Unknown Exploit Kit

If anyone has a name for this please let me know. Seems to usually install RogueAV.

HTTP Request Method = GET
HTTP Status = 302

regex on the URI for both “^http:\/\/www\d\.” as well as “\/\?[0-9a-z]{4,9}=[a-z0-9A-Z%]{45,}%3D”

Popular right now on dyndns domains such as

*.trickip.net
*.pcanywhere.net
*.ygto.com
*.wikaba.com
*.rr.nu

Unknown Exploit Kit Examples on UrlQuery.net

Comments are closed.