Flow and Count Redirectors

Redirecting to malware

HTTP Request Method = GET
HTTP REFERER = */flow*.php OR */count*.php\

Regex for referer field = “\/(flow|count)\d+?\.php$”

See Examples on UrlQuery.net

Malicious Dests

hxxp://promoution248.ru/redirector.php?uid=5918 > REDIRECTOR
hxxp://decidetardy.info/final/caused_experts.ph > BEK2
hxxp://registeringmagically.net/receiving/finishing-carry.php > BEK2
hxxp://directs140.ru/tds/in.cgi?default > REDIRECTOR
hxxp://rasdasdqyour.us/ItNQjN?uYRsp=44 > SWEET ORANGE
hxxp://ekwvczqov.justdied.com/vd/5;ee43f6cdfb3803c9d1e2d4a6f28577e7 > ROGUEAV
hxxp://www3.df-2ybjsppmqhwb5.trickip.net/?gx4x1tly6=i%2B2d3G6ppapuitKgb6aUkOfk3KqpmaqXmZ2paahiqZA%3D&f1b7770=%02%01%07%06%05%09%00%01%00%05 > ROGUEAV
hxxp://promobucks010.pro/tds/in.cgi?default > REDIRECTOR

Comments are closed.