API tools faq
paste
Advertisement
MalwareMustDie

#MalwareMustDie - Cool Exploit Infectors Flushed 20130114

MalwareMustDie
Jan 14th, 2013
2,299
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.00 KB | None | 0 0
raw download clone embed print report
  1. // #MalwareMustDie!!
  2. // Cool Exploit Kit infectors
  3. // components downloaded log..
  4. // via shell + fetch @ FreeBSD (UNIX rocks!)
  5. // @unixfreaxjp /malware]$ date
  6. // Mon Jan 14 21:14:07 JST 2013
  7.  
  8. --19:52:00-- h00p://50f31ac55ce66.hypnotherapyaz.com/news/tentative.jar
  9. => `tentative.jar.1'
  10. Resolving 50f31ac55ce66.hypnotherapyaz.com... seconds 0.00, 64.120.190.183
  11. Caching 50f31ac55ce66.hypnotherapyaz.com => 64.120.190.183
  12. Connecting to 50f31ac55ce66.hypnotherapyaz.com|64.120.190.183|:80... seconds 0.00, connected.
  13. GET /news/tentative.jar HTTP/1.0
  14. Referer: h00p://50f31ac55ce66.hypnotherapyaz.com/news/Guilt.phtm
  15. User-Agent: MalwareMustDie Draining Your Cool EK
  16. Host: 50f31ac55ce66.hypnotherapyaz.com
  17. :
  18. HTTP request sent, awaiting response...
  19. :
  20. HTTP/1.1 200 OK
  21. Server: nginx/1.2.6
  22. Date: Mon, 14 Jan 2013 10:52:00 GMT
  23. Content-Type: text/html
  24. Connection: close
  25. X-Powered-By: PHP/5.3.16
  26. :
  27. 200 OK
  28. Length: unspecified [text/html]
  29. 19:52:03 (338.29 KB/s) - `tentative.jar' saved [24]
  30.  
  31.  
  32. --19:55:23-- h00p://50f31ac55ce66.hypnotherapyaz.com/news/Shore_Rightly2.pdf
  33. => `Shore_Rightly2.pdf'
  34. Resolving 50f31ac55ce66.hypnotherapyaz.com... seconds 0.00, 64.120.190.183
  35. Caching 50f31ac55ce66.hypnotherapyaz.com => 64.120.190.183
  36. Connecting to 50f31ac55ce66.hypnotherapyaz.com|64.120.190.183|:80... seconds 0.00, connected.
  37. ---request begin---
  38. GET /news/Shore_Rightly2.pdf HTTP/1.0
  39. Referer: h00p://50f31ac55ce66.hypnotherapyaz.com/news/Guilt.phtm
  40. User-Agent: MalwareMustDie Draining Your Cool EK
  41. Host: 50f31ac55ce66.hypnotherapyaz.com
  42. :
  43. HTTP request sent, awaiting response...
  44. :
  45. HTTP/1.1 200 OK
  46. Server: nginx/1.2.6
  47. Date: Mon, 14 Jan 2013 10:55:24 GMT
  48. Content-Type: application/pdf
  49. Content-Length: 20190
  50. Connection: keep-alive
  51. X-Powered-By: PHP/5.3.16
  52. ETag: "c120d4e2a0483c37298a923b9c73e9d3"
  53. Last-Modified: Mon, 14 Jan 2013 10:55:24 GMT
  54. Accept-Ranges: bytes
  55. :
  56. 200 OK
  57. Registered socket 1896 for persistent reuse.
  58. Length: 20,190 (20K) [application/pdf]
  59. 19:55:25 (51.64 KB/s) - `Shore_Rightly2.pdf' saved [20190/20190]
  60.  
  61.  
  62. --19:57:24-- h00p://50f31ac55ce66.hypnotherapyaz.com/news/live1.pdf
  63. => `live1.pdf'
  64. Resolving 50f31ac55ce66.hypnotherapyaz.com... seconds 0.00, 64.120.190.183
  65. Caching 50f31ac55ce66.hypnotherapyaz.com => 64.120.190.183
  66. Connecting to 50f31ac55ce66.hypnotherapyaz.com|64.120.190.183|:80... seconds 0.00, connected.
  67. :
  68. GET /news/live1.pdf HTTP/1.0
  69. Referer: h00p://50f31ac55ce66.hypnotherapyaz.com/news/Guilt.phtm
  70. User-Agent: MalwareMustDie Draining Your Cool EK
  71. Host: 50f31ac55ce66.hypnotherapyaz.com
  72. Connection: Keep-Alive
  73. Accept-Language: en-us,en;q=0.5
  74. Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
  75. Keep-Alive: 300
  76. :
  77. HTTP request sent, awaiting response...
  78. :
  79. HTTP/1.1 200 OK
  80. Server: nginx/1.2.6
  81. Date: Mon, 14 Jan 2013 10:57:25 GMT
  82. Content-Type: application/pdf
  83. Content-Length: 9660
  84. Connection: keep-alive
  85. X-Powered-By: PHP/5.3.16
  86. ETag: "dc7e16b16843aeb59553fbfe774e3247"
  87. Last-Modified: Mon, 14 Jan 2013 10:57:25 GMT
  88. Accept-Ranges: bytes
  89. :
  90. 200 OK
  91. Registered socket 1896 for persistent reuse.
  92. Length: 9,660 (9.4K) [application/pdf]
  93. 19:57:26 (32.43 KB/s) - `live1.pdf' saved [9660/9660]
  94.  
  95.  
  96. --19:59:37-- h00p://50f31ac55ce66.hypnotherapyaz.com/news/INDUSTRIAL1.SWF
  97. => `INDUSTRIAL1.SWF'
  98. Resolving 50f31ac55ce66.hypnotherapyaz.com... seconds 0.00, 64.120.190.183
  99. Caching 50f31ac55ce66.hypnotherapyaz.com => 64.120.190.183
  100. Connecting to 50f31ac55ce66.hypnotherapyaz.com|64.120.190.183|:80... seconds 0.00, connected.
  101. :
  102. GET /news/INDUSTRIAL1.SWF HTTP/1.0
  103. Referer: h00p://50f31ac55ce66.hypnotherapyaz.com/news/Guilt.phtm
  104. User-Agent: MalwareMustDie Draining Your Cool EK
  105. Host: 50f31ac55ce66.hypnotherapyaz.com
  106. :
  107. HTTP request sent, awaiting response...
  108. :
  109. HTTP/1.1 200 OK
  110. Server: nginx/1.2.6
  111. Date: Mon, 14 Jan 2013 10:59:38 GMT
  112. Content-Type: text/html
  113. Connection: close
  114. X-Powered-By: PHP/5.3.16
  115. :
  116. 200 OK
  117. Length: unspecified [text/html]
  118. 19:59:38 (81.36 MB/s) - `INDUSTRIAL1.SWF' saved [7245]
  119.  
  120. ---
  121. #MalwareMustDie!
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!