Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Sat, Jan 04 2014
- #DhiaLite - Suspicious recent subdomains on
- 89.144.32.103
- 89.144.32.140
- 89.144.60.123
- 89.144.60.124
- 89.144.60.125
- 89.144.60.126
- https://www.virustotal.com/en/ip-address/89.144.32.103/information/
- https://www.virustotal.com/en/ip-address/89.144.32.140/information/
- https://www.virustotal.com/en/ip-address/89.144.60.123/information/
- https://www.virustotal.com/en/ip-address/89.144.60.124/information/
- https://www.virustotal.com/en/ip-address/89.144.60.125/information/
- https://www.virustotal.com/en/ip-address/89.144.60.126/information/
- # Url "antvrs/assets/js/load.js" on subdomains on 89.144.60.126
- http://final.pjiuzbnbifirykhnqff.info/antvrs/assets/js/load.js
- http://end.ogsiwfhknyrtarksgfk.info/antvrs/assets/js/load.js
- These urls are dropping load.js
- https://www.virustotal.com/en/file/6b2c59a37a948f31f0122c27e921fc6733ff9f2901bdd219baf909a30279ae5a/analysis/
- # Url pattern "upd2/assets/js/progressbar.js" on subdomains on 89.144.60.124
- http://imprison.erwyrzdfxntitpytkodg.info/upd2/assets/js/progressbar.js
- http://friend.fitsspoizmjtdfdwhjj.info/upd2/assets/js/progressbar.js
- http://cultivates.ripixfdprtrnkfht.info/upd2/assets/js/progressbar.js
- http://credit.rintityphswfp.info/upd2/assets/js/progressbar.js
- On Cleanmx the "/upd2/assets/js/progressbar.js" url pattern is flagged as used by JS:Scammer-D Trj
- http://support.clean-mx.de/clean-mx/viruses?id=17322333
- They appear to be serving the same campaign related to Trojan JS:Scammer-D
- VT reports of progressbar.js samples
- https://www.virustotal.com/en/file/72c373c629817c9207b26d8e7b082ff2c741992e004484ee74b1d0964afd26ca/analysis/
- https://www.virustotal.com/en/file/67b6fda3b80fd8bd8ad5b37c78e2de208134116027fda1475359bf3217220e62/analysis/
- How to remove Trojan JS:Scammer-D
- http://www.viruswikihow.com/en/guides/how-to-remove-Trojan%20JS:Scammer-D.html
- About 220+ subdomains have been resolving to the above 6 IPs since Jan 1st
- Subdomains are under the 227 two-LDs below. 223 are all registered between Jan 1st and Jan 4th, two on Sep 23rd and two on Aug 31st
- psjfzkgtitrpdorha.info
- isrkhkftpdrgospe.info
- xthjqiniyfcuziqnj.info
- xitewyhidfruatngrf.info
- ydfijwkzsdfruiixhaz.info
- jdnhgkjirkiosfhspcn.info
- wxghjfqtiojnkcizqnj.info
- wihkhjteprsnoh.info
- sgwgdqryiuzpsisjerrhfa.info
- jxfmqbkepgooewriha.info
- jizbtnbriyufikhnqff.info
- tssujpoizmjdifdwhjj.info
- xewyhidfratijhkngrf.info
- psjfzgtirpidrkha.info
- xhjqiniykfcziqnj.info
- xnqnfrurbiiikexyea.info
- neepkyhrishfnni.info
- ydeiqspfkgkir.info
- pjqifpnaxrrsikierhf.info
- jikzbnibryfikhnqff.info
