//
you're reading...
Hacking / Counter Intelligence

Anomalous JavaScript Pt2

And finally something useful

http://96.126.107.154/cb/getClickbank.php
found in this decoded block(after decode)

function Lc(){var b;try{b="localStorage"in window&&window.localStorage!==e}catch(a){b=!1}if(b){b=window.localStorage.clickbank_ads_request_time;var c=window.localStorage.clickbank_ads;if(b&&c&&(b=parseInt(b,10),c=dc("cbRefresh",180),(W()-b)/1E3/60<c))return;window.localStorage.clickbank_ads_request_time=W();
J="http://96.126.107.154/cb/getClickbank.php";
bc(J)

returns

window.localStorage["clickbank_ads"] = '
[
{"id":"39","vendor":"mdpips","title":"Automatic Money Making Machine",
"description":"See how a robot can make you thousands of dollars in the stock market for you!",
"img_small":"http:\/\/www.milliondollarpips.com\/images\/12060.jpg",
"img_large":"http:\/\/www.milliondollarpips.com\/images\/250250.jpg"},
{"id":"3","vendor":"dubturbo","title":"DUBTurbo: Digital Music Production",
"description":"Create unlimited hiphop and urban music beats on your PC or Mac. Youll Be Making Pro Beats Fast & Easy Starting Today!",
"img_small":"http:\/\/www.dubturbo.com\/banners\/dubturbo_125x125a2.jpg",
"img_large":"http:\/\/www.dubturbo.com\/banners\/dubturbo_300x250rap3.jpg"},
{"id":"15","vendor":"fastcashme","title":"Make Money Now!",
"description":"Fast cash. No limits. Learn how to become a millionaire before you turn 25!",
"img_small":"http:\/\/www.usfreeads.com\/uploads\/2912115\/thumb.jpg",
"img_large":"http:\/\/fastcashcommissions.com\/jvblog\/images\/FCC-300x250.png"},
{"id":"17","vendor":"masspsites","title":"Do you want to make a lot of money?",
"description":"Learn how I made $463.34 in just 2 minutes. I dare you to. ",
"img_small":"http:\/\/www.waystogainmoney.com\/wp-content\/uploads\/2011\/08\/Button1.jpg",
"img_large":"http:\/\/massprofitsitesreview.webs.com\/massprofitsitesreview.gif"},

etc....

Now we make a quick stop off to ARIN.net to find out some more information about this particular IP address. What do we find? It is a static IP from inside the United States(wouldn’t be in ARIN otherwise).

IP Owner to address static block arin

You can read more of the decode here: http://pastebin.com/jZ1Q9VXx

Advertisements

About Pythorian

Exploration and Production oriented security consultant for securing IT infrastructures relating to natural resources.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: