So, somewhere in baidu I came accorss a group of spam user spamming a series of url shorten by t.cn
1. htxp://T.CN/R2IaYrs#baidu?kw=%HlLm%baiduzhidao&JFDF1HGJ2YHKLPOS9403
2. htxp://T.CN/R2ICvvi#baidu?kw=%HlLm%baiduzhidao&JFDF1HGJ0XHKLPOS30793
3. htxp://T.CN/R2INGrY#baidu?kw=%HlLm%baiduzhidao&JFDF1HGJ0RHKLPOS9322
The suspicious link have these format (the slot at *** are 3 digit random number):
htxp://s2s***.s2sd***.kan12356.com/
htxp://s2s***.s3s***.kan259kang.com/
Here in
http://urlquery.net/report.php?id=1433430832342, you can see that
at the right hand side of the page is some pronographic image (SO, WARNING BEFORE GOING INTO THE URLQUERY LINK) These are from the 3 examples mentioned above (I go to virustotal to scan the short one and look at the url after redirect there):
htxp://s2s135.s2sd417.kan12356.com/
htxp://s2s348.s2sd630.kan12356.com/
htxp://s2s134.s3s116.kan259kang.com/
Are these malicious site?
Edit: The third one is a zip file. See:
http://urlquery.net/report.php?id=1433431964967