- isrkhfpdrgsike.info
- zipjyirrsdqfskshas.info
- trpyiskfzbiniprh.info
- rxhjqiiunycfizqnj.info
- pkfjitryrkishdf.info
- ipsjzfgtirkpidrha.info
- gjixuaigqbiqdpd.info
- dpjfqpniaxrkrosierhf.info
- dasrfkhpdrgskope.info
- pjiuzbnbifirykhnqff.info
- iydeqspfkigokr.info
- pxinqunrrbifikexyea.info
- nniifueepyhrshnn.info
- kzfpjyrrisdqsoskhas.info
- aisrkhkftpdrgspe.info
- ywihkhjteprsnh.info
- oxtewyhidfruatngrf.info
- ksgwgdqryiuzpssjerrhfa.info
- gpcjxkmryhyjipctvrhs.info
- xjxfmqbkepgoewriha.info
- rxthjqinyfcuziqnj.info
- ntiivkgnpehqjpywnb.info
- hntykorphfjxkjij.info
- cojfnsptidrkqg.info
- rgjixudaigqbqdpd.info
- pjizbunbryfikdhnqff.info
- xpjizbdnubfirykhnqff.info
- kzipjyrrsdqfjkshas.info
- dpjjqifpnaxkrrsierhf.info
- sdasrfkhpdrjkgspe.info
- krxhdujqinycfizqnj.info
- hdpjfqpnjiaxrrksierhf.info
- yipsjzfgtikrpjdrha.info
- wtrpyusfzbinipdrh.info
- ndneuepyhrishfnn.info
- knwjxkhipfdyz.info
- kwtripyszbnkfidprh.info
- iydeijqspfkkgr.info
- pxnqdnufrrbiikexyea.info
- ppkfjtryriksjhdf.info
- ijpixfdprrunkfht.info
- dppkjtryirshdfkf.info
- aisrkhfpdrgspke.info
- nneepkyhrishfnn.info
- kzipjyrrsdqfskshas.info
- iydeiqspfkgkr.info
- jiydeqspfkigkr.info
- dpjqifpnaxrrskierhf.info
- wtrpyskfzbiniprh.info
- ppkfjtryrkishdf.info
- gpcjxmryhipkyctvrhs.info
- etjinkuyrxitrgh.info
- wnnifueepyhrshnn.info
- rxhjqinykfcziqnj.info
- ipsjfzgtirpdrkha.info
- ywihhteprsnykh.info
- ydfyiwkzsdfrixuhaz.info
- xpjiuzbnbfirykhnqff.info
- sdasrfkhpdrgskpe.info
- oxewyhidfratjhkngrf.info
- ksguywgdqryizpsserrhfa.info
- yipsjzfgtirkpdrha.info
- pxnqnfrurbiikexyea.info
- pjikzbnbryfikhnqff.info
- itsspoizmjutdfdwhjj.info
- intityphswfup.info
- sbrrxgypqwifuatnsvbs.info
- tkxysokitnyputfwdtgdh.info
- spxinqunrrbfikexyea.info
- rkzfpjyrrisdqsskhas.info
- rgjixuaigqbqdpd.info
- ogsiwfhknyrtarksgfk.info
- ntiivgnpehqkpyywnb.info
- kfpiidpfzywgjudsfhhr.info
- hntkykorphtfjxij.info
- fpwtzgkhintfzsxjegy.info
- rwyrkzdfxntitpytkodg.info
- rwxkghjftqtincizqnj.info
- rgjxaiguqbfikqdpd.info
- qrktszroinwtutfxpcgw.info
- pjdnhkgirkisfhyspcn.info
- hdpjfqpniaxrkrsierhf.info
- ejriszydkfssueyrhdfi.info
- xxfmkyqbepgoewriha.info
- nwdkftzrdfguebifk.info
- jfwpskpiyhhtksqgw.info
- krxhjqiunycfizqnj.info
- yipsjfzgtitrpdrha.info
- xpjizbtnbryfikhnqff.info
- psydfijwkzsdfrixhaz.info
- koxtewyhidfratngrf.info
- daisrkhftpdrgspe.info
- krwxghjfqtijncizqnj.info
- fitssjpoizmjdfdwhjj.info
- dogsiwfhnyrarjksgfk.info
- nqrkszroinwtdtfxpcgw.info
- rkzipjyrrsdqfjsshas.info
- xhdpjfqpnjiaxrrsierhf.info
- wrgjixdaigqbqdpd.info
- tknwjxhipfdyz.info
- tjfjwpspiyhhksqgw.info
- rijpixfdprrnkfht.info
- jiydeijqspfkgr.info
- xpjizbnbryfikdhnqff.info
