Translate

Posts mit dem Label W32.HfsIframe werden angezeigt. Alle Posts anzeigen
Posts mit dem Label W32.HfsIframe werden angezeigt. Alle Posts anzeigen

4/13/2014

"Blacksher Hall, Learn the secrets of top businesses in your industry"
SPAM AGAIN from:
ci33.actonsoftware.com
IP: 207.189.124.33
Englewood, COLORADO, UNITED STATES
(merchantcentric.com IP: 184.168.221.18)



Learn the secrets of top businesses in your industry as well as local competitors
Hi Blacksher Hall,

We have identified Atlanta Botanical Garden as the business in your industry with a high total marketing score of 1253. Create your free account to learn more about what they are doing and what makes up Blacksher Hall's score of 39, as of February 26, 2014.

We scan these top sites and more ...

Atlanta Botanical Garden may not be a direct competitor, however, seeing what they are doing to market themselves online can give you ideas for how to attract more customers. Merchant Centric will help you increase Blacksher Hall's marketing score from its current score of 39 by giving you unique insights into the competition.

Try it for free. No credit card required. Cancel at anytime.

    See what makes up Blacksher Hall's marketing score
    See what Atlanta Botanical Garden is doing to attract customers
    Pick other local competitors to see how you compare and learn what they are doing

Sign up for a free trial. No risk. No commitment.

Want to learn more? View Merchant Centric features.

Don't miss important alerts for Blacksher Hall

For more information, please visit merchantcentric.com

"Real" Links marked on MAIL-Screenshot
SPAM DOMAIN FROM GERMANY:
http://merchantcentric.com/
  • https://www.virustotal.com/de/url/2655175568ddab160a5f3a07cb4f6bb08eb47b5970460bd619de5d3dc1ad195e/analysis/1397212380/
THROUGH:
http://b2b-mail.net/
  • https://www.virustotal.com/de/url/a0bf735206b0ae297b5fc69b8bbc14d42c1449cf671e3f04db456c138c372871/analysis/1397212963/
  • https://www.mywot.com/en/scorecard/b2b-mail.net
"Real" LINKS (DOMAIN):
 http://ci33.actonsoftware.com/
  • https://www.virustotal.com/de/url/d79508e04f1cebce60a2a5688ffe2e7bd9b2947a88bd165aab3f8d95eb7a203f/analysis/1397395024/



Redirects to: --->
http://www.actonsoftware.com/
https://www.virustotal.com/de/url/c5a38ba5fa2fa2610f32289824f259f551f7cfe17deace24f5b0bed532861069/analysis/1397397880/


Redirects to: --->
http://www.act-on.com/
  • https://www.virustotal.com/de/url/3825d42cb168ac6c02c2658039f6c9fe8c85dd38d9a73f75104fa0011a318655/analysis/1397398511/
HTML
  • https://www.virustotal.com/de/file/3d0425fd14e9054f8aad1949bcfef92f734ff1260370a865434af77ee2253f6d/analysis/1397394944/

Goes to:
http://code.jquery.com/jquery-latest.min.js
  • https://www.virustotal.com/de/url/726054b5aa9f603f7350b016e0d0e9656d0b36d24bc19cedf14efce395e4eeb9/analysis/1397397801/
AS WELL, HIDDEN IFRAME FOUND:
http://www.act-on.com/contact
  • https://www.virustotal.com/de/url/030e98abfbd9c463bdc1146846b6007db4fe30962d7c0fb6bb494fb828e53a18/analysis/1397399608/
W32.HfsIframe
  • https://www.virustotal.com/de/file/74f5fc3c7f530b15e849fad2696317a3c6bacb3aa3872918a04efe8f8cd8c768/analysis/1397399505/
Iframe:
http://flex.atdmt.com/mstag/tag/4a37b15a-3ef1-4a8b-a371-479fb864947c/conversion.html?cp=5050&dedup=1
  • https://www.virustotal.com/de/url/e3ea0036dd7351f6ae4bc2a4c58b3faa857651b8067f01386ea7cf8c68bb4ca0/analysis/1397399819/
--->
http://r.msn.com/?cp=5050&dedup=1
  • https://www.virustotal.com/de/url/c07e4f9ce3ba7d0590a15ec7b77abc9648d8488da09350ccdb9c5a1b6ef0ac38/analysis/
<--- iframe src="//flex.atdmt.com/mstag/tag/4a37b15a-3ef1-4a8b-a371-479fb864947c/conversion.html?cp=5050&dedup=1" frameborder="0" scrolling="no" width="1" height="1" style="visibility:hidden;display:none" --->
----------------------------------------------------------------------------------------------------------------------------------------------
IP:
http://207.189.124.33/

