Translate

4/04/2014

POTENTIALLY SUSPICIOUS Advertiser:
Several HIDDEN IFRAME(s) @ www.123website.lu (IP: 194.36.0.218) W32.HfsIframe
DENMARK & LUXEMBOURG




POTENTIALLY SUSPICIOUS AD:

HIDDEN IFRAME(s) (SEE SCREENSHOT) AND DETAILS:


Just some of the Hidden IframeS (SCREENSHOT)
DOMAIN:

http://www.123website.lu/
  • https://www.virustotal.com/de/url/a03823518f3671592887260096bec16c1b1d5d79edabf13876494abf6bdbc169/analysis/1396635445/
W32.HfsIframe
  • https://www.virustotal.com/de/file/869d5dbd685251eb3d0e81b63ddf38a3ed677aa4f0c58e8fe645f6f188282980/analysis/1396636218/

AD-LINK:

  • http://www.googleadservices.com/pagead/aclk?sa=L&ai=CY1txnNU-U9_pDYuO7ga4toGYCO6FoJEE_sWnpm_AjbcBEAEgjsCUI1CutKrh-P____8BYLsDoAHi_KLfA8gBAakC8_NBOZOpiD6oAwHIA8MEqgSCAU_Qxzwdn7KWqRkRgEqP-T0vCCDpT44e1v2EMEWMlPZmGtNUjbWFauJ31RkoXcGUlHrSZW_S7lahvV8xTs9rTzDbpLJs1QWIAuWqGJxA1QTGIVvK1tUjAWhTVMBe2_JSVODMNpQ2hgAlPgJElHizxqeOTvCIxGeWCptETkwcW4cMOCCIBgGAB4aD3SA&num=1&cid=5GjjiwBrtH0oojSrRRBwcn6u&sig=AOD64_2c2xtAyodTjj5mcs8xvK-DC8EBoA&client=ca-pub-5585202032329389&adurl=http://www.123website.lu/pages/receive.aspx%3Fpartnerkey%3Dlugoogle:EUR_LU_DE_Display_Website_Unspecified%26target%3Dftp3:crea%26culturekey%3Dde-LU&nm=28&mb=2&bg=!A0TdBD8XrW8UnQIAAABMUgAAABQqAOF0Oumc1QQKA-9W_LeBTiOCxun8ZxWfdRem_F0bW-qK-wC960UMEfC8AcaJisf20I4gWBiWGSkXF5gxXUkhw8X3-3kBqNjIBeysSTArHdQiCF2sWtlU5vK5EoFhweYlm8ndXrGDG3Grtu4c04Bh-tMRVBo4Q4vx7-4w4z_jhfgIEF3W9zdNxC2J38p3j4YNT9afqougU3fgvWsg-9kWtG-eA9flGkBJx_eZp0EHZW8X4riKOV3mB-zd8MSr51EvB3WkFoZ2vO712pj4NQIfzPAC4Eb3nN_ffhvaUlqqTfzhoR8


VT ANALYSIS:

  • https://www.virustotal.com/de/url/56a610f0efb79b3cd860e31539a63842561f7815b80d74f17c192178d31d5342/analysis/1396634713/
W32.HfsIframe
  • https://www.virustotal.com/de/file/e0330f31fefdb10b055254a29d50485550861431465106f1ba0c00e31392bae2/analysis/1396634933/
  • https://www.virustotal.com/de/file/7db994d76f40d736213871786c4a2649e4bfe11375b778666efade39256b92df/analysis/1396635163/

IFRAME: <--- iframe src="//www.googletagmanager.com/ns.html?id=GTM-2MMH"height="0" width="0" style="display:none;visibility:hidden" --->

URL after Redirect:
http://www.123website.lu/pages/receive.aspx?partnerkey=lugoogle:EUR_LU_DE_Display_Website_Unspecified&target=ftp3:crea&culturekey=de-LU
  • https://www.virustotal.com/de/url/191f4624274d721cf7e96e4dbfc3eeaf7563aea0444baec0bef3c6c1c6169385/analysis/
W32.HfsIframe
  • https://www.virustotal.com/de/file/ed8c114ffafcfa4b2d80a3168f285e277692a0bd5374af60fbb642c6db987d77/analysis/1396635893/
IP:
http://194.36.0.218/
  • https://www.virustotal.com/de/url/b049d416dee632649e02a94fe72d79be607f7437547f3a5811bfe51b26041ce6/analysis/1396636806/
  • https://www.virustotal.com/de/ip-address/194.36.0.218/information/

Keine Kommentare:

Kommentar veröffentlichen