Compromised Website: SimpleTDS go.php (sid)
http://www.fresh-vital-drink.de/
- https://www.virustotal.com/de/url/bc0e1cc2bd28f61cde38cdada7a67d0d6a73daaf46b605eb3a7fe9ff0a93edc1/analysis/1393083183/
http://www.fresh-vital-drink.de/levitra-grossen.html
- https://www.virustotal.com/de/url/16ab17043771a2dd113ade0718e5f41cef0e99b6ce0a64f055304e690b443dcd/analysis/1393083158/
- https://urlquery.net/report.php?id=9584003
- https://urlquery.net/report.php?id=9584007
- https://urlquery.net/report.php?id=9584005
MALICIOUS SITE: TDS SUTRA (RBN 189)
http://gayanals.net/
- https://www.virustotal.com/de/url/0bca5c9dc2c648f10318a5b74bf12f4498e419ab314a5192dc739e12c5f9e571/analysis/1392976242/
HTML
- https://www.virustotal.com/de/file/9f467f6f8f5ba34d9956ee05de84357c55d4af3bebeba747a53285bc54f35e41/analysis/1392976594/
TDS SUTRA
- https://urlquery.net/report.php?id=9562232
- https://urlquery.net/report.php?id=9562233
FULL REPORT:
 |
| Tipps & Rogue Tricks |
POTENTIALLY MALICIOUS SITE: ROGUE SOFTWARE AV-SOFTWARE (ESET, DrWeb) (RBN 368) + HIDDEN LINKS
http://learntricksandtips.blogspot.com/
- https://www.virustotal.com/de/url/d9ab0529b0d7f68df53f94932e3c82d329f31c3345441654a517a5e3253f9acb/analysis/
HTML
- https://www.virustotal.com/de/file/9ee22b95344eb0eafbd33ae3e3e427c41d1ec79a1de2598832bb4c979503d905/analysis/1392918780/
Suspicious-WI
- http://app.webinspector.com/public/reports/20206793
SEE ALSO:
- https://urlquery.net/report.php?id=9552731
- http://quttera.com/detailed_report/learntricksandtips.blogspot.com
- http://sitecheck.sucuri.net/results/learntricksandtips.blogspot.com
- http://www.UnmaskParasites.com/security-report/?page=learntricksandtips.blogspot.com
MALWARE: Trojan-Downloader (RBN 368)
http://www.doymus.net/Domains/domainname.jpg_/
- https://www.virustotal.com/de/url/bcf3c8d06a94352143e87576c1e33f2d96704165d5eea0a65e44c9294c042b7f/analysis/1392890782/
Trojan-Downloader.JS.Iframe.cba
- https://www.virustotal.com/de/file/e735971a24c6c3cfc59ccbdd455f353734fe3c11484f3461071628b4e7728b94/analysis/1392891118/
EITHER
http://afonya123.com/r/g.php
- https://www.virustotal.com/de/url/9a529a399ed40360a792e5bb92b09d68fe6c3b54beb7152108ce279910160b69/analysis/1392892392/
JS:ScriptIP-inf [Trj]
- https://www.virustotal.com/de/file/5a9b0eab6c9ea56986c8530f9cec3286ca339738b370f3e99285178470c0cac6/analysis/1392891103/
- https://www.virustotal.com/de/file/9d8ab0819fbc70b5b813b5494ea7b2d265ba9d17539be6d0f5e9687843bd04ea/analysis/1392892609/
- https://www.virustotal.com/de/file/ed6cf4753e2ead2289eb857df21df42d6ef61e120013552d36e04a036e46a98c/analysis/1392892669/
OR
http://sandiiegoexpo.ru/expocity.html
- https://www.virustotal.com/de/url/e10e79b4164439018d53e5e5c2292249139f22847952d6a698f579c2ce1dcc18/analysis/1392892505/
------------
- http://jsunpack.jeek.org/?report=8e80d2752b1684ccb8932f9fcacd6aba48781b73
- http://jsunpack.jeek.org/?report=54d2ad555e3ffbfe355275443ee1dcd9ecc779b9
MALICIOUS: PHISHING URL
(Germany & Goshen, Indiana, U.S.A.)
