API tools faq
paste
Advertisement
MalwareMustDie

Just a checks on a suspicious trackallnet.com .cgi links &JS

MalwareMustDie
Oct 26th, 2012
1,774
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.47 KB | None | 0 0
raw download clone embed print report
  1. Suspected URL: http://trackallnet.com/cgi-bin/r.cgi
  2. Suspicious method:
  3. 1. FRAME w/ frameborder="no" border="0" framespacing="0"
  4. 2. linked to suspicious domain http://trackallnet.com
  5. 3. linked to the suspicious domain cdn.dsultra.com
  6.  
  7. //checks...
  8.  
  9. $ myfetch http://trackallnet.com/cgi-bin/r.cgi
  10. --http_proxy = tor
  11. --output-document="./sample"
  12. --referer="http://www.google.com/search?q=youtube"
  13. --user-agent="Mozila/4.3 (X11; U; MacOSX)"
  14. --target "http://trackallnet.com/cgi-bin/r.cgi"
  15. --23:17:45-- http://trackallnet.com/cgi-bin/r.cgi
  16. => `./sample'
  17. Connecting to 192.168.7.11:8118... connected.
  18. Proxy request sent, awaiting response... 200 (OK)
  19. Length: 1,926 (1.9K) [text/html]
  20. 23:17:50 (7.17 KB/s) - `./sample' saved [1926/1926]
  21.  
  22. ------------------------------------------
  23.  
  24. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd">
  25. <!-- turing_cluster_prod -->
  26. <html>
  27. <head>
  28. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  29.  
  30. <title>trackallnet.com</title>
  31. <meta name="keywords" content="trackallnet.com" />
  32. <meta name="description" content="trackallnet.com" />
  33. <meta name="robots" content="index, follow" />
  34. <meta name="revisit-after" content="10" />
  35. <meta name="viewport" content="width=device-width, initial-scale=1.0" />
  36.  
  37. <script type="text/javascript">
  38. cookie_callback = function(val) {
  39. var exdate=new Date();
  40. exdate.setFullYear(exdate.getFullYear() + 1);
  41. document.cookie = "Spusr=" + escape(val) +
  42. "; expires=" + exdate.toUTCString();
  43. document.cookie = "jsc=1";
  44. }
  45. </script> <script src="http://dsparking.com/?epl=JzuKG0uQwuW26I1AJ1OE5Rj5RFpAQuEUyV38b50lbDg0TVQmAtZBMsuVeiXo3J6GBwnHdIREG79hC-Ni74FuLKiLZYUYBuVy0XQXqtV-inj5lFSMOYJgWqywT4AP-zj7GrN1mXUuW1rnWbc1IXgBBpIG1mQxyIzXRArSL5R4WsY1RyrE67qdynP12H5XDvU0DaBB1E891RM8qR5NDarZhDaNpqbRk54C09SmGoQAIOD-778AgDL_AQAAQIDbDAAARj6RFllTJllBMTZoWkLEAAAA8A">
  46. </script>
  47.  
  48. </head>
  49. <frameset rows="100%,*" frameborder="no" border="0" framespacing="0">
  50. <frame src="http://trackallnet.com?epl=VIpw-FiL01JiwnDOdlzYr5jaM5lBQuEUyV3stYC-mWnITy1zxjWJWrJCFUS0eNCzlwUzGsjUxYDVRE7HCNi0kKSIjJpVWDHInvho5U7-4H8SjAzGUsQhERIgCE_QY9C5CONHkspsQOv9ekeXe_LUmEaYxEZNRj31U-IpgjKjAdDQRI_aoB4VdQAgoP7vvwCA0v8BAABAgNsIAACm9kxmWVMmWUExNmhaQooAAADw" name="trackallnet.com">
  51. </frameset>
  52. <noframes>
  53. <body><a href="http://trackallnet.com?epl=VIpw-FiL01JiwnDOdlzYr5jaM5lBQuEUyV3stYC-mWnITy1zxjWJWrJCFUS0eNCzlwUzGsjUxYDVRE7HCNi0kKSIjJpVWDHInvho5U7-4H8SjAzGUsQhERIgCE_QY9C5CONHkspsQOv9ekeXe_LUmEaYxEZNRj31U-IpgjKjAdDQRI_aoB4VdQAgoP7vvwCA0v8BAABAgNsIAACm9kxmWVMmWUExNmhaQooAAADw">Click here to go to trackallnet.com</a>.</body>
  54. </noframes>
  55. </html>
  56.  
  57. ----------------------------------------------------------------
  58.  
  59. /////////// first is a script...feedbacking cookie...
  60. <<<
  61. cookie_callback('470015ac51d7508a9c1deca7');
  62.  
  63.  
  64. ////////////second one is an IFRAME.... redir you to a page like this:
  65. Baseurl: trackallnet.com
  66. Trackallnet.com
  67.  
  68. na±wonatokini
  69. October 26, 2012
  70. [¥¬________]
  71. * konoPe-6Ziwoo5ni¥rini½ suru
  72. * |
  73. * konoPe-6ZiwoHo-6MuPe-6Zini­suru
  74.  
  75. ¢£suru®no¢
  76. * help desk software
  77. * bird netting
  78. * xem phim lam tinh
  79. * horticultural netting
  80. * deer fencing
  81. * mesh netting
  82. * project management
  83. * bird control nets
  84. * help desk
  85. * auto insurance
  86.  
  87. help desk software
  88. ____________________
  89. æ¤U9Cç´¢
  90.  
  91. SuPoN6Sa-6RiSuTei6N6Gu
  92. ¢£suru®no¢:
  93. * xem phim lam tinh
  94. * |
  95. * horticultural netting
  96. * |
  97. * deer fencing
  98. * |
  99. * mesh netting
  100. * |
  101. * project management
  102. * |
  103. * bird control nets
  104. * |
  105. * help desk
  106. * |
  107. * auto insurance
  108.  
  109. Privacy Policy Legal Policies <=== this contains link to http://cdn.dsultra.com/t/ds_legal.html
  110.  
  111. -------------------------------
  112.  
  113. //contains
  114.  
  115. &#112;&#114;&#105;&#118;&#97;&#99;&#121;&#32;&#91;&#97;&#116;&#93;&#32;&#111;&#118;&#101;&#114;&#115;&#101;&#101;&#32;&#91;&#100;&#111;&#116;&#93;&#32;&#110;&#101;&#116;</p> ⇒ // privacy [at] oversee [dot] net ...
  116.  
  117. &#108;&#101;&#103;&#97;&#108;&#32;&#91;&#97;&#116;&#93;&#32;&#111;&#118;&#101;&#114;&#115;&#101;&#101;&#32;&#91;&#100;&#111;&#116;&#93;&#32;&#110;&#101;&#116; ⇒ // legal [at] oversee [dot] net.
  118.  
  119. CLEAN..
  120.  
  121. ///////////third one...
  122. CLEAN... reference http://urlquery.net/report.php?id=198883
  123.  
  124.  
  125. ---- case closed...no malware....
  126.  
  127. ---
  128. #MalwareMustDie
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!