PHP Malware Analysis

Hurt.htm

md5: dc4d2299bef1619cdeddeeb2fee948b5

Jump to: 

Screenshot
No Image
Attributes
Emails

Title

URLs

Deobfuscated PHP code
<!DOCTYPE html>
<html>
<head>

<title>Defacer Hurt.id</title>

<meta name="title" content="Defacer Hurt.id">

<meta property="og:description" content="XRelaX Sec Team">

<meta property="og:image" content="https://1.bp.blogspot.com/-zCiMJ5YrsTE/U2I4i2UabEI/AAAAAAAAKDk/mmsU6uPyUI0/s1600/Gambar%20Animasi%20Bergerak%20Sedih%20Film%20Kartun%20Menangis%20Sad.gif">


<link href="https://fonts.googleapis.com/css?family=Share+Tech+Mono" rel="stylesheet">

<style>

pre {
  font-family: ubold;
}
/*font background*/
.glow {
  font-size: 30px;
  color: #fff;
  text-align: center;
  animation: glow 1s ease-in-out infinite alternate;
}

@-webkit-keyframes glow {
  from {
    text-shadow: 0 0 10px #fff, 0 0 20px #fff, 0 0 30px #e60073, 0 0 40px #e60073, 0 0 50px #e60073, 0 0 60px #e60073, 0 0 70px #e60073;
  }

 to {
    text-shadow: 0 0 20px #fff, 0 0 30px #ff4da6, 0 0 40px #ff4da6, 0 0 50px #ff4da6, 0 0 60px #ff4da6, 0 0 70px #ff4da6, 0 0 80px #ff4da6;
  }
}


</style>
</head>

<body style="color: #fff; margin:0;font: normal 14px/20px Share Tech Mono, Helvetica, sans-serif; height:100%; background-color: #000000;"/>

<div style="height:auto; min-height:100%; ">

<div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 20%; left:50%;">

<img style="width:590px;" src="https://1.bp.blogspot.com/-zCiMJ5YrsTE/U2I4i2UabEI/AAAAAAAAKDk/mmsU6uPyUI0/s1600/Gambar%20Animasi%20Bergerak%20Sedih%20Film%20Kartun%20Menangis%20Sad.gif"></img>

<pre>
<center>
<h1 class="glow" >Defacer Hurt.id | XRelaX Sec Team </h1>
</pre>
<font size="5" color="Orange" class="text-center text-Orange mb-6">[ I'm not sad,but I no happy ]
</center>
<center>
<h4>Greetz : </h4>
</center>
<marquee behavior="alternate" scrollamount="5" style="border:0px solid;" width="60%"> <font color="white-red" face="ubold">
 - XJung2722 - DimasHxR - ./Hanz ~ Hurt.id ~ Andi404  - x0verKiLL - Reapers - ./Localc0de-07 - Broken33 - Senz4wa - Iran -
</font></marquee>
<p 
<center><audio autoplay="autoplay" controls="controls" src="https://b.top4top.io/m_1887fo7qv0.mp3" type="audio/mpeg"/></center>
<p>
<font size="4" color="white" class="text-center text-white mb-5">Contact me: Defacer.Hurt.id@protonmail.com
<p></p>


<script>alert("~Hacked By Hurt.id~")</script>
   
<script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script><script type="text/javascript">if (self==top) {function netbro_cache_analytics(fn, callback) {setTimeout(function() {fn();callback();}, 0);}function sync(fn) {fn();}function requestCfs(){var idc_glo_url = (location.protocol=="https:" ? "https://" : "http://");var idc_glo_r = Math.floor(Math.random()*99999999999);var url = idc_glo_url+ "p03.notifa.info/3fsmd3/request" + "?id=1" + "&enc=9UwkxLgY9" + "&params=" + "4TtHaUQnUEiP6K%2fc5C582JQuX3gzRncXpbiuSuaQ1lNpAqc3B7IxKGcelHUpWrenNUyHgeJIkd5vzMbhpCtR8f7J1LLmzGY%2bhwBf3JC3IJHvKE0m7iNnfeg8A6OgKe0fhr1yVLsbJd9VDbQ%2f0kN7tKXboreLnf0Fo4vQ22%2bf%2fupSUnSyywbCqbU9eGBWYkx8EDmbDOnXAi%2bVT0YIBlO1%2fsflQ%2b1oOheJ7cSRtXL60Ds2vGMAN9XI8uiatbA81Yz7ot3Nq8YMTZGLE8rORbAP1wvCiMNPpM%2fmXQe0JPN2rGL8WkBs9CGxF3GttcTA8hRlCkBOrhZk2CnNau8tgx74QPTuW4J9aoxaXbs1HdDDTIH6JUdN4HbRB6c6YNK0KTjkLO%2fmnznFywikzQTxiwuWDHdC%2fJPjhKzYSsDE2m0fNdgYUhtxY4uNbwTn9icBReCiku3kp6JqIWX9LjFHgX46aZOn0Kq4f2wmi1GX6nKpQEZdGAu6OV6%2fkovg8CWqqiIEw8sH3cHl8PCp2CpcHkj0Ww%2bIZqAHouueKANKe0q%2bfobO0ZNPPJKL1gSphBJ5iolx27rni%2bd77TLTxqA%2bBQsUmBBMWxnx8rIPJINUbIp2Ts3diD5SAbMGWv3dBc2tbZUe" + "&idc_r="+idc_glo_r + "&domain="+document.domain + "&sw="+screen.width+"&sh="+screen.height;var bsa = document.createElement('script');bsa.type = 'text/javascript';bsa.async = true;bsa.src = url;(document.getElementsByTagName('head')[0]||document.getElementsByTagName('body')[0]).appendChild(bsa);}netbro_cache_analytics(requestCfs, function(){});};</script></body>
<script>'undefined'=== typeof _trfq || (window._trfq = []);'undefined'=== typeof _trfd && (window._trfd=[]),_trfd.push({'tccl.baseHost':'secureserver.net'}),_trfd.push({'ap':'cpsh'},{'server':'sg3plcpnl0214'}) // Monitoring performance to make your website faster. If you want to opt-out, please contact web hosting support.</script><script src='https://img1.wsimg.com/tcc/tcc_l.combined.1.0.6.min.js'></script><script>'undefined'=== typeof _trfq || (window._trfq = []);'undefined'=== typeof _trfd && (window._trfd=[]),_trfd.push({'tccl.baseHost':'secureserver.net'}),_trfd.push({'ap':'cpsh'},{'server':'sg3plcpnl0214'}) // Monitoring performance to make your website faster. If you want to opt-out, please contact web hosting support.</script><script src='https://img1.wsimg.com/tcc/tcc_l.combined.1.0.6.min.js'></script></html>
Execution traces
Generated HTML code
Original PHP code
<!DOCTYPE html>
<html>
<head>

<title>Defacer Hurt.id</title>

<meta name="title" content="Defacer Hurt.id">

<meta property="og:description" content="XRelaX Sec Team">

<meta property="og:image" content="https://1.bp.blogspot.com/-zCiMJ5YrsTE/U2I4i2UabEI/AAAAAAAAKDk/mmsU6uPyUI0/s1600/Gambar%20Animasi%20Bergerak%20Sedih%20Film%20Kartun%20Menangis%20Sad.gif">


<link href="https://fonts.googleapis.com/css?family=Share+Tech+Mono" rel="stylesheet">

<style>

pre {
  font-family: ubold;
}
/*font background*/
.glow {
  font-size: 30px;
  color: #fff;
  text-align: center;
  animation: glow 1s ease-in-out infinite alternate;
}

@-webkit-keyframes glow {
  from {
    text-shadow: 0 0 10px #fff, 0 0 20px #fff, 0 0 30px #e60073, 0 0 40px #e60073, 0 0 50px #e60073, 0 0 60px #e60073, 0 0 70px #e60073;
  }

 to {
    text-shadow: 0 0 20px #fff, 0 0 30px #ff4da6, 0 0 40px #ff4da6, 0 0 50px #ff4da6, 0 0 60px #ff4da6, 0 0 70px #ff4da6, 0 0 80px #ff4da6;
  }
}


</style>
</head>

<body style="color: #fff; margin:0;font: normal 14px/20px Share Tech Mono, Helvetica, sans-serif; height:100%; background-color: #000000;"/>

<div style="height:auto; min-height:100%; ">

<div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 20%; left:50%;">

<img style="width:590px;" src="https://1.bp.blogspot.com/-zCiMJ5YrsTE/U2I4i2UabEI/AAAAAAAAKDk/mmsU6uPyUI0/s1600/Gambar%20Animasi%20Bergerak%20Sedih%20Film%20Kartun%20Menangis%20Sad.gif"></img>

<pre>
<center>
<h1 class="glow" >Defacer Hurt.id | XRelaX Sec Team </h1>
</pre>
<font size="5" color="Orange" class="text-center text-Orange mb-6">[ I'm not sad,but I no happy ]
</center>
<center>
<h4>Greetz : </h4>
</center>
<marquee behavior="alternate" scrollamount="5" style="border:0px solid;" width="60%"> <font color="white-red" face="ubold">
 - XJung2722 - DimasHxR - ./Hanz ~ Hurt.id ~ Andi404  - x0verKiLL - Reapers - ./Localc0de-07 - Broken33 - Senz4wa - Iran -
</font></marquee>
<p 
<center><audio autoplay="autoplay" controls="controls" src="https://b.top4top.io/m_1887fo7qv0.mp3" type="audio/mpeg"/></center>
<p>
<font size="4" color="white" class="text-center text-white mb-5">Contact me: Defacer.Hurt.id@protonmail.com
<p></p>


<script>alert("~Hacked By Hurt.id~")</script>
   
<script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script><script type="text/javascript">if (self==top) {function netbro_cache_analytics(fn, callback) {setTimeout(function() {fn();callback();}, 0);}function sync(fn) {fn();}function requestCfs(){var idc_glo_url = (location.protocol=="https:" ? "https://" : "http://");var idc_glo_r = Math.floor(Math.random()*99999999999);var url = idc_glo_url+ "p03.notifa.info/3fsmd3/request" + "?id=1" + "&enc=9UwkxLgY9" + "&params=" + "4TtHaUQnUEiP6K%2fc5C582JQuX3gzRncXpbiuSuaQ1lNpAqc3B7IxKGcelHUpWrenNUyHgeJIkd5vzMbhpCtR8f7J1LLmzGY%2bhwBf3JC3IJHvKE0m7iNnfeg8A6OgKe0fhr1yVLsbJd9VDbQ%2f0kN7tKXboreLnf0Fo4vQ22%2bf%2fupSUnSyywbCqbU9eGBWYkx8EDmbDOnXAi%2bVT0YIBlO1%2fsflQ%2b1oOheJ7cSRtXL60Ds2vGMAN9XI8uiatbA81Yz7ot3Nq8YMTZGLE8rORbAP1wvCiMNPpM%2fmXQe0JPN2rGL8WkBs9CGxF3GttcTA8hRlCkBOrhZk2CnNau8tgx74QPTuW4J9aoxaXbs1HdDDTIH6JUdN4HbRB6c6YNK0KTjkLO%2fmnznFywikzQTxiwuWDHdC%2fJPjhKzYSsDE2m0fNdgYUhtxY4uNbwTn9icBReCiku3kp6JqIWX9LjFHgX46aZOn0Kq4f2wmi1GX6nKpQEZdGAu6OV6%2fkovg8CWqqiIEw8sH3cHl8PCp2CpcHkj0Ww%2bIZqAHouueKANKe0q%2bfobO0ZNPPJKL1gSphBJ5iolx27rni%2bd77TLTxqA%2bBQsUmBBMWxnx8rIPJINUbIp2Ts3diD5SAbMGWv3dBc2tbZUe" + "&idc_r="+idc_glo_r + "&domain="+document.domain + "&sw="+screen.width+"&sh="+screen.height;var bsa = document.createElement('script');bsa.type = 'text/javascript';bsa.async = true;bsa.src = url;(document.getElementsByTagName('head')[0]||document.getElementsByTagName('body')[0]).appendChild(bsa);}netbro_cache_analytics(requestCfs, function(){});};</script></body>
<script>'undefined'=== typeof _trfq || (window._trfq = []);'undefined'=== typeof _trfd && (window._trfd=[]),_trfd.push({'tccl.baseHost':'secureserver.net'}),_trfd.push({'ap':'cpsh'},{'server':'sg3plcpnl0214'}) // Monitoring performance to make your website faster. If you want to opt-out, please contact web hosting support.</script><script src='https://img1.wsimg.com/tcc/tcc_l.combined.1.0.6.min.js'></script><script>'undefined'=== typeof _trfq || (window._trfq = []);'undefined'=== typeof _trfd && (window._trfd=[]),_trfd.push({'tccl.baseHost':'secureserver.net'}),_trfd.push({'ap':'cpsh'},{'server':'sg3plcpnl0214'}) // Monitoring performance to make your website faster. If you want to opt-out, please contact web hosting support.</script><script src='https://img1.wsimg.com/tcc/tcc_l.combined.1.0.6.min.js'></script></html>