A forum for reverse engineering, OS internals and malware analysis 

PUP.Optional.Amonetize

Forum for analysis and discussion about malware.

PUP.Optional.Amonetize

 #26934  by Xylitol
 Mon Oct 12, 2015 11:03 pm
Website sponsored by the government of India, compromised and redirecting on unwanted application.
Code: Select all
www.istm.gov.in/uploads/softportal1/fbase.php
Code: Select all
Connecting to www.istm.gov.in|164.100.128.252|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://planetkaren.ws/?1&&default_keyword=setup&charset=utf-8&keyword=
 [following]
Connecting to planetkaren.ws|195.28.182.8|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://wload.for-better.biz/us15/query.php?q=setup
 [following]
Connecting to wload.for-better.biz|162.248.244.156|:80... connected.
HTTP request sent, awaiting response... 200 OK
Code: Select all
• dns: 1 ›› ip: 195.28.182.8 - adress: PLANETKAREN.WS
• dns: 1 ›› ip: 162.248.244.156 - adress: WLOAD.FOR-BETTER.BIZ
• dns: 2 ›› ip: 104.28.22.60 - adress: TUNYDOWNLOADSFAST.COM
VT: 6/57 - Hybrid Analysis
Attachments
infected
(1 MiB) Downloaded 60 times
 Return to “Malware”