A couple of “admedia” gates down


Attempting to get a few infection chains I noticed more than not “admedia” gates were down. Seeing that I was not able to start an infection chain I figured I would note some “admedia” gates that were down and how it was determined.


www.labalmeenne.fr – COMPROMISED WEBSITE

DETAILS:

Shown above: Malicious java-script injected into homepage in hexadecimal

 

Shown above: Hex to ASCII conversion shows admedia gate js.krasnayamorda.info

 

Shown above: Ping command shows Request time out. Usually means host is down

 

Shown above: Virus Total results for IP address 178.62.122.211

 

Shown above:  Continuation of Virus Total results for IP address 178.62.122.211 – Numerous admedia gates hosted on this IP address

 


schutzgitter.info – COMPROMISED SITE

 

Shown above: Again malicious java-script injected into homepage in hexadecimal

 

Shown above: Hex to ASCII conversion shows admedia gate img.golovkabegemota.info

 

Shown above: Ping command shows Request time out. Usually means host is down

 

FINAL NOTES:
They will be back