Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // #MalwareMustDie!!
- // Cool Exploit Kit infectors
- // components downloaded log..
- // via shell + fetch @ FreeBSD (UNIX rocks!)
- // @unixfreaxjp /malware]$ date
- // Mon Jan 14 21:14:07 JST 2013
- --19:52:00-- h00p://50f31ac55ce66.hypnotherapyaz.com/news/tentative.jar
- => `tentative.jar.1'
- Resolving 50f31ac55ce66.hypnotherapyaz.com... seconds 0.00, 64.120.190.183
- Caching 50f31ac55ce66.hypnotherapyaz.com => 64.120.190.183
- Connecting to 50f31ac55ce66.hypnotherapyaz.com|64.120.190.183|:80... seconds 0.00, connected.
- GET /news/tentative.jar HTTP/1.0
- Referer: h00p://50f31ac55ce66.hypnotherapyaz.com/news/Guilt.phtm
- User-Agent: MalwareMustDie Draining Your Cool EK
- Host: 50f31ac55ce66.hypnotherapyaz.com
- :
- HTTP request sent, awaiting response...
- :
- HTTP/1.1 200 OK
- Server: nginx/1.2.6
- Date: Mon, 14 Jan 2013 10:52:00 GMT
- Content-Type: text/html
- Connection: close
- X-Powered-By: PHP/5.3.16
- :
- 200 OK
- Length: unspecified [text/html]
- 19:52:03 (338.29 KB/s) - `tentative.jar' saved [24]
- --19:55:23-- h00p://50f31ac55ce66.hypnotherapyaz.com/news/Shore_Rightly2.pdf
- => `Shore_Rightly2.pdf'
- Resolving 50f31ac55ce66.hypnotherapyaz.com... seconds 0.00, 64.120.190.183
- Caching 50f31ac55ce66.hypnotherapyaz.com => 64.120.190.183
- Connecting to 50f31ac55ce66.hypnotherapyaz.com|64.120.190.183|:80... seconds 0.00, connected.
- ---request begin---
- GET /news/Shore_Rightly2.pdf HTTP/1.0
- Referer: h00p://50f31ac55ce66.hypnotherapyaz.com/news/Guilt.phtm
- User-Agent: MalwareMustDie Draining Your Cool EK
- Host: 50f31ac55ce66.hypnotherapyaz.com
- :
- HTTP request sent, awaiting response...
- :
- HTTP/1.1 200 OK
- Server: nginx/1.2.6
- Date: Mon, 14 Jan 2013 10:55:24 GMT
- Content-Type: application/pdf
- Content-Length: 20190
- Connection: keep-alive
- X-Powered-By: PHP/5.3.16
- ETag: "c120d4e2a0483c37298a923b9c73e9d3"
- Last-Modified: Mon, 14 Jan 2013 10:55:24 GMT
- Accept-Ranges: bytes
- :
- 200 OK
- Registered socket 1896 for persistent reuse.
- Length: 20,190 (20K) [application/pdf]
- 19:55:25 (51.64 KB/s) - `Shore_Rightly2.pdf' saved [20190/20190]
- --19:57:24-- h00p://50f31ac55ce66.hypnotherapyaz.com/news/live1.pdf
- => `live1.pdf'
- Resolving 50f31ac55ce66.hypnotherapyaz.com... seconds 0.00, 64.120.190.183
- Caching 50f31ac55ce66.hypnotherapyaz.com => 64.120.190.183
- Connecting to 50f31ac55ce66.hypnotherapyaz.com|64.120.190.183|:80... seconds 0.00, connected.
- :
- GET /news/live1.pdf HTTP/1.0
- Referer: h00p://50f31ac55ce66.hypnotherapyaz.com/news/Guilt.phtm
- User-Agent: MalwareMustDie Draining Your Cool EK
- Host: 50f31ac55ce66.hypnotherapyaz.com
- Connection: Keep-Alive
- Accept-Language: en-us,en;q=0.5
- Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
- Keep-Alive: 300
- :
- HTTP request sent, awaiting response...
- :
- HTTP/1.1 200 OK
- Server: nginx/1.2.6
- Date: Mon, 14 Jan 2013 10:57:25 GMT
- Content-Type: application/pdf
- Content-Length: 9660
- Connection: keep-alive
- X-Powered-By: PHP/5.3.16
- ETag: "dc7e16b16843aeb59553fbfe774e3247"
- Last-Modified: Mon, 14 Jan 2013 10:57:25 GMT
- Accept-Ranges: bytes
- :
- 200 OK
- Registered socket 1896 for persistent reuse.
- Length: 9,660 (9.4K) [application/pdf]
- 19:57:26 (32.43 KB/s) - `live1.pdf' saved [9660/9660]
- --19:59:37-- h00p://50f31ac55ce66.hypnotherapyaz.com/news/INDUSTRIAL1.SWF
- => `INDUSTRIAL1.SWF'
- Resolving 50f31ac55ce66.hypnotherapyaz.com... seconds 0.00, 64.120.190.183
- Caching 50f31ac55ce66.hypnotherapyaz.com => 64.120.190.183
- Connecting to 50f31ac55ce66.hypnotherapyaz.com|64.120.190.183|:80... seconds 0.00, connected.
- :
- GET /news/INDUSTRIAL1.SWF HTTP/1.0
- Referer: h00p://50f31ac55ce66.hypnotherapyaz.com/news/Guilt.phtm
- User-Agent: MalwareMustDie Draining Your Cool EK
- Host: 50f31ac55ce66.hypnotherapyaz.com
- :
- HTTP request sent, awaiting response...
- :
- HTTP/1.1 200 OK
- Server: nginx/1.2.6
- Date: Mon, 14 Jan 2013 10:59:38 GMT
- Content-Type: text/html
- Connection: close
- X-Powered-By: PHP/5.3.16
- :
- 200 OK
- Length: unspecified [text/html]
- 19:59:38 (81.36 MB/s) - `INDUSTRIAL1.SWF' saved [7245]
- ---
- #MalwareMustDie!
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement