Domain > www.notebookhk.net

This indicator is referenced in AlienVault OTX pulse ""

Is this malicious?

Most users have voted this as MALICIOUS

Reports

http://www.sophos.com/en-us/medialibrary/PDFs/tech...

http://www.welivesecurity.com/2014/11/12/korplug-m...

http://researchcenter.paloaltonetworks.com/2016/06...

https://www.sophos.com/en-us/medialibrary/PDFs/tec...

Files that talk to www.notebookhk.net

MD5	A/V
79089f74495c032c3f90dd08e62ea361
215e729182154d8066fb8416ddf3cdb1	[Troj/Plugx-AP] [Virus.Win32.Heur.l]
d1f9d625db61020a6ea6c08d7fcb785b	[W32/Trojan.YHML-3813] [Win32/Korplug.DS] [W32/Korplug.DS!tr] [Trojan.Win32.Korplug] [Backdoor.Win32.Zegost.agmt] [Artemis!59E567BAD2FF] [TROJ_GE.D47B34F8] [Virus.Win32.Heur.l] [UnclassifiedMalware] [BehavesLike.Win32.Autorun.fc]
c557b6dc0edab783781fd9312f6886c3	[Win32/FakeDoc_i] [Win.Trojan.Banker-16709] [Win32/Korplug.CU] [Luhe.Fiha.A]
1d909f8ceaded4621e3181bb53e1eae4	[W32/Trojan.EHPX-5402] [TR/Spy.Travnet.ce] [Win32/Farfli.BGM] [Backdoor.Win32.PcClient] [Trojan-Spy.Win32.TravNet.ce] [Trojan.Asprox.B]
52d116f11dd9117ffd3f067a28acbfb2
52248e78413d8f2bfb22677bc0b3b1ee
1bc11f55ec6c4b14ec1f4d551f8fbe02
4c56e24b33e2d9356f3cadedbda08288	[Backdoor*Win32/Zegost]
2e287c764e85d39d9bb0f39c300a5b83	[TR/Graftor.123890.4] [Trojan.Packed.22452] [Win32/Farfli.AYI] [W32/Farfli.NJ!tr]
0bdcd96c34954f9c98e2834754157b5e
8832ab0813ec23393fea4656fae1c100	[BDS/Zegost.445376] [W32/Zegost.DGBP!tr.bdr] [Backdoor*Win32/Plugx.L]
296876e07a5710ca319035223ea5b89c
dec62dfb6c7ae83e51c5720fc58bd976
e70a0340e2689535201303867a287d15
8e0835290a480c57544cc4adb1498596
5864b0d0f658b6ccfced6669d1cac3ef
a18ac16e0862cf64a8c119bf9cb1e620
a6c89901915f9698232d39797e0c5929	[Exploit-CVE2014-1761!rtf] [Trojan.Mdropper] [TROJ_EXPLOIT.WPY] [Troj/DocDrop-CH] [Exploit.Rtf.CVE2012-0158] [TROJ_EXPLOIT.WPY] [Exploit-CVE2014-1761!rtf] [Exploit.CVE-2012-0158.a] [Win32/Exploit.CVE-2012-0158.IG] [Trojan.Exploit] [Exploit_c.ABCD] [virus.exp.20120158]

Whois

Property	Value
Email	stanlee@gmail.com
NameServer	NS2.EZDNSCENTER.COM
Created	2013-06-18 00:00:00
Changed	2014-06-23 00:00:00
Expires	2015-06-18 00:00:00
Registrar	SHANGHAI MEICHENG TE

DNS Resolutions

Date	IP Address
2013-10-26	123.254.104.50 (ClassC)
2014-10-26	123.254.104.43 (ClassC)
2014-11-12	123.254.104.43 (ClassC)
2015-02-07	43.252.175.119 (ClassC)
2016-11-16	23.251.54.7 (ClassC)
2017-01-14	107.183.203.235 (ClassC)
2018-07-22	69.195.129.72 (ClassC)
2018-08-15	206.189.61.126 (ClassC)
2018-09-22	18.213.250.117 (ClassC)
2018-09-22	52.4.209.250 (ClassC)
2018-09-22	18.215.128.143 (ClassC)
2018-11-18	0.0.0.0 (ClassC)
2019-01-10	153.148.21.134 (ClassC)
2019-02-03	153.249.14.225 (ClassC)
2019-02-14	153.158.115.67 (ClassC)
2019-04-08	153.250.171.0 (ClassC)
2019-07-24	153.155.242.73 (ClassC)
2019-07-30	153.154.107.186 (ClassC)
2019-08-30	153.154.68.166 (ClassC)
2019-10-01	153.147.117.138 (ClassC)
2019-12-03	153.234.210.49 (ClassC)
2020-01-11	153.234.133.250 (ClassC)
2020-03-30	153.148.83.172 (ClassC)
2020-05-09	153.148.92.84 (ClassC)
2020-06-18	153.155.14.110 (ClassC)
2020-08-12	153.147.111.148 (ClassC)
2020-08-29	153.234.12.34 (ClassC)
2020-09-28	153.148.127.116 (ClassC)
2020-11-16	153.234.160.30 (ClassC)
2020-12-13	153.248.77.175 (ClassC)
2025-01-09	160.16.200.77 (ClassC)

View on OTX | View on ThreatMiner

Data with thanks to AlienVault OTX, VirusTotal, Malwr and others. [Sitemap]