Bad web host alerted?

See: http://www.projecthoneypot.org/ip_31.31.196.16
and → http://urlquery.net/report.php?id=4370127
Gateway malware service as part of RedKit EK campaign, been with us since 2012,

  1. Domain rotation – based on time

  2. HTML pages rotation, switching based on time too.

  3. Domains\web-server involved in apreading malware – victims of previous hacks, that turned into malware spreading hosts

  4. MDS clean-up hacked host (at least from added HTML pages and malicious files) at the end of usage.

  5. Malware page provide 3(!) different payload, 2 for Java and another for PDF.

Major flaw in this system is non-changed names for malicious files, but since malware domains are hacked, I assume only limited functional available to MDS owners, and that’s require to use static file names. info thanks to Day by Day’s author D.L.

polonus