  • https://www.virustotal.com/de/url/6a7a91121e48253bb0b7919c01301015ae52960e711c7ee43b3df740e5d5059a/analysis/1397401056/

  • https://www.virustotal.com/de/ip-address/207.189.124.33/information/
---> REDIRECTS TO (NON EXISTING DOMAIN - NX)
http://www.124.33?ao=1
  • https://www.virustotal.com/de/url/a6aeb1ae8617a7888e4c75593c9568c5ad47aba2219b6c726b0ae0edadc49229/analysis/1397401221/
  • http://wepawet.iseclab.org/view.php?hash=3c2a82642a3515ac82103829f31fbd2a&t=1397401105&type=js
See also:
http://wepawet.iseclab.org/view.php?hash=eb0c9b909fa7a3ceca628aa14d38975b&t=1397395059&type=js

RELATED POST:

Eingestellt von um Keine Kommentare:
Labels: , , , , , , , , , , ,
Standort: Englewood, Colorado, USA

4/10/2014

Potentially MALICIOUS ADs:
bellroy.com (IP: 54.236.92.225)
risking with
HIDDEN Iframes (W32.HfsIframe)
and Microsoft Internet Explorer remote code execution via option element


FOR WEBMASTERS & BLOGGERS
If you own a Website or a Blog and are affiliated with Google AdSense, in order to your own Reputation, should block the Domain bellroy.com in your AdSense Dashboard. See the following Report why:


MALICIOUS ADVERTISER: 
HIDDEN IFRAME(s) & 
Microsoft Internet Explorer remote code execution via option element

DOMAIN:
http://bellroy.com/
  • https://www.virustotal.com/de/url/c98b0274361f078ffe11c672882a44deea265179edb5c6fa0602d63080855968/analysis/
W32.HfsIframe
  • https://www.virustotal.com/de/file/67b5a8555f0660f5cea968abbbe32c48a92b6c0cb1782c682a0bb7d35f2439cd/analysis/1397146549/
<--- iframe src="//www.googletagmanager.com/ns.html?id=GTM-MF9C"height="0" width="0" style="display:none;visibility:hidden" --->

AD-LINK:
http://www.googleadservices.com/pagead/aclk?sa=L&ai=CGfswyL9GU6j-NIuoiga4sYDQCouup8sGi_S0sYgBo5WpvzgQASCOwJQjUJeJzE5guwOgAd3f68sDyAECqQI_TRhS36CvPqgDAcgDwQSqBIsBT9BrjS7o2Hx01Y0JFiIuwvJ1xe9IjZ3AaQviQnug8Np1m1Lub00UCac2hzu_KqEdA3aCF6v0DESTEaRR-1SjYlNxE2mKIljXjfcmAgj4IJnE_mEbmdov7A_Top1ov2PE0Cm3JltzAOkli0GYOFPDLlmdDDZfXT2fFSIbEi-AgySr64NOLCIbYqODF4gGAaAGAoAHi6CUNA&num=1&cid=5GjrqWA5Hr9KASVQwZCWupTr&sig=AOD64_1_pgpU0nS6Jm4kbl0tCan3rcz2HA&client=ca-pub-5585202032329389&adurl=http://bellroy.com/wallets/note-sleeve-wallet&nm=2&mb=2&bg=!A0RJckn2eYHUnAIAAABGUgAAACcqAPHBZ1R_GZZ-qskVhAC1RCaSH8E7P1WWZC0O5x_RfOeSlUkxeJvIMszsmy3sXPqRsDlNy8wF68FONASqnu6VRxJ-s-NpHWsQ1GS7blV93HhI3unMwwLWf3jO_ggQ1uDpL5_XK5lofwEA5P2icYwOYX-diVH7uhcjdcVDH0WnnUDwsfalxoHuio6rkHLlVZEw0K_n8FBECRILAC_D7YNm3YixQnPoAup1vg7QEcYLoGraugw_6A2qJro2Z8bmpX0mbatP_HXSBMdhAiO9S4pffic21NrkmjGVx-d_c9TBhi1Tj4BMHIOEuAFJr7PX2F7yuuWu
  • https://www.virustotal.com/de/url/95f54e683c7aa90bcff2516c4203b1eab34ab0773398e57f1df39494d6bfa9da/analysis/1397146003/
W32.HfsIframe
  • https://www.virustotal.com/de/file/5a84faf5f6aca07d4390a9b5cfccc29512b29edb295113d7a6f81dd8c85e0028/analysis/1397146289/
<--- iframe src="//www.googletagmanager.com/ns.html?id=GTM-MF9C"height="0" width="0" style="display:none;visibility:hidden" --->
Microsoft Internet Explorer remote code execution via option element
  • https://urlquery.net/report.php?id=1397146071040
  • https://urlquery.net/report.php?id=1397146084651
--->
http://bellroy.com/wallets/note-sleeve-wallet?gclid=CJGghbqm1r0CFbFFMgodI1QA3w
  • https://www.virustotal.com/de/url/415b1b40a688e6db53001d576b04991a469967e8b17f5327f591942b0ec5b423/analysis/
W32.HfsIframe
  • https://www.virustotal.com/de/file/fbf1f3b0f36895ff64f2ed8270a6058d912395b6fe94a596b7f0e04381422a90/analysis/1397147003/
<--- iframe src="//www.googletagmanager.com/ns.html?id=GTM-MF9C"height="0" width="0" style="display:none;visibility:hidden" --->
Microsoft Internet Explorer remote code execution via option element
  • https://urlquery.net/report.php?id=1397146245634
  • https://urlquery.net/report.php?id=1397146261020
  • https://urlquery.net/report.php?id=1397146282006

IP:
http://54.236.92.225/
  • https://www.virustotal.com/de/url/17c875d298cbb4a685465b5dfbd5f3ae5097b78a8fa58184f224a872eec7d4f3/analysis/1397147591/
  • https://www.virustotal.com/de/ip-address/54.236.92.225/information/

HIDDEN LINK TO:
http://carryology.com/
  • https://www.virustotal.com/de/url/85e70248597bc714f3eac0644ff669c2680af8b6a50b23d34420e54e0f9bd902/analysis/1397147301/
Eingestellt von um Keine Kommentare:
Labels: , , , , , , , ,
Standort: Ashburn, Virginia, USA

4/08/2014

Potentially MALICIOUS ADVERTISER:
Heuristic.LooksLike.HTML.Suspicious-URL.K @
gaastraproshop.com (m.gaastraproshop.com)
IP: 65.52.130.250 UNITED STATES

FOR WEBMASTERS & BLOGGERS
If you own a Website or a Blog and are affiliated with Google AdSense, in order to your own Reputation, should block the Domain gaastraproshop.com (m.gaastraproshop.com) in your AdSense Dashboard. The Site is potentially Blacklisted. See the following Report:


POTENTIALLY MALICIOUS ADVERTISING DOMAIN:
Heuristic.LooksLike.HTML.Suspicious-URL.K & HIDDEN IFRAMES

DOMAIN:
http://www.gaastraproshop.com/
  • https://www.virustotal.com/de/url/8fe4129403e2f8a3329f8e8c2c030a8e071aa0ca416e83db22bbf2647a9b9354/analysis/1396956156/
HTML (before REDIRECTION) Heuristic.LooksLike.HTML.Suspicious-URL.K
  • https://www.virustotal.com/de/file/bd2bbbc521c2ef59397a0d0094451a2f1c978c88ee3f408a796071a58a733476/analysis/1396956097/
HTML (after REDIRECTION TO: http://m.gaastraproshop.com/ )
  • https://www.virustotal.com/de/url/9b672b89952372844701c6eaee854ac53baed519cf854c2d76f7027e8509ac46/analysis/1396956311/
  • https://www.virustotal.com/de/file/5a7ac6c9a4573c03f9d3b78278854f8eeb77300b41013769849f9593b61cdc10/analysis/