- wndneepyhrishfnn.info
- tyipsjzfgtirpjdrha.info
- spxnqdnfrrbiikexyea.info
- rjiydeqjspfkigr.info
- kwtrpysfzbinipdrh.info
- koxewyhidfdratngrf.info
- jnwdkfzrdfgebdifk.info
- wxpjizbdnbfirykhnqff.info
- wkrxhdjqinycfizqnj.info
- gkwtripyszbnfidprh.info
- yipsjfzgtirpdrha.info
- koxewyhidfratngrf.info
- dppkfjtryrishdf.info
- mdppkjtryirshdff.info
- daisrkhfpdrgspe.info
- xpjizbnbryfikhnqff.info
- wrgjixaigqbqdpd.info
- tyipsjzfgtirpdrha.info
- rkzipjyrrsdqfsshas.info
- kwtrpysfzbiniprh.info
- krxhjqinyfcziqnj.info
- jiydeiqspfkgr.info
- hdpjqifpnaxrrsierhf.info
- xhdpjfqpniaxrrsierhf.info
- wnneepyhrishfnn.info
- wkrxhjqinycfizqnj.info
- spxnqnfrrbiikexyea.info
- rwnnifeepyhrshnn.info
- wxpjizbnbfirykhnqff.info
- rjiydeqspfkigr.info
- qspxinqnrrbfikexyea.info
- ngpcjxmryhipyctvrhs.info
- isdasrfkhpdrgspe.info
- jksgywgdqryizpsserrhfa.info
- gkwtripyszbnfiprh.info
- tknwjtxhipfyz.info
- oejriszydkfsseyrhdfi.info
- irkzfpjyrrisdqsshas.info
- eywihhteprsnyh.info
- ekfpiidpfzywgjdsfhhr.info
- xntiivgnpehqpyywnb.info
- wrgjxaigqbfiqdpd.info
- whntykorphtfjxij.info
- tjfwpspiyhhtksqgw.info
- setjinkyrxitrgh.info
- ripixfdprtrnkfht.info
- rcofnsptidrtqg.info
- psydfyiwkzsdfrixhaz.info
- psbrrxgypqwifatnsvbs.info
- ofpwtzghintfzsxjegy.info
- nxxfmyqbepgoewriha.info
- jnwdkftzrdfgebifk.info
- epjdnhgirkisfhyspcn.info
- dogsiwfhnyrtarksgfk.info
- rtkxysokitnyptfwdtgdh.info
- rintityphswfp.info
- nqrktszroinwttfxpcgw.info
- krwxghjftqtincizqnj.info
- fitsspoizmjtdfdwhjj.info
- erwyrzdfxntitpytkodg.info
- xxfmqbepgoewriha.info
- xntiivgnpehqpywnb.info
- rinityphswfp.info
- jksgwgdqryizpsserrhfa.info
- dogsiwfhnyrarksgfk.info
- psbrrxgypqwifansvbs.info
- oejriszydkfsserhdfi.info
- krwxghjfqtincizqnj.info
- eywihhteprsnh.info
- epjdnhgirkisfhspcn.info
- psydfiwkzsdfrixhaz.info
- ngpcjxmryhipctvrhs.info
- jnwdkfzrdfgebifk.info
- ekfpiidpfzwgjdsfhhr.info
- whntykorphfjxij.info
- tknwjxhipfyz.info
- setjinkrxitrgh.info
- rtkxysokinyptfwdgdh.info
- ripixfdprrnkfht.info
- rcofnsptidrqg.info
- ofpwtzghinfzsxjegy.info
- nqrkszroinwttfxpcgw.info
- fitsspoizmjdfdwhjj.info
- erwyrzdfxntitpykodg.info
- tjfwpspiyhhksqgw.info
- rwnneepyhrishfnn.info
- rjiydeiqspfkgr.info
- pwkrxhjqinycfizqnj.info
- mdppkfjtryrishdf.info
- ktyipsjzfgtirpdrha.info
- gkwtrpysfzbiniprh.info
- exhdpjfqpniaxrrsierhf.info
- aisdasrfkhpdrgspe.info
- wxpjizbnbryfikhnqff.info
- wqspxinqnrrbfikexyea.info
- fwrgjixaigqbqdpd.info
- airkzfpjyrrisdqsshas.info
- zwxpjizbnbfirykhnqff.info
- irkzipjyrrsdqfsshas.info
- trjjeawegbeffhawferh.info
- bxddweewetwagi.info
- esarvhiyfysktfdt.info
- gsjdgjshswserhefyg.info
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement