SPYWARE DOMAIN: terra.mastertop100.net TROJAN REDIRECTOR (Pagesinxt Malicious Redirect) USA-RUSSIA-CANADA-Virgin-IslandsNORWAY-NETHERLANDS-FRANCE-ITALY

MALICIOUS DOMAIN:
SPYWARE - TROJAN REDIRECTOR 

USA-RUSSIA-CANADA-Virgin-Islands-NORWAY-NETHERLANDS-FRANCE-ITALY

http://terra.mastertop100.net/

• https://www.virustotal.com/de/url/b99bc9716fa430c1e0417a758ddf03d3eaf1ca33f8619da37756c61e8469e559/analysis/1395328043/

Pagesinxt Malicious Redirect

• https://urlquery.net/report.php?id=1395328112708

FOR FULL REPORT .txt ICON:

TROJAN JScripts @ www.fahrradreisen.de (IP: 82.165.1.172) GERMANY

Malware Domain: TROJAN JS

http://www.fahrradreisen.de/
https://www.virustotal.com/de/url/506a128026ca7a4fb0851122d8fb6a33b28e368b58cd79c0113e32c3f9e92163/analysis/1395078178/
HTML:
https://www.virustotal.com/de/file/324fd828e7ae9d8bf61ae80bda3bbec77ed20f3e1dd8779a0ca592840edc3ff6/analysis/

MALICIOUS SCRIPTS:
1) http://www.fahrradreisen.de/javascript/rrdb/country_region.js
https://www.virustotal.com/de/url/47643eaec0e017e6490e4cd12c5e7c3e5ed396cea92d9525586550c337bb858d/analysis/
TROJAN REDIRECTOR
https://www.virustotal.com/de/file/d000c86205f8d23a4fab1d9e886c707e597562f11b44d60b8835a2a8a5ee346c/analysis/1395078501/
http://jsunpack.jeek.org/?report=27ab2cfdad6ab55928a3c0c3eb62bb78866fd70c

2) http://www.fahrradreisen.de/javascript/jquery/1.4.2/jquery.min.js
https://www.virustotal.com/de/url/a13cf4f915ad4bcf42c4cd950f4142fa85256a4707d81f3898fb09b1fcbf7da2/analysis/1395078501/
JS/Exploit-Blacole.lj
https://www.virustotal.com/de/file/f71239bdb40fa6b4fdd51366dcbbaebde7470967a478f3895a812a190bcc1666/analysis/1395078506/

RECENT DETECTION: alkhaleejperfumes.com Redirects with Trojan.JS.Redirector.aaw to Russian (Perfume)-Phishing Russian Federation & United States

MALWARE: Trojan.JS.Redirector.aaw
(PERFUME PHISHING)

DOMAIN:

http://alkhaleejperfumes.com/

• https://www.virustotal.com/de/url/4bba656a716030859df99c8ecb9dd5dee4a6ba47fd1e8ddb8e80fdbf0eb4ccf9/analysis/1394391837/

Trojan.JS.Redirector.aaw

• https://www.virustotal.com/de/file/709c7765d82d32cdfa2654b58703b439a41b8e75d88d8ed31026c469264b98b4/analysis/1394391738/

--->

Spamhaus DROP Listed Traffic Inbound group 5

http://91.239.15.61/google.js

• https://www.virustotal.com/de/url/afcd08ea9a1a624f0151b849b1d1b3d92be1aa89624c7ca7aa621122e71d7182/analysis/1394392195/

OTHER IP:

http://205.251.156.146/

• https://www.virustotal.com/de/url/6ff1953bbfa5881e8ea13c832d049bca05ea53875180e59abf9dd53b872e4aa1/analysis/1394392398/

• https://www.virustotal.com/de/ip-address/205.251.156.146/information/

www.visonic.com & www.visonictech.com & www.dhtml-menu-builder.com & elpas.com MALICIOUS DOMAINS INFECTED (Directly or Indirectly) BV:StartPage-FY [Trojan]

visionic.com

MALICIOUS DOMAIN: HIDDEN LINK & BV:StartPage-FY [Trojan]

www.visonic.com

• https://www.virustotal.com/de/url/f78e05cce3d42b2e2af2d9b77e333ddf02f255b3bcdf3633a2b4301fe7cfaf73/analysis/1391264633/

HTML

• https://www.virustotal.com/de/file/e351123b15e39ce42e458fe0ce173a3dae67e6d2e332583eee0b4542a8a0ebc4/analysis/1391264778/

• http://www.UnmaskParasites.com/security-report/?page=www.visonic.com

www.visonictech.com ---> redirects to elpas.com

HIDDEN LINK TO:

www.visonictech.com

• https://www.virustotal.com/de/url/bb123e45066579186a9eee70d00a7314d58bb6dd707e8a810b26c94676152ae4/analysis/1391265169/

SPAM LINK (VIAGRA):

• http://www.UnmaskParasites.com/security-report/?page=www.visonictech.com

dhtml-menu-builder.com

TO:

www.dhtml-menu-builder.com

• https://www.virustotal.com/de/url/8067736540845fba3def863c89bc850f5ffb0a9d718793973034a7d79021121e/analysis/1391265583/

SPECIFIC MALICIOUS LINK:

www.dhtml-menu-builder.com/include/js/ie6-png.js

• https://www.virustotal.com/de/url/8e1fbb8ba1b128744dbb94db5a9494af8e357ef88b047044cb261bae892d4128/analysis/1391266171/

INFECTED WITH: BV:StartPage-FY [Trj]

• https://www.virustotal.com/de/file/66da12165f89ac7a2a330ed8d75288f3c3aeb98b3ce019c890ee1b06a3a48c6f/analysis/1391265996/

• https://www.virustotal.com/de/file/c3504e6c4b8bf4c1f8bbb265bbdba23270ce5a593f124e38fe65214e4a4b88e2/analysis/1391266028/

REFERENCE & FILE(s):

• http://jsunpack.jeek.org/?report=eb47e3a23a0f713fe37fb08bdc85ba42651ff26c

buysoftviagra.com

VIAGRA LINK:

buysoftviagra.com

• https://www.virustotal.com/de/url/a71b8be18ba11c82b6dc425316a7b2c5d2e8766d2c198db755be4494e18d934d/analysis/1391265844/

AS WELL INVOLVED:

elpas.com

• https://www.virustotal.com/de/url/eef5935a084f5ae84fa9ed3cc936df3531d37802cdef07a8fdc5b7f55e9d0dc4/analysis/1391266776/

• SEE: http://jsunpack.jeek.org/?report=a8c2e01dc1da2d7ecd26be013ef04799379b3970

SEE ALSO:

• http://sitecheck.sucuri.net/results/www.dhtml-menu-builder.com

• http://sitecheck.sucuri.net/results/buysoftviagra.com

• http://quttera.com/detailed_report/www.visonictech.com