AD-LINK:
http://www.googleadservices.com/pagead/aclk?sa=L&ai=C9_qImM1DU5zaMMyR7ga_pIGgD-7TzuYDzuLHuJsBwI23ARABII7AlCNQuuWsjQNguwOgAczZxPUDyAECqQJouv3HAA-3PqgDAcgDwQSqBK0BT9BVRjDmVncwPOaYlYqDgq5ewlrE62ZKg0EI3bGzSTS2RY4AcjI1uPQNsHaT4rugdrGcIj5NrDkcP7WvV3x2WuALeS2pfl45Vy5x8WsjjQJyAGpQLLToRLzbxcQM41r1VIRWE8sXrd471wq5qDA1D1yV2v7JUSCrkTyQapMs3-HduhxiXs_1faUi_uZDXGoSpta2LFNFHiVzbqL7spmvDb14LM8BdBc3Ht1CYHmIBgGgBgKAB5ymuwo&num=1&cid=5Ghek0AXvKdmiT_PaZgyrXhR&sig=AOD64_1HNWVDpsJ2tiouym8BUaG8D7D4nw&client=ca-pub-5585202032329389&adurl=http://www.gaastraproshop.com/com-en/&nm=3&mb=2&bg=!A0QdcMC5dYUeWQIAAAA5UgAAACwqAOEto0uFWoyzbF9BgLpTZd0j0HlH_C56hY4NLvc3NtowaaH-Z-csGgTuThLZ2700ImAxJCtXBWy07lw2lhyW729LbQpRbKOUhBOCgNPTzNU7gGGfUbNk7f1Es-R1OT2rxWGFmICxmADsYZbJkCp3x90QW9x_krZl8PbIDV5TojB9Z4tmta85i7Np_800PxgiPJJfwWvSEdIldac4iEnohF9kF7b9tuMjUDC-jxzvmThXXObWG5HuPVidMyu5kw1D6sjILopgRn4ifnP6aV0gn8heXTWUH6sXVSlhTfbA-94Jv2Y
  • https://www.virustotal.com/de/url/62eb0a95606957e05b738baee9c886cb70a5e34c5e23659bbf4d96dc14ca3df1/analysis/1396955224/
(HTML-SRC) Heuristic.LooksLike.HTML.Suspicious-URL.K
  • https://www.virustotal.com/de/file/567b8090d9678ab59051c8039a8ee4db6219e30ddc833fc417e74ce75d051dd1/analysis/1396955699/
URL AFTER REDIRECT:
http://www.gaastraproshop.com/com-en/?gclid=COiest_f0L0CFeY-MgodzxsAfw
  • https://www.virustotal.com/de/url/8e9706ee82cfd4bafcde4bb245ce1dd2798c2e1bb7d35e914015246b70eb1f1c/analysis/
(HTML-SRC) Heuristic.LooksLike.HTML.Suspicious-URL.K
  • https://www.virustotal.com/de/file/476be34d21b40a8ebc9eedf9bfd0b59a671735cac2517af1e007cdabf9860d80/analysis/1396955811/
IP:
http://65.52.130.250/
  • https://www.virustotal.com/de/url/153ecf2fa49f6cfa49c849cdadf0abea1ca0d4ea9d299e1ce04c837d83c498ad/analysis/1396957138/

Eingestellt von um Keine Kommentare:
Labels: , , , , , , , ,
Standort: Redmond, Washington, USA

4/07/2014

POTENTIALLY SUSPICIOUS Advertiser:
Several HIDDEN IFRAME(s) @ www.studyinteractive.org
(IP: 94.236.98.164) W32.HfsIframe
London, UNITED KINGDOM


FOR WEBMASTERS & BLOGGERS
If you own a Website or a Blog and are affiliated with Google AdSense, in order to your own Reputation, should block the Domain www.studyinteractive.org in your AdSense Dashboard as the Site has several hidden Iframes (See Screenshots below). See the following Report:


SUSPICIOUS ADvertiser: 
HIDDEN IFRAMES & LINK TO MW DOMAIN

DOMAIN:
http://www.studyinteractive.org/
  • https://www.virustotal.com/de/url/f3d49c88f67e594a5e2790d6b04c04386bba772e06b5bdcd610274e6dec7ad78/analysis/1396890659/
W32.HfsIframe
  • https://www.virustotal.com/de/file/b3057590ae1f538dae28ef2eddd5b949129640e22e8c7c84afa40e1c552a5fe0/analysis/1396890736/
<--- iframe src="//www.googletagmanager.com/ns.html?id=GTM-5BZNPB"height="0" width="0" style="display:none;visibility:hidden" --->

IP:
http://94.236.98.164/
  • https://www.virustotal.com/de/url/ddf767ca33c02f03d89c48d06d684ebfc9fd7b70d8a44a6bad3660bba2f84648/analysis/1396892016/
SPECIFIC AD-LINK:

