Potentially MALICIOUS ADs: bellroy.com (IP: 54.236.92.225) risking with HIDDEN Iframes (W32.HfsIframe) and Microsoft Internet Explorer remote code execution via option element

FOR WEBMASTERS & BLOGGERS

If you own a Website or a Blog and are affiliated with Google AdSense, in order to your own Reputation, should block the Domain bellroy.com in your AdSense Dashboard. See the following Report why:

MALICIOUS ADVERTISER: 
HIDDEN IFRAME(s) & 
Microsoft Internet Explorer remote code execution via option element

DOMAIN:

http://bellroy.com/

• https://www.virustotal.com/de/url/c98b0274361f078ffe11c672882a44deea265179edb5c6fa0602d63080855968/analysis/

W32.HfsIframe

• https://www.virustotal.com/de/file/67b5a8555f0660f5cea968abbbe32c48a92b6c0cb1782c682a0bb7d35f2439cd/analysis/1397146549/

<--- iframe src="//www.googletagmanager.com/ns.html?id=GTM-MF9C"height="0" width="0" style="display:none;visibility:hidden" --->

AD-LINK:

http://www.googleadservices.com/pagead/aclk?sa=L&ai=CGfswyL9GU6j-NIuoiga4sYDQCouup8sGi_S0sYgBo5WpvzgQASCOwJQjUJeJzE5guwOgAd3f68sDyAECqQI_TRhS36CvPqgDAcgDwQSqBIsBT9BrjS7o2Hx01Y0JFiIuwvJ1xe9IjZ3AaQviQnug8Np1m1Lub00UCac2hzu_KqEdA3aCF6v0DESTEaRR-1SjYlNxE2mKIljXjfcmAgj4IJnE_mEbmdov7A_Top1ov2PE0Cm3JltzAOkli0GYOFPDLlmdDDZfXT2fFSIbEi-AgySr64NOLCIbYqODF4gGAaAGAoAHi6CUNA&num=1&cid=5GjrqWA5Hr9KASVQwZCWupTr&sig=AOD64_1_pgpU0nS6Jm4kbl0tCan3rcz2HA&client=ca-pub-5585202032329389&adurl=http://bellroy.com/wallets/note-sleeve-wallet&nm=2&mb=2&bg=!A0RJckn2eYHUnAIAAABGUgAAACcqAPHBZ1R_GZZ-qskVhAC1RCaSH8E7P1WWZC0O5x_RfOeSlUkxeJvIMszsmy3sXPqRsDlNy8wF68FONASqnu6VRxJ-s-NpHWsQ1GS7blV93HhI3unMwwLWf3jO_ggQ1uDpL5_XK5lofwEA5P2icYwOYX-diVH7uhcjdcVDH0WnnUDwsfalxoHuio6rkHLlVZEw0K_n8FBECRILAC_D7YNm3YixQnPoAup1vg7QEcYLoGraugw_6A2qJro2Z8bmpX0mbatP_HXSBMdhAiO9S4pffic21NrkmjGVx-d_c9TBhi1Tj4BMHIOEuAFJr7PX2F7yuuWu

• https://www.virustotal.com/de/url/95f54e683c7aa90bcff2516c4203b1eab34ab0773398e57f1df39494d6bfa9da/analysis/1397146003/

W32.HfsIframe

• https://www.virustotal.com/de/file/5a84faf5f6aca07d4390a9b5cfccc29512b29edb295113d7a6f81dd8c85e0028/analysis/1397146289/

<--- iframe src="//www.googletagmanager.com/ns.html?id=GTM-MF9C"height="0" width="0" style="display:none;visibility:hidden" --->
Microsoft Internet Explorer remote code execution via option element

• https://urlquery.net/report.php?id=1397146071040

• https://urlquery.net/report.php?id=1397146084651

--->

http://bellroy.com/wallets/note-sleeve-wallet?gclid=CJGghbqm1r0CFbFFMgodI1QA3w

• https://www.virustotal.com/de/url/415b1b40a688e6db53001d576b04991a469967e8b17f5327f591942b0ec5b423/analysis/

W32.HfsIframe

• https://www.virustotal.com/de/file/fbf1f3b0f36895ff64f2ed8270a6058d912395b6fe94a596b7f0e04381422a90/analysis/1397147003/

<--- iframe src="//www.googletagmanager.com/ns.html?id=GTM-MF9C"height="0" width="0" style="display:none;visibility:hidden" --->
Microsoft Internet Explorer remote code execution via option element

• https://urlquery.net/report.php?id=1397146245634

• https://urlquery.net/report.php?id=1397146261020

• https://urlquery.net/report.php?id=1397146282006

IP:

http://54.236.92.225/

• https://www.virustotal.com/de/url/17c875d298cbb4a685465b5dfbd5f3ae5097b78a8fa58184f224a872eec7d4f3/analysis/1397147591/

• https://www.virustotal.com/de/ip-address/54.236.92.225/information/

HIDDEN LINK TO:

http://carryology.com/

• https://www.virustotal.com/de/url/85e70248597bc714f3eac0644ff669c2680af8b6a50b23d34420e54e0f9bd902/analysis/1397147301/

Potentially MALICIOUS ADVERTISER: Heuristic.LooksLike.HTML.Suspicious-URL.K @ gaastraproshop.com (m.gaastraproshop.com) IP: 65.52.130.250 UNITED STATES

FOR WEBMASTERS & BLOGGERS

If you own a Website or a Blog and are affiliated with Google AdSense, in order to your own Reputation, should block the Domain gaastraproshop.com (m.gaastraproshop.com) in your AdSense Dashboard. The Site is potentially Blacklisted. See the following Report:

POTENTIALLY MALICIOUS ADVERTISING DOMAIN:
Heuristic.LooksLike.HTML.Suspicious-URL.K & HIDDEN IFRAMES

DOMAIN:

http://www.gaastraproshop.com/

• https://www.virustotal.com/de/url/8fe4129403e2f8a3329f8e8c2c030a8e071aa0ca416e83db22bbf2647a9b9354/analysis/1396956156/

HTML (before REDIRECTION) Heuristic.LooksLike.HTML.Suspicious-URL.K

• https://www.virustotal.com/de/file/bd2bbbc521c2ef59397a0d0094451a2f1c978c88ee3f408a796071a58a733476/analysis/1396956097/

HTML (after REDIRECTION TO: http://m.gaastraproshop.com/ )

• https://www.virustotal.com/de/url/9b672b89952372844701c6eaee854ac53baed519cf854c2d76f7027e8509ac46/analysis/1396956311/

• https://www.virustotal.com/de/file/5a7ac6c9a4573c03f9d3b78278854f8eeb77300b41013769849f9593b61cdc10/analysis/

AD-LINK:

http://www.googleadservices.com/pagead/aclk?sa=L&ai=C9_qImM1DU5zaMMyR7ga_pIGgD-7TzuYDzuLHuJsBwI23ARABII7AlCNQuuWsjQNguwOgAczZxPUDyAECqQJouv3HAA-3PqgDAcgDwQSqBK0BT9BVRjDmVncwPOaYlYqDgq5ewlrE62ZKg0EI3bGzSTS2RY4AcjI1uPQNsHaT4rugdrGcIj5NrDkcP7WvV3x2WuALeS2pfl45Vy5x8WsjjQJyAGpQLLToRLzbxcQM41r1VIRWE8sXrd471wq5qDA1D1yV2v7JUSCrkTyQapMs3-HduhxiXs_1faUi_uZDXGoSpta2LFNFHiVzbqL7spmvDb14LM8BdBc3Ht1CYHmIBgGgBgKAB5ymuwo&num=1&cid=5Ghek0AXvKdmiT_PaZgyrXhR&sig=AOD64_1HNWVDpsJ2tiouym8BUaG8D7D4nw&client=ca-pub-5585202032329389&adurl=http://www.gaastraproshop.com/com-en/&nm=3&mb=2&bg=!A0QdcMC5dYUeWQIAAAA5UgAAACwqAOEto0uFWoyzbF9BgLpTZd0j0HlH_C56hY4NLvc3NtowaaH-Z-csGgTuThLZ2700ImAxJCtXBWy07lw2lhyW729LbQpRbKOUhBOCgNPTzNU7gGGfUbNk7f1Es-R1OT2rxWGFmICxmADsYZbJkCp3x90QW9x_krZl8PbIDV5TojB9Z4tmta85i7Np_800PxgiPJJfwWvSEdIldac4iEnohF9kF7b9tuMjUDC-jxzvmThXXObWG5HuPVidMyu5kw1D6sjILopgRn4ifnP6aV0gn8heXTWUH6sXVSlhTfbA-94Jv2Y

• https://www.virustotal.com/de/url/62eb0a95606957e05b738baee9c886cb70a5e34c5e23659bbf4d96dc14ca3df1/analysis/1396955224/

(HTML-SRC) Heuristic.LooksLike.HTML.Suspicious-URL.K

• https://www.virustotal.com/de/file/567b8090d9678ab59051c8039a8ee4db6219e30ddc833fc417e74ce75d051dd1/analysis/1396955699/

URL AFTER REDIRECT:

http://www.gaastraproshop.com/com-en/?gclid=COiest_f0L0CFeY-MgodzxsAfw

• https://www.virustotal.com/de/url/8e9706ee82cfd4bafcde4bb245ce1dd2798c2e1bb7d35e914015246b70eb1f1c/analysis/

(HTML-SRC) Heuristic.LooksLike.HTML.Suspicious-URL.K

• https://www.virustotal.com/de/file/476be34d21b40a8ebc9eedf9bfd0b59a671735cac2517af1e007cdabf9860d80/analysis/1396955811/

IP:

http://65.52.130.250/

• https://www.virustotal.com/de/url/153ecf2fa49f6cfa49c849cdadf0abea1ca0d4ea9d299e1ce04c837d83c498ad/analysis/1396957138/

Win.Adware.PCFixSpeed - Category Malicious ADs: www.pcrx.com HIDDEN IFRAME (W32.HfsIframe) BAD REPUTATION from Boca Raton, Florida, United States

FOR WEBMASTERS & BLOGGERS

If you own a Website or a Blog and are affiliated with Google AdSense, in order to your own Reputation, should block the Domain www.pcrx.com in your AdSense Dashboard. The Site is potentially Blacklisted. See the following Report:

MALICIOUS SITE (ALL IN ALL):

DOMAIN:

http://www.pcrx.com/

• https://www.virustotal.com/de/url/d134b225cf91b786e6cf9e3864b67f8a573f4de32782a21329e495c0abbcc219/analysis/1396782475/

AD-LINK:

