stoppblock.net proxy PAC malware and “50.7.182.141”

Posted on August 2, 2016 by

In a continuation to the previous post about a computer with “infected” DNS settings….

The same machine also had a Proxy PAC file set.

In the specific computers instance it had this URL set in the automatic proxy settings section:

http://stoppblock.net/wpad.dat?fb4c39d90b3dd1f76bda246b4a60839913671305

stoppblock.net, registered via a whois privacy service, was only registered on the 4th July 2016 and has only been hosting a website from around the 21st July. A similar domain “Stopblock.me” seems to have been registered much longer ago in September 2015 using a privacy service and a similar DNS setup to the new site and is hosted at the same datacenter.

Now – if you download the above URL using something like Notepad or CURL you get a blank file telling software to go DIRECT;

If you use a known browser you instead get the following PAC script found at the end of this blog article.

What is interesting here is they seem to be taking SHA256 hashes of URLs and matching them. Clever idea. This instantly increases the difficulty in identifying which websites they are targeting with their proxy attack.

It looks like they are usurping traffic to 192 domains.

If one of these domains is detected they then currently relay the traffic via the following proxy hosted at FDC Servers:

50.7.182.141:51598

It looks like the above server has thousands of open ports, probably all entirely open and ready to proxy.

If you manually set your proxy to it you can tell which websites are on their intercept list in the PAC file. Any domain they don’t like is greeted with a “403 Forbidden” while domains they do like.. (some that I’ve found so far):

– Google.com
– chrome.google.com
http://www.google-analytics.com

The above sites get proxied and SSL Man in the middled (MITM). I feel like maybe the malware which setup this PAC comes along with it’s own “Trusted” Root CA so their generated proxy certificates work.

Upon initial investigation the root of google.com doesn’t get modified upon request via the malware proxy.

Here is the proxy PAC code as referenced above.. it was too long to put in the middle of the article:

/*
CryptoJS v3.1.2
code.google.com/p/crypto-js
(c) 2009-2013 by Jeff Mott. All rights reserved.
code.google.com/p/crypto-js/wiki/License
*/
var CryptoJS = CryptoJS || function(h, s) {
 var f = {},
 t = f.lib = {},
 g = function() {},
 j = t.Base = {
 extend: function(a) {
 g.prototype = this;
 var c = new g;
 a && c.mixIn(a);
 c.hasOwnProperty("init") || (c.init = function() {
 c.$super.init.apply(this, arguments)
 });
 c.init.prototype = c;
 c.$super = this;
 return c
 },
 create: function() {
 var a = this.extend();
 a.init.apply(a, arguments);
 return a
 },
 init: function() {},
 mixIn: function(a) {
 for (var c in a) a.hasOwnProperty(c) && (this[c] = a[c]);
 a.hasOwnProperty("toString") && (this.toString = a.toString)
 },
 clone: function() {
 return this.init.prototype.extend(this)
 }
 },
 q = t.WordArray = j.extend({
 init: function(a, c) {
 a = this.words = a || [];
 this.sigBytes = c != s ? c : 4 * a.length
 },
 toString: function(a) {
 return (a || u).stringify(this)
 },
 concat: function(a) {
 var c = this.words,
 d = a.words,
 b = this.sigBytes;
 a = a.sigBytes;
 this.clamp();
 if (b % 4)
 for (var e = 0; e < a; e++) c[b + e >>> 2] |= (d[e >>> 2] >>> 24 - 8 * (e % 4) & 255) << 24 - 8 * ((b + e) % 4);
 else if (65535 < d.length)
 for (e = 0; e < a; e += 4) c[b + e >>> 2] = d[e >>> 2];
 else c.push.apply(c, d);
 this.sigBytes += a;
 return this
 },
 clamp: function() {
 var a = this.words,
 c = this.sigBytes;
 a[c >>> 2] &= 4294967295 <<
 32 - 8 * (c % 4);
 a.length = h.ceil(c / 4)
 },
 clone: function() {
 var a = j.clone.call(this);
 a.words = this.words.slice(0);
 return a
 },
 random: function(a) {
 for (var c = [], d = 0; d < a; d += 4) c.push(4294967296 * h.random() | 0);
 return new q.init(c, a)
 }
 }),
 v = f.enc = {},
 u = v.Hex = {
 stringify: function(a) {
 var c = a.words;
 a = a.sigBytes;
 for (var d = [], b = 0; b < a; b++) {
 var e = c[b >>> 2] >>> 24 - 8 * (b % 4) & 255;
 d.push((e >>> 4).toString(16));
 d.push((e & 15).toString(16))
 }
 return d.join("")
 },
 parse: function(a) {
 for (var c = a.length, d = [], b = 0; b < c; b += 2) d[b >>> 3] |= parseInt(a.substr(b,
 2), 16) << 24 - 4 * (b % 8);
 return new q.init(d, c / 2)
 }
 },
 k = v.Latin1 = {
 stringify: function(a) {
 var c = a.words;
 a = a.sigBytes;
 for (var d = [], b = 0; b < a; b++) d.push(String.fromCharCode(c[b >>> 2] >>> 24 - 8 * (b % 4) & 255));
 return d.join("")
 },
 parse: function(a) {
 for (var c = a.length, d = [], b = 0; b < c; b++) d[b >>> 2] |= (a.charCodeAt(b) & 255) << 24 - 8 * (b % 4);
 return new q.init(d, c)
 }
 },
 l = v.Utf8 = {
 stringify: function(a) {
 try {
 return decodeURIComponent(escape(k.stringify(a)))
 } catch (c) {
 throw Error("Malformed UTF-8 data");
 }
 },
 parse: function(a) {
 return k.parse(unescape(encodeURIComponent(a)))
 }
 },
 x = t.BufferedBlockAlgorithm = j.extend({
 reset: function() {
 this._data = new q.init;
 this._nDataBytes = 0
 },
 _append: function(a) {
 "string" == typeof a && (a = l.parse(a));
 this._data.concat(a);
 this._nDataBytes += a.sigBytes
 },
 _process: function(a) {
 var c = this._data,
 d = c.words,
 b = c.sigBytes,
 e = this.blockSize,
 f = b / (4 * e),
 f = a ? h.ceil(f) : h.max((f | 0) - this._minBufferSize, 0);
 a = f * e;
 b = h.min(4 * a, b);
 if (a) {
 for (var m = 0; m < a; m += e) this._doProcessBlock(d, m);
 m = d.splice(0, a);
 c.sigBytes -= b
 }
 return new q.init(m, b)
 },
 clone: function() {
 var a = j.clone.call(this);
 a._data = this._data.clone();
 return a
 },
 _minBufferSize: 0
 });
 t.Hasher = x.extend({
 cfg: j.extend(),
 init: function(a) {
 this.cfg = this.cfg.extend(a);
 this.reset()
 },
 reset: function() {
 x.reset.call(this);
 this._doReset()
 },
 update: function(a) {
 this._append(a);
 this._process();
 return this
 },
 finalize: function(a) {
 a && this._append(a);
 return this._doFinalize()
 },
 blockSize: 16,
 _createHelper: function(a) {
 return function(c, d) {
 return (new a.init(d)).finalize(c)
 }
 },
 _createHmacHelper: function(a) {
 return function(c, d) {
 return (new w.HMAC.init(a,
 d)).finalize(c)
 }
 }
 });
 var w = f.algo = {};
 return f
}(Math);
(function(h) {
 for (var s = CryptoJS, f = s.lib, t = f.WordArray, g = f.Hasher, f = s.algo, j = [], q = [], v = function(a) {
 return 4294967296 * (a - (a | 0)) | 0
 }, u = 2, k = 0; 64 > k;) {
 var l;
 a: {
 l = u;
 for (var x = h.sqrt(l), w = 2; w <= x; w++)
 if (!(l % w)) {
 l = !1;
 break a
 }
 l = !0
 }
 l && (8 > k && (j[k] = v(h.pow(u, 0.5))), q[k] = v(h.pow(u, 1 / 3)), k++);
 u++
 }
 var a = [],
 f = f.SHA256 = g.extend({
 _doReset: function() {
 this._hash = new t.init(j.slice(0))
 },
 _doProcessBlock: function(c, d) {
 for (var b = this._hash.words, e = b[0], f = b[1], m = b[2], h = b[3], p = b[4], j = b[5], k = b[6], l = b[7], n = 0; 64 > n; n++) {
 if (16 > n) a[n] =
 c[d + n] | 0;
 else {
 var r = a[n - 15],
 g = a[n - 2];
 a[n] = ((r << 25 | r >>> 7) ^ (r << 14 | r >>> 18) ^ r >>> 3) + a[n - 7] + ((g << 15 | g >>> 17) ^ (g << 13 | g >>> 19) ^ g >>> 10) + a[n - 16]
 }
 r = l + ((p << 26 | p >>> 6) ^ (p << 21 | p >>> 11) ^ (p << 7 | p >>> 25)) + (p & j ^ ~p & k) + q[n] + a[n];
 g = ((e << 30 | e >>> 2) ^ (e << 19 | e >>> 13) ^ (e << 10 | e >>> 22)) + (e & f ^ e & m ^ f & m);
 l = k;
 k = j;
 j = p;
 p = h + r | 0;
 h = m;
 m = f;
 f = e;
 e = r + g | 0
 }
 b[0] = b[0] + e | 0;
 b[1] = b[1] + f | 0;
 b[2] = b[2] + m | 0;
 b[3] = b[3] + h | 0;
 b[4] = b[4] + p | 0;
 b[5] = b[5] + j | 0;
 b[6] = b[6] + k | 0;
 b[7] = b[7] + l | 0
 },
 _doFinalize: function() {
 var a = this._data,
 d = a.words,
 b = 8 * this._nDataBytes,
 e = 8 * a.sigBytes;
 d[e >>> 5] |= 128 << 24 - e % 32;
 d[(e + 64 >>> 9 << 4) + 14] = h.floor(b / 4294967296);
 d[(e + 64 >>> 9 << 4) + 15] = b;
 a.sigBytes = 4 * d.length;
 this._process();
 return this._hash
 },
 clone: function() {
 var a = g.clone.call(this);
 a._hash = this._hash.clone();
 return a
 }
 });
 s.SHA256 = g._createHelper(f);
 s.HmacSHA256 = g._createHmacHelper(f)
})(Math);
var hashes = [{
 "direct": false,
 "hash": {
 "url": [
 [30, "3641293c700dbf07c69bc819ea7c168efa75c54a953a0c73af7d62edf2e44c0c"]
 ]
 },
 "sc": 2
}, {
 "direct": false,
 "hash": {
 "url": [
 [30, "005acdb782876c1d12cbabd154734baf814d95d0d0cc9a189e161f50850e6e11"]
 ]
 },
 "sc": 1
}, {
 "direct": false,
 "hash": {
 "url": [
 [37, "091ba1b78804e5415b317554c2d3edcc0fa9b0907109392187a24f22951de9a2"]
 ]
 },
 "sc": 2
}, {
 "direct": false,
 "hash": {
 "url": [
 [34, "85fa4e502c08ba456c3b3e78162a7edf3a3dd251b3f091abf1889ba33eab6f62"]
 ]
 },
 "sc": 2
}, {
 "direct": false,
 "hash": {
 "url": [
 [54, "2fb5d5f6b16a61a5a2463c2918b82a56c1f93e3f610ed11e2d2b4b692e6bd24c"]
 ]
 },
 "sc": 2
}, {
 "direct": false,
 "hash": {
 "url": [
 [31, "69c01b96756640faf07f816ebec4994d054a328c84f32d8f3ad2b4f817ff72aa"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [27, "aab8f002cb79cc9542a001fec8544bc331f0b42292db3a49ee245a6a218eea2a"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [16, "02a0becb3e90c1c50bb9932bffb7c4d130cd6b78558dedbec7c39b1624132894"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [21, "027a1ea4c5fe27134a12fc6b166b58e98d91242e19f89405147b78e5d21c4f8d"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [18, "04d62c424bfe5388333e11b6ccb47f6f78e43bf26b92d5c4a140681fb8cf6a44"],
 [0]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [38, "cbc1c5ba723aa977c56aecdab1a8c71c41c046046e05ca14d2fa28dd10092fb6"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [24, "49dbf639e44e763f59cb09945e0a011e7420d44c179301ab3a09e708d903709e"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 2
}, {
 "direct": false,
 "hash": {
 "url": [
 [18, "7e8d27eec13ac38216d4edd72d1a29bff2f329c6ed6a8a8a94857834a4836b3f"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [31, "6d3eaddd0cde25e6ec74b5bbbfcb33fdbef5f549b0c94befcbf419475b6979f4"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [28, "4de73617a098f4609a06ec0c77317d64ac361e831390c275d4fb65f2c1cd0649"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [33, "da55e41175f29ad2ef7a82451594d80a55f0976a416aa92204949430a2bcd2bb"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [24, "6a51ab44baf159b7dfd06897c2ee9b109047d648527883b400939723fb51b34e"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [16, "6cdc2695d51e4a71a47b738a2e5da370b69928365f901afa139b0d6e09a4a611"],
 [0]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [20, "da3d05b85e36da5c00d2684f8b6c11a151ef805269628a5e288f11367c85b770"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 2
}, {
 "direct": true,
 "hash": {
 "url": [
 [34, "2f65f195f63f3e53bacca32a2ce6807ff0b201845fc435ceea3717cef9784858"]
 ]
 },
 "sc": 0
}, {
 "direct": true,
 "hash": {
 "url": [
 [34, "068af4337f674b90b82cba9b9201749f819a3d0b13e7b807d12cc42cdcd52996"],
 [0]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [25, "16bba5056246699217e8e202a86955a264f1fa4afad31c9bbc2f7c1f7b1950cf"],
 [0]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [6, "2eaab02c6da2d10b1c74431c94246073901239f9cf5d468ce50e972fe10eedec"],
 [0]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [12, "6a6f36afaf2268aee5bb31ca04125b2bc763f08d7ba8711e4bdff70867910553"],
 [0]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [7, "0a6fe22ff241ea94df392b8156568f20391723837ab230318fb077b2375c7cde"],
 [0]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [39, "66a712273426ba40b7b7e106bbbdcaf4b72564e351b3f3f48ce7c20678e648c6"]
 ]
 },
 "sc": 2
}, {
 "direct": false,
 "hash": {
 "url": [
 [32, "a718d72aef8ad2227b48fcb0e41aad227e7df749b181778c1fde42940b43c99a"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [33, "c59e07a5fbde05ed1a56fbcacbd729407e4d2ace0999f1fa7b6d67e1134f16c8"],
 [0]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [20, "7ee2c2d8d2139dde94960b7b10068490709d33396936b3025f4fb084024faacd"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [22, "5cb102dd91d9f0335ceec0d054f9a3534948269494795cf5343db79af0bf1937"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [24, "1e714788036e892cf617e1dd0f2329041329022855b9e740e98e97a6a6b11ef3"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [15, "69f1b962dac671b921437d0f1295291c18c2757d2b35bb4dc0bd417a83544c0d"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [27, "0730a01c9239a112d8f20d388d11f0adbb85ef5cad54ef274ac1f1dcddf592a0"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [18, "ba84717110aa9f1e08279a074c84eac1616a5b1586a723a0f047c6e24873e8a4"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [19, "7a8652ccd303235bf5daa855af51a26ea43ca141af05d29a69068d0a7ce1d308"],