http://www.googleadservices.com/pagead/aclk?sa=L&ai=C1Ka8_MxCU_6pOsvr7QapvoCYCJX4hcsEndDjp4QBwI23ARABII7AlCNQ6eatif______AWC7A6AB8_Da0wPIAQGpAsaE3dbr1Ls-qAMByAPDBKoEsQFP0HE28GLR59i93_uQP7nr9q4E30h6pDFBgQJbzqpCJJQQ0aDe7YvxTlGaY9pzRs8vyF1nEHdo1tEAxFx16XC4-Lgl4-fxn3hJKR0igEeXfXlRVNkv56ddmN1ZG2RsPQg-YbbQmHKkGucDnGRdtwT4iKZTWEojzb85nYybniV-WkEGRp3JQBIRR-2hTseS9CIQGQrcwP7Cz99h34GT4pyQhlUfpQWsZ4rjvxjYqb7COXOIBgGAB_WOpSw&num=1&cid=5Gj_mwym0n6HSEiehmL18tKY&sig=AOD64_3BPMMDRbXyPW9Agp98BUEmTc_g0g&client=ca-pub-5585202032329389&adurl=http://www.studyinteractive.org/online-msc-degree2/%3Futm_source%3Dgoogle%26utm_medium%3Dcpc%26utm_campaign%3Dmsc-marketing-luxembourg-display-text&nm=10&mb=2&bg=!A0SiEbXxXfeE9QIAAABCUgAAABgqAOHJi1VYTcVszlW_XQUl16Q6RwLTV7-FnDAWCTMg7ixb-JsMj7_eP2TWBvsEjUNKn4TAMGA73MqGBwJ-w_73TLtBVo1E34m53HRZVDIFE0NQxJMKmmppdH6t3vG98-ot5NeBXD8SYUWjnS2VBK-zrqrmBfuwIxkIZvx0tvJddgQvoUdsHU6vdaRpgM7loHmZ70FOefIOOYqyz91P4jYaNIZ0otKMJdBbH1YsWRa3FQVuV3i-wQm6wp4RTQdW--qo2tCemW5HIh8nQ-TFOMZSe9RB4WL1uT4_vGbX3zhqpvnBjiM
  • https://www.virustotal.com/de/url/1d73c6f82f71c6f97a917a117f66581a541f0465632350adf6c0b8327ec6baeb/analysis/1396889946/
W32.HfsIframe
  • https://www.virustotal.com/de/file/93003317e07e1338c35800a3c63ef637fa64acb8786e3f5e5d2bdb062a8f5129/analysis/1396890437/
<--- iframe src="//www.googletagmanager.com/ns.html?id=GTM-5BZNPB"height="0" width="0" style="display:none;visibility:hidden" --->

URL AFTER REDIRECT:
http://www.studyinteractive.org/online-msc-degree2/?utm_source=google&utm_medium=cpc&utm_campaign=msc-marketing-luxembourg-display-text&gclid=CMGByMjszr0CFfFFMgodcxsAeQ
  • https://www.virustotal.com/de/url/1ab400460a40eb42b654e42f30b0173a413331e158774d4746cbddb6c1205d53/analysis/
W32.HfsIframe
  • https://www.virustotal.com/de/file/93003317e07e1338c35800a3c63ef637fa64acb8786e3f5e5d2bdb062a8f5129/analysis/
<--- iframe src="//www.googletagmanager.com/ns.html?id=GTM-5BZNPB"height="0" width="0" style="display:none;visibility:hidden" --->

SEVERAL MORE HIDDEN IFRAMES DETECTED:


Screenshot 1
Screenshot 2
Screenshot 3
Screenshot 4

OTHER SUSPICIOUS LINK FOUND:

DOMAIN:
http://lsbfafg.com/
  • https://www.virustotal.com/de/url/b6f887a3a71940ddb1be80e110d2a44974e1140a009baaf392e745afba19a61a/analysis/1396891366/
http://lsbfafg.com/getform.js
  • https://www.virustotal.com/de/url/b6f887a3a71940ddb1be80e110d2a44974e1140a009baaf392e745afba19a61a/analysis/
http://lsbfafg.com/getform.js?id=12600
  • https://www.virustotal.com/de/url/9455bddead54d9bb28c3deba78ec01923cec20ad9172b6628a38592cea3a4d33/analysis/1396891806/
Eingestellt von um Keine Kommentare:
Labels: , , , , , , ,
Standort: London, Großbritannien und Nordirland

4/06/2014

Win.Adware.PCFixSpeed - Category Malicious ADs:
www.pcrx.com HIDDEN IFRAME (W32.HfsIframe)
BAD REPUTATION from Boca Raton, Florida, United States


FOR WEBMASTERS & BLOGGERS
If you own a Website or a Blog and are affiliated with Google AdSense, in order to your own Reputation, should block the Domain www.pcrx.com in your AdSense Dashboard. The Site is potentially Blacklisted. See the following Report:

MALICIOUS SITE (ALL IN ALL):

