When you first enter the site, the download is the proper one. However, moving anywhere else on the site such as the screenshots page will also contain a download link. This is where I got the file, not the index page.
This is the same link that has the assaultcube-installer.exe fake package
However, today the links point to a mediafire file. Which is indeed a properly sized Assaultcube installer file!
Either they are trying to cover their tracks, or an XSS exploit was found.
Still, the facebook link with the naughty file is still active
If you wish to contact these ppl... http://72.52.143.151/cgi-sys/ will link you to a 403 forbidden, but contains a link to mail to these ppl / subhumans.
Mailing address: [email protected]
Here is some more stuff -> http://72.52.143.151/cgi-sys/defaultwebpage.cgi (Running Apache 2.0.63 with WHM)
http://72.52.143.151/~facebook/ <-- Error, which can potentially lead to exploit
NMAP scan shows the exact same ports open and exact same versions of services:
Same exact location : Lansing, Michigan. But different server
So they have 2 of them, maybe even more.
This is the same link that has the assaultcube-installer.exe fake package
However, today the links point to a mediafire file. Which is indeed a properly sized Assaultcube installer file!
Either they are trying to cover their tracks, or an XSS exploit was found.
Still, the facebook link with the naughty file is still active
If you wish to contact these ppl... http://72.52.143.151/cgi-sys/ will link you to a 403 forbidden, but contains a link to mail to these ppl / subhumans.
Mailing address: [email protected]
Here is some more stuff -> http://72.52.143.151/cgi-sys/defaultwebpage.cgi (Running Apache 2.0.63 with WHM)
http://72.52.143.151/~facebook/ <-- Error, which can potentially lead to exploit
NMAP scan shows the exact same ports open and exact same versions of services:
[SELECT ALL] Code:
PORT STATE SERVICE VERSION
20/tcp closed ftp-data
21/tcp open ftp PureFTPd
22/tcp open ssh OpenSSH 4.3 (protocol 2.0)
| ssh-hostkey: 1024 f9:d3:d6:85:43:46:32:57:40:48:c2:d6:b8:af:00:0d (DSA)
|_2048 03:da:1f:cd:ba:5c:63:5e:de:a5:d3:e6:e3:5b:b0:89 (RSA)
53/tcp open domain
| dns-zone-transfer:
| superfastredirect.com SOA ns1.superfastredirect.com sid18.gmx.c
om
| superfastredirect.com MX superfastredirect.com
| superfastredirect.com NS ns1.superfastredirect.com
| superfastredirect.com NS ns2.superfastredirect.com
| superfastredirect.com A 72.52.143.151
| 1.superfastredirect.com A 72.52.143.151
| www.1.superfastredirect.com A 72.52.143.151
| ftp.superfastredirect.com CNAME
| lambda.superfastredirect.com A 72.52.143.151
| localhost.superfastredirect.com A 127.0.0.1
| mail.superfastredirect.com CNAME
| www.superfastredirect.com CNAME
|_superfastredirect.com SOA ns1.superfastredirect.com sid18.gmx.c
om
80/tcp open http Apache httpd 2.0.63 ((Unix) mod_ssl/2.0.63 OpenSSL/0.9.
8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PH
P/5.2.9)
|_html-title: Site doesn't have a title (text/html).
110/tcp open pop3 Courier pop3d
|_pop3-capabilities: USER STLS IMPLEMENTATION(Courier Mail Server) UIDL PIPELINI
NG LOGIN-DELAY(10) TOP OK(K Here s what I can do)
143/tcp open imap Courier Imapd (released 2008)
|_imap-capabilities: THREAD=ORDEREDSUBJECT QUOTA STARTTLS THREAD=REFERENCES UIDP
LUS ACL2=UNION SORT ACL IMAP4rev1 IDLE NAMESPACE CHILDREN
443/tcp open http Apache httpd 2.0.63 ((Unix) mod_ssl/2.0.63 OpenSSL/0.9.
8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PH
P/5.2.9)
|_html-title: Site doesn't have a title (text/html).
465/tcp open ssl/smtp Exim smtpd 4.69
|_sslv2: server still supports SSLv2
| smtp-commands: EHLO host.superfastredirect.com Hello 206-248-163-81.dsl.teksav
vy.com [206.248.163.81], SIZE 52428800, PIPELINING, AUTH PLAIN LOGIN, HELP
|_HELP Commands supported: AUTH HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP
993/tcp open ssl/imap Courier Imapd (released 2008)
|_sslv2: server still supports SSLv2
|_imap-capabilities: THREAD=ORDEREDSUBJECT QUOTA AUTH=PLAIN THREAD=REFERENCES UI
DPLUS ACL2=UNION SORT ACL IMAP4rev1 IDLE NAMESPACE CHILDREN
995/tcp open ssl/pop3 Courier pop3d
|_sslv2: server still supports SSLv2
|_pop3-capabilities: USER IMPLEMENTATION(Courier Mail Server) UIDL PIPELINING OK
(K Here s what I can do) TOP LOGIN-DELAY(10)
3306/tcp open mysql MySQL (unauthorized)
6666/tcp closed irc
Device type: WAP|general purpose|firewall
Running (JUST GUESSING) : Linksys Linux 2.4.X (92%), Linux 2.4.X|2.6.X (91%), Ch
eck Point Linux 2.4.X (86%)
Aggressive OS guesses: OpenWrt White Russian 0.9 (Linux 2.4.30) (92%), OpenWrt 0
.9 - 7.09 (Linux 2.4.30 - 2.4.34) (91%), OpenWrt Kamikaze 7.09 (Linux 2.6.22) (9
1%), Linux 2.6.20.6 (87%), Linux 2.6.19 - 2.6.24 (87%), Linux 2.6.18 (86%), Linu
x 2.6.18 - 2.6.21 (86%), OpenWrt Kamikaze 7.09 (Linux 2.6.17 - 2.6.21) (86%), Li
nux 2.6.22 (Fedora 7) (86%), Check Point NGX R65 firewall (Linux 2.4.21) (86%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 15 hops
TCP Sequence Prediction: Difficulty=206 (Good luck!)
IP ID Sequence Generation: All zeros
TRACEROUTE (using port 20/tcp)
HOP RTT ADDRESS
1 15.00 ms 206.248.154.104
2 15.00 ms 69.196.136.34
3 15.00 ms peer1.bdr02.tor.packetflow.ca (64.34.236.121)
4 15.00 ms 10ge.xe-2-0-0.tor-151f-cor-1.peer1.net (216.187.114.145)
5 0.00 ms 10ge.xe-0-0-0.tor-1yg-cor-1.peer1.net (216.187.114.133)
6 31.00 ms 10ge.xe-0-0-0.chi-eqx-dis-1.peer1.net (216.187.114.141)
7 78.00 ms ge-6-23.car4.Chicago1.Level3.net (4.71.102.13)
8 31.00 ms ae-31-53.ebr1.Chicago1.Level3.net (4.68.101.94)
9 31.00 ms ae-6-6.ebr1.Chicago2.Level3.net (4.69.140.190)
10 31.00 ms ae-1-51.edge2.Chicago2.Level3.net (4.69.138.131)
11 32.00 ms GLOBAL-INTE.edge2.Chicago2.Level3.net (4.59.29.78)
12 32.00 ms lw-core4-te91.rtr.liquidweb.com (209.59.157.206)
13 16.00 ms lw-dc2-core4-ge2-15.rtr.liquidweb.com (209.59.157.106)
14 31.00 ms lw-dc2-sec1-dist2-po2.rtr.liquidweb.com (209.59.157.130)
15 31.00 ms host.superfastredirect.com (72.52.143.151)Same exact location : Lansing, Michigan. But different server
So they have 2 of them, maybe even more.