PHP Malware Analysis

Back to list

Tags

URLs
http://www.sh3ll.org/c99.txt?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY0ODkyMzM2MCwiaWF0IjoxNjQ4OTE2MTYwLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIycmgyMTBucXY5OW9iaXI0OW8wY3NqdTEiLCJuYmYiOjE2NDg5MTYxNjAsInRzIjoxNjQ4OTE2MTYwNDk5MzIwfQ.sLmP-lMQdul4afncR7p5LLv4q5npJ3r2usbkzu5Zzdo&sid=2f9bbfb6-b2a0-11ec-b7f5-925c852e34d3
Title
Loading...

Deobfuscated code

<html><head><title>Loading...</title></head><body><script type='text/javascript'>window.location.replace('http://www.sh3ll.org/c99.txt?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY0ODkyMzM2MCwiaWF0IjoxNjQ4OTE2MTYwLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIycmgyMTBucXY5OW9iaXI0OW8wY3NqdTEiLCJuYmYiOjE2NDg5MTYxNjAsInRzIjoxNjQ4OTE2MTYwNDk5MzIwfQ.sLmP-lMQdul4afncR7p5LLv4q5npJ3r2usbkzu5Zzdo&sid=2f9bbfb6-b2a0-11ec-b7f5-925c852e34d3');</script></body></html>


Original code

<html><head><title>Loading...</title></head><body><script type='text/javascript'>window.location.replace('http://www.sh3ll.org/c99.txt?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY0ODkyMzM2MCwiaWF0IjoxNjQ4OTE2MTYwLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIycmgyMTBucXY5OW9iaXI0OW8wY3NqdTEiLCJuYmYiOjE2NDg5MTYxNjAsInRzIjoxNjQ4OTE2MTYwNDk5MzIwfQ.sLmP-lMQdul4afncR7p5LLv4q5npJ3r2usbkzu5Zzdo&sid=2f9bbfb6-b2a0-11ec-b7f5-925c852e34d3');</script></body></html>