Blog for hpHosts, and whatever else I feel like writing about ....

Thursday 31 October 2013

ALERT: lnx.lu, downloadoney.com and secure.oinstaller.com

You'll be wanting to block these folks. lnx.lu is a bit.ly wannabe, but more importantly, with help from downloadoney.com and secure.oinstaller.com, it's leading straight to crapware from Tiny Installer (iBryte).

The file served: downloadmanager_Setup.exe, 49b56be1b64aea734e69e2a2bd482b78

GET /6N?http://depositfiles.com/files/lgde529fc HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-GB
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; Avant Browser)
Accept-Encoding: gzip, deflate
Host: lnx.lu
DNT: 1
Connection: Keep-Alive

HTTP/1.1 200 OK
Date: Fri, 01 Nov 2013 00:52:26 GMT
Server: Apache/2.2.24 (Unix) PHP/5.4.15
X-Powered-By: PHP/5.4.15
Last-Modified: Fri, 1 Nov 2013 00:52:26 GMT
Expires: Fri, 1 Nov 2013 00:52:26 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 4756
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html

------------------------------------------------------------------
GET /script.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://lnx.lu/6N?http://depositfiles.com/files/lgde529fc
Accept-Language: en-GB
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; Avant Browser)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
DNT: 1
Host: lnx.lu

HTTP/1.1 200 OK
Date: Fri, 01 Nov 2013 00:52:26 GMT
Server: Apache/2.2.24 (Unix) PHP/5.4.15
Last-Modified: Sun, 17 Jun 2012 00:45:15 GMT
ETag: "1980aa1-1512-4c2a05cd71cc0"
Accept-Ranges: bytes
Content-Length: 5394
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

------------------------------------------------------------------
GET /images/logo.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: http://lnx.lu/6N?http://depositfiles.com/files/lgde529fc
Accept-Language: en-GB
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; Avant Browser)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
DNT: 1
Host: lnx.lu

HTTP/1.1 200 OK
Date: Fri, 01 Nov 2013 00:52:26 GMT
Server: Apache/2.2.24 (Unix) PHP/5.4.15
Last-Modified: Mon, 30 Apr 2012 08:20:32 GMT
ETag: "1980a82-41a-4bee120ad7400"
Accept-Ranges: bytes
Content-Length: 1050
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/gif

------------------------------------------------------------------
GET /images/skipadbtn.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: http://lnx.lu/6N?http://depositfiles.com/files/lgde529fc
Accept-Language: en-GB
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; Avant Browser)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
DNT: 1
Host: lnx.lu

HTTP/1.1 200 OK
Date: Fri, 01 Nov 2013 00:52:26 GMT
Server: Apache/2.2.24 (Unix) PHP/5.4.15
Last-Modified: Mon, 30 Apr 2012 08:25:47 GMT
ETag: "1980a4d-89c-4bee13373f8c0"
Accept-Ranges: bytes
Content-Length: 2204
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/gif

------------------------------------------------------------------
GET /click/i2VrnWecqZaOYWmWX8p6w4iQcphmn36ViZBqnF6bgJW3Z2uZYJypmJBqapVf?dp=7%20GB HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://lnx.lu/6N?http://depositfiles.com/files/lgde529fc
Accept-Language: en-GB
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; Avant Browser)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
DNT: 1
Host: network.adsmarket.com

HTTP/1.1 302 Found
Date: Fri, 01 Nov 2013 00:52:26 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Set-Cookie: PHPSESSID=7n8jsfdoq70hhrsn18po0n6693; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: ce-visitor-jmNtl18=imGoy3zhes6qmIXJfq6fqYuEkdGfvXvam2OS1l6bepI; expires=Mon, 16-Dec-2013 00:52:26 GMT; path=/; domain=network.adsmarket.com
Set-Cookie: ce-click-jWhxlWSbe8OLZm-VYqF-l5Bi=jWhxlWSbe8OLZm-VYqF-l5Bi; expires=Sat, 02-Nov-2013 00:52:26 GMT; path=/; domain=network.adsmarket.com
Location: http://www.media970.com/click/i2Zslo2hgJWLkGnEXsp8m4tkcpiNnH-WjGSYnWKjfcOJaXGXYQ?dp=20ofNv0jRgLdPCUE3SXlqR1vC2Yq000.&SUB=_342891&ce_cid=20ofNv0jRgLdPCUE3SXlqR1vC2Yq000.
P3P: policyref="/w3c/p3p.xml", CP="NOI DEV PSA PSD IVA OTP OUR OTR IND OTC"
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

------------------------------------------------------------------
GET /n4.g?login=lnxlu&d=1366x768&auto=y&pid=link&jv=true&c=32&l= HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: http://lnx.lu/6N?http://depositfiles.com/files/lgde529fc
Accept-Language: en-GB
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; Avant Browser)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
DNT: 1
Host: nht-3.extreme-dm.com

HTTP/1.1 200 OK
Server: nginx/1.4.2
Date: Fri, 01 Nov 2013 00:52:26 GMT
Content-Type: image/gif
Content-Length: 43
Connection: close
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Cache-Control: private,no-cache,no-store
Pragma: no-cache
Expires: Mon, 28 Sep 1970 06:00:00 GMT

------------------------------------------------------------------
GET /click/i2Zslo2hgJWLkGnEXsp8m4tkcpiNnH-WjGSYnWKjfcOJaXGXYQ?dp=20ofNv0jRgLdPCUE3SXlqR1vC2Yq000.&SUB=_342891&ce_cid=20ofNv0jRgLdPCUE3SXlqR1vC2Yq000. HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://lnx.lu/6N?http://depositfiles.com/files/lgde529fc
Accept-Language: en-GB
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; Avant Browser)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
DNT: 1
Host: www.media970.com

HTTP/1.1 302 Found
Date: Fri, 01 Nov 2013 00:52:26 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Set-Cookie: PHPSESSID=uim8ngts2iq7aljtn44arnmu56; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: ce-visitor-kGVxmA=imFprm-ge62ZibK5ktm_tIuEkdGfvXvam2OS1l6bepI; expires=Mon, 16-Dec-2013 00:52:26 GMT; path=/; domain=www.media970.com
Set-Cookie: ce-click-iWhqmGWeqZeNZ2mZZJ99nIk=iWhqmGWeqZeNZ2mZZJ99nIk; expires=Sat, 02-Nov-2013 00:52:26 GMT; path=/; domain=www.media970.com
Location: http://www.downloadoney.com/direct/downloadmanager?&adprovider=Adperio&source=Adperi0_downloadmanager_GB_direct&ce_cid=200IA51IAXyTdnuP3SXlqR1vC2Yq000.
P3P: policyref="/w3c/p3p.xml", CP="NOI DEV PSA PSD IVA OTP OUR OTR IND OTC"
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

------------------------------------------------------------------
GET /direct/downloadmanager?&adprovider=Adperio&source=Adperi0_downloadmanager_GB_direct&ce_cid=200IA51IAXyTdnuP3SXlqR1vC2Yq000. HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://lnx.lu/6N?http://depositfiles.com/files/lgde529fc
Accept-Language: en-GB
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; Avant Browser)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
DNT: 1
Host: www.downloadoney.com

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Fri, 01 Nov 2013 00:52:26 GMT
Location: http://secure.oinstaller.com/o/downloadmanager/downloadmanager_Setup.exe?filedescription=downloadmanager&subid=Adperi0_downloadmanager_GB_direct&user_id=18d33e43-0186-448d-90f2-2e2b29076dd6&thankYouUrl=http%3a%2f%2fwww.downloadoney.com%2fGo%2fFreeTVOnline%3fsource%3dthankyou_Adperi0_downloadmanager_GB_direct%26offer%3ddownloadmanager%26userid%3d18d33e43-0186-448d-90f2-2e2b29076dd6&cancelUrl=http%3a%2f%2fwww.downloadoney.com%2fGo%2fFreeTVOnline%3fsource%3dthankyou_Adperi0_downloadmanager_GB_direct%26offer%3ddownloadmanager%26userid%3d18d33e43-0186-448d-90f2-2e2b29076dd6&adprovider=adperio&subid2=&subid3=&cpixel=http%3a%2f%2fultimate-downloads.com%2fInstaller%2fConversion%3fadProvider%3dadperio%26context%3d200IA51IAXyTdnuP3SXlqR1vC2Yq000.%26countryCode%3dGB%26userID%3d18d33e43-0186-448d-90f2-2e2b29076dd6%26source%3dAdperi0_downloadmanager_GB_direct%26subid1%3d%26subid2%3d%26offer%3ddownloadmanager&useragent=ultimate-downloads.com%7cMozilla%2f5.0+(compatible%3b+MSIE+9.0%3b+Windows+NT+6.1%3b+WOW64%3b+Trident%2f5.0%3b+Avant+Browser)
Server: Microsoft-IIS/7.5
Set-Cookie: uid=18d33e43-0186-448d-90f2-2e2b29076dd6; domain=downloadoney.com; expires=Wed, 01-Nov-2023 00:52:27 GMT; path=/
X-AspNet-Version: 2.0.50727
X-AspNetMvc-Version: 2.0
X-Powered-By: ASP.NET
Content-Length: 1196
Connection: keep-alive

------------------------------------------------------------------
GET /o/downloadmanager/downloadmanager_Setup.exe?filedescription=downloadmanager&subid=Adperi0_downloadmanager_GB_direct&user_id=18d33e43-0186-448d-90f2-2e2b29076dd6&thankYouUrl=http%3a%2f%2fwww.downloadoney.com%2fGo%2fFreeTVOnline%3fsource%3dthankyou_Adperi0_downloadmanager_GB_direct%26offer%3ddownloadmanager%26userid%3d18d33e43-0186-448d-90f2-2e2b29076dd6&cancelUrl=http%3a%2f%2fwww.downloadoney.com%2fGo%2fFreeTVOnline%3fsource%3dthankyou_Adperi0_downloadmanager_GB_direct%26offer%3ddownloadmanager%26userid%3d18d33e43-0186-448d-90f2-2e2b29076dd6&adprovider=adperio&subid2=&subid3=&cpixel=http%3a%2f%2fultimate-downloads.com%2fInstaller%2fConversion%3fadProvider%3dadperio%26context%3d200IA51IAXyTdnuP3SXlqR1vC2Yq000.%26countryCode%3dGB%26userID%3d18d33e43-0186-448d-90f2-2e2b29076dd6%26source%3dAdperi0_downloadmanager_GB_direct%26subid1%3d%26subid2%3d%26offer%3ddownloadmanager&useragent=ultimate-downloads.com%7cMozilla%2f5.0+(compatible%3b+MSIE+9.0%3b+Windows+NT+6.1%3b+WOW64%3b+Trident%2f5.0%3b+Avant+Browser) HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://lnx.lu/6N?http://depositfiles.com/files/lgde529fc
Accept-Language: en-GB
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; Avant Browser)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
DNT: 1
Host: secure.oinstaller.com

HTTP/1.1 200 OK
Cache-Control: public
Content-Length: 1969448
Content-Type: application/octet-stream
Last-Modified: Fri, 01 Nov 2013 00:52:27 GMT
Server: Microsoft-IIS/7.5
Content-Disposition: attachment; filename=downloadmanager_Setup.exe
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Fri, 01 Nov 2013 00:52:27 GMT
Connection: close

------------------------------------------------------------------

No comments: