Blog for hpHosts, and whatever else I feel like writing about ....

Saturday, 18 January 2014

Malvertising:, Green Tech Software LLC -,,

This one was found on a suspected fraud site (still investigating that part), with the advert itself not surprisingly, making no mention of who or what it was for. Clicking the advert leads you to this bit of loveliness.

The URLs;

Ad image: hxxp://

hxxp:// is hiding behind CloudFlare (it's real IP is (AS14061 Digital Ocean)), and has no content on its homepage. Going to /l/ presents this bit of maliciousness;

The download (183378b94332558211ffa1768bcb22e0, Adware.InstallBrain) is signed using a GoDaddy certificate, and signed by Green Tech Software LLC.

No comments: