Monday 11 June 2012

FakeAV / FakeBilling

I got the latest FakeAV of the BestAV affiliate, for some unknown reason i'm unable to find a valid serial inside my debugger for unlock the FakeAV without patching.


So let's try to buy it with junk data


"Secure purchase" i don't see any SSL here.

I send the form and...

E-mail order:

The provided serial even don't work, and i don't get it why there is a Cancel button on 'Serial key is invalid'


The E-mail order is a total failure too if you read it, they ask you to put your registration E-Mail on a field who don't exist on the FakeAV


To resume, a lambda guys who don't know about FakeAV will owned hard.

Blackhole:
http://195.88.74.86/files/97d19
http://195.88.74.86/files/182b5
http://195.88.74.86/files/c5826
http://195.88.74.86/files/5e91c
http://195.88.74.86/files/a2e1a
http://195.88.74.86/files/d4fc7
http://195.88.74.86/files/b6863
http://195.88.74.86/files/96ece
http://195.88.74.86/files/f424f
http://195.88.74.86/files/47bca
http://195.88.74.86/files/5a20e
http://195.88.74.86/files/cf234
http://195.88.74.86/files/9235d
http://195.88.74.86/files/c2567
http://195.88.74.86/files/c4672
http://195.88.74.86/files/5db33
http://195.88.74.86/files/6d4b0
http://195.88.74.86/files/f4dfb
http://195.88.74.86/files/c01c5
http://195.88.74.86/f/1110.exe
• dns: 1 ›› ip: 195.88.74.86 - adresse: HIHIHIHIIHIHIHIHI.IPQ.CO

---

http://seripay.com/p/?&lid=3050003&affid=58300&nid=8065D52C&group=liv
http://seripay.com/p/liv/?lid=3050003&group=liv&reject_url=http%3A%2F%2Fseripay.com%3A80%2Fp%2Fdecline%2F%3Flid%3D3050003%26s%3D5%26group%3Dliv%26nid%3D8065D52C%26affid%3D58300&nid=8065D52C&s=5&affid=58300
• dns: 1 ›› ip: 178.162.134.218 - adresse: SERIPAY.COM

---

http://116.255.247.93/api/stats/install/?ts=87bc3b24&affid=58300&ver=3050003&group=liv
• ip: 178.162.134.218 ›› http://www.spamhaus.org/sbl/query/SBL141839

195.88.74.86/f/t2.php (phpinfo)


7 comments:

  1. Hehe. Someone messed up the serial code. That's a problem.

    ReplyDelete
  2. Can you get sample and make report of http://exploit.in/forum/index.php?showtopic=59759 ?

    ReplyDelete
  3. http://www.sendspace.com/file/ugnblv

    ReplyDelete
  4. This is a Smoke Loader sample.

    ReplyDelete
  5. Just awesome , really good work !

    ReplyDelete
  6. Should do post about citadel , upas , ice9 , andromeda, and smoke!

    ReplyDelete