...and keep in mind: I am always sniffing...!
3/08/2014
A Warm & Tender HELLO to
localhost:8888 = MALWARE stands behind & mi behind U
(From MI: Your Personal Ghost Rider)
...and keep in mind: I am always sniffing...!
Potentially Malicious Visitor (to this Blog):
www.tomato.ph (MaxMind)
(TRACKING, SPYING) IPs: 54.236.190.114 & 108.168.255.244
United States (Ashburn, VIRGINIA & Dallas, TEXAS)
POTENTIALLY MALICIOUS DOMAIN:
(POLICY) MAXMIND (TRACKING, SPYING)
DOMAIN:
http://www.tomato.ph/
- https://www.virustotal.com/de/url/8f1306cf60d80de18b06697d12890e89943b23ab44960d750d9b9ba3ec5121db/analysis/1394306901/
http://j.maxmind.com/app/geoip.js
- https://www.virustotal.com/de/url/bdffdcdd50418770193d866a68d097ffbbd72158caa110f2b7540bee5f2aab9b/analysis/1394307559/
- https://urlquery.net/report.php?id=9831174
http://54.236.190.114/
- https://www.virustotal.com/de/url/d6c397de2fdc35201adfd6f4bc67fe61be7c58a193bccf78224707c9f05f59ad/analysis/1394308470/
- https://www.virustotal.com/de/ip-address/54.236.190.114/information/
http://108.168.255.244/
- https://www.virustotal.com/de/url/11d9dd4b53825e5f4371d6010274fd0d1caf942de082ad4f337333ed4697b0bb/analysis/1394308621/
- https://www.virustotal.com/de/ip-address/108.168.255.244/information/
- http://www.senderbase.org/lookup/?search_string=108.168.255.244
http://s3.amazonaws.com/
- https://www.virustotal.com/de/url/fb0222f7e7664026a7b4947403538912107334fcb96e6dd7aae7cc63a7046fef/analysis/1394307761/
http://176.32.102.66/
- https://www.virustotal.com/de/url/2b46d508f8e2d72d0d42a638111f39f7eedf221718f6b08efd1f313d31b2a3c7/analysis/1394308270/
- https://www.virustotal.com/de/ip-address/176.32.102.66/information/
- http://www.senderbase.org/lookup/?search_string=176.32.102.66
3/07/2014
MALICIOUS Visitor to THIS Blog:
www.helptool.co.uk (IP: 74.119.233.25)
SCAM/SPAM/PHISHING
Microsoft Internet Explorer remote code execution via option element
UNITED STATES
POTENTIALLY MALICIOUS
(SPAM/SCAM/PHISH) DOMAIN:
Microsoft Internet Explorer remote code execution via option element
VISITING DOMAIN:
http://www.helptool.co.uk/https://www.virustotal.com/de/url/ac74ead641b92d866114b1be1f06dd82013e72a80560ecd1f2357b65b2f072e3/analysis/1394194891/
Microsoft Internet Explorer remote code execution via option element
- https://urlquery.net/report.php?id=9809294
- https://urlquery.net/report.php?id=9809290
- https://urlquery.net/report.php?id=9809296
- https://urlquery.net/report.php?id=9809291
SPECIFIC VISITING LINK:
http://www.helptool.co.uk/monogram-empreinte-wallets.html
- https://www.virustotal.com/de/url/e0b9d0118bf9302ea8cc2757944df40f923aa75700f0dd6ce12fdc36eece362b/analysis/1394194885/
Microsoft Internet Explorer remote code execution via option element
- https://urlquery.net/report.php?id=9809297
- https://urlquery.net/report.php?id=9809298
http://www.realypay-checkout.com/risk/index.js
- https://www.virustotal.com/de/url/918164e05db230153e1e0d41bbcf1a4d41a569ff91ca63883bb8e24fd7067484/analysis/
- https://www.virustotal.com/de/file/dcd00dcc6e406be2b2b271abbbf16a59d7efb76a1942e74b2cad5d2e9f8f5938/analysis/1393880237/
- http://threatlog.com/search/realypay-checkout.com/domain/
- https://www.mywot.com/en/scorecard/realypay-checkout.com
http://www.mallpayment.com/risk/index.js
- https://www.virustotal.com/de/url/e1a3b4508777564232d8ef062eb682a3e236bc997af4338a20cd8d46f423e346/analysis/1394196268/
- https://www.virustotal.com/de/file/91ef2b7aa8e485fe44e489e0ae574d00552af458200ec03e0373863f5f060a40/analysis/1394196273/
