API tools faq
paste
Advertisement
unixfreaxjp

RedKit Infector Domain : qaqipwel.ru

unixfreaxjp
Sep 16th, 2012
146
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.93 KB | None | 0 0
raw download clone embed print report
  1. RedKit Infector Domain : qaqipwel.ru
  2. Investigation Log #MalwareMustDie!!!!
  3. URL: h00p://qaqipwel.ru/count22.php
  4. ---------------------------------take 1-------------------------------------
  5. --15:35:30-- h00p://qaqipwel.ru/count22.php
  6. => `count22.php'
  7. Resolving qaqipwel.ru... 77.38.198.12
  8. Connecting to qaqipwel.ru|77.38.198.12|:80... connected.
  9. HTTP request sent, awaiting response... 302
  10. Location: h00p://sa-wan.com/93020006.html [following]
  11. --15:35:33-- h00p://sa-wan.com/93020006.html
  12. => `93020006.html'
  13. Resolving sa-wan.com... 72.167.232.75
  14. Connecting to sa-wan.com|72.167.232.75|:80... connected.
  15. HTTP request sent, awaiting response... 404 Not Found
  16. 15:35:47 ERROR 404: Not Found.
  17.  
  18. -----------------------------------take 2-------------------------------------
  19.  
  20. --15:49:39-- h00p://qaqipwel.ru/count22.php
  21. => `count22.php.1'
  22. Resolving qaqipwel.ru... 77.90.120.34
  23. Connecting to qaqipwel.ru|77.90.120.34|:80... connected.
  24. HTTP request sent, awaiting response... 200
  25. Length: 146 []
  26. 15:49:40 (0.00 B/s) - `count22.php' saved [146/146]
  27.  
  28. GET /count22.php HTTP/1.0
  29. User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.3) Gecko/2008092416 Firefox/3.0.3
  30. Accept: */*
  31. Host: qaqipwel.ru
  32. Connection: Keep-Alive
  33.  
  34. HTTP/1.1 200
  35. Server: Apache
  36. Content-Length: 142
  37. Content-Type:
  38. Last-Modified: .., 16 ... 2012 06:42:12 GMT
  39. Accept-Ranges: bytes
  40. Server:nginx/0.8.34
  41. Date:Sun, 16 Sep 2012 06:42:15 GMT
  42. X-Powered-By:PHP/5.3.2
  43.  
  44. <!DOCTYPE HTML><html><head>
  45. <script type="text/javascript">parent.location.href = "h00p://goherdscan.com/";</script>
  46. </head><body></body></html>
  47.  
  48.  
  49. --15:52:40-- h00p://goherdscan.com/ <--- Canadian Pharmacy
  50. => `index.html'
  51. Resolving goherdscan.com... 78.129.177.19
  52. Connecting to goherdscan.com|78.129.177.19|:80... connected.
  53. HTTP request sent, awaiting response... 200 OK
  54. Length: unspecified [text/html]
  55. [ <=> ] 53,472 165.25K/s
  56. 15:52:43 (165.07 KB/s) - `index.html' saved [53472]
  57.  
  58. GET / HTTP/1.0
  59. User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.3) Gecko/2008092416 Firefox/3.0.3
  60. Accept: */*
  61. Host: goherdscan.com
  62. Connection: Keep-Alive
  63.  
  64. HTTP/1.1 200 OK
  65. Server: nginx/1.2.3
  66. Date: Sun, 16 Sep 2012 06:50:29 GMT
  67. Content-Type: text/html; charset=ISO-8859-1
  68. Connection: close
  69. X-Powered-By: PHP/5.3.3
  70. Set-Cookie: PHPSESSID=jvo0smm5b6fapcif93v0bn67q4; path=/
  71. Expires: Thu, 19 Nov 1981 08:52:00 GMT
  72. Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
  73. Pragma: no-cache
  74. Vary: Accept-Encoding,User-Agent
  75.  
  76. --------------------------------take 3------------------------------------------
  77.  
  78.  
  79. --2012-09-16 15:16:04-- h00p://qaqipwel.ru/count22.php
  80. Resolving localhost (localhost)... 127.0.0.1, ::1
  81. Connecting to localhost (localhost)|::1|:8118... connected.
  82. Proxy request sent, awaiting response... 302
  83. Location: h00p://cestasefloresluana.com.br/30400006.html [following]
  84. --2012-09-16 15:16:12-- h00p://cestasefloresluana.com.br/30400006.html
  85. Connecting to localhost (localhost)|::1|:8118... connected.
  86. Proxy request sent, awaiting response... 404 Not Found
  87. 2012-09-16 15:16:23 ERROR 404: Not Found.
  88.  
  89. ----------------------------------take 4-----------------------------------------
  90.  
  91. --2012-09-16 15:20:10-- h00p://qaqipwel.ru/count22.php
  92. Resolving localhost (localhost)... 127.0.0.1, ::1
  93. Connecting to localhost (localhost)|::1|:8118... connected.
  94. Proxy request sent, awaiting response... 200
  95. Length: 146 []
  96. Saving to: `count22.php'
  97. 100%[=============>] 146 361B/s in 0.4s
  98. Last-modified header invalid -- time-stamp ignored.
  99. 2012-09-16 15:20:12 (361 B/s) - `count22.php' saved [146/146]
  100.  
  101. $ cat count22.php
  102.  
  103. <!DOCTYPE HTML><html><head>
  104. <script type="text/javascript">parent.location.href = "h00p://mytabletcialis.com/";</script>
  105. </head><body></body></html>
  106.  
  108. Cialis? Drug Site...
  109.  
  110. ---------------------------------------------------------------------------------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!