Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- These are the url verdicted as malicious.
- yes it is using the IFRAME, yes in used the obfuscation.
- But I don't see any payload, nor malicious infection, EXCEPT some pop-ups banner of advertisements, some script counters and SEO analytics javascript instead.
- These are the urls:
- hxxp://mahogany100611n.blog.so-net.ne.jp/2012-02-13-16
- hxxp://healthnews09251.blog.so-net.ne.jp/archive/20111117
- hxxp://larceny081911ne.blog.so-net.ne.jp/2011-10-09
- hxxp://flowerdeliverie.blog.so-net.ne.jp/archive/20111103
- hxxp://squamouscell092.blog.so-net.ne.jp/2011-11-09
- For your conveniences here's I paste one of the urls analysis above:
- <iframe src=
- "http://lostwebtracker.com/?if=1&scr_w=1024&scr_h=768&blog=http%3A//mahogany100611n.blog.so-net.ne.j
- p/2012-02-13-16&ref=&l=celebrity" height="1" width="1"></iframe>
- (repeated 1 time)
- <iframe src=
- "http://green-tracker.com/?if=1&scr_w=1024&scr_h=768&blog=http%3A//mahogany100611n.blog.so-net.ne.jp
- /2012-02-13-16&ref=&l=celebrity" height="1" width="1"></iframe>
- (repeated 1 time)
- <div class="bookmark"><ul>
- (repeated 1 time)
- <li><a href="http://twitter.com/share" class="twitter-share-button" data-url=
- "http://mahogany100611n.blog.so-net.ne.jp/2012-02-13-16" data-text=
- "Barbie as Britney Spears in Toxic ^_^. I know, I know that the outfit is not ...?Barbie as Britney
- Spears in Toxic ^_^. I know, I know that the outfit is not ...:Beny's blog:So-net???" data-count=
- "none">Tweet</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
- </li>
- (repeated 1 time)
- <li><style>.mixi-check-button img { border:0;margin-right:2px;}</style><a href=
- "http://mixi.jp/share.pl" style="border: none" class="mixi-check-button" data-key=
- "8ca2c5d782d92e3b37ea8fb3b469bd7c3e963d41" data-button="button-1" data-url=
- "http://mahogany100611n.blog.so-net.ne.jp/2012-02-13-16">mixi check</a><script type=
- "text/javascript" src="http://static.mixi.jp/js/share.js"></script></li>
- (repeated 1 time)
- <li><a href=
- "http://b.hatena.ne.jp/entry/http%3A%2F%2Fmahogany100611n.blog.so-net.ne.jp%2F2012-02-13-16" class=
- "hatena-bookmark-button" data-hatena-bookmark-layout="standard" title="????????????????????"><img
- src="http://b.st-hatena.com/images/entry-button/button-only.gif" alt="????????????????????" width=
- "20" height="20" style="border: none;" /></a><script type="text/javascript" src=
- "http://b.st-hatena.com/js/bookmark_button.js" charset="utf-8" async="async"></script></li>
- (repeated 1 time)
- <script src="https://apis.google.com/js/plusone.js">{
- lang : 'ja'
- }
- </script>
- (repeated 1 time)
- <li><g:plusone size="medium" href="http://mahogany100611n.blog.so-net.ne.jp/2012-02-13-16" count=
- "false"></g:plusone></li>
- (repeated 1 time)
- <li><iframe src=
- "http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fmahogany100611n.blog.so-net.ne.jp%2F2012
- -02-13-16&layout=button_count&show_faces=true&width=110&action=like&colorscheme=
- light&height=20" scrolling="no" frameborder="0" style=
- "display:inline; border:none; overflow:hidden; width:110px; height:20px" allowTransparency="true">
- </iframe></li>
- (repeated 1 time)
- </ul></div>
- (repeated 1 time)
- <div id="square-under-1"></div>
- (repeated 1 time)
- <iframe name="maad" src=
- "http://match.seesaa.jp/ot_square.pl?hid=14&sid=mahogany100611n:10000006590014&tid=101_sonet&c=3&bg_
- c=ffffff&bg_reverse_c=fff7d7&title_c=2200cc&text_c=333333&border_c=ffffff&link_c=008000&sponsor_c=00
- 0000&referer=&frame_type=0"
- (repeated 1 time)
- width="156" height="378" scrolling="no" frameborder="no" marginwidth="0" marginheight="0" allowTran
- sparency="true"></iframe>
- (repeated 1 time)
- ----
- ZeroDay Japan
- http://0day.jp
- Malware Analyst: Hendrik ADRIAN / アドリアン・ヘンドリック
- Twitter/VirusTotal/Google: @unixfreaxjp
- Analysis Blog: http://unixfreaxjp.blogspot.com
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement