The saying goes that there's no such thing as free lunch, so let me expand it - there's no such thing as free pr0n, unless you don't count a malware infection as the price. What follows is a demonstration of the Zlob trojan in action that occurs though the usual redirectors, and here's a related article emphasizing on the IFRAME embedded pr0n sites directing traffic to the redirectors :
At miss-krista.info - 22.214.171.124 - we have an IFRAME pointing us to todaysfreevideo.com/ad/6811214.html - 126.96.36.199 - where we are offered to download two pr0n videos, todaysfreevideo.com/teens/mr-tp01-2g2s1/1/movie1.php and todaysfreevideo.com/teens/mr-tp01-2g2s1/1/movie2.php, but the actual malware is hosted at an internal page at downloadvax.com - 188.8.131.52 -- and while as usual we get a 403 Forbidden at the main index, within to domain the pr0n surfer gets infected with the Zlob Trojan.
File size: 70853 bytes
Obviously, unsafe pr0n surfing leads to malware transmitted diseases, but why exploit serving domains when no vulnerabilities get exploited at these URLs? Mainly because miss-krista.info is part of the exploits hosting domain farm I discussed in part one.