Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Suspected URL: http://trackallnet.com/cgi-bin/r.cgi
- Suspicious method:
- 1. FRAME w/ frameborder="no" border="0" framespacing="0"
- 2. linked to suspicious domain http://trackallnet.com
- 3. linked to the suspicious domain cdn.dsultra.com
- //checks...
- $ myfetch http://trackallnet.com/cgi-bin/r.cgi
- --http_proxy = tor
- --output-document="./sample"
- --referer="http://www.google.com/search?q=youtube"
- --user-agent="Mozila/4.3 (X11; U; MacOSX)"
- --target "http://trackallnet.com/cgi-bin/r.cgi"
- --23:17:45-- http://trackallnet.com/cgi-bin/r.cgi
- => `./sample'
- Connecting to 192.168.7.11:8118... connected.
- Proxy request sent, awaiting response... 200 (OK)
- Length: 1,926 (1.9K) [text/html]
- 23:17:50 (7.17 KB/s) - `./sample' saved [1926/1926]
- ------------------------------------------
- <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd">
- <!-- turing_cluster_prod -->
- <html>
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>trackallnet.com</title>
- <meta name="keywords" content="trackallnet.com" />
- <meta name="description" content="trackallnet.com" />
- <meta name="robots" content="index, follow" />
- <meta name="revisit-after" content="10" />
- <meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <script type="text/javascript">
- cookie_callback = function(val) {
- var exdate=new Date();
- exdate.setFullYear(exdate.getFullYear() + 1);
- document.cookie = "Spusr=" + escape(val) +
- "; expires=" + exdate.toUTCString();
- document.cookie = "jsc=1";
- }
- </script> <script src="http://dsparking.com/?epl=JzuKG0uQwuW26I1AJ1OE5Rj5RFpAQuEUyV38b50lbDg0TVQmAtZBMsuVeiXo3J6GBwnHdIREG79hC-Ni74FuLKiLZYUYBuVy0XQXqtV-inj5lFSMOYJgWqywT4AP-zj7GrN1mXUuW1rnWbc1IXgBBpIG1mQxyIzXRArSL5R4WsY1RyrE67qdynP12H5XDvU0DaBB1E891RM8qR5NDarZhDaNpqbRk54C09SmGoQAIOD-778AgDL_AQAAQIDbDAAARj6RFllTJllBMTZoWkLEAAAA8A">
- </script>
- </head>
- <frameset rows="100%,*" frameborder="no" border="0" framespacing="0">
- <frame src="http://trackallnet.com?epl=VIpw-FiL01JiwnDOdlzYr5jaM5lBQuEUyV3stYC-mWnITy1zxjWJWrJCFUS0eNCzlwUzGsjUxYDVRE7HCNi0kKSIjJpVWDHInvho5U7-4H8SjAzGUsQhERIgCE_QY9C5CONHkspsQOv9ekeXe_LUmEaYxEZNRj31U-IpgjKjAdDQRI_aoB4VdQAgoP7vvwCA0v8BAABAgNsIAACm9kxmWVMmWUExNmhaQooAAADw" name="trackallnet.com">
- </frameset>
- <noframes>
- <body><a href="http://trackallnet.com?epl=VIpw-FiL01JiwnDOdlzYr5jaM5lBQuEUyV3stYC-mWnITy1zxjWJWrJCFUS0eNCzlwUzGsjUxYDVRE7HCNi0kKSIjJpVWDHInvho5U7-4H8SjAzGUsQhERIgCE_QY9C5CONHkspsQOv9ekeXe_LUmEaYxEZNRj31U-IpgjKjAdDQRI_aoB4VdQAgoP7vvwCA0v8BAABAgNsIAACm9kxmWVMmWUExNmhaQooAAADw">Click here to go to trackallnet.com</a>.</body>
- </noframes>
- </html>
- ----------------------------------------------------------------
- /////////// first is a script...feedbacking cookie...
- <<<
- cookie_callback('470015ac51d7508a9c1deca7');
- ////////////second one is an IFRAME.... redir you to a page like this:
- Baseurl: trackallnet.com
- Trackallnet.com
- na±wonatokini
- October 26, 2012
- [¥¬________]
- * konoPe-6Ziwoo5ni¥rini½ suru
- * |
- * konoPe-6ZiwoHo-6MuPe-6Zinisuru
- ¢£suru®no¢
- * help desk software
- * bird netting
- * xem phim lam tinh
- * horticultural netting
- * deer fencing
- * mesh netting
- * project management
- * bird control nets
- * help desk
- * auto insurance
- help desk software
- ____________________
- æ¤U9Cç´¢
- SuPoN6Sa-6RiSuTei6N6Gu
- ¢£suru®no¢:
- * xem phim lam tinh
- * |
- * horticultural netting
- * |
- * deer fencing
- * |
- * mesh netting
- * |
- * project management
- * |
- * bird control nets
- * |
- * help desk
- * |
- * auto insurance
- Privacy Policy Legal Policies <=== this contains link to http://cdn.dsultra.com/t/ds_legal.html
- -------------------------------
- //contains
- privacy [at] oversee [dot] net</p> ⇒ // privacy [at] oversee [dot] net ...
- legal [at] oversee [dot] net ⇒ // legal [at] oversee [dot] net.
- CLEAN..
- ///////////third one...
- CLEAN... reference http://urlquery.net/report.php?id=198883
- ---- case closed...no malware....
- ---
- #MalwareMustDie
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement