SHARE
TWEET

#MalwareMustDie - PD079-BHEK2-20121210-2

MalwareMustDie Dec 10th, 2012 111 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. // re-assemble url w/ IP...
  2.  
  3. h00p://42.121.116.38:8080/forum/links/column.php
  4. h00p://202.180.221.186:8080/forum/links/column.php
  5. h00p://203.80.16.81:8080/forum/links/column.php
  6. h00p://208.87.243.131:8080/forum/links/column.php
  7. h00p://219.255.134.110:8080/forum/links/column.php
  8.  
  9. //retry... 1st IP (42.121.116.38) http://42.121.116.38:8080/forum/links/column.php
  10.  
  11. --14:16:37--  http://42.121.116.38:8080/forum/links/column.php
  12.            => `./sample'
  13. Connecting to 42.121.116.38:8080... seconds 0.00, connected.
  14. Created socket 1916.
  15. Releasing 0x003d5600 (new refcount 0).
  16. Deleting unused 0x003d5600.
  17.  
  18. ---request begin---
  19. GET /forum/links/column.php HTTP/1.0
  20. Referer: http://www.lincolnlutheran.org/mail.htm?BIX5MYP=X95RG45NH502A48920J6K&D5IS=IX2OLOH2BXWB4X&DM6=PCKKFX5TNF&0UPZJ4=ZX0L2OUF&OAJG8Q9=KAK0XV65C2F1G6W9I9PBV461O&I57G=R010XDKGQGJXDI&UI6=U6Z4ELZPRCW8FK0D15PUTV6&WPYXJ8=Y6C1G1BXWBE&
  21. User-Agent: MalwareMustdie is Burping at your doors
  22. Accept: */*
  23. Host: 42.121.116.38:8080
  24. Connection: Keep-Alive
  25. ---request end---
  26. HTTP request sent, awaiting response...
  27. ---response begin---
  28. HTTP/1.1 200 OK
  29. Server: nginx/1.0.10
  30. Date: Mon, 10 Dec 2012 05:16:36 GMT
  31. Content-Type: text/html; charset=CP-1251
  32. Connection: close
  33. X-Powered-By: PHP/5.3.18-1~dotdeb.0
  34. Vary: Accept-Encoding
  35. ---response end---
  36. 200 OK
  37. Length: unspecified [text/html]
  38.     [       <=>                           ] 102,671       42.00K/s
  39. Closed fd 1916
  40. 14:16:42 (41.89 KB/s) - `./sample' saved [102671]
  41.  
  42.  
  43. //retry... 2nd IP (202.180.221.186) http://202.180.221.186:8080/forum/links/column.php
  44.  
  45. HTTP request sent, awaiting response...  
  46. ---response begin---
  47. HTTP/1.1 502 Bad Gateway
  48. Server: nginx/1.0.4
  49. Date: Mon, 10 Dec 2012 05:19:00 GMT
  50. Content-Type: text/html; charset=CP-1251
  51. Connection: keep-alive
  52. X-Powered-By: PHP/5.3.18-1~dotdeb.0
  53. Vary: Accept-Encoding
  54. Content-Length: 0
  55. ---response end---
  56. 502 Bad Gateway
  57. Registered socket 1916 for persistent reuse.
  58. Skipping 0 bytes of body: [] done.
  59. 14:21:09 ERROR 502: Bad Gateway.      //  BHEK is UP in there but not accepting this request..(OVERDUE reference url)
  60.  
  61.  
  62. // retry 3rd (203.80.16.81)  http://203.80.16.81:8080/forum/links/column.php
  63. --14:25:14--  http://203.80.16.81:8080/forum/links/column.php
  64.            => `./sample'
  65. Connecting to 203.80.16.81:8080... seconds 0.00, Closed fd 1916
  66. failed: Connection refused.             // BHEK is INACTIVE  
  67.  
  68.  
  69. // retry 4th http://208.87.243.131:8080/forum/links/column.php
  70. --14:26:44--  http://208.87.243.131:8080/forum/links/column.php
  71.            => `./sample'
  72. Connecting to 208.87.243.131:8080... seconds 0.00, Closed fd 1916
  73. failed: Connection refused.         // BHEK is INACTIVE  
  74.  
  75. // retry 5th  
  76. --14:28:00--  http://219.255.134.110:8080/forum/links/column.php
  77.            => `./sample'
  78. Connecting to 219.255.134.110:8080... seconds 0.00, (TIMEOUT)     // BHEK is DOWN/UNEXIST
  79.  
  80. ---
  81. #MalwareMustDie - @unixfreaxjp
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top