See: http://urlquery.net/report.php?id=1430917927801
Re: http://www.herdprotect.com/domain-download.qip.ru.aspx
Re: https://www.virustotal.com/nl/domain/sitefilkbist.ru/information/
See: https://www.virustotal.com/nl/url/5b10e1281fb12613b242f9401bef773a85c9acf59df2d5ff338c7bd8e1086c80/analysis/#additional-info
Potential suspicious file: installmonster.js
Severity: Potentially Suspicious
Reason: Detected potentially suspicious content.
Details: Detected potentially suspicious initialization of function pointer to JavaScript method fromCharCode __tmpvar1620867909 = fromCharCode;
Threat dump: see attached
Threat dump MD5: 21BEBC0C9EAA2B0EC0FB1BE2FB2AB092
File size[byte]: 5546
File type: ASCII
Page/File MD5: B2B595D3CE0F2B06D040D473DE64C5FD
Scan duration[sec]: 0.276000 - Read: http://aw-snap.info/articles/js-examples.php
Sucuri’s: ISSUE DETECTED DEFINITION VULNERABLE HEADER
Outdated Web Server Apache Found Vulnerabilities on Apache 2.2 Apache/2.2.15
Read: http://encosia.com/3-reasons-why-you-should-let-google-host-jquery-for-you/
On IP: https://theproxisright.com/filter/37.48.81.149
and https://www.virustotal.com/nl/ip-address/37.48.81.149/information/
Avast detect on executables: MSIL:GenMalicious-DPK [Trj] etc.
pol