Author Topic: hs.3-150.zlkon.lv -(94.247.3.150) (Read 25088 times)

SysAdMini · April 05, 2009, 07:45:15 pm

redirect to exploits

namebuyline.cn/in.cgi?income
filmtypemedia.cn/in.cgi?income
yourfilmmovie.cn/in.cgi?income
homenameregistration.cn/in.cgi?income
nameashop.cn/in.cgi?income
mainnameshop.cn/in.cgi?income
namesupermart.cn/in.cgi?income
namebrandmart.cn/in.cgi?income
namebuypicture.cn/in.cgi?income31

CkreM · April 06, 2009, 04:35:59 pm

All Redirect to exploit stated below:

Code: [Select]

lotante.cn/in.cgi?income
japanhostnet.com/in.cgi?income
lotbetworld.cn/in.cgi?income
namestorefilmlife.cn/in.cgi?income
internetnamestore.cn/in.cgi?income
coolnameshop.cn/in.cgi?income
dotcomnameshop.cn/in.cgi?income
playbetwager.cn/in.cgi?income
thelotbet.cn/in.cgi?income

wepawet couldnt analyze this exploit and stated that the index.php response is empty(http://wepawet.iseclab.org/view.php?hash=0427b7627c9938608b886b095702247a&t=1239032970&type=js)
was able to d/l the pdf and sent it only.
anyway it download a trojan in the end in the same domain:

Code: [Select]

litehitscar.cn/index.phphttp://wepawet.iseclab.org/view.php?hash=4ad4419f482403c543365cad5e60269a&type=js

btw the domain with the trojan resolves 94.247.3.151 for me...

CkreM · April 06, 2009, 07:09:06 pm

did all the domains with the redirections resolved as 94.247.3.151 for you?(as stated on MDL )

because for me they are all 94.247.3.150 ,also checked on centralops,etc...

SysAdMini · April 06, 2009, 07:37:17 pm

Quote from: CkreM on April 06, 2009, 07:09:06 pm

did all the domains with the redirections resolved as 94.247.3.151 for you?(as stated on MDL )

because for me they are all 94.247.3.150 ,also checked on centralops,etc...

My mistake. Is is another disadvantage of adding urls manually. One mistake and then copy and paste.
Fixed.

SysAdMini · April 07, 2009, 03:41:30 pm

another redirector to litehitscar.cn

Code: [Select]

superbetfair.cn/in.cgi?income43

SysAdMini · April 08, 2009, 12:32:39 pm

redirects to hyperliteautoservices.cn

Code: [Select]

cheapslotplay.cn/in.cgi?income48
mixante.cn/in.cgi?income52

SysAdMini · April 10, 2009, 12:07:07 pm

There is a panel at those sites at /user/panel.

for example

Code: [Select]

www.mediahomenamemartvideo.cn/user/panel

Malware-Web-Threats · April 17, 2009, 09:21:59 am

two others on this IP

redirects to liteautogreatest[.]cn

Code: [Select]

hxxp://cutlot.cn/in.cgi?income
hxxp://lotmachinesguide.cn/in.cgi?income

Wepawet
Wepawet

SysAdMini · April 21, 2009, 05:53:33 pm

redirects to liteautogreatest[.]cn

Code: [Select]

http://betworldwager.cn/in.cgi?income69http://wepawet.cs.ucsb.edu/view.php?type=js&hash=da48bf59c24906de305cab2c634176ec&t=1240304816

SysAdMini · April 25, 2009, 05:45:39 am

Code: [Select]

hxxp://litegreatestdirect.cn/in.cgi?income72

http://wepawet.iseclab.org/view.php?hash=df885fec22550614e9258bc5369ff0cb&t=1240618935&type=js

SysAdMini · April 27, 2009, 06:58:42 pm

Code: [Select]

superlitecarbest.cn/in.cgi?income74redirects to exploits at litevehiclemall[.]cn 94.247.3.151

Author Topic: hs.3-150.zlkon.lv -(94.247.3.150) (Read 25088 times)

SysAdMini

hs.3-150.zlkon.lv -(94.247.3.150)

CkreM

Re: hs.3-150.zlkon.lv -(94.247.3.150)

CkreM

Re: hs.3-150.zlkon.lv -(94.247.3.150)

SysAdMini

Re: hs.3-150.zlkon.lv -(94.247.3.150)

SysAdMini

Re: hs.3-150.zlkon.lv -(94.247.3.150)

SysAdMini

Re: hs.3-150.zlkon.lv -(94.247.3.150)

SysAdMini

Re: hs.3-150.zlkon.lv -(94.247.3.150)

Malware-Web-Threats

Re: hs.3-150.zlkon.lv -(94.247.3.150)

SysAdMini

Re: hs.3-150.zlkon.lv -(94.247.3.150)

SysAdMini

Re: hs.3-150.zlkon.lv -(94.247.3.150)

SysAdMini

Re: hs.3-150.zlkon.lv -(94.247.3.150)