static.onlineapplicationsdownloads.com(Trojan downloader spreading via Facebook hosted in United States Ashburn Amazon.com Inc. )

Our friend aLiSs found this file via facebook.
These links are spreading on facebook.

hxxp://goo.gl/TUqGzM
hxxp://goo.gl/PVUW3S
hxxp://goo.gl/uJvgqv

When u click u go to the page and then u are asked to install FlvPlayer
 if u click install u are downloading FlvPlayerSetup.exe wich download and installs FlvPlayerSilent0.exe.

These are domains used by this shit

os.greatonlineapplications.com
static.onlineapplicationsdownloads.com

These are HTTP Queries

static.onlineapplicationsdownloads.com/exe/FlvPlayerSilent0414.exe
static.onlineapplicationsdownloads.com/exe/FlvPlayerSilent0414.exe
static.onlineapplicationsdownloads.com/exe/FlvPlayerSilent0414.exe
os2.greatonlineapplications.com/Aff-AD/?v=3.0&c=1538995748
os.greatonlineapplications.com/MEDIA/?v=3.0&c=1538995748
os2.greatonlineapplications.com/Aff-AD/?v=3.0&c=1538995748

Looking up static.onlineapplicationsdownloads.com
Resolved : [ static.onlineapplicationsdownloads.com ] To [ 54.230.231.38 ]
Resolved : [ static.onlineapplicationsdownloads.com ] To [ 54.230.230.82 ]
Resolved : [ static.onlineapplicationsdownloads.com ] To [ 54.230.230.177 ]
Resolved : [ static.onlineapplicationsdownloads.com ] To [ 54.230.228.52 ]
Resolved : [ static.onlineapplicationsdownloads.com ] To [ 54.230.230.37 ]
Resolved : [ static.onlineapplicationsdownloads.com ] To [ 54.230.230.89 ]
Resolved : [ static.onlineapplicationsdownloads.com ] To [ 54.230.230.206 ]
Resolved : [ static.onlineapplicationsdownloads.com ] To [ 54.239.192.192 ]

Resolved : [ os2.greatonlineapplications.com ] To [ 166.78.44.134 ]

Hosting infos:
http://whois.domaintools.com/54.230.231.38

Categories: Uncategorized