« previous next »
Pages: [1]   Go Down

Author Topic: Is this a malicious redirect?  (Read 1252 times)

0 Members and 1 Guest are viewing this topic.

Online polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34053
  • malware fighter
Is this a malicious redirect?
« on: January 12, 2014, 01:35:14 AM »
Redirect going to see: http://urlquery.net/report.php?id=8784882
Google blacklists and reports 650536.kunde.adminflex.de as suspicious website and  visiting this web site may harm your computer.
404 Not Found
Content-Length: 301
Content-Type: text/html
But see what is detected: http://jsunpack.jeek.org/?report=77291234fc107d98218d4a9b9a24b553a45c6be9
Browser dependant: Not identical
Google: 500 bytes       Firefox: 7773 bytes
Diff:         7273 bytes

There were EXPLOIT-KIT Multiple exploit kit possibly malicious iframe embedded into a webpage launched from other domains on same IP,
Suspicious: http://app.webinspector.com/public/reports/19410672

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37698
Re: Is this a malicious redirect?
« Reply #1 on: January 12, 2014, 01:41:46 AM »
Sucuri  http://sitecheck.sucuri.net/results/650536.kunde.adminflex.de
Quote
Description:

A suspicious block of javascript or iframe code was identified. It loads a (possibly malicious) code from external web sites that was detected by our anomaly behaviour engine. Those types of code are often used to distribute malware from external web sites while not being visible to the user.

VT
https://www.virustotal.com/nb/file/8c14f5375c452d706e081d5f1f08110100b66228e553fc3ba1298a6c266cd0d3/analysis/1389487364/
« Last Edit: January 12, 2014, 01:46:50 AM by Pondus »
Logged
Pages: [1]   Go Up
« previous next »