Author Topic: hxxp://  (Read 6383 times)

0 Members and 1 Guest are viewing this topic.

November 08, 2007, 01:13:05 am
Read 6383 times


  • Special Members
  • Full Member

  • Offline
  • *

  • 57
  • Personal Text
I found this being linked to on 4chan.
If I remember correctly, their official myspace phisher they're using for operation myspays is located somewhere on this domain.  (,21985,22687438-662,00.html)

This looked to me like it was just trying loads of exploits.  Luckily I didn't have my sound on or the right things installed to view the images when I first went, because in the source code it says:
Code: [Select]
<!-- This object plays the "hey everybody, I'm watching gay porno!" sound -->
  <object classid= "clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase=",0,0,0" width="1" height="1" id="hey">

Also to note, there's different javascript being generated by the php depending on what User Agent you use.

November 08, 2007, 07:03:13 am
Reply #1


  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
That code is used for macromedia flash player. Below it you will see the flash file (.swf) which it uses to play.

I think it was created as an annoyance and used to post on forums, IRC, messengers etc to troll people. But it is detected as Exploit MS05-013, so as it tries to use an exploit it can go in the domain list :)

It is interesting to note that as long as "" is left the same, you can use any subdomain and directory that you like. For example is valid.

This will be added soon, thank you.