Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- $ myfetch http://2tf.net/in.cgi --referer="http://www.google.com/search?q=youtube"
- --00:49:09-- http://2tf.net/in.cgi
- => `./sample'
- Connecting to 192.168.7.11:8118... connected.
- Proxy request sent, awaiting response... 200 OK
- Length: unspecified [text/html]
- 00:49:24 (13.60 KB/s) - `./sample' saved [2381]
- ------------------------------------------------------------
- // some traps....avoid these...
- <meta http-equiv="REFRESH" content="1; URL='http://2tf.net/in.cgi?default&ab_iframe=0&ab_badtraffic=0&ab_trash=1&antibot_hash=bot'">
- </head>
- <body>
- <div style="background:#ffffff;width:100%;height:100%;">
- <a href='http://2tf.net/in.cgi?default&ab_iframe=0&ab_badtraffic=0&ab_trash=1&antibot_hash=bot'><font color="#ffffff">Click here</font></a>
- </div>
- //Same method as previous infector, "setting the referer" kinda stuffs..
- // these morons grab the visitor referer to compare for the target ones...PoC↓
- window.location=url_de("tluafed?igc.ni/ten.ft2//:ptth")+"&ab_iframe="+ab_iframe+"&ab_badtraffic="+ab_badtraffic+"&antibot_hash=2084759934&ur=1&HTTP_REFERER=http://www.google.com/search?q=youtube";
- //let's plastic surgery the target url...
- http://2tf.net/in.cgi?default&ab_iframe=0&ab_badtraffic=0&antibot_hash=2084759934&ur=1&HTTP_REFERER=http://2tf.net/in.cgi
- // go go go go!!
- $ myfetch...
- --http_proxy ="tor"
- --output-document="./sample2"
- --user-agent="Mozila/4.3(X11; U; MacOSX)"
- --referer="http://2tf.net/in.cgi"
- --target="http://2tf.net/in.cgi?default&ab_iframe=0&ab_badtraffic=0&antibot_hash=2084759934&ur=1&HTTP_REFERER=http://2tf.net/in.cgi"
- --00:57:45-- http://2tf.net/in.cgi?default&ab_iframe=0&ab_badtraffic=0&antibot_
- hash=2084759934&ur=1&HTTP_REFERER=http://2tf.net/in.cgi
- => `./sample2'
- Connecting to 192.168.7.11:8118... connected.
- Proxy request sent, awaiting response... 302 Found
- Location: http://sultana.ru/top/index.php?name=justin [following]
- --00:57:50-- http://sultana.ru/top/index.php?name=justin
- => `./sample2'
- Connecting to 192.168.7.11:8118... connected.
- Proxy request sent, awaiting response... 200 OK
- Length: unspecified [text/html]
- 00:57:55 (25.42 KB/s) - `./sample2' saved [26961]
- $ head ./sample2
- <meta name="rating" content="General">
- <meta name="Abstract" content="òîï ïîðíî-ñàéòîâ, Ñàéòû äëÿ âçðîñëûõ, Adult, xxx">
- <meta name="page-topic" content="òîï ïîðíî-ñàéòîâ, Ñàéòû äëÿ âçðîñëûõ, Adult, xxx">
- <meta name="Title" content="òîï ïîðíî-ñàéòîâ, Ñàéòû äëÿ âçðîñëûõ, Adult, xxx">
- <meta name="Rating" content="general">
- <meta name="Robots" content="index,all">
- <meta name="Document-state" content="Dynamic">
- <meta name="Creation-Date" content="01/05/2005">
- <meta name="Revisit-after" content="3 days">
- <link rel="shortcut icon" href = "favicon.ico" type = "image/x-icon">
- // another Adult.. this one is russian one, no malware! lol!
- // :-) the hint is sucks!
- ----
- #MalwareMustDie!
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement