Following the URL led straight to an iLivid executable;
1. hxxp://adserving.cpxinteractive.com/clk?3,eAGljd1ugzAMhZ-GO4RCQpMitIsUxFaJZItGV603Fc1CF638CDJK-.QLtNsLzLJs67N9jo-ikpRqecBlKBfwAAIc-SgoAIAYAOWCKIogCWGIMYCB-00FpZybWMRPBZF0jkfGM4vnOE51fZtfllOP05IEycwp1eaL3Jb.rmo4.5pav7u-9xbETSJWf-qJPLPt7vSci0uWM59DZlientirrzncjNlWoPdqM-6qNeRXAdhdx.4.uO6nMa2DqANTm8VHr7pB10dPtqOujeoKafSgPNlUdt0bB9mbvbm0ykGJLruiUg7EFvX6OiEEwAgXwLJe2c-mtgz7JEThD38xcEo=,
2. hxxp://ad.yieldmanager.com/clk?3,eAGljd1ugzAMhZ-GO4RCQpMitIsUxFaJZItGV603Fc1CF638CDJK-.QLtNsLzLJs67N9jo-ikpRqecBlKBfwAAIc-SgoAIAYAOWCKIogCWGIMYCB-00FpZybWMRPBZF0jkfGM4vnOE51fZtfllOP05IEycwp1eaL3Jb.rmo4.5pav7u-9xbETSJWf-qJPLPt7vSci0uWM59DZlientirrzncjNlWoPdqM-6qNeRXAdhdx.4.uO6nMa2DqANTm8VHr7pB10dPtqOujeoKafSgPNlUdt0bB9mbvbm0ykGJLruiUg7EFvX6OiEEwAgXwLJe2c-mtgz7JEThD38xcEo=,
3. hxxp://stats.ilivid.com/tracking202/redirect/dl_byappid.php?t202id=31721&appid=169&t202kw=uAQAANNtCQCHa7cAAAAAAGMNLQAAAAAAAgAAAAIAAAAAAP8AAAACFf74DgAAAAAAitk7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAevwQAAAAAAAIAAgAAAAAA.yIDoDQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=,eAFLjfIqKg1yzMqNCA1Lj0j0z.ZwqYqILPK0TEwuy6.wiDBJ19UFAPDEDJk=
4. hxxp://download.cdn.ilivid.com/cdn/r/169/iLividSetupV1.exe
The advert in question, if you've not seen the image above yet, is;
hxxp://content.yieldmanager.edgesuite.net/atoms/3e/0b/96/6d/3e0b966dbb47cb387657109bd54bd2f2.gif
Which produces;
Oh and, in case you're wondering, videocelebritynews.com isn't innocent in all of this either - as you'll notice if you browse the site a little. Every site it leads to, points either to more of the same, or if you're gullible enough to try the screensavers - a world of pain for your machine (courtesy of ezthemes.com).
Not surprisingly, videocelebritynews.com is using CloudFlare services (seems to be a growing trend amongst the criminal fraternity over the past 12 months or so, with more and more moving to them to try and hide their real location). Its real IP however, is;
IP: 67.205.111.248
ASN: 32613 iWeb Technologies Inc.
The IP also houses (I've not gone through the content of all of these yet, so some may be unrelated to this - the list is simply those living on the same IP);
ns.247player.com
ns.awardshowcalendar.com
ns.blogframe.com
ns.celebritypc.com
ns.celebrityrelated.com
ns.celebritything.com
ns.celebrityunofficial.com
ns.celebritywhatis.com
ns.daddychronicles.com
ns.ezcreditmortgage.com
ns.fansign.net
ns.filmsafari.com
ns.gobarteck.com
ns.gokraus.com
ns.hotnowvideo.com
ns.insidejacket.com
ns.jimmykat.com
ns.marylandpatriots.org
ns.moderncatholic.org
ns.polimerican.com
ns.poppednews.com
ns.quotegetter.com
ns.rss4free.com
ns.soundkink.com
ns.sportsgrabber.com
ns.toolsngadgets.com
ns.travelphotofun.com
ns.videocelebritynews.com
ns.webownertools.com
ns.wikiand.com
ns1.247player.com
ns1.awardshowcalendar.com
ns1.blogframe.com
ns1.celebritypc.com
ns1.celebrityrelated.com
ns1.celebritything.com
ns1.celebrityunofficial.com
ns1.celebritywhatis.com
ns1.daddychronicles.com
ns1.ezcreditmortgage.com
ns1.fansign.net
ns1.filmsafari.com
ns1.gobarteck.com
ns1.gokraus.com
ns1.hotnowvideo.com
ns1.insidejacket.com
ns1.jimmykat.com
ns1.marylandpatriots.org
ns1.polimerican.com
ns1.poppednews.com
ns1.quotegetter.com
ns1.rss4free.com
ns1.soundkink.com
ns1.sportsgrabber.com
ns1.toolsngadgets.com
ns1.travelphotofun.com
ns1.videocelebritynews.com
ns1.webownertools.com
ns1.wikiand.com
monica-bellucci.celebritything.com
trailers.filmsafari.com
ns1.celebritylatest.com
ns.celebritylatest.com
moderncatholic.org
wikiand.com
celebrityunofficial.com
awardshowcalendar.com
poppednews.com
videocelebritynews.com
blogframe.com
jimmykat.com
gobarteck.com
travelphotofun.com
celebritylatest.com
247player.com
insidejacket.com
polimerican.com
celebritything.com
webownertools.com
celebrityrelated.com
gokraus.com
desktop.celebritypc.com
wallpaper.celebritypc.com
daddychronicles.com
hotnowvideo.com
quotegetter.com
sportsgrabber.com
cdn.celebritypro.com
gallery.celebritypro.com
ezcreditmortgage.com
toolsngadgets.com
filmsafari.com
celebritypc.com
screensavers.celebritypc.com
celebritywhatis.com
rss4free.com
soundkink.com
fansign.net
ns.awardshowcalendar.com
ns.blogframe.com
ns.celebritypc.com
ns.celebrityrelated.com
ns.celebritything.com
ns.celebrityunofficial.com
ns.celebritywhatis.com
ns.daddychronicles.com
ns.ezcreditmortgage.com
ns.fansign.net
ns.filmsafari.com
ns.gobarteck.com
ns.gokraus.com
ns.hotnowvideo.com
ns.insidejacket.com
ns.jimmykat.com
ns.marylandpatriots.org
ns.moderncatholic.org
ns.polimerican.com
ns.poppednews.com
ns.quotegetter.com
ns.rss4free.com
ns.soundkink.com
ns.sportsgrabber.com
ns.toolsngadgets.com
ns.travelphotofun.com
ns.videocelebritynews.com
ns.webownertools.com
ns.wikiand.com
ns1.247player.com
ns1.awardshowcalendar.com
ns1.blogframe.com
ns1.celebritypc.com
ns1.celebrityrelated.com
ns1.celebritything.com
ns1.celebrityunofficial.com
ns1.celebritywhatis.com
ns1.daddychronicles.com
ns1.ezcreditmortgage.com
ns1.fansign.net
ns1.filmsafari.com
ns1.gobarteck.com
ns1.gokraus.com
ns1.hotnowvideo.com
ns1.insidejacket.com
ns1.jimmykat.com
ns1.marylandpatriots.org
ns1.polimerican.com
ns1.poppednews.com
ns1.quotegetter.com
ns1.rss4free.com
ns1.soundkink.com
ns1.sportsgrabber.com
ns1.toolsngadgets.com
ns1.travelphotofun.com
ns1.videocelebritynews.com
ns1.webownertools.com
ns1.wikiand.com
monica-bellucci.celebritything.com
trailers.filmsafari.com
ns1.celebritylatest.com
ns.celebritylatest.com
moderncatholic.org
wikiand.com
celebrityunofficial.com
awardshowcalendar.com
poppednews.com
videocelebritynews.com
blogframe.com
jimmykat.com
gobarteck.com
travelphotofun.com
celebritylatest.com
247player.com
insidejacket.com
polimerican.com
celebritything.com
webownertools.com
celebrityrelated.com
gokraus.com
desktop.celebritypc.com
wallpaper.celebritypc.com
daddychronicles.com
hotnowvideo.com
quotegetter.com
sportsgrabber.com
cdn.celebritypro.com
gallery.celebritypro.com
ezcreditmortgage.com
toolsngadgets.com
filmsafari.com
celebritypc.com
screensavers.celebritypc.com
celebritywhatis.com
rss4free.com
soundkink.com
fansign.net
No comments:
Post a Comment