DOMAIN:
http://www.pcrx.com/
  • https://www.virustotal.com/de/url/d134b225cf91b786e6cf9e3864b67f8a573f4de32782a21329e495c0abbcc219/analysis/1396782475/
AD-LINK:
http://www.googleadservices.com/pagead/aclk?sa=L&ai=CMwaGcWBAU_i9AoSM7gb_loCwDsy0sLYGpOjF74kBwI23ARABII7AlCNQz7C-s_z_____AWC7A6ABlLn94wPIAQGoAwHIA8MEqgSiAU_QFxELMNi3LYLgPVXseXnrzD6zDU-J9nXFbw2MryJfQV2MP98Ot-XiBzbVkkAFtRnTRs1qSxOOUOszsmoO2qQisuMwkpn9MK8EGJIdZyph2EyPdzoKqSFWD3C4eMQ95FbGFFCHpl1gz4uPUvbNB8gpYVzPuG6YN7kh-7HHQu-CsISfIufJqY0JTLHVQfcx2gpRXnBisX6spyMI2nBDImh03IgGAYAH1MaCHA&num=1&cid=5GjWo9iwtAvE92tyQ7Z3AUiU&sig=AOD64_357e7amdBz9W7LrWCbdRymWZaNWQ&client=ca-pub-5585202032329389&adurl=https://www.pcrx.com/lp2.aspx?cfg=286&b=GGL_PCRx_ppc34_26PCRx_25_cfg286_*GeoUSCA*_-Content-___virus%20removal&s=awppc34&utm_source=google&utm_medium=cpc&utm_term=virus%20removal&utm_campaign=ppc34-26PCRx&nm=13&mb=2&bg=!A0R-hdQBXOFz0QIAAAA8UgAAABwqAOEZb79pp1D1BE3K7kwI4IOviZ2ubSDhRDJG-7Q4HlS4ZjzcD9QltXbHPpVJdOgrxS3cGZDZauOfZjC6SCCrQ7fVHaKypOSsHZfbX0k7nJ7JNhgSZG7hhEe-BfIiXwT9XJoD4p2_0hnSAD9N6RGfKbD72wSjZTlbAm2ILmg4wXbdZmVOSu6UF4GnFC1vWHqKwNmpMhtAIWpYOO-As5VPOLiflE-B9hlWCIYvvFZZkwncRl4GFWbkdMjFoTD0SdPu5nlIl8KUg51-rSptOBGwp0TELfzhzYbR91ChncIZ-RgADCg

  • https://www.virustotal.com/de/url/d01eeb168d9f7603355a6c713dc9f849d0ff9bb33317fe15eb9eba4f712b38b3/analysis/1396780767/
W32.HfsIframe
  • https://www.virustotal.com/de/file/f185f969ec9e00171ae2c074e778151098b139d6582bfcf38677aedc07c9d844/analysis/1396780976/
---> REDIRECTS TO:
https://www.pcrx.com/lp2.aspx?cfg=286&b=GGL_PCRx_ppc34_26PCRx_25_cfg286_*GeoUSCA*_-Content-___virus%20removal&s=awppc34&utm_source=google&utm_medium=cpc&utm_term=virus%20removal&utm_campaign=ppc34-26PCRx
  • https://www.virustotal.com/de/url/b9f4bea865ca713b6d2f2502ddf25b7c2b3568c57ad8d74ae87304a79e5deccd/analysis/1396780879/
COMODO WEB INSP.: Malware Downloads
  • http://app.webinspector.com/public/reports/21119862

POTENTIALLY MALICIOUS PCRx DOWNLOADS:
Win.Adware.PCFixSpeed
  • https://www.virustotal.com/de/file/6a9485d64a00f9e12772d2c87046aaea52cad77dcb5d780a785b6926803dd9f1/analysis/1396782228/
  • https://www.virustotal.com/de/file/20d7c743da686f8d380d6aaf53b000ef111ba6f4167ed326a5f5529726e6269d/analysis/
  • https://www.virustotal.com/de/file/5bcc827dd5eb10282ca30005bcd87e5b7e16f7e1f12b26ddbb6e8d72ed4f09cc/analysis/

WOT: POOR
  • https://www.mywot.com/en/scorecard/pcrx.com
http://www.urlvoid.com/scan/pcrx.com/
  • http://scanurl.net/?u=www.pcrx.com%2Flp2.aspx%3Fcfg%3D286%26b%3DGGL_PCRx_ppc34_26PCRx_25_cfg286_*GeoUSCA*_-Content-___virus%2520removal%26s%3Dawppc34%26utm_source%3Dgoogle%26utm_medium%3Dcpc%26utm_term%3Dvirus%2520removal%26utm_campaign%3Dppc34-26PCRx&uesb=Check+This+URL#results

IP:
http://64.135.82.105/
  • https://www.virustotal.com/de/url/da96984c002d149f8f2254493dee205349d8d1e13239bd6660d8f55634e53a83/analysis/1396783074/
  • https://www.virustotal.com/de/ip-address/64.135.82.105/information/
Eingestellt von um Keine Kommentare:
Labels: , , , , , , , ,
Standort: Boca Raton, Florida, USA

4/04/2014

POTENTIALLY SUSPICIOUS Advertiser:
Several HIDDEN IFRAME(s) @ www.123website.lu (IP: 194.36.0.218) W32.HfsIframe
DENMARK & LUXEMBOURG




