Tags » Malvertising

ipfilterX Codename Kernel

>Date 19/05/2017


-Blocked Threats:
-Updated Threats: [1]
-IP Added Record: [+69K]


>Parsed lines/entries:23K Found IP ranges:23K Duplicate:0 Merged:0 Time:0 secs… 84 more words

HookAds Malvertising Campaign Leads to RIG EK at, Drops LatentBot


Network Traffic:

  • – nairolonia.info – Pre-landing page
  • – post.divakarshenoy.com – RIG EK
  • – GET /Base64 encoded URI string…
  • 543 more words

Seamless Malvertising Campaign Leads to RIG EK at and Drops Ramnit


HTTP Traffic:

  • – GET /flow339.php – Seamless campaign redirector
  • – new.cloudarchieve.com – RIG EK
  • 424 more words

Seamless Malvertising Campaign Still Leading to RIG EK and Dropping Ramnit

On May 10th, 2017, the Twitter user thlnk3r sent a Tweet with a referer for the seamless campaign:

I decided to investigate the traffic from his tweet and proceeded to use the php file hosted at as my referer. 434 more words


How tech support scammers have made millions of dollars

Ahhh, the sweet smell of revenge! Nothing like unleashing some ransomware on those tech support scammers, eh?

However, fortunately for them, there aren’t hours enough in the day to turn the tables on the swindlers and social-engineer their pants off. 1,069 more words


Hacked Sites Redirecting Users to Various Malvertising Campaigns

I had somebody contact me via my Contact page saying that they found my post on the Seamless campaign leading to RIG exploit kit. They had told me that they had received an email with the following link multitaskcleaners[.]co[.]uk/giftwrap.php?1702. 1,415 more words


Malvertising Campaign Leading to RIG Exploit Kit Dropping Ramnit Banking Trojan

On April 5th, 2017, the Twitter user thlnk3r sent a message to Brad and myself about a malvertising chain using onclkds.com to redirect hosts to RIG exploit kit. 986 more words