http://www.googleadservices.com/pagead/aclk?sa=L&ai=CMwaGcWBAU_i9AoSM7gb_loCwDsy0sLYGpOjF74kBwI23ARABII7AlCNQz7C-s_z_____AWC7A6ABlLn94wPIAQGoAwHIA8MEqgSiAU_QFxELMNi3LYLgPVXseXnrzD6zDU-J9nXFbw2MryJfQV2MP98Ot-XiBzbVkkAFtRnTRs1qSxOOUOszsmoO2qQisuMwkpn9MK8EGJIdZyph2EyPdzoKqSFWD3C4eMQ95FbGFFCHpl1gz4uPUvbNB8gpYVzPuG6YN7kh-7HHQu-CsISfIufJqY0JTLHVQfcx2gpRXnBisX6spyMI2nBDImh03IgGAYAH1MaCHA&num=1&cid=5GjWo9iwtAvE92tyQ7Z3AUiU&sig=AOD64_357e7amdBz9W7LrWCbdRymWZaNWQ&client=ca-pub-5585202032329389&adurl=https://www.pcrx.com/lp2.aspx?cfg=286&b=GGL_PCRx_ppc34_26PCRx_25_cfg286_*GeoUSCA*_-Content-___virus%20removal&s=awppc34&utm_source=google&utm_medium=cpc&utm_term=virus%20removal&utm_campaign=ppc34-26PCRx&nm=13&mb=2&bg=!A0R-hdQBXOFz0QIAAAA8UgAAABwqAOEZb79pp1D1BE3K7kwI4IOviZ2ubSDhRDJG-7Q4HlS4ZjzcD9QltXbHPpVJdOgrxS3cGZDZauOfZjC6SCCrQ7fVHaKypOSsHZfbX0k7nJ7JNhgSZG7hhEe-BfIiXwT9XJoD4p2_0hnSAD9N6RGfKbD72wSjZTlbAm2ILmg4wXbdZmVOSu6UF4GnFC1vWHqKwNmpMhtAIWpYOO-As5VPOLiflE-B9hlWCIYvvFZZkwncRl4GFWbkdMjFoTD0SdPu5nlIl8KUg51-rSptOBGwp0TELfzhzYbR91ChncIZ-RgADCg

• https://www.virustotal.com/de/url/d01eeb168d9f7603355a6c713dc9f849d0ff9bb33317fe15eb9eba4f712b38b3/analysis/1396780767/

W32.HfsIframe

• https://www.virustotal.com/de/file/f185f969ec9e00171ae2c074e778151098b139d6582bfcf38677aedc07c9d844/analysis/1396780976/

---> REDIRECTS TO:

https://www.pcrx.com/lp2.aspx?cfg=286&b=GGL_PCRx_ppc34_26PCRx_25_cfg286_*GeoUSCA*_-Content-___virus%20removal&s=awppc34&utm_source=google&utm_medium=cpc&utm_term=virus%20removal&utm_campaign=ppc34-26PCRx

• https://www.virustotal.com/de/url/b9f4bea865ca713b6d2f2502ddf25b7c2b3568c57ad8d74ae87304a79e5deccd/analysis/1396780879/

COMODO WEB INSP.: Malware Downloads

• http://app.webinspector.com/public/reports/21119862

POTENTIALLY MALICIOUS PCRx DOWNLOADS:

Win.Adware.PCFixSpeed

• https://www.virustotal.com/de/file/6a9485d64a00f9e12772d2c87046aaea52cad77dcb5d780a785b6926803dd9f1/analysis/1396782228/

• https://www.virustotal.com/de/file/20d7c743da686f8d380d6aaf53b000ef111ba6f4167ed326a5f5529726e6269d/analysis/

• https://www.virustotal.com/de/file/5bcc827dd5eb10282ca30005bcd87e5b7e16f7e1f12b26ddbb6e8d72ed4f09cc/analysis/

WOT: POOR

• https://www.mywot.com/en/scorecard/pcrx.com

http://www.urlvoid.com/scan/pcrx.com/

• http://scanurl.net/?u=www.pcrx.com%2Flp2.aspx%3Fcfg%3D286%26b%3DGGL_PCRx_ppc34_26PCRx_25_cfg286_*GeoUSCA*_-Content-___virus%2520removal%26s%3Dawppc34%26utm_source%3Dgoogle%26utm_medium%3Dcpc%26utm_term%3Dvirus%2520removal%26utm_campaign%3Dppc34-26PCRx&uesb=Check+This+URL#results

IP:

http://64.135.82.105/

• https://www.virustotal.com/de/url/da96984c002d149f8f2254493dee205349d8d1e13239bd6660d8f55634e53a83/analysis/1396783074/

• https://www.virustotal.com/de/ip-address/64.135.82.105/information/

MALICIOUS ADs: www.xforex.com (IP: 23.8.245.172) risking with Bad ReputationScam, Spam, Poor customer experience, Misleading claims or unethical & Phishing Cambridge, Massachusetts, USA

FOR WEBMASTERS & BLOGGERS

If you own a Website or a Blog and are affiliated with Google AdSense, in order to your own Reputation, should block the Domain www.xforex.com in your AdSense Dashboard. The Site is potentially Blacklisted. See the following Report:

Screenshot of XForeX.com

MALICIOUS AD: LEADS TO BAD REPUTATION DOMAIN 
Domain/host was seen to host badware at some point in time


SEE AS WELL:

Scam
Spam
Poor customer experience
Misleading claims or unethical
Phishing

• https://www.mywot.com/en/scorecard/xforex.com

LINK:

http://www.googleadservices.com/pagead/aclk?sa=L&ai=C7kIPTbA-U9r2MqLu7Qa34oGICKiNkI4FiOvztmOE05t5EAEgjsCUI1DHtrnlBmC7A6AB-rD19APIAQKoAwHIA8EEqgTAAU_Q1g4toONI8eh4XQEyxHCFFEpgkD3s3VJSDzQPbzQ47fu8UJOB4_RNiCTdxf4vK_LKSdNczlvgb_vd2pb_mxTanR-wYBEI9aQX6KoWcCLae1OAI277O6w9N3KSo20c9UZMuh_-gNPlGVV7Cd8UnTVHSdTzazgwo_zpaKyeOiXHAgE_vEjWqA83eftbjPMD4XZsdyuLms2tiV8UB_jLN2NEzZjGZpxAkY_b6sFs54LPl8Vc7X3gP2wNAWpUH5NUc4gGAaAGAoAH7s6KCw&num=1&cid=5Gjyw7ojawW0czFIzezfwp9h&sig=AOD64_3DIimc5hTEw20ICdz_UVXHn3iwIQ&client=ca-pub-5585202032329389&adurl=http://www.xforex.com/ForexTradingTL%3Ftlid%3D115069%26src%3DAdWords%26medium%3DPPC%26campaign%3DAdGroupName%26ad%3D26652225616%26SiteTarget%3Dstayaway2.blogspot.com&nm=3&mb=2&bg=!A0TOlq2_SVCfUQIAAAA6UgAAABEqAPHBcvoWfHjKrzYiCXP8K18SMcCKicgztc2N1qFlSFwV-JoauJojxqe0p7gbnlnhPr1_XrKGNVLJLetSDJNw8-oa0_5Atqssh7YnQ1iAdBlL_sYFFUUD661JesYOjpxKL2xo4eHYTOWo8Rrim73oi0rkDTdIRZGqChSPt3--pLJ7IBdbaA1A_zkNhCvgo3w5evKr3lGHbnUQx_2lr0G5SiJf0SH6miR9ZfMSWPvWE39JGjUiQZ4OP8BHNHCJG-LK8EdzB4Dbu2JQ-RgdA0zCRBcrIEHy5EXJQ4vFdMaulhVEaD_q7cAC5jDhxi5Vtn-lDj5O

• https://www.virustotal.com/de/url/d2a5d5d9bf918228e5cb654ae3798e09b8256ed110d5f633f18d60da82c56ded/analysis/1396617728/

URL after REDIRECT:

http://www.xforex.com/cms/lp/GSplit_FR/?cid=45&tid=115069&lid=fr&pubid=-1&reqt=1396617729225

• https://www.virustotal.com/de/url/29ee4b6d441d8430c95f6f01b58c0eabbd1b3677f00cef5b6fd4a2faeb8d8d79/analysis/

DOMAIN ITSELF:

http://www.xforex.com/

• https://www.virustotal.com/de/url/da5478eab00be730cd930a7dce16ecc2666df8586a018d366c83e8856d6064b5/analysis/

IP:

http://23.8.245.172/  (Cambridge, Massachusetts)

• https://www.virustotal.com/de/url/28c450178989e65f572bff524c8cd114bdaf81864c8a5e9de52c89950428fceb/analysis/1396618830/

• https://www.virustotal.com/de/ip-address/23.8.245.172/information/

MALICIOUS ADs: download.fromdoctopdf.com risking with Adware.MyWebSearch White Plains, NEW YORK (UNITED STATES)

FOR WEBMASTERS

If you own a Website or a Blog and are affiliated with Google AdSense, in order to your own Reputation, should block the Domain download.fromdoctopdf.com in your AdSense Dashboard. The Site lets your Visitors download and install persistant ADWARE. See the following Report:

MALICIOUS ADs: Adware.MyWebSearch.15

MALICIOUS CONTENT & DOWNLOADS:

http://www.googleadservices.com/pagead/aclk?sa=L&ai=CZ5u950M9U8H1Goiu7Qbw7YDgCMWmg7oEza6d5Fmwtc3fUBABII7AlCNQq8iQnAZguwOgAbuLoeMDyAECqAMByAPBBKoEkwFP0INx3GRxGmf75YJHVfg23Y1q0faoAWwxpSI0eW2lAjrO4iGtdTPCH5e2qE0-OJYs2Nzy3PwLsVBURyZQBdBqSuU3c8rON3dh9vA-8VLjBuUDUefI0r3rD9eSIrC-NykRnoCC_TyV-EAoBCDuoqT7Gs-hxBakOM0ZIuWaQx0i1lofQlAkWFG6zz51lD0laNJkf-uIBgGgBgKAB6303hw&num=1&cid=5Gi0szH0G6npQc1zBwu_So85&sig=AOD64_1k0A5LtYUiNxfDGsHRhrPeLa_gQA&client=ca-pub-5585202032329389&adurl=http://download.fromdoctopdf.com/index.jhtml%3Fpartner%3DY6xdm010&nm=1&mb=2&bg=!A0S2nPCfVMrd2QIAAAA3UgAAABgqAOEAYGl_c7TMnCDOZeuOQ1tdwMlTc5AjqsfXe6qIrAw64KouboiusTyHanPQBv1xwPq5aJtvphicS2RfNGWeczY_j68aSMS7YgI5crzlya6a1oHsBSRE3bjLecUvRnaNGRi2UveY9oI91rKvISEK3gSPdHKAZ9We2D12U3d-N6nskV2jobsjRJYY1P0-R2Utrg-kJcArZtz9bURG1mslSipysYp8n3u3rGyh40WBX4gqJJkgGqYahbw9-wnY3eF4A2ooAG4_smQYaM9C0Iu5FwVm1Us5ddKk2NOcgoOoqeDV7KE

ANALYSIS VT:

• https://www.virustotal.com/de/url/09f26ddc5338a53ab3d8161f9694c23b876736809c779d59ccd0265bfac9d423/analysis/1396524292/

URL AFTER REDIRECT:

http://download.fromdoctopdf.com/index.jhtml?partner=Y6xdm010&gclid=CPOus7OaxL0CFaw-Mgod8FAA7A

• https://www.virustotal.com/de/url/f47d656744a326f0c31554124e28cfed59e6417e1f2f19a907478fb0aa437522/analysis/

IP:

http://74.113.233.180/

• https://www.virustotal.com/de/url/54b4d071b1897bce1af782c969f0510bd2744190d95d92e4bae7d9758a033bb3/analysis/1396460279/

• https://www.virustotal.com/de/ip-address/74.113.233.180/information/

Fwd/Rev DNS Match: NO

• http://www.senderbase.org/lookup/?search_string=74.113.233.180

SCREENSHOT AT URLQuery: https://urlquery.net/screenshot.php?id=1396456860485

CLICK TO DOWNLOAD & INSTALL:

