Our company investigates computer crime incidents on behalf of banks and other companies.
The following URL(s) are being used as part of a malware (computer virus) attack. commondatastorage.googleapis.com/e1c6c8975/5903092a7e23db8 We request that all hacker files and malware files be disabled or removed from the system(s) as soon as possible. If we have contacted you in error, or there is a better way for us to report this incident, please let us know. Thank you, Amanda Kline PhishLabs Security Operations [email protected] +1.202.386.6001 http://www.phishlabs.com Evidence: Target: malware (leads to hXXp://adsgolayer.xyz/daf.php?lol) The target is pulling a malicious script from: hXXps://dl.boxcloud.com/d/1/f3_7uBdyq-T_RGvvgPKF7axOvxlH5ca03oCFBZgua3L9LIiKpRnSurWUyTSUwneLK01RsTjq_kyvuvYaqMMlYZz1Gqyt0-w8QFKsLfiHxcU6ICiOkpF00g75Ig89_N2yMwehjbfLMUAQD_R4aBXVFN3BknPgOqtBQpVwHKlbKk-5ytA2NjI67nbc56fHfChggO-8VXlwxU8uhpAduIzCsXxHIJmyqIpF1YcvoYCOHP-vjFCx-iypOFtDd4Ix4A-K9XXPdBK58ZFfgN7ayrxmAnIjlV8zrTQl26FbLjKrsvMzV-MV7UQK61jzkWAKtWcPWgJzM3FLwfP-Psc-ehe2yWDYWTgVFjj-Sfi4dkH8QX8zTWTgcgIB4fJoMfPblobeLSf8xxD9TBX40mXujh26CxSI8tV8mI-m1fBNxukgrcmJhkUCv9L_8TQ_0UGQOwVa78vyts2BSJbSx4-RDUMKs7xkYpa0rZY8EVf7V9HJNubJL88a-mCPVTzDG3dpOdYSFmSjQIiMBZdLRKSbvIim6BEsYY74TLe5pEgG7h2Amsmupf994inevcrzDqphjYHbO8wkKwByAM3VVQhthx3ySFalfCNDLsu_e-X1VTJTDMLS3GZGSZf4EnwJ1nnNWNgta9r8P1kKugcP-medJQgRvB5Au4dnYte738VHG52q6xXnOxH1ftLr-G6mLP8qH5t8w-Fa4FNwqFRq_rWV7Pu-oWVo-ZWOj8BS3D5j06VFZ88dBRQVdfG-mv7cIYcAUIYmzd1XjvFGmG29SRW4NKl3a67rY1ZHSn54Cni9aFXEp-gCKaKACAe3TXs6Rz--0k6bRAy_FGoM-DLvkkasc1hS7UGT-IKeyJAd5131kiT2QkSGjrrFccSSZOAO4EsW8Bk74oFe31HxwEuwRjq2P7CpHEkuYWELYh3q_daJb_3BgLPVL15H_7QUdHpQ3fc6rKDtQN mEta3OkHQLQmO5LDquCXZuRCBZT0DUn1UfgrHB35hlaQayIOruTgMHLfXYZdQsJVfzGdM1gSWqHEPmBHomOe17rSIDgOUl0Com-hS9nFZFXgDs0s2dCsNlkQxa7gBHR3HnYKHyRZl5gfguYFo_fihMdAif0aIvEkKo3KnWq5486TNpErqiY4T80WMl19W6XakOH7uv8srWBDa7wvXjVJV5OZKMHl5PpG8T4xY0EOJTuHQA/download Additional malware URLs found: hXXps://adsgolayer.xyz/i.php hXXp://adsgolayer.xyz/br.js?i=0.4376758052967489 The malware script being downloaded from daf.php is calling malicious files on the following domain: hXXp://systemloog.xyz/ Additional Evidence: hXXps://www.virustotal.com/en/ip-address/37.187.173.24/information/ -- You received this message because you are subscribed to the Google Groups "Project Hosting on Google Code" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/google-code-hosting. For more options, visit https://groups.google.com/d/optout.
