Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- RedKit Infector Domain : qaqipwel.ru
- Investigation Log #MalwareMustDie!!!!
- URL: h00p://qaqipwel.ru/count22.php
- ---------------------------------take 1-------------------------------------
- --15:35:30-- h00p://qaqipwel.ru/count22.php
- => `count22.php'
- Resolving qaqipwel.ru... 77.38.198.12
- Connecting to qaqipwel.ru|77.38.198.12|:80... connected.
- HTTP request sent, awaiting response... 302
- Location: h00p://sa-wan.com/93020006.html [following]
- --15:35:33-- h00p://sa-wan.com/93020006.html
- => `93020006.html'
- Resolving sa-wan.com... 72.167.232.75
- Connecting to sa-wan.com|72.167.232.75|:80... connected.
- HTTP request sent, awaiting response... 404 Not Found
- 15:35:47 ERROR 404: Not Found.
- -----------------------------------take 2-------------------------------------
- --15:49:39-- h00p://qaqipwel.ru/count22.php
- => `count22.php.1'
- Resolving qaqipwel.ru... 77.90.120.34
- Connecting to qaqipwel.ru|77.90.120.34|:80... connected.
- HTTP request sent, awaiting response... 200
- Length: 146 []
- 15:49:40 (0.00 B/s) - `count22.php' saved [146/146]
- GET /count22.php HTTP/1.0
- User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.3) Gecko/2008092416 Firefox/3.0.3
- Accept: */*
- Host: qaqipwel.ru
- Connection: Keep-Alive
- HTTP/1.1 200
- Server: Apache
- Content-Length: 142
- Content-Type:
- Last-Modified: .., 16 ... 2012 06:42:12 GMT
- Accept-Ranges: bytes
- Server:nginx/0.8.34
- Date:Sun, 16 Sep 2012 06:42:15 GMT
- X-Powered-By:PHP/5.3.2
- <!DOCTYPE HTML><html><head>
- <script type="text/javascript">parent.location.href = "h00p://goherdscan.com/";</script>
- </head><body></body></html>
- --15:52:40-- h00p://goherdscan.com/ <--- Canadian Pharmacy
- => `index.html'
- Resolving goherdscan.com... 78.129.177.19
- Connecting to goherdscan.com|78.129.177.19|:80... connected.
- HTTP request sent, awaiting response... 200 OK
- Length: unspecified [text/html]
- [ <=> ] 53,472 165.25K/s
- 15:52:43 (165.07 KB/s) - `index.html' saved [53472]
- GET / HTTP/1.0
- User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.3) Gecko/2008092416 Firefox/3.0.3
- Accept: */*
- Host: goherdscan.com
- Connection: Keep-Alive
- HTTP/1.1 200 OK
- Server: nginx/1.2.3
- Date: Sun, 16 Sep 2012 06:50:29 GMT
- Content-Type: text/html; charset=ISO-8859-1
- Connection: close
- X-Powered-By: PHP/5.3.3
- Set-Cookie: PHPSESSID=jvo0smm5b6fapcif93v0bn67q4; path=/
- Expires: Thu, 19 Nov 1981 08:52:00 GMT
- Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
- Pragma: no-cache
- Vary: Accept-Encoding,User-Agent
- --------------------------------take 3------------------------------------------
- --2012-09-16 15:16:04-- h00p://qaqipwel.ru/count22.php
- Resolving localhost (localhost)... 127.0.0.1, ::1
- Connecting to localhost (localhost)|::1|:8118... connected.
- Proxy request sent, awaiting response... 302
- Location: h00p://cestasefloresluana.com.br/30400006.html [following]
- --2012-09-16 15:16:12-- h00p://cestasefloresluana.com.br/30400006.html
- Connecting to localhost (localhost)|::1|:8118... connected.
- Proxy request sent, awaiting response... 404 Not Found
- 2012-09-16 15:16:23 ERROR 404: Not Found.
- ----------------------------------take 4-----------------------------------------
- --2012-09-16 15:20:10-- h00p://qaqipwel.ru/count22.php
- Resolving localhost (localhost)... 127.0.0.1, ::1
- Connecting to localhost (localhost)|::1|:8118... connected.
- Proxy request sent, awaiting response... 200
- Length: 146 []
- Saving to: `count22.php'
- 100%[=============>] 146 361B/s in 0.4s
- Last-modified header invalid -- time-stamp ignored.
- 2012-09-16 15:20:12 (361 B/s) - `count22.php' saved [146/146]
- $ cat count22.php
- <!DOCTYPE HTML><html><head>
- <script type="text/javascript">parent.location.href = "h00p://mytabletcialis.com/";</script>
- </head><body></body></html>
- ↑
- Cialis? Drug Site...
- ---------------------------------------------------------------------------------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement