Malware-Traffic-Analysis.net - 2016-01-18 - Two infections (Rig and Angler EK)

2016-01-18 - TWO INFECTIONS (RIG AND ANGLER EK)

NOTICE:

The zip archives on this page have been updated, and they now use the new password scheme. For the new password, see the "about" page of this website.

ASSOCIATED FILES:

FILE DETAILS:

ASSOCIATED DOMAINS:

FILE DETAILS:

ASSOCIATED DOMAINS:

216.28.245[.]214 port 80 - coolrilla[.]com - Compromised website
5.189.216[.]103 port 80 - nic.artededirigir[.]com[.]br - Redirect/gate
185.49.69[.]25 port 80 - omondi-liczyli.jwsjustdothemath[.]com - Angler EK
www.ecb.europa[.]eu - Connectivity check by the infected host
195.22.28[.]199 port 80 - aodncqkbqddauoyqk[.]com - Post-infection traffic
195.22.28[.]222 port 80 - sso.anbtr[.]com - Post-infection traffic
195.22.28[.]198 port 80 - xsso.aodncqkbqddauoyqk[.]com - Post-infection traffic
208.100.26[.]234 port 80 - letvnhhitrdk[.]com - Post-infection traffic
95.211.205[.]230 port 80 - qufsvzeigvlxdbw[.]com - Post-infection traffic
104.193.252[.]234 port 80 - lampubuntuadv[.]com - GET /ads.php?sid=1948 [Post-infection ad traffic]
85.25.79[.]160 port 80 - reannewscomm[.]com - GET /ads.php?sid=1948 [Post-infection ad traffic]
89.163.240[.]118 port 80 - kjnoa9sdi3mrlsdnfi[.]com - GET /ads.php?sid=1948 [Post-infection ad traffic]
185.82.216[.]241 port 80 - lollytooneymoney[.]com - GET /ads.php?sid=1948 [Post-infection ad traffic]
185.82.216[.]240 port 80 - allhobbyworldsnet[.]com - GET /ads.php?sid=1948 [Post-infection ad traffic]
85.25.79[.]160 port 80 - reannewscomm[.]com - GET /ads.php?sid=1948 [Post-infection ad traffic]
89.163.240[.]119 port 80 - gerausports[.]com - GET /ads.php?sid=1948 [Post-infection ad traffic]

Click here to return to the main page.