Avast WEBforum

Other => Viruses and worms => Topic started by: polonus on March 01, 2015, 02:51:29 PM

Title: Domain not in namespace - are they spreading a malicious executable?
Post by: polonus on March 01, 2015, 02:51:29 PM: See: https://www.virustotal.com/nl/url/3486f71159f5a5a9ba3558a9e83f708a9ee387c80db2b7249136deef9fc01f87/analysis/1425216544/
Missed big time: http://zulu.zscaler.com/submission/show/00fa5a7036984687c7da2f77606ea5cd-1425216566
See: http://urlquery.net/queued.php?id=268920109
For the main domain (the sub-domain did not resolve - nameserver issue):
http://www.dnsinspect.com/ipcheker.com/1425217188 -> http://whois.domaintools.com/ipcheker.com
IP badness: https://www.virustotal.com/nl/ip-address/199.59.243.120/information/
Redirects to: /Zm9yY2VTUg - Site Potentially Harmful
Script Scan: http://jsunpack.jeek.org/?report=45433e722df0a3ce1b44bafaaaccdac93cc3257e
For security research only, open in browser with NoScript active and running inside a sandbox/VM.

SMF 2.0.18 | SMF © 2015, Simple Machines