Thursday, 18 July 2013

FakeAV abandoned affiliate

Appeared also recently on vx.vault: http://vxvault.siri-urz.net/ViriList.php?IP=31.184.244.2
https://www.virustotal.com/en/ip-address/31.184.244.2/information/

hxxp://topqweb.org/content/scc
hxxp://rowline.org/api/ping?stage=1&uid=5cda27721bcbf14da53e8aad2fc722c2&id=35&subid=1&os=1&avf=0
hxxp://rowline.org/api/ping?stage=2&uid=5cda27721bcbf14da53e8aad2fc722c2&success=1
hxxp://rowline.org/load/?uid=5cda27721bcbf14da53e8aad2fc722c2
hxxp://rowline.org/html/viruslist/?uid=5cda27721bcbf14da53e8aad2fc722c2
hxxps://secure.9billing.com/html/billing/?uid=5cda27721bcbf14da53e8aad2fc722c2


Antivirus System is from the same familly as PC Defender Plus and Multirogue Defender
Unlock code xOxZxLxWxIxTxFxQxCxNxYxKxVxHxSxE still work for manual registration.

Main:
Geo:
Subacc:
Get EXE:
Profile:

A code mistake allow you to view the stats without being logged if you know the good token:
hxxp://dapav.net/subacc/?type=lol&token=da01a28ac6bbbf228ba9dc52c98ea1b0
hxxp://dapav.net/geo/?type=lol&token=da01a28ac6bbbf228ba9dc52c98ea1b0

400 installs
Posted by at 13:04
Labels: , , , , ,

5 comments:

  1. Anonymous18 July 2013 at 18:15

    Profit? 0 XD

    ReplyDelete
  2. Anonymous18 July 2013 at 21:25

    hey steven you know where to find the html script they use in the admin layout because they all use the same modified version of bootstrap?

    ReplyDelete
  3. Anonymous20 July 2013 at 22:38

    How did you get the token?

    ReplyDelete
  4. Anonymous22 July 2013 at 14:16

    Another article about this panel:

    http://protectyournet.blogspot.com/2013/07/secure9billingcom.html

    ReplyDelete
  5. Anonymous24 July 2013 at 14:24

    ils sont sur vos traces ?
    http://lci.tf1.fr/insolite/mystere-autour-d-une-attaque-de-chats-a-belfort-8183007.html

    ReplyDelete

Subscribe to: Post Comments (Atom)