C2i424c2i424.top

By GoldSparrow in Browser Hijackers

The C2i424c2i424.top site is related to a browser hijacker, which you may be suggested is a benign browser add-on that renders multimedia files and helps you search better. The C2i424c2i424.top browser hijacker was discovered in August 2017, but later it was revealed that clones of the program have been active as far back as July 2nd, 2017. The C2i424c2i424.top browser hijacker is designed to be part of an extensive network of redirect-gateways to Trojan-Droppers, technical support tactics and adware. The C2i424c2i424.top browser hijacker may run in the system background and open pop-ups and new tabs that load content hosted on the 45.32.136.84 IP address. The browser redirect is performed via the link below:

h[tt]p://www.c2i429c2i429(.)top/action/index.php?guid=[RANDOM CHARACTERS]

PC users who do not block access to the C2i424c2i424.top are sent to third-party pages and subdomains that offer access to the corrupted code. Malware operators are using gateways like C2i424c2i424.top and many others to siphon Web traffic to specially crafted pages where the user's browser is analyzed, and flaws are exploited to allow the installation of a Trojan-Dropper. Examples of a Trojan-Dropper are Sventore and Rovnix, which fulfill a purpose similar to a legitimate Updates Manager. A Trojan-Dropper is an application, which connects to a remote server, downloads an encrypted threat payload and installs it on the system. Trojan-Droppers can be used to update already installed cyber parasites, as well considering there are updates available. AV manufacturers and Web filter developers have uncovered that the C2i424c2i424.top browser hijacker might lead users to pages that host the following cyber parasites:

  • Gen:Variant.Graftor.392546
  • TR/Dldr.Small.pxvjp
  • TROJ_GEN.R021C0CGI17
  • TrojanDownloader.Generic.awmf
  • W32/Downloader-WebExe-based!Max
  • Win32:Malware-gen

As mentioned above, the C2i424c2i424.top browser hijacker has many clones, which are configured to connect to different domains but aim to reroute users to the same cyber threats. A network analysis revealed that the following links are associated with redirects to the same content provided via the C2i424c2i424.top browser hijacker:

h[tt]p://aac62(.)pw/ok.html
h[tt]p://ok.blkjjiolsssag(.)top/ok1.html?tid=
h[tt]p://update.88881234(.)pw/dr.exe
h[tt]p://www.aacaa1(.)top/ok1.html?tid=

Trending

Most Viewed

Loading...