Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- --23:09:06-- http://fiturbaru.xtgem.com/index
- => `index.1'
- Resolving fiturbaru.xtgem.com... 188.95.50.112
- Connecting to fiturbaru.xtgem.com|188.95.50.112|:80... connected.
- HTTP request sent, awaiting response... 200 OK
- Length: unspecified [text/html]
- ↓↓
- <SCRIPT TYPE="text/javascript" SRC=
- "http://ad.yieldmanager.com/imp?Z=468x60&s=3233302&_salt=528650755&B=10&u=http%3A%2F%2Ffiturbaru.xtem.com%2Findex&r=1"></SCRIPT>
- ↓↓
- //tor access... w/o user agent..
- --2012-09-29 23:11:32-- http://ad.yieldmanager.com/imp?Z=468x60&s=3233302&_salt=528650755&B=10&u=http%3A%2F%2Ffiturbaru.xtem.com%2Findex&r=1
- Resolving localhost (localhost)... 127.0.0.1, ::1
- Connecting to localhost (localhost)|127.0.0.1|:8118... connected.
- Proxy request sent, awaiting response... 406 Not Acceptable
- 2012-09-29 23:11:33 ERROR 406: Not Acceptable.
- //tor access w/ user agent...
- --2012-09-29 23:12:01-- http://ad.yieldmanager.com/imp?Z=468x60&s=3233302&_salt=528650755&B=10&u=http%3A%2F%2Ffiturbaru.xtem.com%2Findex&r=1
- Resolving localhost (localhost)... 127.0.0.1, ::1
- Connecting to localhost (localhost)|127.0.0.1|:8118... connected.
- Proxy request sent, awaiting response... 302 Found
- Location: http://cookex.amp.yahoo.com/v2/cexposer/SIG=13o2kpq86/*http%3A//ad.yieldmanager.com/imp?Z=468x60&s=3233302&_salt=528650755&B=10&u=http%3A%2F%2Ffiturbaru.xtem.com%2Findex&r=1 [following]
- Warning: wildcards not supported in HTTP.
- --2012-09-29 23:12:04-- http://cookex.amp.yahoo.com/v2/cexposer/SIG=13o2kpq86/*http%3A//ad.yieldmanager.com/imp?Z=468x60&s=3233302&_salt=528650755&B=10&u=http%3A%2F%2Ffiturbaru.xtem.com%2Findex&r=1
- Connecting to localhost (localhost)|127.0.0.1|:8118... connected.
- Proxy request sent, awaiting response... 302 Found
- Location: http://ad.yieldmanager.com/imp?Z=468x60&s=3233302&_salt=528650755&B=10&u=http%3A%2F%2Ffiturbaru.xtem.com%2Findex&r=1&SIG=10vnrnd5m;x-cookie=s5hf9gy86r0qz&o=3&f=iw [following]
- --2012-09-29 23:12:07-- http://ad.yieldmanager.com/imp?Z=468x60&s=3233302&_salt=528650755&B=10&u=http%3A%2F%2Ffiturbaru.xtem.com%2Findex&r=1&SIG=10vnrnd5m;x-cookie=s5hf9gy86r0qz&o=3&f=iw
- Connecting to localhost (localhost)|127.0.0.1|:8118... connected.
- Proxy request sent, awaiting response... 200 OK
- Length: 839 [application/x-javascript]
- Saving to: `imp?Z=468x60&s=3233302&_salt=528650755&B=10&u=http:%2F%2Ffiturbaru.xtem.com%2Findex&r=1'
- 2012-09-29 23:12:12 (1.83 MB/s) - `imp?Z=468x60&s=3233302&_salt=528650755&B=10&u=http:%2F%2Ffiturbaru.xtem.com%2Findex&r=1' saved [839/839]
- //browser's log:
- ActiveXObject('ShockwaveFlash.ShockwaveFlash.2');
- ActiveXObject('ShockwaveFlash.ShockwaveFlash.3');
- ActiveXObject('ShockwaveFlash.ShockwaveFlash.4');
- ActiveXObject('ShockwaveFlash.ShockwaveFlash.5');
- ActiveXObject('ShockwaveFlash.ShockwaveFlash.6');
- ActiveXObject('ShockwaveFlash.ShockwaveFlash.7');
- ActiveXObject('ShockwaveFlash.ShockwaveFlash.8');
- ActiveXObject('ShockwaveFlash.ShockwaveFlash.9');
- [2012-09-29 23:19:58] [HTTP] URL: http://ad.xtendmedia.com/iframe3?AAAAABZWMQCTWP4AAAAAAMZGOgAAAAAAAgAAAAQAAAAAAP8AAAAHERVeSAAAAAAARANHAAAAAACy5U0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANoBUAAAAAAAIAAwAAgD8AaJn7mpsllz-uNCkF3V6iP0XT2cngKKk.LIcW2c73sz9U46WbxCCwP5qZmZmZmbk.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABUnnJPO-avDH4rlZwDYn.iH5wdqK9ak15cJ5zDAAAAAA==,,http%3A%2F%2Ffiturbaru.xtem.com%2Findex,B%3D10%26Z%3D468x60%26_salt%3D528650755%26r%3D1%26s%3D3233302,a961e780-0a3f-11e2-b2c2-fbaa664cf3de,1348927931551 (Status: 200, Referrer: None)
- [2012-09-29 23:19:58] [HTTP Redirection (Status: 302)] Content-Location: http://ad.xtendmedia.com/iframe3?AAAAABZWMQCTWP4AAAAAAMZGOgAAAAAAAgAAAAQAAAAAAP8AAAAHERVeSAAAAAAARANHAAAAAACy5U0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANoBUAAAAAAAIAAwAAgD8AaJn7mpsllz-uNCkF3V6iP0XT2cngKKk.LIcW2c73sz9U46WbxCCwP5qZmZmZmbk.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABUnnJPO-avDH4rlZwDYn.iH5wdqK9ak15cJ5zDAAAAAA==,,http%3A%2F%2Ffiturbaru.xtem.com%2Findex,B%3D10%26Z%3D468x60%26_salt%3D528650755%26r%3D1%26s%3D3233302,a961e780-0a3f-11e2-b2c2-fbaa664cf3de,1348927931551 --> Location: http://ad.yieldmanager.com/iframe3?AAAAABZWMQCTWP4AAAAAAMZGOgAAAAAAAgAAAAQAAAAAAP8AAAAHERVeSAAAAAAARANHAAAAAACy5U0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANoBUAAAAAAAIAAwAAgD8AaJn7mpsllz-uNCkF3V6iP0XT2cngKKk.LIcW2c73sz9U46WbxCCwP5qZmZmZmbk.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABUnnJPO-avDH4rlZwDYn.iH5wdqK9ak15cJ5zDAAAAAA==,,http%3A%2F%2Ffiturbaru.xtem.com%2Findex,B%3D10%26Z%3D468x60%26_salt%3D528650755%26r%3D1%26s%3D3233302,a961e780-0a3f-11e2-b2c2-fbaa664cf3de,1348927931551
- // cat it...found IFRAME..backdooring object..
- document.write('<iframe allowtransparency=\"true\"
- scrolling=\"no\" marginwidth=\"0\" marginheight=\"0\"
- frameborder=\"0\" height=\"60\" width=\"468\"
- src=\"http://ad.xtendmedia.com/iframe3?AAAAABZWMQCTWP
- 4AAAAAAMZGOgAAAAAAAgAAAAQAAAAAAP8AAAAHERVeSAAAAAAARAN
- HAAAAAACy5U0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
- AAAAAAAAAAAAAAAAAAANoBUAAAAAAAIAAwAAgD8AaJn7mpsllz-uN
- CkF3V6iP0XT2cngKKk.LIcW2c73sz9U46WbxCCwP5qZmZmZmbk.AAA
- AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABUnnJPO-avDH4rl
- ZwDYn.iH5wdqK9ak15cJ5zDAAAAAA==
- ,,http%3A%2F%2Ffiturbaru.xtem.com%2Findex,B%3D10%26Z%3D468x60%26_salt%3D528650755%26r%3D1%26s%3D3233302
- ,a961e780-0a3f-11e2-b2c2-fbaa664cf3de,1348927931551\"></iframe>');
- var rm_data = new Object();
- rm_data.creative_id = 16668819;
- rm_data.offer_type = 3;
- rm_data.entity_id = 675576;
- if (window.rm_crex_data) {rm_crex_data.push(16668819);}
- ↑↑ WTF Backdoor!!
- VT:(1/43) https://www.virustotal.com/file/ca387be9397de7173406dec7086607bd20ebc2a84fe8e6a026bea3f8787939c2/analysis/1348929146/
- #MalwareMustDie!!
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement