Found these sites today while browsing on Google Video. This redirection is triggered from having a video.google.com referrer and pushes the user through a few domains to redirect and download content. It may be triggered by other video sites as well. This is offering an HD codec for flash player and features a cute installation process when you visit the site.
hxxp://best.viralprn.net
Redirects to
hxxp://only.hdpornr.net
Loads files from
hxxp://tvcodec.net
Whois entry for viralprn.net 88.80.19.191
Whois entry for hdpornr.net 195.95.151.178
Whois entry for tvcodec.net 91.194.10.60
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note – All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676
Whois entry for hdenabled.com 213.163.66.241
Flash.Player.HD.v10.0.exe
Result: 12/41 (29.27%)
MD5: 947828203c38f7cc2e98277076b747a0
VirusTotal
ThreatExpert Analysis
hxxp://hdenabled.com/download/5a6a576343673d3d050cf77920090701/
0 Responses to “Multiple domains targeting pornographic videos distributing malware codec”
Leave a Reply
You must login to post a comment.