[NetBehaviour] (no subject)

James Morris james at jwm-art.net
Thu Nov 22 13:57:26 CET 2012


On 22/11/12 Steven Read <ssread at gmail.com> wrote:
>  http://www.dyscover.com/wp-content/plugins/akismet/google235.html

treat with caution... suspicious phishing...
hacking...malicious. etc... my guess at checking it out here:


[sirrom at Scrapyard ~]$ curl
http://www.dyscover.com/wp-content/plugins/akismet/google235.html <h1>
You are here because one of your friends <br> have invited you.<br>
Page loading, please wait....
</h1>
<meta http-equiv="refresh" content="0;
url=http://onlinemarket11work.com/?12/1"> [sirrom at Scrapyard ~]$ 
[sirrom at Scrapyard ~]$ curl http://onlinemarket11work.com/?12/1
<html><head><script
type="text/javascript">location.replace("http://phish.a.id.opendns.com/?url=onlinemarket11work%2Ecom%2F%3F12%2F1&nref");</script></head></html>                                                                                       

[sirrom at Scrapyard ~]$ wget
"http://phish.a.id.opendns.com/?url=onlinemarket11work%2Ecom%2F%3F12%2F1&nref"
--2012-11-22 12:55:13--
http://phish.a.id.opendns.com/?url=onlinemarket11work%2Ecom%2F%3F12%2F1&nref
Resolving phish.a.id.opendns.com (phish.a.id.opendns.com)...
67.215.67.10 Connecting to phish.a.id.opendns.com
(phish.a.id.opendns.com)|67.215.67.10|:80... connected. HTTP request
sent, awaiting response... 302 Found Location:
http://w10.phish.b.id.opendns.com/?url=onlinemarket11work%2Ecom%2F%3F12%2F1&nref
[following] --2012-11-22 12:55:13--
http://w10.phish.b.id.opendns.com/?url=onlinemarket11work%2Ecom%2F%3F12%2F1&nref
Resolving w10.phish.b.id.opendns.com (w10.phish.b.id.opendns.com)...
67.215.67.10 Connecting to w10.phish.b.id.opendns.com
(w10.phish.b.id.opendns.com)|67.215.67.10|:80... connected. HTTP
request sent, awaiting response... 302 Found Location:
http://w10.w10.phish.c.id.opendns.com/?url=onlinemarket11work%2Ecom%2F%3F12%2F1&nref
[following] --2012-11-22 12:55:13--
http://w10.w10.phish.c.id.opendns.com/?url=onlinemarket11work%2Ecom%2F%3F12%2F1&nref
Resolving w10.w10.phish.c.id.opendns.com
(w10.w10.phish.c.id.opendns.com)... 67.215.67.10 Connecting to
w10.w10.phish.c.id.opendns.com
(w10.w10.phish.c.id.opendns.com)|67.215.67.10|:80... connected. HTTP
request sent, awaiting response... 302 Found Location:
http://w10.w10.w10.phish.d.id.opendns.com/?url=onlinemarket11work%2Ecom%2F%3F12%2F1&nref
[following] --2012-11-22 12:55:13--
http://w10.w10.w10.phish.d.id.opendns.com/?url=onlinemarket11work%2Ecom%2F%3F12%2F1&nref
Resolving w10.w10.w10.phish.d.id.opendns.com
(w10.w10.w10.phish.d.id.opendns.com)... 67.215.67.10 Connecting to
w10.w10.w10.phish.d.id.opendns.com
(w10.w10.w10.phish.d.id.opendns.com)|67.215.67.10|:80... connected.
HTTP request sent, awaiting response... 302 Found Location:
http://w10.w10.w10.w10.phish.e.id.opendns.com/?url=onlinemarket11work%2Ecom%2F%3F12%2F1&nref
[following] --2012-11-22 12:55:14--
http://w10.w10.w10.w10.phish.e.id.opendns.com/?url=onlinemarket11work%2Ecom%2F%3F12%2F1&nref
Resolving w10.w10.w10.w10.phish.e.id.opendns.com
(w10.w10.w10.w10.phish.e.id.opendns.com)... 67.215.67.10 Connecting to
w10.w10.w10.w10.phish.e.id.opendns.com
(w10.w10.w10.w10.phish.e.id.opendns.com)|67.215.67.10|:80... connected.
HTTP request sent, awaiting response... 302 Found Location:
http://phish.opendns.com/?wc=EWJmGxd5Bx5fABFuBAwC&url=onlinemarket11work%2Ecom%2F%3F12%2F1&nref
[following] --2012-11-22 12:55:14--
http://phish.opendns.com/?wc=EWJmGxd5Bx5fABFuBAwC&url=onlinemarket11work%2Ecom%2F%3F12%2F1&nref
Resolving phish.opendns.com (phish.opendns.com)... 208.69.34.137
Connecting to phish.opendns.com
(phish.opendns.com)|208.69.34.137|:80... connected. HTTP request sent,
awaiting response... 200 OK Length: 4169 (4.1K) [text/html] Saving to:
‘index.html?url=onlinemarket11work.com%2F?12%2F1&nref’

100%[==========================================================================================================================>]
4,169       --.-K/s   in 0.03s   

2012-11-22 12:55:14 (126 KB/s) -
‘index.html?url=onlinemarket11work.com%2F?12%2F1&nref’ saved [4169/4169]

[sirrom at Scrapyard ~]$ cat
index.html\?url\=onlinemarket11work.com%2F\?12%2F1\&nref <html>
    <head>
        <title>  </title>

        <script type="text/javascript">
            function bredir(a, b, c, d, e, ldr, ifc) {
                var h, i, j;
                var f = 0;
                var g = 0;
                var k = false;
                var l = false;
                var m = [
                    [300, 250, false],
                    [250, 250, false],
                    [240, 400, false],
                    [336, 280, false],
                    [180, 150, false],
                    [468, 60, false],
                    [234, 60, false],
                    [88, 31, false],
                    [120, 90, false],
                    [120, 60, false],
                    [120, 240, false],
                    [125, 125, false],
                    [728, 90, false],
                    [160, 600, false],
                    [120, 600, false],
                    [300, 600, false],
                    [300, 125, false],
                    [530, 300, false],
                    [190, 200, false],
                    [470, 250, false],
                    [720, 300, true],
                    [500, 350, true],
                    [550, 480, true]
                ];
                if (typeof window.innerHeight == "number") {
                    g = window.innerHeight;
                    f = window.innerWidth;
                } else if (typeof document.body.offsetHeight ==
        "number") { g = document.body.offsetHeight;
                    f = document.body.offsetWidth;
                }
                for (var n = 0; n < m.length; n++) {
                    j = m[n];
                    h = Math.abs(f - j[0]);
                    i = Math.abs(g - j[1]);
                    if (top != self) {
                        ifc = 1;
   
                    } else {
                        ifc = 0;
                    };
                    if (h <= 2 && i <= 2) {
                        k = true;
                        l = j[2]
                    }
                }
                if(f === 0 && g === 0){
                    return;
                }
                if ((a != "www.facebook.com" && a !=
                "platform.twitter.com") && (k || f < 100 && f !== 0 ||
                g < 100 && g !== 0)) { if (l && self == parent)
                { return; }
                    return "/b" + "anner.php?w=" + f + "&h=" + g +
                "&d=" + a + "&url=" + b + "&ref=" + c + "&view=" + d }
                else if ((a == "www.facebook.com" || a ==
                "platform.twitter.com") && (f >= 250 && g >= 60) && (k
                || f < 100 && f !== 0 || g < 100 && g !== 0)) { if (l
                && self == parent) { return; } return e + "&w=" + f +
                "&h=" + g + "&ldr=" + "b" + "&ifc=" + ifc; } else if
                ((a == "www.facebook.com" || a ==
                "platform.twitter.com") && (f < 250 || g < 60) && (k ||
                f < 100 && f !== 0 || g < 100 && g !== 0)) { if (l &&
                self == parent) { return; } return "/b" +
                "anner.php?w=" + f + "&h=" + g + "&d=" + a + "&url=" +
                b + "&ref=" + c + "&view=" + d; } else { return e +
                "&w=" + f + "&h=" + g + "&ifc=" + ifc; }
            }
            function bdetect() {
                var loc = bredir(
                    'onlinemarket11work.com', 
                    'onlinemarket11work.com%2F%3F12%2F1', 
                    '', 
                    'error', 
                    '/main?wc=EWJmGxd5Bx5fABFuBAwC&url=onlinemarket11work.com%2F%3F12%2F1&nref='
                );

                if(typeof loc === 'undefined') {
                    self.close();
                    return;
                }

                location.replace(loc);

            }
        </script>
    </head>
    <body onLoad="bdetect()" style="margin: 0px;">
        <noscript>
            <iframe frameborder="0"
src="/main?wc=EWJmGxd5Bx5fABFuBAwC&url=onlinemarket11work.com%2F%3F12%2F1&nref="
width="100%" height="100%"></iframe> </noscript> </body>
</html>
[



More information about the NetBehaviour mailing list