polonus
1
See: http://urlquery.net/report.php?id=7321674
Flagged here: http://evuln.com/tools/malware-scanner/streamsafghanistan.org/
the site is or was distributing a malware variant of JS/Kryptik.Z trojan
7 detects: https://www.virustotal.com/nl/url/8d2045320911a95ff6397bed053bedbc70bdf647539f0ca20b0f1356d09521ef/analysis/
none: https://www.virustotal.com/nl/file/83c84dd6872b0c9efee204bbc7aa8272e4c82a0c57752b88410ece82739bdb3e/analysis/1375674902/
Malicious server redirect flagged: Code: 302, http://pillsnot.ru/ Redirect to external server! → http://evuln.com/labs/pillsnot.ru/
Suspicious of spreading spam: suspicion of Spam
ü æàðêèå.|ñìîòðåòü ïîðíî áåñïëàòíî
íåäîðîãèå <a href="htxp://www.design.pro… 18+ content
upload link request - response: GET /Uploads/iOVAO5QT.php HTTP/1.1
Host: shinhanvn dot com dot vn
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
Here avast detects on same IP: htxp://urlquery.net/report.php?id=7163247 |{gzip} as JS:Iframe-CSU[Trj]
polonus