Pastebin launched a little side project called VERYVIRAL.com, check it out ;-) Want more features on Pastebin? Sign Up, it's FREE!
Guest

Favbrowser malvertisment attack details

By: starbeamrainbowlabs on Apr 8th, 2014  |  syntax: HTML 5  |  size: 1.12 KB  |  views: 6  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. Category: Intrusion Prevention
  2. Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
  3. 08/04/2014 07:36:58 AM,High,An intrusion attempt by ads.favbrowser.com was blocked.,Blocked,No Action Required,Web Attack : Malvertisement Website Redirect,No Action Required,No Action Required,"ads.favbrowser.com (173.244.217.182, 80)","ads.favbrowser.com/www/delivery/ajs.php?zoneid=3&cb=76603858637&charset=UTF-8&loc=http://www.favbrowser.com/first-chrome-os-tablet-might-be-coming-this-month/","SNOWFLAKE (192.168.0.8, 1518)",173.244.217.182 (173.244.217.182),"TCP, www-http"
  4. Network traffic from <b>ads.favbrowser.com/www/delivery/ajs.php?zoneid=3&cb=76603858637&charset=UTF-8&loc=http://www.favbrowser.com/first-chrome-os-tablet-might-be-coming-this-month/</b> matches the signature of a known attack.  The attack was resulted from \DEVICE\HARDDISKVOLUME3\PROGRAM FILES (X86)\OPERA NEXT\21.0.1432.31\OPERA.EXE.  To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>.