Malware Domain List

Malware Related => Malicious Domains => Topic started by: molan1998oif on October 07, 2016, 10:49:56 pm

Title: MSE-looking Talking Malicious Fake Scan Site
Post by: molan1998oif on October 07, 2016, 10:49:56 pm
http://z5x7k18k-virus.com/report.php?
http://z5x7k18k-virus.com/?id=KzEgKDg1NSkgNjI1LTA3OTA
http://z5x7k18k-virus.com/up.php?done=veidzz
This came up when a user of ours was on Pinterest looking up recipes for stuff.
She had clicked a link to a cocktail recipe for some kind of Suicide Squad drink, and it redirected to some "allmommywants.com" site, then this came up.
The links above were various versions of it that I found in some .js files that were bringing her previous Firefox sessions back up with the tabs she was last viewing.  I managed to prevent the pop-up from coming back, even though the rest of the site came up, by adding: http://z5x7k18k-virus.com to the hosts file, preceded by 127.0.0.1
Attaching a screenshot of the page:
Title: Re: MSE-looking Talking Malicious Fake Scan Site
Post by: molan1998oif on October 07, 2016, 11:41:06 pm
Quick update, the actual address is a long base64 thing, but by using the hosts list to block the popup, we were able to successfully back out of the site and close things.
Title: Re: MSE-looking Talking Malicious Fake Scan Site
Post by: molan1998oif on October 07, 2016, 11:45:47 pm
I apologize for not deactivating the links to begin this thread... I've fixed it though.