Author Topic: New Relic PHISHING - malware? (Read 2158 times)

polonus · « **on:** September 19, 2017, 06:28:08 PM »

Quote

url   scheme   host   path   type   query   aid   cid   date   patterns   objects   name   affilition
-http://r.ar-mtch1.com/Redirect?pid=c&chid=L&md5=a5366b96704bced528a267c6aead1a5f&sha256=8ceda5df32402919aa86a5f57153a2ca31734bba372ca2f072f20602aef21988&url=-http%3a%2f%2flmftracking.com%2faff_c%3foffer_id%3d3165%26aff_id%3d1719%26aff_sub%3dNTX%26aff_sub2%3dbestzakup%26aff_sub3%3d%7bAFFID%7d%26firstname%3dBeata%26lastname%3dWoiciuch%26email%3dbeatawojciuch%2540wp.pl&type=c&list=All&esp=F   -http   r.ar-mtch1.com   /Redirect   site_analytics   pid=c&chid=L&md5=a5366b96704bced528a267c6aead1a5f&sha256=8ceda5df32402919aa86a5f57153a2ca31734bba372ca2f072f20602aef21988&url=-http%3a%2f%2flmftracking.com%2faff_c%3foffer_id%3d3165%26aff_id%3d1719%26aff_sub%3dNTX%26aff_sub2%3dbestzakup%26aff_sub3%3d%7bAFFID%7d%26firstname%3dBeata%26lastname%3dWoiciuch%26email%3dbeatawojciuch%2540wp.pl&type=c&list=All&esp=F   614   1009   2017-09-19 18:15:09   newrelic\.com   -https://js-agent.newrelic.com/nr-1039.min.js   New Relic
-http://r.ar-mtch1.com/Redirect?pid=c&chid=L&md5=a5366b96704bced528a267c6aead1a5f&sha256=8ceda5df32402919aa86a5f57153a2ca31734bba372ca2f072f20602aef21988&url=
-http%3a%2f%2flmftracking.com%2faff_c%3foffer_id%3d3165%26aff_id%3d1719%26aff_sub%3dNTX%26aff_sub2%3dbestzakup%26aff_sub3%3d%7bAFFID%7d%26firstname%3dBeata%26lastname%3dWoiciuch%26email%3dbeatawojciuch%2540wp.pl&type=c&list=All&esp=F   -http   r.ar-mtch1.com   /Redirect   site_analytics   pid=c&chid=L&md5=a5366b96704bced528a267c6aead1a5f&sha256=8ceda5df32402919aa86a5f57153a2ca31734bba372ca2f072f20602aef21988&url=-http%3a%2f%2flmftracking.com%2faff_c%3foffer_id%3d3165%26aff_id%3d1719%26aff_sub%3dNTX%26aff_sub2%3dbestzakup%26aff_sub3%3d%7bAFFID%7d%26firstname%3dBeata%26lastname%3dWoiciuch%26email%3dbeatawojciuch%2540wp.pl&type=c&list=All&esp=F   614   1009   2017-09-19 18:15:09   nr-data\.net   -https://bam.nr-data.net/1/4f78f77256?a=34281487&v=1039.bef6007&to=ZgdTYxZWW0cDUxJZX19NZEUNGFxaBlUeHkBZEg%3D%3D&rst=219&ref=-http://supermarket.zostan-zwyciezca.com/&ap=31&fe=201&dc=96&at=SkBQFV5MSEk%3D&jsonp=NREUM.setToken   New Relic
-click.bestzakup.com/c/NV/9jr/ZTIrhOGPKDKTUBRQmmuVDa/c/FLqB/d723c6b5

from tracker tracker report -newrelic\.com -https://js-agent.newrelic.com/nr-1039.min.js & nr-data\.net -https://bam.nr-data.net/etc.
Re: https://urlquery.net/report/ec121f43-b2fb-4313-b978-68d2ac0be805

Re: https://www.virustotal.com/en/url/0235676fba352e2439a3f94210ff9cb70c05a988ef0154ce1669ca42a3b8d208/analysis/1505836667/

Re:
https://safeweb.norton.com/report/show?url=click.bestzakup.com & https://www.scumware.org/report/76.8.52.206.html

Consider: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=click.bestzakup.com%2Fc%2FNV%2F9jr%2FZTIrhOGPKDKTUBRQmmuVDa%2Fc%2FFLqB%2Fd723c6b5&ref_sel=GSP2&ua_sel=ff&fs=1

Re: https://www.virustotal.com/en/url/4d2d38710931c856598e58cf0d680615536da49030083e8bddb59bea0f40d976/analysis/1505837865/

polonus (volunteer website security analyst and website error-hunter)