SHARE
TWEET

Just a checks on a suspicious trackallnet.com .cgi links &JS

MalwareMustDie Oct 26th, 2012 388 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Suspected URL: http://trackallnet.com/cgi-bin/r.cgi
  2. Suspicious method:
  3. 1. FRAME w/ frameborder="no" border="0" framespacing="0"
  4. 2. linked to suspicious domain http://trackallnet.com
  5. 3. linked to the suspicious domain cdn.dsultra.com
  6.  
  7. //checks...
  8.  
  9. $ myfetch http://trackallnet.com/cgi-bin/r.cgi
  10. --http_proxy = tor
  11. --output-document="./sample"
  12. --referer="http://www.google.com/search?q=youtube"
  13. --user-agent="Mozila/4.3 (X11; U; MacOSX)"
  14. --target "http://trackallnet.com/cgi-bin/r.cgi"
  15. --23:17:45--  http://trackallnet.com/cgi-bin/r.cgi
  16.            => `./sample'
  17. Connecting to 192.168.7.11:8118... connected.
  18. Proxy request sent, awaiting response... 200 (OK)
  19. Length: 1,926 (1.9K) [text/html]
  20. 23:17:50 (7.17 KB/s) - `./sample' saved [1926/1926]
  21.  
  22. ------------------------------------------
  23.  
  24. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd">
  25. <!-- turing_cluster_prod -->
  26. <html>
  27.   <head>
  28.     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  29.  
  30.     <title>trackallnet.com</title>
  31.     <meta name="keywords" content="trackallnet.com" />
  32.     <meta name="description" content="trackallnet.com" />
  33.     <meta name="robots" content="index, follow" />
  34.     <meta name="revisit-after" content="10" />
  35.     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
  36.  
  37.      <script type="text/javascript">  
  38. cookie_callback = function(val) {
  39.     var exdate=new Date();
  40.     exdate.setFullYear(exdate.getFullYear() + 1);
  41.     document.cookie = "Spusr=" + escape(val) +
  42.       "; expires=" + exdate.toUTCString();
  43.     document.cookie = "jsc=1";
  44. }
  45. </script>  <script src="http://dsparking.com/?epl=JzuKG0uQwuW26I1AJ1OE5Rj5RFpAQuEUyV38b50lbDg0TVQmAtZBMsuVeiXo3J6GBwnHdIREG79hC-Ni74FuLKiLZYUYBuVy0XQXqtV-inj5lFSMOYJgWqywT4AP-zj7GrN1mXUuW1rnWbc1IXgBBpIG1mQxyIzXRArSL5R4WsY1RyrE67qdynP12H5XDvU0DaBB1E891RM8qR5NDarZhDaNpqbRk54C09SmGoQAIOD-778AgDL_AQAAQIDbDAAARj6RFllTJllBMTZoWkLEAAAA8A">
  46. </script>
  47.  
  48.   </head>
  49.   <frameset rows="100%,*" frameborder="no" border="0" framespacing="0">
  50.     <frame src="http://trackallnet.com?epl=VIpw-FiL01JiwnDOdlzYr5jaM5lBQuEUyV3stYC-mWnITy1zxjWJWrJCFUS0eNCzlwUzGsjUxYDVRE7HCNi0kKSIjJpVWDHInvho5U7-4H8SjAzGUsQhERIgCE_QY9C5CONHkspsQOv9ekeXe_LUmEaYxEZNRj31U-IpgjKjAdDQRI_aoB4VdQAgoP7vvwCA0v8BAABAgNsIAACm9kxmWVMmWUExNmhaQooAAADw" name="trackallnet.com">
  51.   </frameset>
  52.   <noframes>
  53.         <body><a href="http://trackallnet.com?epl=VIpw-FiL01JiwnDOdlzYr5jaM5lBQuEUyV3stYC-mWnITy1zxjWJWrJCFUS0eNCzlwUzGsjUxYDVRE7HCNi0kKSIjJpVWDHInvho5U7-4H8SjAzGUsQhERIgCE_QY9C5CONHkspsQOv9ekeXe_LUmEaYxEZNRj31U-IpgjKjAdDQRI_aoB4VdQAgoP7vvwCA0v8BAABAgNsIAACm9kxmWVMmWUExNmhaQooAAADw">Click here to go to trackallnet.com</a>.</body>
  54.   </noframes>
  55. </html>
  56.  
  57. ----------------------------------------------------------------
  58.  
  59. /////////// first is a script...feedbacking cookie...
  60. <<<
  61. cookie_callback('470015ac51d7508a9c1deca7');
  62.  
  63.  
  64. ////////////second one is an IFRAME.... redir you to a page like this:
  65. Baseurl: trackallnet.com
  66. Trackallnet.com
  67.  
  68. na±wonatokini
  69.    October 26, 2012
  70.    [¥¬________]
  71.      * konoPe-6Ziwoo5ni¥rini½ suru
  72.      * |
  73.      * konoPe-6ZiwoHo-6MuPe-6Zini­suru
  74.  
  75. ¢£suru®no¢
  76.      * help desk software
  77.      * bird netting
  78.      * xem phim lam tinh
  79.      * horticultural netting
  80.      * deer fencing
  81.      * mesh netting
  82.      * project management
  83.      * bird control nets
  84.      * help desk
  85.      * auto insurance
  86.  
  87.    help desk software
  88.    ____________________
  89.    æ¤U9Cç´¢
  90.  
  91. SuPoN6Sa-6RiSuTei6N6Gu
  92. ¢£suru®no¢:
  93.      * xem phim lam tinh
  94.      * |
  95.      * horticultural netting
  96.      * |
  97.      * deer fencing
  98.      * |
  99.      * mesh netting
  100.      * |
  101.      * project management
  102.      * |
  103.      * bird control nets
  104.      * |
  105.      * help desk
  106.      * |
  107.      * auto insurance
  108.  
  109.    Privacy Policy Legal Policies <=== this contains link to http://cdn.dsultra.com/t/ds_legal.html
  110.  
  111. -------------------------------
  112.  
  113. //contains
  114.  
  115. &#112;&#114;&#105;&#118;&#97;&#99;&#121;&#32;&#91;&#97;&#116;&#93;&#32;&#111;&#118;&#101;&#114;&#115;&#101;&#101;&#32;&#91;&#100;&#111;&#116;&#93;&#32;&#110;&#101;&#116;</p> ⇒ // privacy [at] oversee [dot] net ...
  116.  
  117. &#108;&#101;&#103;&#97;&#108;&#32;&#91;&#97;&#116;&#93;&#32;&#111;&#118;&#101;&#114;&#115;&#101;&#101;&#32;&#91;&#100;&#111;&#116;&#93;&#32;&#110;&#101;&#116; ⇒ // legal [at] oversee [dot] net.
  118.  
  119. CLEAN..
  120.  
  121. ///////////third one...
  122.  CLEAN... reference http://urlquery.net/report.php?id=198883
  123.  
  124.  
  125. ---- case closed...no malware....
  126.  
  127. ---
  128. #MalwareMustDie
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top