POTENTIALLY SUSPICIOUS AD:

HIDDEN IFRAME(s) (SEE SCREENSHOT) AND DETAILS:


Just some of the Hidden IframeS (SCREENSHOT)
DOMAIN:

http://www.123website.lu/
  • https://www.virustotal.com/de/url/a03823518f3671592887260096bec16c1b1d5d79edabf13876494abf6bdbc169/analysis/1396635445/
W32.HfsIframe
  • https://www.virustotal.com/de/file/869d5dbd685251eb3d0e81b63ddf38a3ed677aa4f0c58e8fe645f6f188282980/analysis/1396636218/

AD-LINK:

  • http://www.googleadservices.com/pagead/aclk?sa=L&ai=CY1txnNU-U9_pDYuO7ga4toGYCO6FoJEE_sWnpm_AjbcBEAEgjsCUI1CutKrh-P____8BYLsDoAHi_KLfA8gBAakC8_NBOZOpiD6oAwHIA8MEqgSCAU_Qxzwdn7KWqRkRgEqP-T0vCCDpT44e1v2EMEWMlPZmGtNUjbWFauJ31RkoXcGUlHrSZW_S7lahvV8xTs9rTzDbpLJs1QWIAuWqGJxA1QTGIVvK1tUjAWhTVMBe2_JSVODMNpQ2hgAlPgJElHizxqeOTvCIxGeWCptETkwcW4cMOCCIBgGAB4aD3SA&num=1&cid=5GjjiwBrtH0oojSrRRBwcn6u&sig=AOD64_2c2xtAyodTjj5mcs8xvK-DC8EBoA&client=ca-pub-5585202032329389&adurl=http://www.123website.lu/pages/receive.aspx%3Fpartnerkey%3Dlugoogle:EUR_LU_DE_Display_Website_Unspecified%26target%3Dftp3:crea%26culturekey%3Dde-LU&nm=28&mb=2&bg=!A0TdBD8XrW8UnQIAAABMUgAAABQqAOF0Oumc1QQKA-9W_LeBTiOCxun8ZxWfdRem_F0bW-qK-wC960UMEfC8AcaJisf20I4gWBiWGSkXF5gxXUkhw8X3-3kBqNjIBeysSTArHdQiCF2sWtlU5vK5EoFhweYlm8ndXrGDG3Grtu4c04Bh-tMRVBo4Q4vx7-4w4z_jhfgIEF3W9zdNxC2J38p3j4YNT9afqougU3fgvWsg-9kWtG-eA9flGkBJx_eZp0EHZW8X4riKOV3mB-zd8MSr51EvB3WkFoZ2vO712pj4NQIfzPAC4Eb3nN_ffhvaUlqqTfzhoR8


VT ANALYSIS:

  • https://www.virustotal.com/de/url/56a610f0efb79b3cd860e31539a63842561f7815b80d74f17c192178d31d5342/analysis/1396634713/
W32.HfsIframe
  • https://www.virustotal.com/de/file/e0330f31fefdb10b055254a29d50485550861431465106f1ba0c00e31392bae2/analysis/1396634933/
  • https://www.virustotal.com/de/file/7db994d76f40d736213871786c4a2649e4bfe11375b778666efade39256b92df/analysis/1396635163/

IFRAME: <--- iframe src="//www.googletagmanager.com/ns.html?id=GTM-2MMH"height="0" width="0" style="display:none;visibility:hidden" --->

URL after Redirect:
http://www.123website.lu/pages/receive.aspx?partnerkey=lugoogle:EUR_LU_DE_Display_Website_Unspecified&target=ftp3:crea&culturekey=de-LU
  • https://www.virustotal.com/de/url/191f4624274d721cf7e96e4dbfc3eeaf7563aea0444baec0bef3c6c1c6169385/analysis/
W32.HfsIframe
  • https://www.virustotal.com/de/file/ed8c114ffafcfa4b2d80a3168f285e277692a0bd5374af60fbb642c6db987d77/analysis/1396635893/
IP:
http://194.36.0.218/
  • https://www.virustotal.com/de/url/b049d416dee632649e02a94fe72d79be607f7437547f3a5811bfe51b26041ce6/analysis/1396636806/
  • https://www.virustotal.com/de/ip-address/194.36.0.218/information/
Eingestellt von um Keine Kommentare:
Labels: , , , , , , ,
Standort: Dänemark

Web me up before you gogo
SUSPICIOUS GOOGLE ADs: webmeup.com (IP: 216.176.184.89)
Hidden Iframes (W32.HfsIframe) & a Bad Reputation on itself
Seattle, Washington State, United States

