tretr23.com(JACK LOADER hosted in Romania Iasi Prime Telecom Srl)

Another http malware spreading around

Panel:http://188.247.135.32/signin.php

Network Activity:

Host Name IP Address
tretr23.com
tretr23.com 188.247.135.32
Download URLs
http://188.247.135.32/list.php?c=B4AC885F94224AE64DAAC6EE0346C213D07DB5860B2E69F2DCE5CA8B5FF9F6DADFE10E13F3845D3386FFC45E0D4897B5778D4CBB9FE6A5854372&v=2&t=0,4527399 (tretr23.com)
Outgoing connection to remote server: tretr23.com TCP port 80

Host Name IP Address
ytreytre.com
ytreytre.com 94.63.240.235
Download URLs
http://94.63.240.235/temp/3431.exe?t=0,4103815 (ytreytre.com)
Outgoing connection to remote server: ytreytre.com TCP port 80

Host Name IP Address
tretr23.com
tretr23.com 188.247.135.32
Download URLs
http://188.247.135.32/sn.php?c=908E72969A0A2B8310FA89A6D7AD30F30FAFA09590DF48823B0A0440F15AC399317E2ACCA79B6606350F95F93B056B7127DFFA129EEBCAEFB286A3D4047CB72AC78C1168F6F56CF34A70E59FA34D28F70BFC003D7806787EF741EA8FF01BB5CD8FD7707AACB6CE6E9A299215C6C647DD17E09CB3632482A5762F92FD87313E800800D17D2D1C5D98B380F4A69850EA6A&t=0,5958063 (tretr23.com)
Outgoing connection to remote server: tretr23.com TCP port 80

exe files:
http://vetvetcom.com/tr9.txt
http://94.63.240.235/temp/3431.exe
http://29315285.tubeviral.com
http://b774fafb.theseforums.com

hosting infos:
http://whois.domaintools.com/188.247.135.32

tretr23.com(JACK LOADER hosted in Romania Iasi Prime Telecom Srl)

1 Comment

Steven K - November 30, 2011 at 9:17 am

Comments are closed