follow up this item(11248051) 11248051 Report false positive Report closed case make a suggestion 2013-05-21 09:40:15 OVERDUE! Overdue!7997.6 follow up this itemfollow up this contributor (test) as RSS-Feed sub16possible lookup Evidence at malwaredomainlist.com
possible lookup in wepawetlookup in virustotal.com (18fc723c419855caf8d6c3bb9b628099)follow up this md5sum(18fc723c419855caf8d6c3bb9b628099)follow up this itemfollow up this virusname (Suspect.DoubleExtension-zippwd-15) as RSS-Feedlookup Virusname at viruspoolfollow up this malware(Suspect.DoubleExtension-zippwd-15) for scanner (clamav) in md5 table1/47 (2.1%) Suspect.DoubleExtension-zippwd-15
Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://bestseo.myjino.ru/inload/index.ph ...  up No previous evidence recordedSaved evidence (454 Bytes) of last contact as txt May 22 2013 01:37:28 CEST. aliveSaved log of last contact as txt May 22 2013 01:37:28 CEST. follow up this ip (ip=81.177.140.201) as RSS-FeedSenderBaselookup 81.177.140.201 at virustotallookup 81.177.140.201 at Rus CERT university stuttgart germanylookup 81.177.140.201 at Ripefollow up this item(ip) in same window 81.177.140.201 possible lookup  in maliciousnetworks.org (FIRE: FInding RoguE Networks) pagepossible lookup in google safebrowsing pagefollow up this AS (AS8342) in networks tablefollow up this itemfollow up this AS (AS8342) as RSS-Feed AS8342 follow up this ip (review=81.177.140.201) as RSS-FeedSenderBaselookup 81.177.140.201 at virustotallookup 81.177.140.201 at Rus CERT university stuttgart germanylookup 81.177.140.201 at Ripefollow up this item(review) in same window 81.177.140.201 Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://bestseo.myjino.ru/inload/index.ph ... follow up this domain (myjino.ru) as RSS-Feedlookup myjino.ru at virustotalfollow up this domain(myjino.ru) myjino.ru follow up this itemfollow up this country (RU) as RSS-Feed RU follow up this itemfollow up this region (RIPE) as RSS-Feed RIPE follow up this itemfollow up this enail (abuse@rtcomm.ru) as RSS-Feed abuse@rtcomm.ru follow up this itemfollow up this item 81.176.0.0 - 81.177.255.255 follow up this item RU-RTCOMM-20030115 follow up this item OJSC RTComm.RU follow up this item ns1.jino.ru follow up this item ns2.jino.ru follow up this item  follow up this item  follow up this item  Safe Virus-Viewer and Analyser may take a minute to completelookup in virustotal http://bestseo.myjino.ru/inload/index.ph ...
Click here for other vital incidents



Protected by clean MX [Valid RSS] Valid HTML 4.01 Transitional CSS ist valide!
Access is provided for free and subject to these Terms and Conditions.