Alive phishing = long overdue! - 986.3 hrs

See: https://www.virustotal.com/nl/url/e2245bc0deb7d48562478b52fa1f4be2980fede34c00ead1bbf415319a191afe/analysis/1389809500/
See: http://urlquery.net/report.php?id=8829430
and http://support.clean-mx.de/clean-mx/phishing.php?ip=108.168.242.153&sort=id%20DESC
Earlier an IDS alert for ET SHELLCODE Excessive Use of HeapLib Objects Likely Malicious Heap Spray Attempt
→ #
alert tcp $EXTERNAL_NET $HTTP_PORTS → $HOME_NET any (msg:“ET SHELLCODE Excessive Use of HeapLib Objects Likely Malicious Heap Spray Attempt”; flow:established,to_client; file_data; content:“Heap|2E|”; nocase; distance:0; content:“Heap|2E|”; nocase; distance:0; content:“Heap|2E|”; nocase; distance:0; classtype:shellcode-detect; sid:2013222; rev:2;) - by Jaime Blasco

For more insight read: https://www.corelan.be/index.php/2011/12/31/exploit-writing-tutorial-part-11-heap-spraying-demystified/ (authors = corelan team)

polonus