Translate

3/11/2014

MALWARE (RE-)NEWLY DETECTED:
HEUR:Trojan.Script.Generic on shoppingbasketsrus.com
IP: 174.127.107.2

(Providence, Utah, UNITED STATES & SPAIN)

Lets go Shopping...with...
... http://shoppingbasketsrus.com/
  • https://www.virustotal.com/de/url/ddde76b76f146499e1519c8953f10610b03bbccf9357bb26d35367a21b25b689/analysis/1394550645/
http://www.shoppingbasketsrus.com/
  • https://www.virustotal.com/de/url/0005ee1f15048e13908a59b7df9c634ff17e9e50182f5220728fe042dbbe8979/analysis/1394554790/
HEUR:Trojan.Script.Generic
  • https://www.virustotal.com/de/file/b0f9fb1ab3c4ec1ed2d4c96b4fb875cbd361932fab35c3f221b2daf223048527/analysis/1394550908/
IP =
http://174.127.107.2/ (U.S.A.)
  • https://www.virustotal.com/de/url/781f439b7de4b4b27ae584f451c61c3fa7559986cd12bfd69b80d48739c1d8e6/analysis/1394555995/
  • https://www.virustotal.com/de/ip-address/174.127.107.2/information/
Fwd/Rev DNS Match: NO
EMAIL REPUTATION: POOR
  • http://www.senderbase.org/lookup/?search_string=174.127.107.2
--->
http://verification.mvpitsolutions.com/lander/Password%20Page_files/gwjs.js
  • https://www.virustotal.com/de/file/04b7e22618e86fbcd0242cce19626981f788f7a6c0e69bf54201f802054f8d3a/analysis/1394555081/
HTML (404)
  • https://www.virustotal.com/de/url/7b5064aad4683d29fef4d5b14bf22411fb3f4cd663342ffbefeb2d411d269795/analysis/1394555026/
---->
http://verification.mvpitsolutions.com/lander/AdBlock%20Must%20be%20Disabled%20to%20View%20This%20Content.html
  • https://www.virustotal.com/de/url/d13d219e99e9958a8eab825a839d62934595d5d4fc849a57873d623266808565/analysis/1394555414/
HTML (404)
  • https://www.virustotal.com/de/file/8eeb187060f0d745b00173b7feb76365f600970bfce36d4a21948493fb5b70d0/analysis/1394555378/
----->
about:blank
  • http://wepawet.iseclab.org/view.php?hash=ec748845ad651dd3700100f201b6e130&t=1394550651&type=js
IP =
http://127.0.0.2/ (AT HOME :D)
  • https://www.virustotal.com/de/url/5c2bf869c66bc4bc9e87344962d5e7d31ee7f66a9fb3e0ce83486bd74e9bdf05/analysis/
----------------------------------------------------------------------------------------------
REMOTE URL (HIDDEN IFRAME)
http://sexshopsexy.es/waser.html
  • https://www.virustotal.com/de/url/9d71724af54a74209f495b747c83b5610f41eaaaecb879007e4f6d7b6f2607d2/analysis/1394555819/
HTML (NOT FOUND)
  • https://www.virustotal.com/de/file/93d1612f07cc23a297f4e66afcdf964e6d7b708f919a62eb80b4a7802002d798/analysis/1394555637/
IP =
http://188.95.253.83/ (SPAIN)
  • https://www.virustotal.com/de/url/b57b575458c48a2005bf4214f3fa26f3eaa93fa6cba17e8632b2dba87160c324/analysis/1394556604/
  • https://www.virustotal.com/de/ip-address/188.95.253.83/information/

Keine Kommentare:

Kommentar veröffentlichen