Jump to content

ransom html ware


Recommended Posts

http://www.tuneworkstation.com/advanced-digital/security/onelinesystem.html?cid=wbsft1bf1c4hm8msgs54km52?cid=barmera 

ok so this site annoys me to stop it you have to ctl alt delete and end task on your browser 

so I down loaded a site blocker for goolge chrome  and put it in to it. I thpought woot woot all fixed 

now befor it goes to that site it pulls up this address 

data:text/html;base64,PGh0bWw+PGJvZHk+PHNjcmlwdD53aW5kb3cubG9jYXRpb249J2h0dHA6Ly9zZXJ2aWNlZ2V0Ym9vay5uZXQvcmVkaXJlY3Q/JnRpZD02MDA2MzcmcmVkPTEmYWJ0PTAmdj0xLjEwLjI3LjAmc209MCZyZWY9aHR0cCUzQSUyRiUyRnd3dy5mbGFzaHgudHYlMkZlbWJlZC5waHAlM0ZjJTNEMXI3eGN6MTZndXVyJl9PYWdLPTE0NjI3ODMwNTQwMjAnOzwvc2NyaXB0PjwvYm9keT48L2h0bWw+ 

and then gose to the site above wtf is that ! because it is an invalid url 

 

just thought this would be intresting for you guys 

Edited by AdvancedSetup
Link to post
Share on other sites

a little more context is that I am streaming tv shows from wither

 http://www.thedarewall.com or from  http://justdubs.org/

 

it happen more often on just dubs

is it malware  or is it something else that redirects it to this site as it is happening to two different sites 

Edited by AdvancedSetup
removed hyperlink url
Link to post
Share on other sites

Hello and :welcome:, @daryl2222:

Thanks for reporting.

If you think you might have picked up a nasty beastie, please feel free to head over to the malware removal section for a bit of free, expert help checking the system.
To start, I suggest the information in this pinned topic: Available Assistance for Possibly Infected Computers
It explains the options for free, expert help AND the preliminary steps to expedite the process.
A trained malware helper will guide you through scanning and cleanup, as needed.

Thanks again,

P.S. The forum mod team might move this thread to the IP/URL Threat section or another suitable forum section. No worries, though.;)

Link to post
Share on other sites

data:text/html;base64,

 

Would be in a HTML file that resides in email or on a disk.  That kind of formation is associated with Phishing where the Web Form is in a HTML attachment in the spam'd email.  This is done so its web site can't be taken down for Phishing content.  The HTML attachment has all the content and will only upload the data ( credentials, etc ) once all the data has been gathered.

S2D2

 

Edited by David H. Lipman
Link to post
Share on other sites

Maybe and maybe not.  The Base64 section decodes to... 

<html><body><script>window.location='http://servicegetbook.net/redirect?&tid=600637&red=1&abt=0&v=1.10.27.0&sm=0&ref=http%3A%2F%2Fwww.flashx.tv%2Fembed.php%3Fc%3D1r7xcz16guur&_OagK=1462783054020';</script></body></html>

Which is a rotating redirection schema which eventually rotates in...

Image1.jpg

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.