Type to search

In-depth analysis of – Malware Research

If you are trying to get rid of the related malware, then you are on the right place. In this post, we are going to take a look on how you can easily delete the related adware/malware from your computer or device.

But before we start removing the related malware from your device, we will need to understand with what type of malware we are dealing with, and how it was possible that the device got infected by the malware which is served via the environment.

Reasons why is listed:

  • History of being on a blacklist
  • History of being used in an aggressive marketing campaign
  • History of malicious traffic or use
  • Triggered as a spam-bot or aggressive crawler
  • We were lazy and we did not see that it is a false-positive (Sorry!)

Please do note that it is possible that has been cleaned from malicious code and that it is serving genuine/clean traffic. So be very careful when you decide to block

IP owner contact information

The last time we checked for contact information, we found the following information. This information is being published as is. It is possible that the information is out-dated.

Owner name Mumbai IP Address Pool
Contact name Hostgator India – Network Division
Address Near Kings Park Layout, Maryhill, Mangalore 575 015, Karnataka, India
E-mail [email protected]
Abuse e-mail [email protected]

Domain information

IP Address
Country India
Network Name MumbaiPool
From IP
Classless Inter-Domain Routing (CIDR) Unknown

CIDR notation is a syntax for specifying IP addresses and their associated routing prefix. It appends a slash character to the address and the decimal number of leading bits of the routing prefix, e.g., for IPv4, and 2001:db8::/32 for IPv6.
Source: Wikipedia –  https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing

Fake Video player

The website claims that the victim needs to download, install and use a “video player”. This video player is a fake video player which has been loaded with malicious code. Once the victim downloads and runs the malware, the malware will be activated and it will try to communicate with the cybercriminal which is operating the malware. It is also known that the “Fake Video Player” will install pop-up configurations on the device, which in order will load annoying pop-up advertisements.

applicd Fake video player example./caption]

Fake Update

Another method which is being used by the cybercriminals, is the “Update” method. The cybercriminals will claim that the victims browser or video player is outdated, and that it needs to be updated. The cybercriminals will provide an “fake update” to the victim. The “update” contains malicious code, which will perform the same tasks which we have described in the “Fake video player” piece.


Clickjacking is a manipulation technique which is used in hosting environments where a user is tricked into performing unwanted actions. These actions could be providing personal information, and installing (malicious/unwanted) applications on the device.

clickjacking Clickjacking example. Watch out, the domain might still be active../caption]

Below you can view a list of (active) known Facebook Clickjacking domains:

cucshit.com breakingnews.pw daibang1.info
9meme.net breastenlargementspecials.com daibang2.info
action.localvouchers.co brittanymaynard.com daibang3.info
ads3k.com buzzfeedalerts.com dailyfun.biz
akw.biz chupho001.com damnlink.com
asksibil.com chupho002.com dhunakillmaqwe.blogspot.com
benzersanatci.com codadvancedwarfarehack.com dyzengreentech.com
bestoftime.net colorsinternational.in easylifebusy.us
blackvideo.club contraiviet.info ebbaygiftcard.com
bonypin.com crazyfun.pw exposedfootage.com
likes4fun.pw headlinetv.com facetweetvideo.com
linkjumps.com heybabywaby.com fanscrush.com
marcadokarma.es homeinteriorsli.com fixyourhomepage.com
mortepedict.com horrificvid.pw fundose.biz
myquiztest.com imbesharam.me funnyfans.net
newdays.info jauriarts.com funnyfunapps.com
newlatestvids.com kamrulsiddiqui.com funvideozz.com
newsbuzz.pw kbc.com.co getavoucherfast.com
newsbuzzsocial.com kerolasun.com gmanetwork.info
newseverblogger.com leakedjobs.work gozooms.com
piattaformeforex.biz ranveerchinga.com techari.com
vnwomen.net rapidvideohere.pw tenmienchuaaidangky.com
waphaivl.net realmediaalerts.com thebestsocialvideos.com
watch-new-video.us revideos.tk timbul.org
websiteapp.website ritemails.com tokofilmzeo.com
whatsappblue.com rllj214230H.VIEWANT.com totalbabu.in
wixyz.com sba7.net trangopao.com
worldtraveltoday.info scoopywhoop.in travelbyopa.com
sobatanda.com sieuthitructuyen06.com traveltours2015.com
socialposthub.com sieuthitructuyen1.com truethreatalerts.com
srads.net sieuthitructuyen10.com video-ness.com
startree.science sieuthitructuyen3.com videos24.pw
strangeandshockingfacts.com sieuthitructuyen8.com vidsman.pw
t56.info sixwiper.com vidspook.com

How do devices get infected by malware

The device which are performing malicious activities after visiting the website have been infected by malware. The malware is often installed by unaware users which try to watch or visit a specific video or page. The page will claim that the user needs to perform various steps like the “fake Video Player” or “Fake  Update”  installation, and sadly some victims actually perform these steps.

What does malware do?!

We have read various articles which provide information on the malware, and it seems that the has been mainly setup to collect personal information from the victims and it is also serving as a Click jacking and Survey environment.

Is your device infected?

It is possible that your computer has been infected and has alerted you the IP address. If that is the case, we have setup various guides on Cyberwarzone on how to protect your computer against malicious users and unwanted actions:

Generic Malware

If you see that an device has been hit by something which is called a “Generic Malware“, then the device simply has been hit by an malicious code which has been identified by antivirus companies, but they were not able to identify the family to which it belongs, so they simply put the name “Generic Malware” instead.

Crossrider malware

The crossrider malware is responsible for sending advertisements to infected devices, a lot of the devices get infected by installing malicious toolbars which have hidden functions. The crossrider malware can be easily removed by following the procedures which have been described below.

How to remove the malware

If you want to remove the malware from your device, I strongly urge you to download an antivirus application from Microsoft, AVG or any other party which you prefer. We strongly recommend you to use a paid version, but we are aware of the fact that a lot of people do not want to pay for these type of services.

Install the antivirus application on your computer, make sure that you update it to the latest version, and then run the antivirus application on your device.


Leave a Comment