So let's try to buy it with junk data
"Secure purchase" i don't see any SSL here.
I send the form and...
E-mail order:
The provided serial even don't work, and i don't get it why there is a Cancel button on 'Serial key is invalid'
The E-mail order is a total failure too if you read it, they ask you to put your registration E-Mail on a field who don't exist on the FakeAV
To resume, a lambda guys who don't know about FakeAV will owned hard.
Blackhole:
http://195.88.74.86/files/97d19
http://195.88.74.86/files/182b5
http://195.88.74.86/files/c5826
http://195.88.74.86/files/5e91c
http://195.88.74.86/files/a2e1a
http://195.88.74.86/files/d4fc7
http://195.88.74.86/files/b6863
http://195.88.74.86/files/96ece
http://195.88.74.86/files/f424f
http://195.88.74.86/files/47bca
http://195.88.74.86/files/5a20e
http://195.88.74.86/files/cf234
http://195.88.74.86/files/9235d
http://195.88.74.86/files/c2567
http://195.88.74.86/files/c4672
http://195.88.74.86/files/5db33
http://195.88.74.86/files/6d4b0
http://195.88.74.86/files/f4dfb
http://195.88.74.86/files/c01c5
http://195.88.74.86/f/1110.exe
• dns: 1 ›› ip: 195.88.74.86 - adresse: HIHIHIHIIHIHIHIHI.IPQ.CO
---
http://seripay.com/p/?&lid=3050003&affid=58300&nid=8065D52C&group=liv
http://seripay.com/p/liv/?lid=3050003&group=liv&reject_url=http%3A%2F%2Fseripay.com%3A80%2Fp%2Fdecline%2F%3Flid%3D3050003%26s%3D5%26group%3Dliv%26nid%3D8065D52C%26affid%3D58300&nid=8065D52C&s=5&affid=58300
• dns: 1 ›› ip: 178.162.134.218 - adresse: SERIPAY.COM
---
http://116.255.247.93/api/stats/install/?ts=87bc3b24&affid=58300&ver=3050003&group=liv
• ip: 178.162.134.218 ›› http://www.spamhaus.org/sbl/query/SBL141839
http://195.88.74.86/files/182b5
http://195.88.74.86/files/c5826
http://195.88.74.86/files/5e91c
http://195.88.74.86/files/a2e1a
http://195.88.74.86/files/d4fc7
http://195.88.74.86/files/b6863
http://195.88.74.86/files/96ece
http://195.88.74.86/files/f424f
http://195.88.74.86/files/47bca
http://195.88.74.86/files/5a20e
http://195.88.74.86/files/cf234
http://195.88.74.86/files/9235d
http://195.88.74.86/files/c2567
http://195.88.74.86/files/c4672
http://195.88.74.86/files/5db33
http://195.88.74.86/files/6d4b0
http://195.88.74.86/files/f4dfb
http://195.88.74.86/files/c01c5
http://195.88.74.86/f/1110.exe
• dns: 1 ›› ip: 195.88.74.86 - adresse: HIHIHIHIIHIHIHIHI.IPQ.CO
---
http://seripay.com/p/?&lid=3050003&affid=58300&nid=8065D52C&group=liv
http://seripay.com/p/liv/?lid=3050003&group=liv&reject_url=http%3A%2F%2Fseripay.com%3A80%2Fp%2Fdecline%2F%3Flid%3D3050003%26s%3D5%26group%3Dliv%26nid%3D8065D52C%26affid%3D58300&nid=8065D52C&s=5&affid=58300
• dns: 1 ›› ip: 178.162.134.218 - adresse: SERIPAY.COM
---
http://116.255.247.93/api/stats/install/?ts=87bc3b24&affid=58300&ver=3050003&group=liv
• ip: 178.162.134.218 ›› http://www.spamhaus.org/sbl/query/SBL141839
195.88.74.86/f/t2.php (phpinfo)
Hehe. Someone messed up the serial code. That's a problem.
ReplyDeleteCan you get sample and make report of http://exploit.in/forum/index.php?showtopic=59759 ?
ReplyDeletehttp://www.sendspace.com/file/ugnblv
ReplyDeleteThis is a Smoke Loader sample.
ReplyDeletewill try for Upas.
ReplyDeleteJust awesome , really good work !
ReplyDeleteShould do post about citadel , upas , ice9 , andromeda, and smoke!
ReplyDelete