SHARE
TWEET

OtherXXXSpam Links w/F*SMART referer grabber...

MalwareMustDie Oct 26th, 2012 146 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. $ myfetch http://2tf.net/in.cgi --referer="http://www.google.com/search?q=youtube"
  2.  
  3. --00:49:09--  http://2tf.net/in.cgi
  4.            => `./sample'
  5. Connecting to 192.168.7.11:8118... connected.
  6. Proxy request sent, awaiting response... 200 OK
  7. Length: unspecified [text/html]
  8. 00:49:24 (13.60 KB/s) - `./sample' saved [2381]
  9.  
  10. ------------------------------------------------------------
  11. // some traps....avoid these...
  12. <meta http-equiv="REFRESH" content="1; URL='http://2tf.net/in.cgi?default&ab_iframe=0&ab_badtraffic=0&ab_trash=1&antibot_hash=bot'">
  13. </head>
  14. <body>
  15. <div style="background:#ffffff;width:100%;height:100%;">
  16. <a href='http://2tf.net/in.cgi?default&ab_iframe=0&ab_badtraffic=0&ab_trash=1&antibot_hash=bot'><font color="#ffffff">Click here</font></a>
  17. </div>
  18.  
  19.  
  20. //Same method as previous infector, "setting the referer" kinda stuffs..
  21. // these morons grab the visitor referer to compare for the target ones...PoC↓
  22.  
  23. window.location=url_de("tluafed?igc.ni/ten.ft2//:ptth")+"&ab_iframe="+ab_iframe+"&ab_badtraffic="+ab_badtraffic+"&antibot_hash=2084759934&ur=1&HTTP_REFERER=http://www.google.com/search?q=youtube";
  24.  
  25.  
  26. //let's plastic surgery the target url...
  27. http://2tf.net/in.cgi?default&ab_iframe=0&ab_badtraffic=0&antibot_hash=2084759934&ur=1&HTTP_REFERER=http://2tf.net/in.cgi
  28.  
  29.  
  30. // go go go go!!
  31.  
  32. $ myfetch...
  33. --http_proxy ="tor"
  34. --output-document="./sample2"
  35. --user-agent="Mozila/4.3(X11; U; MacOSX)"
  36. --referer="http://2tf.net/in.cgi"
  37. --target="http://2tf.net/in.cgi?default&ab_iframe=0&ab_badtraffic=0&antibot_hash=2084759934&ur=1&HTTP_REFERER=http://2tf.net/in.cgi"
  38. --00:57:45--  http://2tf.net/in.cgi?default&ab_iframe=0&ab_badtraffic=0&antibot_
  39. hash=2084759934&ur=1&HTTP_REFERER=http://2tf.net/in.cgi
  40.            => `./sample2'
  41. Connecting to 192.168.7.11:8118... connected.
  42. Proxy request sent, awaiting response... 302 Found
  43. Location: http://sultana.ru/top/index.php?name=justin [following]
  44. --00:57:50--  http://sultana.ru/top/index.php?name=justin
  45.            => `./sample2'
  46. Connecting to 192.168.7.11:8118... connected.
  47. Proxy request sent, awaiting response... 200 OK
  48. Length: unspecified [text/html]
  49. 00:57:55 (25.42 KB/s) - `./sample2' saved [26961]
  50.  
  51. $ head ./sample2
  52.  
  53. <meta name="rating" content="General">
  54. <meta name="Abstract" content="òîï ïîðíî-ñàéòîâ, Ñàéòû äëÿ âçðîñëûõ, Adult, xxx">
  55. <meta name="page-topic" content="òîï ïîðíî-ñàéòîâ, Ñàéòû äëÿ âçðîñëûõ, Adult, xxx">
  56. <meta name="Title" content="òîï ïîðíî-ñàéòîâ, Ñàéòû äëÿ âçðîñëûõ, Adult, xxx">
  57. <meta name="Rating" content="general">
  58. <meta name="Robots" content="index,all">
  59. <meta name="Document-state" content="Dynamic">
  60. <meta name="Creation-Date" content="01/05/2005">
  61. <meta name="Revisit-after" content="3 days">
  62. <link rel="shortcut icon" href = "favicon.ico" type = "image/x-icon">
  63.  
  64. // another Adult.. this one is russian one, no malware! lol!
  65. // :-) the hint is sucks!
  66.  
  67. ----
  68. #MalwareMustDie!
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top