Favbrowser malvertisment attack details
starbeamrainbowlabs Apr 8th, 2014 12 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
- Category: Intrusion Prevention
- Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
- 08/04/2014 07:36:58 AM,High,An intrusion attempt by ads.favbrowser.com was blocked.,Blocked,No Action Required,Web Attack : Malvertisement Website Redirect,No Action Required,No Action Required,"ads.favbrowser.com (22.214.171.124, 80)","ads.favbrowser.com/www/delivery/ajs.php?zoneid=3&cb=76603858637&charset=UTF-8&loc=http://www.favbrowser.com/first-chrome-os-tablet-might-be-coming-this-month/","SNOWFLAKE (192.168.0.8, 1518)",126.96.36.199 (188.8.131.52),"TCP, www-http"
- Network traffic from <b>ads.favbrowser.com/www/delivery/ajs.php?zoneid=3&cb=76603858637&charset=UTF-8&loc=http://www.favbrowser.com/first-chrome-os-tablet-might-be-coming-this-month/</b> matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME3\PROGRAM FILES (X86)\OPERA NEXT\21.0.1432.31\OPERA.EXE. To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>.
RAW Paste Data