hxxp://www.wotpro.com
Urlquery shows this: http://urlquery.net/report.php?id=168894
Downforeveryoneorjustme?: http://www.downforeveryoneorjustme.com/www.wotpro.com
hxxp://www.wotpro.com
Urlquery shows this: http://urlquery.net/report.php?id=168894
Downforeveryoneorjustme?: http://www.downforeveryoneorjustme.com/www.wotpro.com
Hi mchain,
Good find, very interesting to analyze. Kudo’s to you for finding this up!
Unknown html malware there and malcode is alive and kicking…according to Netpilot
Looking it up with a file viewer, I get "Object moved to < a href=“hxtp://www.wotpro.com/?cookieTest=1” on line 2 on the html there…
and then going here → htxp://adserver.adtechus.com/addyn/3.0/5259.1/2530558/0/170/ADTECH click tracking (code with bugs in curse4 client)
related to admeld with bad web rep…http://www.mywot.com/en/scorecard/admeld.com?utm_source=addon&utm_content=popup-donuts
also links to COBALT advertising …which is clean and green
So issues could be adware related…site is flagged for unknown html malware since 2012-09-09 12:01:5
senderbase rep smtp01.curse.com GOOD
Sucuri tested the site as clean and all green,
Site works like a sort of two stage rocket, but the browser renders the malcode at once, this is to circumvent detection of the malvertising,
alas urlquery is not being fooled one bit for instance, nor is Emering Threats IDS …
polonus
P.S. And you also understood what the IDS alert on urlquery net was about to alert for
D