Adware.MyWebSearch.15

• https://www.virustotal.com/de/file/3861f4259af68b4ba6ea7cdff84d9ce2deddcf4f5056685d00997d12fdcd4593/analysis/1396524664/

MALICIOUS GOOGLE ADs: lp.usafis.org IP: 199.83.133.103 Dover, DELAWARE (UNITED STATES)

FOR WEBMASTERS

If you own a Website or a Blog and are affiliated with Google AdSense, in order to your own Reputation, should block the Domain lp.usafis.org in your AdSense Dashboard. The Site is Blacklisted. See the following Report:

SCREENSHOT

CATEGORY MALICIOUS ADs:

URL-ADRESS:

http://www.googleadservices.com/pagead/aclk?sa=L&ai=CQWYQ6Fg8U-mVAqbh7gbvwYG4BuG8-sQEiYLSz6kBkMXezTQQASCOwJQjUPaHqvwBYLsDoAHIvKPRA8gBAagDAcgDwwSqBJMBT9DSNrdKaf3tgZ3HfWKVLH0Z46SKm9m2r8uHx3Ft-dltZpHnSTihb5h2ESNihNSi7PSdBLo5afvwg71-spzF0iaj_Aw6jWpUqxO_0Lr5Y7mObN50oN3QUHfVD4qPMo7nwFONtdoIGBHQp5Aaw-0GGiCq1lGeGPk6HWaJlslc6gVPhANw-yEp43j6sHJ37kXsPS_DiAYBgAehhcgg&num=1&cid=5GgDBitt7wd5qFH1jxkIzw7b&sig=AOD64_0UD0Zu2wYnP7KOChIno2RcihNCaw&client=ca-pub-5585202032329389&adurl=http://lp.usafis.org/newG_lp/usafis/usafisGLP%3Faf%3Dwiz_1959_&nm=17&mb=2&bg=!A0TCTVHOo1F4igIAAAAwUgAAACMqAOGa7fUKZLHPJScEM3xhxwSxbxPrjVHd-sw6Hg35xKGt3qwcRr-Ua8bVIgF-HTZ6EuyIcZyEn2OsnrTDBymDzR64g51dDmIK_dNVn4HnJaCqoWc34ChDOhdfiRLX8cyJIqWOw61MGek5TrJgT8jp0ZPjFcAMOqPrMKM-LQdgzlbuevIcZcWmSxXtO2P4oU7stltNGw9k8bDDnhJrkSJ5p3bcUYZxK4bnjKWTwc4JtrULyq1QFEbp0tOtnVHHVt9Y2-Dw42fvk6ZxyesqRuMnxCmV2gXQn81ajrTWBM7QxMKAUbA

VT-Analysis:

• https://www.virustotal.com/de/url/57c334c691162cf05c07d1cd880313c4e51ac68b92315a65494a3df0d7314a61/analysis/1396464870/

URL AFTER REDIRECT: MALICIOUS DOMAIN

http://lp.usafis.org/newG_lp/usafis/usafisGLP?af=wiz_1959_&gclid=CJ6ov4S9wr0CFYY7MgodglgASQ

• https://www.virustotal.com/de/url/0807f2619bc2c0e997f58d21acabc4ee3ac0900f1b7142d02eda01dd9cfac7a3/analysis/

DOMAIN ITSELF: (BR = BAD REPUTATION)

http://lp.usafis.org/

• https://www.virustotal.com/de/url/d0c317fdd6d7274f310d98d4cb3efffbc2da92f503f4e7aed663d6615dba3871/analysis/

IP:

http://199.83.133.103/

• https://www.virustotal.com/de/url/02b83c37d237956138a7fa8102e34ccdcb9e27b05422089a0f107734c5b5869c/analysis/1396465973/

• https://www.virustotal.com/de/ip-address/199.83.133.103/information