Author Topic: cadillacasphalt.com - redirect to Fake AV  (Read 3692 times)

0 Members and 1 Guest are viewing this topic.

March 24, 2011, 11:36:35 pm
Read 3692 times

egsnyde

  • Newbie

  • Offline
  • *

  • 3
redirects to fake AV -

File: pcupdate107_2330.exe
Size: 771584
MD5:  47BF6E0C48D33897B266EBDE5C317CC0

User Agent used - "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.16) Gecko/20110319 Firefox/3.6.16"

Straight browsing the the url - www.cadillacasphalt.com  via MS Windows and Firefox with cause the redirect as well.

urlsnarf snippet from original google search to redirection:
===========================================
Code: [Select]
[24/Mar/2011:10:40:55 -0400] "GET http://www.google.com/search?q=cadillace+ashpalt&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=fi
[24/Mar/2011:10:40:55 -0400] "GET http://www.google.com/maps/vt/data=LtgX-e3f8ctI3U5dJtbt7EJ1ZfRneYme,8ojv40HaPqGBPrYKcaeZNrfiCGhi07v6-F_I6hXepZOE
[24/Mar/2011:10:40:55 -0400] "GET http://www.google.com/images/red_icons_bg_A_J.png HTTP/1.1" - - "http://www.google.com/search?q=cadillace+ashpal
[24/Mar/2011:10:40:56 -0400] "GET http://www.google.com/csi?v=3&s=web&action=&e=17259,25907,28992,29014,29050,29273,29328&ei=91eLTarRBqqZ0QGl3qSKD
[24/Mar/2011:10:41:02 -0400] "GET http://www.google.com/maps/vt/data=DkDO_j1oleNy4ZU86-W2NiZUucgTNFgplm4,8ojv40HaPqGBPrYKcaeZNrfiCGhi07v6-F_I6hXep
[24/Mar/2011:10:41:02 -0400] "GET http://www.google.com/gen_204?atyp=i&ct=lu_featuremap&cad=72&zx=1300977662595 HTTP/1.1" - - "http://www.google.c
[24/Mar/2011:10:41:08 -0400] "GET http://www.google.com/url?sa=t&source=web&cd=3&ved=0CCsQoAIwAg&url=http%3A%2F%2Fwww.cadillacasphalt.com%2F&rct=j
[24/Mar/2011:10:41:08 -0400] "GET http://www.cadillacasphalt.com/ HTTP/1.1" - - "http://www.google.com/url?sa=t&source=web&cd=3&ved=0CCsQoAIwAg&ur
[24/Mar/2011:10:41:08 -0400] "GET http://hightquality.ru/uirine/index.php HTTP/1.1" - - "http://www.google.com/url?sa=t&source=web&cd=3&ved=0CCsQo
[24/Mar/2011:10:41:09 -0400] "GET http://hightquality.ru/favicon.ico HTTP/1.1" - - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.1
[24/Mar/2011:10:41:09 -0400] "GET http://hightquality.ru/uirine/index.php?rf=http://www.google.com/url?sa=t&source=web&cd=3&ved=0CCsQoAIwAg&url=ht
[24/Mar/2011:10:41:10 -0400] "GET http://hightquality.ru/favicon.ico HTTP/1.1" - - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.1
[24/Mar/2011:10:41:10 -0400] "GET http://hight-quality.ru/blog/rssfid.php?&uid=2330 HTTP/1.1" - - "http://hightquality.ru/uirine/index.php?rf=http
[24/Mar/2011:10:41:11 -0400] "GET http://www4.safeobecleaner.kwik.to/?6b333=m%2BzgmGullJmVldLOx6mYh%2BLZ3mvMqMqgYqSfa5Zql1c%3D&a59a5afb6=%01%01%04
[24/Mar/2011:10:41:11 -0400] "GET http://www1.strong-cfsentinel.co.cc/ty6no?ceu1i=h9jdmNbhsdbe1NefidvcyaumnKGVktPO2W6cmdXU0eCkb7C2mdHhsZqenJLS2LKo
[24/Mar/2011:10:41:11 -0400] "GET http://www1.strong-cfsentinel.co.cc/favicon.ico HTTP/1.1" - - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-U
[24/Mar/2011:10:41:11 -0400] "GET http://www1.strong-cfsentinel.co.cc/ty6no?ceu1i=h9jdmNbhsdbe1NefidvcyaumnKGVktPO2W6cmdXU0eCkb7C2mdHhsZqenJLS2LKo
[24/Mar/2011:10:41:12 -0400] "GET http://www1.strong-cfsentinel.co.cc/pictures/load.gif HTTP/1.1" - - "http://www1.strong-cfsentinel.co.cc/ty6no?c
[24/Mar/2011:10:41:12 -0400] "GET http://www1.strong-cfsentinel.co.cc/9799a9d4d7d5dbaad49ca69d9faaa8aba7aea6d4cca9c99da9a4aad2a9a7d199a79e9aaaa6a4
[24/Mar/2011:10:41:12 -0400] "GET http://hightquality.ru/favicon.ico HTTP/1.1" - - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.1
[24/Mar/2011:10:41:12 -0400] "GET http://www1.strong-cfsentinel.co.cc/cl/7/fill_sprite.gif HTTP/1.1" - - "http://www1.strong-cfsentinel.co.cc/ty6n
[24/Mar/2011:10:41:12 -0400] "GET http://www1.strong-cfsentinel.co.cc/cl/7/icon_sprite.jpg HTTP/1.1" - - "http://www1.strong-cfsentinel.co.cc/ty6n
[24/Mar/2011:10:41:12 -0400] "GET http://www1.strong-cfsentinel.co.cc/cl/7/main_sprite.jpg HTTP/1.1" - - "http://www1.strong-cfsentinel.co.cc/ty6n
[24/Mar/2011:10:41:12 -0400] "GET http://www1.strong-cfsentinel.co.cc/cl/7/table_divider.gif HTTP/1.1" - - "http://www1.strong-cfsentinel.co.cc/ty
[24/Mar/2011:10:41:14 -0400] "GET http://hightquality.ru/favicon.ico HTTP/1.1" - - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.1
[24/Mar/2011:10:45:07 -0400] "POST http://safebrowsing.clients.google.com/safebrowsing/downloads?client=navclient-auto-ffox&appver=3.6.15&pver=2.2
[24/Mar/2011:10:45:07 -0400] "GET http://safebrowsing-cache.google.com/safebrowsing/rd/ChNnb29nLW1hbHdhcmUtc2hhdmFyEAEYr_ACILjwAioGMLgAAP8BMgUvuAA

MysteryFCM: URLs disabled, data wrapped in code tags