Some MDL already informed and publish these URLs, so I have no reason to hold anymore:
payloads:(1) hXXp://mxcwqdkbphcx.lookin.at/main.php?page=c9ee61ed42809775 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ classical one↑(2) hXXp://02e9126.netsolhost.com/nfjviq3D/index.html ^^^^^^^^^^^^^^^^^^^^ ↑Good trick, don't be fooled with index.html (Information: this is actually iframer lead to BHEK at the below link) hXXp://66.175.222.25[/]pxyk80ujzb03h.php?y=p7tqagmzf8qdjqpi ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ↑Not usual one, look at the parameter at php file(3) hXXp://crane.co.th/YabymY6p/index.html ^^^^^^^^^^^^^^^^^^^^ ↑see the above randomized subdir?Conclusion: You can set almost every infection scheme in blackhole interface. yet the characteristic is still there. Note; This page is here because of the team work of malware researchers. Thank you for those who contributes the contents, to those who corrected and advice, for those who to read and share, and God & prayers bless them who take direct action straight to these threat.
BTW, No, I am telling you #MalwareMustDie is not selling crap.