http://pcookie.cnzz.com/app.gif?&cna=SqigC3Hpk2oCAYBvMAyTGMVT
- https://www.virustotal.com/de/url/b56a92a571d24fb7480aed4f263678c886a3f3f6981a4f5809a0d2daedf7d7f3/analysis/1394196462/
- https://www.virustotal.com/de/file/cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda/analysis/1393805553/
3/06/2014
Category MALICIOUS IP: 72.8.190.39 (ezuvekury.tk)
Infected with a spam or malware forwarding link - Botnet
(UNITED STATES) HTML:RedirME-inf [Trj]
The IP address 72.8.190.39 (listed in the CBL (Composite Blocking List)) corresponds to a web site that is infected with a spam or malware forwarding link. The website's host name is "ezuvekury.tk", and this link is an example of the redirect: "http://ezuvekury.tk?q".
In other words the website "ezuvekury.tk" has been hacked. Usually, the
redirect takes the user's browser to a spam or malware site. It's
usually fake russian pills or pornography.
In several cases, particularly with older compromises, the criminals that hacked this site will have uploaded a wide variety of spamming and other compromise tools. Therefore, the account corresponding to "ezuvekury.tk" needs to be examined very carefully for signs of tampering. Further, the criminal will even modify existing web pages (particularly ezuvekury.tk itself) to have hidden references to pill/drug/porn sites.
It is believed that the malicious redirects are done by altering web server access control mechanisms (example, ".htaccess" files on Apache web servers), and causing the redirect to occur on all "404 url not found" errors.
REFERENCES:
MALICIOUS SITE & IP: SPAMBOT PHISHING (VIAGRA & CO.)
http://ezuvekury.tk/
https://www.virustotal.com/de/url/c1fbcded30036142e1f72bb0c2e51b02f82143cfe1a203d8a0c696cf0c569259/analysis/1394109439/
HTML
https://www.virustotal.com/de/file/b4bc40d341c4ba868d0b4c350c16e45255a3ef0228f5559a7083fb903717ee5f/analysis/1394110104/
http://ezuvekury.tk/?q
https://www.virustotal.com/de/url/2c7095e8f7ce859b887a11de197516a0967f6e82c43a263f356c7609590bb499/analysis/1394109442/
HTML
https://www.virustotal.com/de/file/0191d7cb7b3f637aa74fceb86c5c6575b2b08e0765ca2da8635b1c7ea9538a28/analysis/1394110251/
--->
http://csbakhita.com/unsurpassable.html
https://www.virustotal.com/de/url/ea34f52e3fd906449af0c3be62218acd913bafb820752a841887a83baa97a854/analysis/1394110601/
HTML:RedirME-inf [Trj]
https://www.virustotal.com/de/file/983395c456d29de19308294e8a2e9de64ca643fa93d1005114d1fece45c7d1bd/analysis/1394110385/
---->
http://rx69.ru/
https://www.virustotal.com/de/url/afcb00221df516d2d5a6f95163ab18e3cdc7984103981f9aa20f9ca0995a2e96/analysis/1394111089/
HTMLs
https://www.virustotal.com/de/file/e579b048df4b4306705de79a4ff523b0c84f31e723449609c62026bb86020726/analysis/1394110754/
https://www.virustotal.com/de/file/5515e3e32b05d79f21752af75eca9eaa8150097d5280a08b2f017bcafd6fb94e/analysis/1394110741/
---->
http://www.doctortern.ru/
https://www.virustotal.com/de/url/d2ebc69875257b228bc3f76ebe89afd30249e66674f63bac247f90d6546bc842/analysis/1394111231/
In several cases, particularly with older compromises, the criminals that hacked this site will have uploaded a wide variety of spamming and other compromise tools. Therefore, the account corresponding to "ezuvekury.tk" needs to be examined very carefully for signs of tampering. Further, the criminal will even modify existing web pages (particularly ezuvekury.tk itself) to have hidden references to pill/drug/porn sites.