FOR WEBMASTERS
If you own a Website or a Blog and are affiliated with Google AdSense, in order to your own Reputation, should block the Domain webmeup.com in your AdSense Dashboard. The Site is Suspicious and at some Places flagged as Blacklisted. See the following Report:


SUSPICIOUS AD:
HIDDEN IFRAMES & BAD REPUTATION DOMAIN

URL:
http://www.googleadservices.com/pagead/aclk?sa=L&ai=Cy6O_ik89U_CEIeOI7gaK9oDIC72808sEnfip6VSUxIHcPhABII7AlCNQ2ZS9zf7_____AWC7A6ABi_in2QPIAQGpAjqXAXKKNF4-qAMByAPDBKoElwFP0IxRSJTVZjBsIIh_UKvd2TUxunzo_S1-mT0bHH-6aHVMkkt0bf8N7C2RN54CvduFy5uquln0IlzMKJqSFKoPSOjT4wI4wfZX1JOl4RJFud_YtgI0WUPm5xKyKxk1LEwtTHbKNpyitjQ3LvBuTqA2CSCF3ii18QrtPmozmjPlgRoqj5J3xIvApdowzXB4Diw-IBq5abxBiAYBgAfdh9gm&num=1&cid=5Gg4hurKMkl83P4fAziMfmtH&sig=AOD64_0VkVLWrxlHQohYi1xoDo9ter1sUA&client=ca-pub-5585202032329389&adurl=http://webmeup.com/offers/keywords.html&nm=11&mb=2&bg=!A0Trb4WEKT6hggIAAABDUgAAACwqAOFBSmCeDMOoMHIYzFuNtFz1qHErfwXeeDTD1dx8byzTqOLoPcTOxQnJpNBmlBOscGglXLvKqjWa2C_7QhuO0AJxGI4QiECd7jJaWLGzQyxDdwbUAPhfVaxLM1jcnU6fLcnuRbtaNTSc9ZYJMO6W8r9PZIEV9Y7o3f0OecWCHjPbVpqbxdNbnNSk4XGCtSKOtdY6ixbZUkTlQQmuKzmfAYcfj8sbbzQGX_G4ZfTgvOfKh1JelRWzc9vVA6Pf-gXn6vJGlR_Gv-_iDYCHtQo2Q3kCk-T8PCaagzw3O_J8gGbPNlE

  • https://www.virustotal.com/de/url/c33ad49edc713f5ff2af1d58ba81dd71b4aa4332280ae8e291ac0fe4dec3b887/analysis/1396530528/
---> Goes to
http://webmeup.com/offers/keywords.html?gclid=COG_6tCxxL0CFa5DMgody3IASw
  • https://www.virustotal.com/de/url/fa1117992d0c80fa00883fe425a759a3c828905344fd1bb7a87b19e95111c3bc/analysis/
DOMAIN ITSELF:
http://webmeup.com/
  • https://www.virustotal.com/de/url/d895fbc6abbc712a6a4369b9c48872faab1298a3dfbf9373b187fbe4728374f5/analysis/
W32.HfsIframe.018f (HfsIframe means HIDDEN IFRAME (Bavk))
  • https://www.virustotal.com/de/file/0f5bfa6ed4473ac57bf830b535e8a405b40e0546066f720c21a51fcb1a9940b4/analysis/1396530855/
  • https://www.virustotal.com/de/file/e706e43d9aaea8a11e559b98b5f5d16bad4e2a093bf39527a3e61751ac180480/analysis/1396530988/
HIDDEN IFRAMES (EXAMPLE)
http://webmeup.com/seo-tools-review/index.html
REDIRECTS To:
http://webmeup.com/seo-tools-review/
  • https://www.virustotal.com/de/url/788897b0ba28cf358d0093795fc903f827dfb8c4d170bff954ded9bbbed0b7a2/analysis/1396532538/
W32.HfsIframe.47db
  • https://www.virustotal.com/de/file/94fab1782e1291c9732eed4a91b76548493b54bf23d30945dbd7eba2d13ef355/analysis/1396532239/
OTHER HIDDEN IFRAMES SEE SCREENSHOT:

Screenshot
IP:
http://216.176.184.89/
  • https://www.virustotal.com/de/url/317d8c56e1517093d04b96162e0b4bc2155aa8d24abe5ea2790de2d150abf121/analysis/1396533149/
  • https://www.virustotal.com/de/ip-address/216.176.184.89/information/
Eingestellt von um Keine Kommentare:
Labels: , , , , , , ,
Standort: Seattle, Washington, USA
Abonnieren Posts (Atom)