From where: http://urlquery.net/report.php?id=1490821606109
Known infection source: https://www.virustotal.com/pl/url/43bb625e986a35bc92aa432514340d287ce1f460dda204da610ffc59f72d948f/analysis/1490822019/
On that executable: https://www.reverse.it/sample/7ca3ea6836acd782153cf9b70e87ad4bb7492eeffc3277c74e451f7f9c8c45aa?environmentId=100 and https://malwr.com/analysis/MDg5YmZkZThiOTdlNDcxNjkzNWVhOGNlZTc2M2EzMTA/
This is CloudFlare abuse: https://urlscan.io/result/964bb058-3992-4d73-a9fe-2316d353ce1c#summary
Malware on script: -http://www.domxssscanner.com/scan?url=http%3A%2F%2Ffile-5.ru%2Fjs%2Ffunc.js
errors:
found JavaScriptvariable value does not exist or is undefined…
error: undefined variable $
error: undefined function $
What’s on that IP: https://www.threatminer.org/host.php?q=104.25.188.19
polonus (volunteer website security analyst and website error-hunter)