TDS URL pattern
DOMAIN:
http://kidron.oh.us.mennonite.net/
- https://www.virustotal.com/de/url/53747d933ebf776f1245f20e825c9e4417df556835c2dc75d4f9272cd893a307/analysis/1392820035/
MALICIOUS URL:
http://kidron.oh.us.mennonite.net/buy-cigarettes-license
- https://www.virustotal.com/de/url/0e57417d97e949ee814a6a75b7e6e8d0b8b32bd8740b6355ad71cd935740c537/analysis/1392819470/
W32.HfsIframe.448b
- https://www.virustotal.com/de/file/f05a3ff1fabe7871c9e5bbc54b491243d3bafc95dcb189bf6b5fe8e576e5987f/analysis/1392820241/
TDS URL pattern
- https://urlquery.net/report.php?id=9530534
FULL REPORT:
MALICIOUS SITES: HEUR:Trojan.Script.Generic
http://www.arcoserv.com.br/
- https://www.virustotal.com/de/url/969971f91ee04be15dadc65ef5be7840ada025564a9814675abe4893693c5c6b/analysis/1392809735/
INFECTION:
HEUR:Trojan.Script.Generic
- https://www.virustotal.com/de/file/cc90607dd56550c117c0222b8e6750a3b259c11fa8b712ab7f83245013a71ba7/analysis/1392810262/
FULL REPORT:
 |
| Full Report |
NEWLY DETECTED MALICIOUS SINGAPUR SITE: MULTIPLE EXPLOIT KITS
DOMAIN:
http://ichoicecomputers.com/
- https://www.virustotal.com/de/url/f70c7291a017d9058b850ef001c861da6f09713dcaae03a346821e12e13cb4f0/analysis/1392799010/
INFECTION:
HEUR:Trojan.Script.Generic
- https://www.virustotal.com/de/file/0cf10f4c2dd4723268d178c1c1530160f17902e1ef36ad4204cba7cefc933617/analysis/1392799595/
- https://urlquery.net/report.php?id=9527754
FULL REPORT:
MALICIOUS YOUTUBE REDIRECT: MALICIOUS IFRAME INJECTION
DOMAIN:
http://click.mail.buyagift.co.uk/
- https://www.virustotal.com/de/url/5357cd79fa64155e0804990792b59aab3546cd94b23f5abd5313ccd7027fe734/analysis/1392761651/
MALICIOUS LINK:
http://click.mail.buyagift.co.uk/?qs=4c3712ac45056a7b6c1e1e482ce77aff893a18ed225bb5f3fdf56d31d4997264
- https://www.virustotal.com/de/url/2369a8c9a7d199893f1d50aac025a9969129e0522084c62b47168695e34da79c/analysis/1392760542/
- http://jsunpack.jeek.org/?report=3f91355b61b05c78dde2547cd2e9caac2588194f
MALICIOUS IFRAME INJECTION(s): (3 PATTERNS)
- https://urlquery.net/report.php?id=9515948
- https://urlquery.net/report.php?id=9515950
- https://urlquery.net/report.php?id=9515955
FULL REPORT:
MALWARE SITE: IMPACT EXPLOIT KIT PATTERN
http://www.hbacklink.com/
- https://www.virustotal.com/de/url/eb5a2bc6a6a9015b8eb73f6abe0f1ef873be71e14cc1b4310c6a99ecbdc23476/analysis/1392748362/
HTML
- https://www.virustotal.com/de/file/b0e4064b12bcd8d9d0ba1f6cb259341f8fa9e885c851296cc4a0342b83d682a6/analysis/1392752133/
IMPACT EXPLOIT KIT PATTERN
- https://urlquery.net/report.php?id=9513916
FULL REPORT:
NEW DETECTION OF MALWARE: Trojan.JS.Iframe.afl (Zeus Tracker CnC Server)
http://alamanceeagles.com/
- https://www.virustotal.com/de/url/c558d79cb64248b1fa38dd50aca332993e7f0b44a631343fa18896f87c5289f7/analysis/1392649058/
INFECTION:
Trojan.JS.Iframe.afl
- https://www.virustotal.com/de/file/cbc1deb88a5ad7065f1530bc3e35a172356bb320feca4189291fb20cf34e35c0/analysis/1392654351/
- http://wepawet.iseclab.org/view.php?hash=a883abb6a51b69eeab05a58bf660d139&t=1392649085&type=js
- http://jsunpack.jeek.org/?report=6912577fbe92d95b6519168ab6bbb2befdbb06e3
- https://urlquery.net/report.php?id=9484862
- https://urlquery.net/report.php?id=9484864
FULL REPORT:
RBN 162
CVE-2010-1885
2 EXPLOIT KITS
G01-Pack EXPLOIT KIT & BLACKHOLE V1 & MORE
http://oasissalesltd.com/
- https://www.virustotal.com/de/url/72db1f5817c25099af14a2eae08013fdcaab743073a4b93310c2df7eee5b62a2/analysis/1373801163/
Trojan-Downloader.JS.Iframe.chf
- https://www.virustotal.com/de/file/bcd159c52a585704c5278afc54cb1cd3c0718c671edfacd4f1b11f52653311bd/analysis/
- https://www.virustotal.com/de/file/0eba2d732c74fc34ce72293129ce7516931fa77a9f3401acbf55c44177b7d8ee/analysis/
Exploit:HTML/IframeRef.V
- https://www.virustotal.com/de/file/e270ef91ae2795b7fe3e5362aff7ee020fb5584264096876eb09efd65f0cc565/analysis/1392554684/
- http://wepawet.iseclab.org/view.php?hash=cd2f37b1cad3b1eabdc2800a56fc134f&t=1392554456&type=js
Likely Blackhole Exploit Kit Driveby Download Secondary Request
- https://urlquery.net/report.php?id=9464549
FULL REPORT :
