SHARE
TWEET

#MalwareMustDie - Cool Exploit Infectors Flushed 20130114

MalwareMustDie Jan 14th, 2013 209 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. // #MalwareMustDie!!
  2. // Cool Exploit Kit infectors
  3. // components downloaded log..
  4. // via shell + fetch @ FreeBSD (UNIX rocks!)
  5. // @unixfreaxjp /malware]$ date
  6. // Mon Jan 14 21:14:07 JST 2013
  7.  
  8. --19:52:00--  h00p://50f31ac55ce66.hypnotherapyaz.com/news/tentative.jar
  9.            => `tentative.jar.1'
  10. Resolving 50f31ac55ce66.hypnotherapyaz.com... seconds 0.00, 64.120.190.183
  11. Caching 50f31ac55ce66.hypnotherapyaz.com => 64.120.190.183
  12. Connecting to 50f31ac55ce66.hypnotherapyaz.com|64.120.190.183|:80... seconds 0.00, connected.
  13. GET /news/tentative.jar HTTP/1.0
  14. Referer: h00p://50f31ac55ce66.hypnotherapyaz.com/news/Guilt.phtm
  15. User-Agent: MalwareMustDie Draining Your Cool EK
  16. Host: 50f31ac55ce66.hypnotherapyaz.com
  17.   :
  18. HTTP request sent, awaiting response...
  19.   :
  20. HTTP/1.1 200 OK
  21. Server: nginx/1.2.6
  22. Date: Mon, 14 Jan 2013 10:52:00 GMT
  23. Content-Type: text/html
  24. Connection: close
  25. X-Powered-By: PHP/5.3.16
  26.   :
  27. 200 OK
  28. Length: unspecified [text/html]
  29. 19:52:03 (338.29 KB/s) - `tentative.jar' saved [24]
  30.  
  31.  
  32. --19:55:23--  h00p://50f31ac55ce66.hypnotherapyaz.com/news/Shore_Rightly2.pdf
  33.            => `Shore_Rightly2.pdf'
  34. Resolving 50f31ac55ce66.hypnotherapyaz.com... seconds 0.00, 64.120.190.183
  35. Caching 50f31ac55ce66.hypnotherapyaz.com => 64.120.190.183
  36. Connecting to 50f31ac55ce66.hypnotherapyaz.com|64.120.190.183|:80... seconds 0.00, connected.
  37. ---request begin---
  38. GET /news/Shore_Rightly2.pdf HTTP/1.0
  39. Referer: h00p://50f31ac55ce66.hypnotherapyaz.com/news/Guilt.phtm
  40. User-Agent: MalwareMustDie Draining Your Cool EK
  41. Host: 50f31ac55ce66.hypnotherapyaz.com
  42.   :
  43. HTTP request sent, awaiting response...
  44.   :
  45. HTTP/1.1 200 OK
  46. Server: nginx/1.2.6
  47. Date: Mon, 14 Jan 2013 10:55:24 GMT
  48. Content-Type: application/pdf
  49. Content-Length: 20190
  50. Connection: keep-alive
  51. X-Powered-By: PHP/5.3.16
  52. ETag: "c120d4e2a0483c37298a923b9c73e9d3"
  53. Last-Modified: Mon, 14 Jan 2013 10:55:24 GMT
  54. Accept-Ranges: bytes
  55.   :
  56. 200 OK
  57. Registered socket 1896 for persistent reuse.
  58. Length: 20,190 (20K) [application/pdf]
  59. 19:55:25 (51.64 KB/s) - `Shore_Rightly2.pdf' saved [20190/20190]
  60.  
  61.  
  62. --19:57:24--  h00p://50f31ac55ce66.hypnotherapyaz.com/news/live1.pdf
  63.            => `live1.pdf'
  64. Resolving 50f31ac55ce66.hypnotherapyaz.com... seconds 0.00, 64.120.190.183
  65. Caching 50f31ac55ce66.hypnotherapyaz.com => 64.120.190.183
  66. Connecting to 50f31ac55ce66.hypnotherapyaz.com|64.120.190.183|:80... seconds 0.00, connected.
  67.   :
  68. GET /news/live1.pdf HTTP/1.0
  69. Referer: h00p://50f31ac55ce66.hypnotherapyaz.com/news/Guilt.phtm
  70. User-Agent: MalwareMustDie Draining Your Cool EK
  71. Host: 50f31ac55ce66.hypnotherapyaz.com
  72. Connection: Keep-Alive
  73. Accept-Language: en-us,en;q=0.5
  74. Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
  75. Keep-Alive: 300
  76.   :
  77. HTTP request sent, awaiting response...
  78.   :
  79. HTTP/1.1 200 OK
  80. Server: nginx/1.2.6
  81. Date: Mon, 14 Jan 2013 10:57:25 GMT
  82. Content-Type: application/pdf
  83. Content-Length: 9660
  84. Connection: keep-alive
  85. X-Powered-By: PHP/5.3.16
  86. ETag: "dc7e16b16843aeb59553fbfe774e3247"
  87. Last-Modified: Mon, 14 Jan 2013 10:57:25 GMT
  88. Accept-Ranges: bytes
  89.   :
  90. 200 OK
  91. Registered socket 1896 for persistent reuse.
  92. Length: 9,660 (9.4K) [application/pdf]
  93. 19:57:26 (32.43 KB/s) - `live1.pdf' saved [9660/9660]
  94.  
  95.  
  96. --19:59:37--  h00p://50f31ac55ce66.hypnotherapyaz.com/news/INDUSTRIAL1.SWF
  97.            => `INDUSTRIAL1.SWF'
  98. Resolving 50f31ac55ce66.hypnotherapyaz.com... seconds 0.00, 64.120.190.183
  99. Caching 50f31ac55ce66.hypnotherapyaz.com => 64.120.190.183
  100. Connecting to 50f31ac55ce66.hypnotherapyaz.com|64.120.190.183|:80... seconds 0.00, connected.
  101.   :
  102. GET /news/INDUSTRIAL1.SWF HTTP/1.0
  103. Referer: h00p://50f31ac55ce66.hypnotherapyaz.com/news/Guilt.phtm
  104. User-Agent: MalwareMustDie Draining Your Cool EK
  105. Host: 50f31ac55ce66.hypnotherapyaz.com
  106.   :
  107. HTTP request sent, awaiting response...
  108.   :
  109. HTTP/1.1 200 OK
  110. Server: nginx/1.2.6
  111. Date: Mon, 14 Jan 2013 10:59:38 GMT
  112. Content-Type: text/html
  113. Connection: close
  114. X-Powered-By: PHP/5.3.16
  115.   :
  116. 200 OK
  117. Length: unspecified [text/html]
  118. 19:59:38 (81.36 MB/s) - `INDUSTRIAL1.SWF' saved [7245]
  119.  
  120. ---
  121. #MalwareMustDie!
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top