Thread: WARNING! Clickzs.com associated with trojan/codec installs
View Single Post
Old 05-15-2007, 11:08 PM  
Quickdraw
Confirmed User
 
Join Date: Mar 2004
Location: → → →
Posts: 1,717
Here is what just happened when browsing through freedailyporn.com(another site on 64.237.39.66 and same whois)

The following log shows clicking a link to a gallery and being redirected to trojans on the 85.255 ip range posing as spyware removers. The redirect happened instantly and all the other files you see loaded from the initial redirected page.
85.255.115.222/ind.htm?e404=1&src=124&surl=vip.clickzs.com

Code:
GET http://www.freedailyporn.com/
200 OK
***Click starts here***
GET http://vip.clickzs.com/tgp.php?fdp&thenudeteens.com/ebony/index.html
302 Found to http://85.255.115.222/ind.htm?e404=1&src=124&surl=vip.clickzs.com

GET http://85.255.115.222/ind.htm?e404=1&src=124&surl=vip.clickzs.com
200 OK

GET http://85.255.115.222/site.htm?lng=1&trg=cln&oip=0&trk=xicawxshtfnfffi
200 OK

GET http://85.255.115.222/_cntr.htm?trk=xicawxshtfnfffi
200 OK

GET http://free-spy-cam.net/index.htm?trk=xicawxshtfnfffi
200 OK

GET http://85.255.115.222/cnte-eshdvvw.htm?trk=xicawxshtfnfffi
200 OK

GET http://free-spy-cam.net/loading.htm
200 OK

GET http://69.50.172.115/sp/fpa/index.html
200 OK

GET http://85.255.115.222/cnte-ani_dthcbdg.htm?trk=xicawxshtfnfffi
200 OK

GET http://85.255.115.222/cnte-dhncgts.jar?trk=xicawxshtfnfffi
200 OK

GET http://85.255.115.222/back.htm
200 OK

GET http://85.255.115.222/com/ms/security/SecurityClassLoader.class
404 Not Found

GET http://85.255.115.222/riff_last.bin
200 OK
Quickdraw is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote