Translate

Posts mit dem Label Category Suspicious Ads werden angezeigt. Alle Posts anzeigen
Posts mit dem Label Category Suspicious Ads werden angezeigt. Alle Posts anzeigen

4/07/2014

POTENTIALLY SUSPICIOUS Advertiser:
Several HIDDEN IFRAME(s) @ www.studyinteractive.org
(IP: 94.236.98.164) W32.HfsIframe
London, UNITED KINGDOM


FOR WEBMASTERS & BLOGGERS
If you own a Website or a Blog and are affiliated with Google AdSense, in order to your own Reputation, should block the Domain www.studyinteractive.org in your AdSense Dashboard as the Site has several hidden Iframes (See Screenshots below). See the following Report:


SUSPICIOUS ADvertiser: 
HIDDEN IFRAMES & LINK TO MW DOMAIN

DOMAIN:
http://www.studyinteractive.org/
  • https://www.virustotal.com/de/url/f3d49c88f67e594a5e2790d6b04c04386bba772e06b5bdcd610274e6dec7ad78/analysis/1396890659/
W32.HfsIframe
  • https://www.virustotal.com/de/file/b3057590ae1f538dae28ef2eddd5b949129640e22e8c7c84afa40e1c552a5fe0/analysis/1396890736/
<--- iframe src="//www.googletagmanager.com/ns.html?id=GTM-5BZNPB"height="0" width="0" style="display:none;visibility:hidden" --->

IP:
http://94.236.98.164/
  • https://www.virustotal.com/de/url/ddf767ca33c02f03d89c48d06d684ebfc9fd7b70d8a44a6bad3660bba2f84648/analysis/1396892016/
SPECIFIC AD-LINK:

http://www.googleadservices.com/pagead/aclk?sa=L&ai=C1Ka8_MxCU_6pOsvr7QapvoCYCJX4hcsEndDjp4QBwI23ARABII7AlCNQ6eatif______AWC7A6AB8_Da0wPIAQGpAsaE3dbr1Ls-qAMByAPDBKoEsQFP0HE28GLR59i93_uQP7nr9q4E30h6pDFBgQJbzqpCJJQQ0aDe7YvxTlGaY9pzRs8vyF1nEHdo1tEAxFx16XC4-Lgl4-fxn3hJKR0igEeXfXlRVNkv56ddmN1ZG2RsPQg-YbbQmHKkGucDnGRdtwT4iKZTWEojzb85nYybniV-WkEGRp3JQBIRR-2hTseS9CIQGQrcwP7Cz99h34GT4pyQhlUfpQWsZ4rjvxjYqb7COXOIBgGAB_WOpSw&num=1&cid=5Gj_mwym0n6HSEiehmL18tKY&sig=AOD64_3BPMMDRbXyPW9Agp98BUEmTc_g0g&client=ca-pub-5585202032329389&adurl=http://www.studyinteractive.org/online-msc-degree2/%3Futm_source%3Dgoogle%26utm_medium%3Dcpc%26utm_campaign%3Dmsc-marketing-luxembourg-display-text&nm=10&mb=2&bg=!A0SiEbXxXfeE9QIAAABCUgAAABgqAOHJi1VYTcVszlW_XQUl16Q6RwLTV7-FnDAWCTMg7ixb-JsMj7_eP2TWBvsEjUNKn4TAMGA73MqGBwJ-w_73TLtBVo1E34m53HRZVDIFE0NQxJMKmmppdH6t3vG98-ot5NeBXD8SYUWjnS2VBK-zrqrmBfuwIxkIZvx0tvJddgQvoUdsHU6vdaRpgM7loHmZ70FOefIOOYqyz91P4jYaNIZ0otKMJdBbH1YsWRa3FQVuV3i-wQm6wp4RTQdW--qo2tCemW5HIh8nQ-TFOMZSe9RB4WL1uT4_vGbX3zhqpvnBjiM
  • https://www.virustotal.com/de/url/1d73c6f82f71c6f97a917a117f66581a541f0465632350adf6c0b8327ec6baeb/analysis/1396889946/
W32.HfsIframe
  • https://www.virustotal.com/de/file/93003317e07e1338c35800a3c63ef637fa64acb8786e3f5e5d2bdb062a8f5129/analysis/1396890437/
<--- iframe src="//www.googletagmanager.com/ns.html?id=GTM-5BZNPB"height="0" width="0" style="display:none;visibility:hidden" --->

URL AFTER REDIRECT:
http://www.studyinteractive.org/online-msc-degree2/?utm_source=google&utm_medium=cpc&utm_campaign=msc-marketing-luxembourg-display-text&gclid=CMGByMjszr0CFfFFMgodcxsAeQ
  • https://www.virustotal.com/de/url/1ab400460a40eb42b654e42f30b0173a413331e158774d4746cbddb6c1205d53/analysis/
W32.HfsIframe
  • https://www.virustotal.com/de/file/93003317e07e1338c35800a3c63ef637fa64acb8786e3f5e5d2bdb062a8f5129/analysis/
<--- iframe src="//www.googletagmanager.com/ns.html?id=GTM-5BZNPB"height="0" width="0" style="display:none;visibility:hidden" --->

SEVERAL MORE HIDDEN IFRAMES DETECTED:


Screenshot 1
Screenshot 2
Screenshot 3
Screenshot 4

OTHER SUSPICIOUS LINK FOUND:

DOMAIN:
http://lsbfafg.com/
  • https://www.virustotal.com/de/url/b6f887a3a71940ddb1be80e110d2a44974e1140a009baaf392e745afba19a61a/analysis/1396891366/
http://lsbfafg.com/getform.js
  • https://www.virustotal.com/de/url/b6f887a3a71940ddb1be80e110d2a44974e1140a009baaf392e745afba19a61a/analysis/
http://lsbfafg.com/getform.js?id=12600
  • https://www.virustotal.com/de/url/9455bddead54d9bb28c3deba78ec01923cec20ad9172b6628a38592cea3a4d33/analysis/1396891806/
Eingestellt von um Keine Kommentare:
Labels: , , , , , , ,
Standort: London, Großbritannien und Nordirland

4/04/2014

POTENTIALLY SUSPICIOUS Advertiser:
Several HIDDEN IFRAME(s) @ www.123website.lu (IP: 194.36.0.218) W32.HfsIframe
DENMARK & LUXEMBOURG




POTENTIALLY SUSPICIOUS AD:

HIDDEN IFRAME(s) (SEE SCREENSHOT) AND DETAILS:


Just some of the Hidden IframeS (SCREENSHOT)
DOMAIN:

http://www.123website.lu/
  • https://www.virustotal.com/de/url/a03823518f3671592887260096bec16c1b1d5d79edabf13876494abf6bdbc169/analysis/1396635445/
W32.HfsIframe
  • https://www.virustotal.com/de/file/869d5dbd685251eb3d0e81b63ddf38a3ed677aa4f0c58e8fe645f6f188282980/analysis/1396636218/

AD-LINK:

  • http://www.googleadservices.com/pagead/aclk?sa=L&ai=CY1txnNU-U9_pDYuO7ga4toGYCO6FoJEE_sWnpm_AjbcBEAEgjsCUI1CutKrh-P____8BYLsDoAHi_KLfA8gBAakC8_NBOZOpiD6oAwHIA8MEqgSCAU_Qxzwdn7KWqRkRgEqP-T0vCCDpT44e1v2EMEWMlPZmGtNUjbWFauJ31RkoXcGUlHrSZW_S7lahvV8xTs9rTzDbpLJs1QWIAuWqGJxA1QTGIVvK1tUjAWhTVMBe2_JSVODMNpQ2hgAlPgJElHizxqeOTvCIxGeWCptETkwcW4cMOCCIBgGAB4aD3SA&num=1&cid=5GjjiwBrtH0oojSrRRBwcn6u&sig=AOD64_2c2xtAyodTjj5mcs8xvK-DC8EBoA&client=ca-pub-5585202032329389&adurl=http://www.123website.lu/pages/receive.aspx%3Fpartnerkey%3Dlugoogle:EUR_LU_DE_Display_Website_Unspecified%26target%3Dftp3:crea%26culturekey%3Dde-LU&nm=28&mb=2&bg=!A0TdBD8XrW8UnQIAAABMUgAAABQqAOF0Oumc1QQKA-9W_LeBTiOCxun8ZxWfdRem_F0bW-qK-wC960UMEfC8AcaJisf20I4gWBiWGSkXF5gxXUkhw8X3-3kBqNjIBeysSTArHdQiCF2sWtlU5vK5EoFhweYlm8ndXrGDG3Grtu4c04Bh-tMRVBo4Q4vx7-4w4z_jhfgIEF3W9zdNxC2J38p3j4YNT9afqougU3fgvWsg-9kWtG-eA9flGkBJx_eZp0EHZW8X4riKOV3mB-zd8MSr51EvB3WkFoZ2vO712pj4NQIfzPAC4Eb3nN_ffhvaUlqqTfzhoR8


VT ANALYSIS:

  • https://www.virustotal.com/de/url/56a610f0efb79b3cd860e31539a63842561f7815b80d74f17c192178d31d5342/analysis/1396634713/
W32.HfsIframe
  • https://www.virustotal.com/de/file/e0330f31fefdb10b055254a29d50485550861431465106f1ba0c00e31392bae2/analysis/1396634933/
  • https://www.virustotal.com/de/file/7db994d76f40d736213871786c4a2649e4bfe11375b778666efade39256b92df/analysis/1396635163/

IFRAME: <--- iframe src="//www.googletagmanager.com/ns.html?id=GTM-2MMH"height="0" width="0" style="display:none;visibility:hidden" --->

URL after Redirect:
http://www.123website.lu/pages/receive.aspx?partnerkey=lugoogle:EUR_LU_DE_Display_Website_Unspecified&target=ftp3:crea&culturekey=de-LU
  • https://www.virustotal.com/de/url/191f4624274d721cf7e96e4dbfc3eeaf7563aea0444baec0bef3c6c1c6169385/analysis/
W32.HfsIframe
  • https://www.virustotal.com/de/file/ed8c114ffafcfa4b2d80a3168f285e277692a0bd5374af60fbb642c6db987d77/analysis/1396635893/
IP:
http://194.36.0.218/
  • https://www.virustotal.com/de/url/b049d416dee632649e02a94fe72d79be607f7437547f3a5811bfe51b26041ce6/analysis/1396636806/
  • https://www.virustotal.com/de/ip-address/194.36.0.218/information/
Eingestellt von um Keine Kommentare:
Labels: , , , , , , ,
Standort: Dänemark

Web me up before you gogo
SUSPICIOUS GOOGLE ADs: webmeup.com (IP: 216.176.184.89)
Hidden Iframes (W32.HfsIframe) & a Bad Reputation on itself
Seattle, Washington State, United States

FOR WEBMASTERS
If you own a Website or a Blog and are affiliated with Google AdSense, in order to your own Reputation, should block the Domain webmeup.com in your AdSense Dashboard. The Site is Suspicious and at some Places flagged as Blacklisted. See the following Report:


SUSPICIOUS AD:
HIDDEN IFRAMES & BAD REPUTATION DOMAIN

URL:
http://www.googleadservices.com/pagead/aclk?sa=L&ai=Cy6O_ik89U_CEIeOI7gaK9oDIC72808sEnfip6VSUxIHcPhABII7AlCNQ2ZS9zf7_____AWC7A6ABi_in2QPIAQGpAjqXAXKKNF4-qAMByAPDBKoElwFP0IxRSJTVZjBsIIh_UKvd2TUxunzo_S1-mT0bHH-6aHVMkkt0bf8N7C2RN54CvduFy5uquln0IlzMKJqSFKoPSOjT4wI4wfZX1JOl4RJFud_YtgI0WUPm5xKyKxk1LEwtTHbKNpyitjQ3LvBuTqA2CSCF3ii18QrtPmozmjPlgRoqj5J3xIvApdowzXB4Diw-IBq5abxBiAYBgAfdh9gm&num=1&cid=5Gg4hurKMkl83P4fAziMfmtH&sig=AOD64_0VkVLWrxlHQohYi1xoDo9ter1sUA&client=ca-pub-5585202032329389&adurl=http://webmeup.com/offers/keywords.html&nm=11&mb=2&bg=!A0Trb4WEKT6hggIAAABDUgAAACwqAOFBSmCeDMOoMHIYzFuNtFz1qHErfwXeeDTD1dx8byzTqOLoPcTOxQnJpNBmlBOscGglXLvKqjWa2C_7QhuO0AJxGI4QiECd7jJaWLGzQyxDdwbUAPhfVaxLM1jcnU6fLcnuRbtaNTSc9ZYJMO6W8r9PZIEV9Y7o3f0OecWCHjPbVpqbxdNbnNSk4XGCtSKOtdY6ixbZUkTlQQmuKzmfAYcfj8sbbzQGX_G4ZfTgvOfKh1JelRWzc9vVA6Pf-gXn6vJGlR_Gv-_iDYCHtQo2Q3kCk-T8PCaagzw3O_J8gGbPNlE

  • https://www.virustotal.com/de/url/c33ad49edc713f5ff2af1d58ba81dd71b4aa4332280ae8e291ac0fe4dec3b887/analysis/1396530528/
---> Goes to
http://webmeup.com/offers/keywords.html?gclid=COG_6tCxxL0CFa5DMgody3IASw
  • https://www.virustotal.com/de/url/fa1117992d0c80fa00883fe425a759a3c828905344fd1bb7a87b19e95111c3bc/analysis/
DOMAIN ITSELF:
http://webmeup.com/
  • https://www.virustotal.com/de/url/d895fbc6abbc712a6a4369b9c48872faab1298a3dfbf9373b187fbe4728374f5/analysis/
W32.HfsIframe.018f (HfsIframe means HIDDEN IFRAME (Bavk))
  • https://www.virustotal.com/de/file/0f5bfa6ed4473ac57bf830b535e8a405b40e0546066f720c21a51fcb1a9940b4/analysis/1396530855/
  • https://www.virustotal.com/de/file/e706e43d9aaea8a11e559b98b5f5d16bad4e2a093bf39527a3e61751ac180480/analysis/1396530988/
HIDDEN IFRAMES (EXAMPLE)
http://webmeup.com/seo-tools-review/index.html
REDIRECTS To:
http://webmeup.com/seo-tools-review/
  • https://www.virustotal.com/de/url/788897b0ba28cf358d0093795fc903f827dfb8c4d170bff954ded9bbbed0b7a2/analysis/1396532538/
W32.HfsIframe.47db
  • https://www.virustotal.com/de/file/94fab1782e1291c9732eed4a91b76548493b54bf23d30945dbd7eba2d13ef355/analysis/1396532239/
OTHER HIDDEN IFRAMES SEE SCREENSHOT:

Screenshot
IP:
http://216.176.184.89/
  • https://www.virustotal.com/de/url/317d8c56e1517093d04b96162e0b4bc2155aa8d24abe5ea2790de2d150abf121/analysis/1396533149/
  • https://www.virustotal.com/de/ip-address/216.176.184.89/information/
Eingestellt von um Keine Kommentare:
Labels: , , , , , , ,
Standort: Seattle, Washington, USA
Abonnieren Posts (Atom)