It is believed that the malicious redirects are done by altering web server access control mechanisms (example, ".htaccess" files on Apache web servers), and causing the redirect to occur on all "404 url not found" errors.
REFERENCES:
72.8.190.39
- https://www.virustotal.com/de/url/d402ba3e37849bfcab82b8de74d860729defcf62cbe3244ed2aa7e62d6fc1fbd/analysis/
- http://www.spamhaus.org/query/bl?ip=72.8.190.39
- http://cbl.abuseat.org/lookup.cgi?ip=72.8.190.39
MALICIOUS SITE & IP: SPAMBOT PHISHING (VIAGRA & CO.)
http://ezuvekury.tk/
https://www.virustotal.com/de/url/c1fbcded30036142e1f72bb0c2e51b02f82143cfe1a203d8a0c696cf0c569259/analysis/1394109439/
HTML
https://www.virustotal.com/de/file/b4bc40d341c4ba868d0b4c350c16e45255a3ef0228f5559a7083fb903717ee5f/analysis/1394110104/
http://ezuvekury.tk/?q
https://www.virustotal.com/de/url/2c7095e8f7ce859b887a11de197516a0967f6e82c43a263f356c7609590bb499/analysis/1394109442/
HTML
https://www.virustotal.com/de/file/0191d7cb7b3f637aa74fceb86c5c6575b2b08e0765ca2da8635b1c7ea9538a28/analysis/1394110251/
--->
http://csbakhita.com/unsurpassable.html
https://www.virustotal.com/de/url/ea34f52e3fd906449af0c3be62218acd913bafb820752a841887a83baa97a854/analysis/1394110601/
HTML:RedirME-inf [Trj]
https://www.virustotal.com/de/file/983395c456d29de19308294e8a2e9de64ca643fa93d1005114d1fece45c7d1bd/analysis/1394110385/
---->
http://rx69.ru/
https://www.virustotal.com/de/url/afcb00221df516d2d5a6f95163ab18e3cdc7984103981f9aa20f9ca0995a2e96/analysis/1394111089/
HTMLs
https://www.virustotal.com/de/file/e579b048df4b4306705de79a4ff523b0c84f31e723449609c62026bb86020726/analysis/1394110754/
https://www.virustotal.com/de/file/5515e3e32b05d79f21752af75eca9eaa8150097d5280a08b2f017bcafd6fb94e/analysis/1394110741/
---->
http://www.doctortern.ru/
https://www.virustotal.com/de/url/d2ebc69875257b228bc3f76ebe89afd30249e66674f63bac247f90d6546bc842/analysis/1394111231/
Trojan-Dropper.VBS.Agent.bp nisted @
atif.netne.net & www.miralicricketclub.tk & ali.net23.net
Yahoo Messenger ActiveX Control Command Execution
United States
MALWARE: Trojan-Dropper.VBS.Agent.bp
DOMAIN:
http://atif.netne.net/
- https://www.virustotal.com/de/url/d3aa38c2fffee9d9ceb0117ccd4728d30b77c54bf22e8d5d0fac9305c1bcd1bf/analysis/1394103005/
Trojan-Dropper.VBS.Agent.bp (DropFileName = "svchost.exe")
- https://www.virustotal.com/de/file/98685d45e4b540ec5c5df8a7dcafc59809e418cf8f3244d925b8076774a9ef55/analysis/1394103282/
Query to a .tk domain - Likely Hostile
- https://urlquery.net/report.php?id=9798971
http://www.miralicricketclub.tk/
- https://www.virustotal.com/de/url/7efe09ae9e4db8fafe4810bb6095c6b655a33b3cd16f289ba1ba40ac5dd9c7c5/analysis/1394103680/
- https://www.virustotal.com/de/file/077fc2c2faba2abc889dc77cb5d4267cde586b72efbed598a805f1b4e37f189d/analysis/1394103796/
Yahoo Messenger ActiveX Control Command Execution
- https://urlquery.net/report.php?id=9799113
http://ali.net23.net/Atif
- https://www.virustotal.com/de/url/1ca9e209e3e19505786b734292127a194bb0949883f3bcf8ba5ba21104180b81/analysis/1394104494/
Trojan-Dropper.VBS.Agent.bp
- https://www.virustotal.com/de/file/209aa8f782a195fe73c71d7fa69f61fde231417c961c0bfaec3be08db8beef6b/analysis/1394104303/
http://ali.net23.net/Atif/
- https://www.virustotal.com/de/url/ed5cb3bfc46d8b34a1c797e9f750bcfc26d39fc28a2aa3c9908d748121b5c4a1/analysis/1394104574/
Trojan-Dropper.VBS.Agent.bp
- https://www.virustotal.com/de/file/209aa8f782a195fe73c71d7fa69f61fde231417c961c0bfaec3be08db8beef6b/analysis/1394104303/
Yahoo Messenger ActiveX Control Command Execution
- https://urlquery.net/report.php?id=9799230
DOMAIN ITSELF:
http://ali.net23.net/
- https://www.virustotal.com/de/url/e905f8eef5b0c8944653fa6a70a9375346e30b03bf53e68cd2f8439485594350/analysis/1394104082/
- https://www.virustotal.com/de/file/2a9fcb18459f6f232b4fbb892298a755b986fcc6acaf54c95398a6e0afb7e211/analysis/1394104917/
musikahan.comyr.com infected with:
HEUR:Trojan.Script.Generic
(RECENT DETECTION) United States
MALWARE: HEUR:Trojan.Script.Generic
DOMAIN:
http://musikahan.comyr.com/
- https://www.virustotal.com/de/url/44fc4bdaff7b7fb488ab9a5e5096bd9e330e5d4a909d4355a76c6c2acb9b1ef2/analysis/1394097825/
HEUR:Trojan.Script.Generic
- https://www.virustotal.com/de/file/2eeac4e9a1dc0a945845c168208f500f9c6b50a79a17b1fac6bebffdcc856ce0/analysis/1394098280/
HTML:Script-inf
- https://www.virustotal.com/de/file/8d4f50cc2a22ba54e94ec49037742d1af05361f6979fad0354738bf1b3e26b8f/analysis/1394098294/
- http://jsunpack.jeek.org/?report=af58466c7a63754537d78602e912de5d493e8652
- https://urlquery.net/report.php?id=9798342
http://enalla.webs.com/popup.js
- https://www.virustotal.com/de/url/99a526e934041ddc4ba614d74d98ccbc59bafcc5fa6c86bb98aa575d6a38332c/analysis/1394098615/
http://enalla.webs.com/iframe.html
- https://www.virustotal.com/de/url/38e10e75ca14974a1f27f9af372557dfa708ff330aab8127e12ab560aa5e4cdf/analysis/1394098688/
RECENTLY DETECTED:
DOMAIN faralimite.comyr.com
Infected with Trojan Clicker (HEUR:Trojan.Script.Generic)
United States
MALWARE: TROJAN CLICKER
(ALSO: WORDPRESS OUTDATED: TOO LATE NOW)
DOMAIN:
http://faralimite.comyr.com/
- https://www.virustotal.com/de/url/dea5d45c602b95358e5d3309bd7d46ec819c8088b28f3f8ea6206978287adf17/analysis/1394095642/
- https://www.virustotal.com/de/url/dea5d45c602b95358e5d3309bd7d46ec819c8088b28f3f8ea6206978287adf17/analysis/1398985617/
HEUR:Trojan.Script.Generic
- https://www.virustotal.com/de/file/df00cc1d7e62cbec80aba637377f1ede92fcdb837bb0db31c8466eb6b0bdf1e3/analysis/1394095882/
http://deploycapital.com
- https://www.virustotal.com/de/url/8927d9369aa4dcd271b19907cae82e70852469b3aa5ef06e6c4f79a595e81d36/analysis/1394096265/
3/05/2014
NEWLY DETECTED:
Trojan.JS.Blacole.Gen
ldcseven.comyr.com & donchule.com
HEUR:Trojan-Downloader.Script.Generic
(Encoded Scripts - MIM-Tactic)
UNITED STATES
NEWLY DETECTED MALWARE DOMAIN(S):
HEUR:Trojan-Downloader.Script.Generic (Encoded Scripts)
DOMAIN:
http://ldcseven.comyr.com/
- https://www.virustotal.com/de/url/0685ba471b55e064305146a4155d1857601333edaf2d174788621557675da089/analysis/1394045893/
HTML:
- https://www.virustotal.com/de/file/9d8db988e3267396a97fe47f79a85719d31b6c118be64f58e337b90d7d75b446/analysis/1394046023/
MALICIOUS URL:
http://ldcseven.comyr.com/UFPvaVNW.php?id=29514587
INFECTION:
HEUR:Trojan-Downloader.Script.Generic
- https://www.virustotal.com/de/url/b6e6ec75c7190316ce80ef8661d56dd26406036052fd4d3eef39fd38ec3baf11/analysis/1394045890/
---> REMOTE LINK:
http://donchule.com/js/slider/Ww84LhDN.php?id=1821816
- https://www.virustotal.com/de/url/b9d3a4338b900524d214624c18c993059c91f88ed7e207f0cdcc64f48324afe0/analysis/1394048670/
FULL REVIEW:
3/04/2014
Bien faire l'amour a votre conjoint:
Phishing from b2b-onlinemarketers.com
(Originating IP: 14.01.31.00 & 193.180.116.211)
United States & Germany
(clara@b2b-onlinemarketers.com)
Etes vous frustrés parce que votre vie intime n'est plus aussi magique
et romantique qu'avant ?
Vous n'êtes pas seuls.
Vivre avec le même partenaire pendant longtemps peut devenir stable et
confortable mais cela peut aussi tuer l'étincelle qui a rendu votre
couple si spécial au début.
Voici quelques idées simples, créatives pour raviver la magie:
Découvrez ces Astuces en cliquant ici >>
Votre vie amoureuse va repartir comme au premier jour
souvenez-vous...
