API tools faq
paste
knufRed

Hacked CMS forwarder chains (Joomla, Drupal, Wordpress, etc)

knufRed
Feb 2nd, 2018
173
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.30 KB | None | 0 0
raw download clone embed print report
  1. // =========================================================================================
  2. // Hacked URLs found via Google, searching for "allinurl:php?teu=" (Aware of Google dorks).
  3. // -----------------------------------------------------------------------------------------
  4. // (Don't click them, the pages are still existing!!)
  5. thegriffinhouse.org/4wut/xhsk5.php?teu=raspbian-web-proxy
  6. www.raumwert.cc/yw5b/e9ai5.php?teu=mitmproxy...proxy
  7. haiproject.org/ve7l/orguj.php?teu=raspberry-pi-ssh-tunnel-proxy
  8. www.mezzbrands.com/dlo3/0cbjc.php?teu=pi-proxy
  9. www.retire21.org/zr7h/8jpac.php?teu=squid-listen-ipv4
  10. yadleah.org/owdt/uzdiy.php?teu=privoxy-vs-pi-hole
  11. kriteri.az/vqfx/67oth.php?teu=deluge-force-proxy
  12. www.propertify.se/wvbx/kdjck.php?teu=squid-listen-ipv4
  13. biralabwa.com/cjsp/xrmzo.php?teu=mitmproxy-alternative
  14. www.zphabiganj.org/nrmv/xgs4c.php?teu=privoxy-vs-pi-hole
  15. innovativemassagece.com/6dd9/nkfxc.php?teu=ipv6-proxy...
  16. izabelawojcik.com/cb5l/srkmg.php?teu=tor-server-setup
  17. loshylimited.com/zkt3/c2g6v.php?teu=deluge-force-proxy
  18. ...
  19.  
  20. // =========================================================================================
  21. // Curling one infected page:
  22. // -----------------------------------------------------------------------------------------
  23.  
  24. $> curl -v http://proclean-gmbh.de/alf6/nonh0.php\?teu=scam
  25. * Trying 85.13.131.63...
  26. * TCP_NODELAY set
  27. * Connected to proclean-gmbh.de (85.13.131.63) port 80 (#0)
  28. > GET /alf6/nonh0.php?teu=scam HTTP/1.1
  29. > Host: proclean-gmbh.de
  30. > User-Agent: curl/7.54.0
  31. > Accept: */*
  32. >
  33. < HTTP/1.1 302 Moved Temporarily
  34. < Date: Fri, 02 Feb 2018 21:14:52 GMT
  35. < Server: Apache
  36. < Upgrade: h2,h2c
  37. < Connection: Upgrade
  38. < Location: http://5.45.79.15/input/?mark=20180202-proclean-gmbh.de/alf6&tpl=9&engkey=scam
  39. < Transfer-Encoding: chunked
  40. < Content-Type: text/html
  41. <
  42. * Connection #0 to host proclean-gmbh.de left intact
  43.  
  44.  
  45. $> curl -v http://5.45.79.15/input/\?mark\=20180202-proclean-gmbh.de/alf6\&tpl\=9\&engkey\=scam
  46. * Trying 5.45.79.15...
  47. * TCP_NODELAY set
  48. * Connected to 5.45.79.15 (5.45.79.15) port 80 (#0)
  49. > GET /input/?mark=20180202-proclean-gmbh.de/alf6&tpl=9&engkey=scam HTTP/1.1
  50. > Host: 5.45.79.15
  51. > User-Agent: curl/7.54.0
  52. > Accept: */*
  53. >
  54. < HTTP/1.1 302 Found
  55. < Date: Fri, 02 Feb 2018 21:15:03 GMT
  56. < Server: Apache/2.2.15 (CentOS)
  57. < X-Powered-By: PHP/5.6.30
  58. < Set-Cookie: thevisited=1; expires=Sat, 03-Feb-2018 21:15:03 GMT; Max-Age=86400; path=/; domain=.5.45.79.15
  59. < Location: http://www.bestphoneapp.net/?sl=2752853-f60b9
  60. < Content-Length: 0
  61. < Connection: close
  62. < Content-Type: text/html; charset=UTF-8
  63. <
  64. * Closing connection 0
  65.  
  66.  
  67. $> curl -v http://www.bestphoneapp.net/\?sl\=2752853-f60b9
  68. * Trying 18.194.70.215...
  69. * TCP_NODELAY set
  70. * Connected to www.bestphoneapp.net (18.194.70.215) port 80 (#0)
  71. > GET /?sl=2752853-f60b9 HTTP/1.1
  72. > Host: www.bestphoneapp.net
  73. > User-Agent: curl/7.54.0
  74. > Accept: */*
  75. >
  76. < HTTP/1.1 302 Found
  77. < Date: Fri, 02 Feb 2018 21:15:12 GMT
  78. < Content-Type: text/html; charset=UTF-8
  79. < Transfer-Encoding: chunked
  80. < Connection: keep-alive
  81. < Server: nginx
  82. < Set-Cookie: vidf=czo2NDoiYmRhOGZmMWE5Y2RmMWQ0YzM1ZmZiZTZhOWQzMzY0ZTZhMjZlNjY1NDBmNDM1ZTFhZWRmMGJkMTNlZWYyMmRhNCI7; expires=Thu, 03-May-2018 20:15:12 GMT; Max-Age=7772400; path=/; domain=www.bestphoneapp.net
  83. < Set-Cookie: vt=506844-1517606112; expires=Sat, 03-Feb-2018 21:15:12 GMT; Max-Age=86400; path=/; domain=bestphoneapp.net
  84. < Set-Cookie: _s=2752853; expires=Sat, 03-Feb-2018 21:15:12 GMT; Max-Age=86400; path=/; domain=bestphoneapp.net
  85. < Set-Cookie: rd=YjoxOw%3D%3D; expires=Sat, 03-Feb-2018 21:15:12 GMT; Max-Age=86400; path=/; domain=www.bestphoneapp.net
  86. < Location: http://d.billyaffcontent.com/d/11685513e11bcfa62?sub=9035500000118074927-201802-54c8d2b8f6&source=4612
  87. < Referrer-Policy: no-referrer
  88. <
  89. * Connection #0 to host www.bestphoneapp.net left intact
  90.  
  91.  
  92. $> curl -v http://d.billyaffcontent.com/d/11685513e11bcfa62\?sub\=9035500000118074927-201802-54c8d2b8f6\&source\=4612
  93. * Trying 62.212.87.141...
  94. * TCP_NODELAY set
  95. * Connected to d.billyaffcontent.com (62.212.87.141) port 80 (#0)
  96. > GET /d/11685513e11bcfa62?sub=9035500000118074927-201802-54c8d2b8f6&source=4612 HTTP/1.1
  97. > Host: d.billyaffcontent.com
  98. > User-Agent: curl/7.54.0
  99. > Accept: */*
  100. >
  101. < HTTP/1.1 200 OK
  102. < Server: nginx
  103. < Date: Fri, 02 Feb 2018 21:15:21 GMT
  104. < Content-Type: text/html
  105. < Content-Length: 7829
  106. < Last-Modified: Thu, 25 Jan 2018 16:59:08 GMT
  107. < ETag: "5a6a0cdc-1e95"
  108. < Accept-Ranges: bytes
  109. <
  110. <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>Loading...</title> <link rel="icon" type="image/png" href="data:image/png;base64,iVBORw0KGgo="> <meta name="viewport" content="width=device-width,initial-scale=1"> </head> <body> <div class="void" style="opacity:0;position:absolute;top:-1000px;left:-1000px"> <canvas id="canvas"></canvas> </div> <script>var e=document.querySelector(".void"),m=document.getElementById("canvas");m.width=14;m.height=14;var p=m.getContext("2d");function r(k,h){for(var b=[],c=0;c<k.length;c++)b.push(k[c].charCodeAt(0));var g,d,f;if(0===b.length)return"";d=[0];for(c=0;c<b.length;){for(f=0;f<d.length;)d[f]<<=h?0:8,f++;d[0]+=b[c];for(f=g=0;f<d.length;)d[f]+=g,g=d[f]/58|0,d[f]%=58,++f;for(;g;)d.push(g%58),g=g/58|0;c++}for(c=0;0===b[c]&&c<b.length-1;)d.push(0),c++;b="";d=d.reverse();for(c=0;c<d.length;c++)b+="123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"[d[c]];return b}function v(k){try{return eval(k)}catch(h){return!0}}function w(k,h){var b=document.createElement(h);return"function"==typeof b.canPlayType&&(b=b.canPlayType(k),"maybe"==b.toLowerCase()||"probably"==b.toLowerCase())?!0:!1}!function(k,h,b,c,g,d,f){var n;try{n=function(){function d(a){return"function"==typeof a||!1}var g,n=new Date,q=[function(){return+new Date},function(){return 5},function(){return b.platform},function(){return"ontouchstart"in h||"onmsgesturechange"in h?1:f},function(){return c.availWidth},function(){return c.availHeight},function(){return b.plugins&&b.plugins.length},function(){return(g.ontouchstart+"")[0]},function(){return(h.g+"")[0]},function(){return h.MSGesture?1:f},function(){return h.innerWidth},function(){return h.innerHeight},function(){return n.getTimezoneOffset()},function(){return(new Date).getTime()-n.getTime()},function(){return b.buildID},function(){return b.cookieEnabled?1:f},function(){return b.performance&&b.performance.navigation&&b.performance.navigation.redirectCount||f},function(){return b.performance&&b.performance.navigation&&b.performance.navigation.type||f},function(){return h.orientation},function(){return h.devicePixelRatio},function(){return b.vendor},function(){return c.pixelDepth},function(){return c.colorDepth},function(){return c.deviceXDPI},function(){return c.e},function(){return d(k.hasFocus)?k.hasFocus():f},function(){return d(k.getComputedStyle)?1:f},function(){return h.history&&d(h.history.pushState)?1:f},function(){return c.width},function(){return c.height},function(){return window!=window.top},function(){return b.userAgent},function(){var a=[],b=document.createElement("div");b.innerHTML='<fieldset disabled><input type="text"></fieldset>';a.push(b.querySelector("input:disabled")? 0:1);a.push(v("!MutationObserver")?1:0);a.push(document.d?0:1);a.push("undefined"===typeof document.hidden||"undefined"===typeof document.webkitHidden?1:0);a.push(window.requestAnimationFrame?0:1);a.push(v('(typeof document.createElement("iframe").srcdoc)[0] === "u"')?1:0);return a.join("")},function(){var a=[];a.push(v('typeof window.SpeechSynthesisUtterance === "undefined"')?1:0);a.push(window.HTMLPictureElement?0:1);return a.join("")},function(){var a=[];a.push("undefined"===typeof document.createElement("a").f? 1:0);a.push(w("video/webm","video")?0:1);a.push(w("audio/ogg","audio")?0:1);a.push(v('document.body.querySelector(":nth-child(1 of .foo)")')?0:1);return a.join("")},function(){var a=[];a.push("undefined"===typeof window.openDatabase?1:0);a.push(v('document.querySelector("div:dir(ltr)")')?0:1);a.push("ondeviceproximity"in window?1:0);return a.join("")},function(){var a=[];a.push(window.chrome&&window.chrome.h?1:0);return a.join("")},function(){try{for(var a in b.plugins)if(b.plugins[a].name&&-1<b.plugins[a].name.toString().indexOf("Flash"))return!0}catch(c){}return!1},function(){var a=[];a.push(v('(typeof window.PaymentRequest)[0] === "f"')?1:0);a.push(v('(typeof window.MediaRecorder)[0] === "f"')?1:0);a.push(v('navigator.connection.type[0] === "w" || navigator.connection.type[0] === "c"')?1:0);return a.join("")},function(){var a=[];a.push(v("navigator.language")?1:0);a* Connection #0 to host d.billyaffcontent.com left intact
  111. .push(v("navigator.userLanguage")?1:0);a.push(v("navigator.browserLanguage")?1:0);a.push(v("navigator.systemLanguage")?1:0);return a.join("")},function(){var a=[];a.push(v("!!window.sessionStorage")? 1:0);a.push(v("!!window.localStorage")?1:0);a.push(v("!!window.indexedDB")?1:0);a.push(v('navigator.hardwareConcurrency ? navigator.hardwareConcurrency : "unknown"')?1:0);a.push(v('navigator.platform ? navigator.platform : "unknown"')?1:0);a.push(v('navigator.doNotTrack ? navigator.doNotTrack : "unknown"')?1:0);a.push(v('navigator.msDoNotTrack ? navigator.msDoNotTrack : "unknown"')?1:0);a.push(v('window.doNotTrack ? window.doNotTrack : "unknown"')?1:0);return a.join("")},function(){var a=0,b=!1;"undefined"!==typeof navigator.b?a=navigator.b:"undefined"!==typeof navigator.c&&(a=navigator.c);try{document.createEvent("TouchEvent"),b=!0}catch(c){}return[a?1:0,b?1:0,"ontouchstart"in window?1:0].join("")},function(){if("undefined"!==typeof navigator.a)try{if(navigator.a[0].substr(0,2)!==navigator.language.substr(0,2))return!0}catch(a){return!0}return!1},function(){return v("navigator.oscpu")},function(){return v("navigator.productSub")},function(){return v("eval.toString().length")},function(){var a=document.createElement("canvas");return!(!a.getContext||!a.getContext("2d"))},function(){return document.referrer},function(){var a="",a=document.createElement("div");a.innerHTML="<style>span{color:rebeccapurple}</style><span>rbcc</span>";e.appendChild(a);return a=getComputedStyle(a.querySelector("span")).color.match(/\d/g).join("")},function(){return v("navigator.connection.type")},function(){var a=[];p.font="12px monospace";p.fillStyle="white";for(var b=["\ud83d\udc58","\ud83d\udc44","\ud83d\udc7e","\ud83d\udcf1"],c=0;4>c;c++)p.clearRect(0,0,14,14),p.fillText(b[c],0,12),a.push(r(m.toDataURL("image/png"),!0));return a.join("")},function(){p.fillStyle="black";var a="Dancing Script;sans-serif-light;sans-serif-condensed-light;Zapfino;Cochin;sans-serif-black;Cambria;serif-monospace;Damascus;sans-serif-smallcaps;Noto Serif;Bookerly;HelveticaNeue;Avenir-Book;ArialMT;Microsoft Sans Serif;Comic Sans;Superclarendon-Regular;Georgia;Open Sans;FreeSans;Algerian;Bookman Old Style;Bitstream Vera Sans;FreeSerif;sans-serif-condensed;AppleSDGothicNeo-Thin;sans-serif-thin;sans-serif-medium;Droid Sans;AppleColorEmoji;Monospace;Webdings;TrebuchetMS;Tahoma;Roboto;Lucida Console;DejaVu Sans;DBLCDTempBlack;Calibri;FreeMono;Lucida;casual;Impact;AlNile-Bold;AmericanTypewriter;Ubuntu;Syncopate;Liberation Serif;Didot;AcademyEngravedLetPlain;Trebuchet;OpenSymbol".split(";");m.width=14*a.length;p.clearRect(0,0,14,14);for(var b=0,c=a.length;b<c;b++)p.font="16px "+a[b],p.fillText("B",14*b,12);return r(m.toDataURL("image/png"),!0)},function(){return window.name},function(){try{var a=document.createElement("canvas").getContext("webgl"),b=a.getExtension("WEBGL_debug_renderer_info");try{return a.getParameter(b.UNMASKED_VENDOR_WEBGL)}catch(c){return 1}}catch(d){return 0}},function(){try{return document.createElement("canvas").getContext("webgl").getSupportedExtensions().length}catch(a){return"0"}}],t=[],u="ctm ver plt tch aw ah crx tchl msgl msg iw ih tz tdff buid cke prfrd prfnv ornt dpr vnd pd cdp dxdp dydp hsfc gcs whst ww wh frm ua a43 a44 sf ff chd flv chm lng strg mxtch mnlng oscpu prdsub evln cnv ref rbcc cntp emjf ttfp wnm wglv wgle".split(" ");for(g=0;g<u.length;++g)try{t.push([u[g],q[g]()].join(""))}catch(x){t.push([u[g],"!"+x.message].join(""))}return t.join("\x00")}()}catch(q){try{n=l([0,q.message||q].join("\x00"))}catch(y){n=""}}window.location.replace(g.replace("/d/","/l/")+r(n))}(document,window,navigator,screen,location.href+(location.href.split("?")[1]?"&":"?")+"code=");</script> </body> </html>% $>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!