Wednesday, November 30, 2016

More Malware From IMDB

Just like last time, I was looking up a movie (yeah, I watch a lot of movies) on IMDB when it redirected me to the URL below. Same "Urgent Chrome Update" message, and this time I noticed that it still says "Miller's Crossing (1990)" on the tab.

The domain is new: aamaebuzzbookmarks.com and the domain registration is locked down this time, so it's hard to follow up on like the last one. Others on Reddit have mentioned this type of malware redirect from large sites. My guess is that IMDB is still serving up infected ads.

I did notice from the WHOIS record that it looks like the domain was created today. Talk about zero day malware!

Here's the URL:

https://aamaebuzzbookmarks.com/607841460074/c7d6e2f0a084a52fc656d78426e3e109/fc6061dc70679f0f99a7afc751be0eed.html



Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

Domain Name: AAMAEBUZZBOOKMARKS.COM
Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Sponsoring Registrar IANA ID: 303
Whois Server: whois.PublicDomainRegistry.com
Referral URL: http://www.publicdomainregistry.com
Name Server: NS1.EUROPEDNS.NET
Name Server: NS2.EUROPEDNS.NET
Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Updated Date: 29-nov-2016
Creation Date: 29-nov-2016
Expiration Date: 29-nov-2017

>>> Last update of whois database: Wed, 30 Nov 2016 10:17:30 GMT <<<

No comments:

Post a Comment