 |
| Screenshot from Clara Phishing Mail... |
http://b2b-onlinemarketers.com/
- https://www.virustotal.com/de/url/cd8c82234f83bf6d42a840f62543264c8cfb8e640cd4b02764ffaa650516f7c9/analysis/1393969667/
http://b2b-onlinemarketers.com/link.php
- https://www.virustotal.com/de/url/fa353260bb569872664ee9ad837a5a46bf2bb0b3ff442f718c5120e8c589ea61/analysis/1393969679/
http://b2b-onlinemarketers.com/open.php
- https://www.virustotal.com/de/url/21f7ecb30723abfe40f8d6883e2c9f613381ed0e43bcbf4ee14a6b5cc9d83fcb/analysis/1393969697/
http://b2b-onlinemarketers.com/unsubscribe.php
- https://www.virustotal.com/de/url/ea7cdf99f93a066717a977172796cea4f7919eebfdc3b133735dfe9496131e54/analysis/1393969708/
ORIGINATING IP(s):
http://14.01.31.00 (UNTRACEABLE)
- https://www.virustotal.com/de/url/0ca02226514f94be9240ae3de880927998f331b03dfcb694af9c39483cdb8f64/analysis/
http://193.180.116.211 (GERMANY)
- https://www.virustotal.com/de/url/6d431e65d4d69140dc204e2be1c72073c17213c1fe7c10d392d8f27688e98d0e/analysis/1393969801/
E-MAIL REPUTATION: POOR
- http://www.senderbase.org/senderbase_queries/detailip?search_string=193.180.116.211
http://1931801162111.b2b-onlinemarketers.com
- https://www.virustotal.com/de/url/34c449a687e7a6ef3ed276f545169531cf24198f113f666c3ccffcf7731a8901/analysis/1393969877/
- http://www.senderbase.org/lookup/host/?search_string=1931801162111.b2b-onlinemarketers.com
BLOGGING MALWARE CONNECTION:
Yahoo Messenger ActiveX Control Command Execution
al-fatihahfatihah.hak.su (wen9.com, SOVIET UNION)
MALWARE NETWORK (MULTIPLE SITES):
HIDDEN IFRAMES
Yahoo Messenger ActiveX Control Command Execution
DOMAIN:
http://al-fatihah.hak.su/
- https://www.virustotal.com/de/url/1962a67928d584eb43c11d5971d59699054493446146ea20cf2af8a62b63edc1/analysis/1393936132/
HTML:Iframe-inf
- https://www.virustotal.com/de/file/be26f50ce7826afb4895abe505e156512d7c6f8f4b3ce2e02509e5a7a5548dbd/analysis/1393940987/
Yahoo Messenger ActiveX Control Command Execution
- https://urlquery.net/report.php?id=9765152
- https://urlquery.net/report.php?id=9765156
- https://urlquery.net/report.php?id=9765157
http://al-fatihah.hak.su/index.html
- https://www.virustotal.com/de/url/c55da57f592d7b30142708f1f0e35d03000a34c450229e8e72c51c27ecb8925e/analysis/1393947705/
HTML:Iframe-inf
- https://www.virustotal.com/de/file/be26f50ce7826afb4895abe505e156512d7c6f8f4b3ce2e02509e5a7a5548dbd/analysis/1393940987/
Yahoo Messenger ActiveX Control Command Execution
- https://urlquery.net/report.php?id=9766893
FULL REPORT:
MALWARE-SPAM from Levitra (PHISHING):
variographics.de - keydiscover.pw - edapotek.eu
(GERMANY) (Rogue Medications) KAUFEN, KAUFEN, KAUFEN
MALWARE-SPAM: TDS PATTERN (sid) SEO SPAM
COMPROISED DOMAIN:
http://www.variographics.de/
- https://www.virustotal.com/de/url/826914f71c772081a4006a4b8d4a0052e94516f5fd367fa9e2664a6f43ab1d61/analysis/1393897768/
http://www.variographics.de/levitra-generika-europa-kaufen
- https://www.virustotal.com/de/url/4fdef3349ed2cc0f01d33729e0a98343d598ec47357eb19349b80c4753566085/analysis/1393896321/
SimpleTDS (go.php)
- https://urlquery.net/report.php?id=9761299
--->
http://keydiscover.pw/
- https://www.virustotal.com/de/url/79c16dc3063a395db04e63cc452803dc5dd7f20272f919868c31c31f462c301c/analysis/1393898631/
---->
http://edapotek.eu/
- https://www.virustotal.com/de/url/796f23f603e37c30c96323a5a17e9240452213df055795e53fc2d94b4965c37c/analysis/1393898671/
3/03/2014
POTENTIALLY MALICIOUS DOMAIN: danaearhartlitif.discovermangosteen.com & descubramangostan.com
Hex Obfuscation of document.write % Encoding
(UNITED STATES)
SUSPICIOUS/MALICIOUS DOMAIN:
Obfuscation of document.write % Encoding
DOMAIN:
http://danaearhartlitif.discovermangosteen.com/
- https://www.virustotal.com/de/url/8d60d054384c8961ee45cbb34bc5f3d41c16aaefec0af1223c9a3c7f1dc5b7ef/analysis/1393851554/
http://danaearhartlitif.discovermangosteen.com/goland3
- https://www.virustotal.com/de/url/61d343cfbb29a32d27a54489b3d7f887164d7f2bda2d2c01bd0fc2c6ed80db07/analysis/1393844797/
- https://urlquery.net/report.php?id=9750352
Obfuscation of document.write % Encoding(SEE: http://jsunpack.jeek.org/?report=655d39915efe7e0ad9d7598684efabb10ede91ff )
http://www.discovermangosteen.com/preenroll.php?uname=danaearhartlitif&nopop=&er=1&firstname=&lastname=&firstin=1&email=&phonenumber=&promocode=goland3
- https://www.virustotal.com/de/url/2328a244e313f7d2586c5a74cabc5508ca1124ec5046917f8672e0665ef14ef0/analysis/1393846412/
- https://urlquery.net/report.php?id=9750525
- http://hosts-file.net/?s=discovermangosteen.com
suburbangloves.us INFECTED (IP: 31.131.31.37):
Newly registered (27/2/2014) with STYX EXPLOIT (Request)
CVE-2013-0422 & CVE-2012-1723 (MALICIOUS DRIVE-BY-DOWNLOAD) HEUR:Exploit.Java.Generic (Ukraine & Atlanta, UNITED STATES)
MALICIOUS SITE: HEUR:Exploit.Java.Generic
CVE-2013-0422 & CVE-2012-1723 - Styx Exploit
MALICIOUS DRIVE-BY-DOWNLOAD
DOMAIN:
http://suburbangloves.us/
- https://www.virustotal.com/de/url/0f6259a4a69dff3c944152fea3de2851e3b5ef01fb61496147a3d6dadfd614b0/analysis/1393800305/
http://suburbangloves.us/QqzUdhQGUQQPGvzO
- https://www.virustotal.com/de/url/8fb30cd5ff21e6e7e6b431c6431ccddcc42e4152bfd1b90444007240b25ae68d/analysis/1393794468/
- https://urlquery.net/report.php?id=9744021
http://suburbangloves.us/QqzUdhQGUQQPGvzO/i.html
- https://www.virustotal.com/de/url/9c92ac7cd39719f5fa343ec013820ca40aa4d55846ab01a7afaab2c3eb670f94/analysis/1393794963/
- https://www.virustotal.com/de/file/1e645c21dd7a80086a30a4ab4acc9fe78f1af174e48db2473765987633235f36/analysis/1393789188/
http://suburbangloves.us/QqzUdhQGUQQPGvzO/yTMLH.html
- https://www.virustotal.com/de/url/5bd4347667f2df453c91ba18ad66f305cc87326a41edf504ceac218d7750ee8e/analysis/1393795068/
DRIVE BY DOWNLOAD FROM:
http://suburbangloves.us/QqzUdhQGUQQPGvzO/gKJRbJIU.jar
- https://www.virustotal.com/de/url/e0e0e0f255765c8591d68997361d9fff0181e03c4255dfa6e9ce011426ce1f09/analysis/1393794808/
- https://www.virustotal.com/de/file/7b4e78e8d40735130f125f2a7f555685541e512a2e25a82cf30fdf0ecb66fa22/analysis/1393794812/
http://31.131.31.37/
- https://www.virustotal.com/de/url/e100f0c610570e43a4c8e36054a370e07da32459804da03a6e581adccb2357a4/analysis/1393803636/
- https://www.virustotal.com/de/ip-address/31.131.31.37/information/
FOR CVE-2013-0422, PLEASE READ:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0422
FOR CVE-2012-1723, PLEASE READ:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1723
FOR FULL REPORT SEE .txt ICON:
 |
| You Will Be Caught...Make no Mistake about it (4 Days online, and already mistaken...) |
Abonnieren
Posts (Atom)