Home / malwarePDF  


First posted on 19 August 2019.
Source: Microsoft

Aliases :

There are no other names known for Exploit:HTML/IframeRef.AA.

Explanation :

Exploit:HTML/IframeRef.AA is the detection for specially-formed IFrame tags that point to remote websites containing malicious content, for example malicious JavaScript containing an exploit for a specific vulnerability.

It requires a user to visit an affected website or open a malicious HTML page containing a tag for the redirection to occur. It may also be found embedded in specially-crafted HTML email messages.

In the wild, Exploit:HTML/IframeRef.AA redirect browsers to URLs that include the following:

bigaiars.vv.cc/go.php?sid=1 utrek.com/lsd/go.php?sid=1 24onlnesex.com/images/go.php?sid=1 thetrf.net/s/go.php?sid=2 boondone.co.cc/go.php?sid=1 nerdaler.com/stds/go.php?sid=2 z16274.infobox.ru/go.php?sid=1 z16524.infobox.ru/go.php?sid=1 cockuru/dumper/backup/backup/go.php?sid=1 goodsuffreviews.com/wp-includes/pomo/koo/go.php?sid=1 z16524.infobox.ru/go.php?sid=2 mujwe.info/dream/stt/go.php?sid=2

Analysis by Jonathan San Jose

Last update 19 August 2019