Author Topic: 91.212.127.110 - retroudil.com buspacket.com loueme.com sorentobus.com  (Read 2889 times)

0 Members and 1 Guest are viewing this topic.

April 30, 2010, 07:01:04 pm
Read 2889 times

eoin.miller

  • Sr. Member

  • Offline
  • ****

  • 179
Sites are drive by's serving up PDF/Java exploits or redirecting to ones that do.

Example:
sorentobus.com/?opt=103-5-2856-658-411890-2241--1272060228-403427733-417753

Redirects to various sites that host the drive bys:
http://about-bear.com/info/acon.html/<STRING>
http://buspacket.com/info/acon.html/<STRING>

I'm working on getting more info on these guys. FakeAV is the payload:

http://www.virustotal.com/analisis/9b398844079f73b01d632662d86888c57128e7ec1b6d0b1e985077da45dd4118-1272652795




April 30, 2010, 07:16:53 pm
Reply #1

eoin.miller

  • Sr. Member

  • Offline
  • ****

  • 179
193.105.134.126 - journalcubeworld.com, journalsquarewest.com, supercubegame.com, journalcubesite.com, thecubebar.com
69.50.197.27 - motocafetierra.com, moneycarmakers.com, moneynewcar.com, moneystoreauto.com, supercubegame.com, bestjournalcubesolutions.com, journalcubesite.com
174.142.236.46 - stdsclick15.com



May 03, 2010, 02:09:13 pm
Reply #2

eoin.miller

  • Sr. Member

  • Offline
  • ****

  • 179
Also on 91.212.127.110:

fonaf.com
ads.nu.mu
external.ignorelist.com