 [0]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [17, "5cbc646b4c93ceb0ceacc82b4d919a0d55c9f4219a37181a857648876f4f8962"],
 [0]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [17, "2ab969e3bb4f21a9c0857a48d7d48959b7579b66d819f5bb5113e0a8daa73837"],
 [0]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [16, "f1fd0a0951825ee7a48ad64357f6b8842c7afa522f2607dbd24676f331be49de"],
 [0]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [21, "28418d5891c9e953da3d34b8196148ca2f5fe2ea8f9410d0158854fac8c259ea"],
 [0]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [16, "24706f423df420f1414ea4fa5b8075795c93ae8744c1274fb5c1a0b153d343f7"],
 [0]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [24, "3f5db3d1f1c2dcca55a962a138f4e89c39ec7d77698d71693029920826215d6f"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [48, "d8de67906050cd51ad3d8dd6e03e9e1a7b95c338282d65c8ea294ded63d2e1ad"],
 [0]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [13, "e8fe445cea211abe733b631f0ed07a4acf73692be6fdcbe8601433686c778d3f"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [17, "a9aff9dbfe5dac558e6cf7885b3cfd7cedb53791b20e5346c858a7ff59bee5ef"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [19, "6392865db408402c48f8a16956719f1fea3a765e4a00608acc7fa6ba4e4cda14"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": true,
 "hash": {
 "url": [
 [22, "5d8c1fbee8589adc33914e3d08be0567e2dc3188da065f889986e7efc4ea4062"],
 [0]
 ]
 },
 "sc": 0
}, {
 "direct": true,
 "hash": {
 "url": [
 [18, "9b307d54955bd62e21d6ffdf7078d226c9d3ed7a4a8338c3ac25ec1859deaf25"],
 [0]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [29, "46d18cdcbd926bcdaf11e4bb2173d996bbd0e556a3e123c202447e8e4b01eb9c"],
 [0]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "host": [
 [0],
 [11, "c323094109b3dde96a8b67aa1ebd11c183a3929160a042677a2c6a60e4de1538"]
 ],
 "query": [
 [1, "8a5edab282632443219e051e4ade2d1d5bbc671c781051bf1437897cbdfea0f1"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [27, "07e55167364c91f40142adda36fb3282bd6446f819d5973aa8a7a7c3fa339655"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [30, "8a1a87606ecd96cdeead029c379a6297d0546b1efcf63019d1145db57f8ab754"],
 [0]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [28, "d8f4ce3f051558a4439835f37030ab06002c32a864d531febf09fe3255e90236"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [23, "93d939d480026892d9c8d3049d5d8954784dbc8258907e44653caabb8a9a9494"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [32, "05854e7dfdb0d0f28e13323213aeff271e91109083a6a76a42b51d9ccd18e741"],
 [0]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [17, "b6481263a60e1563a9e2466d54a7ef33fd2ce1179ff224019bf7550c57967a9a"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [21, "63fdd9a9d5ce7c44c7b21c0d6a1237f8f0c97260e55746dcd8f6ef5a4a50af91"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [28, "f8aba15bc5e864b1e557f1ef93414583458d39200f9bda36168fe7383eb9ee58"],
 [0]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [28, "2fb79d03565dc4b4b295f195c51388515f44ce577e7779b2b1cb6197ff5f5b3c"],
 [0]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [17, "2e50b70712b5bbfc38324d5312943c67d53997803aa407e4e8e72b124767b0ad"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": true,
 "hash": {
 "url": [
 [19, "40d5f76b780574f1477b7c9e22ec16630c27f06b2b3cbdeb838f85db9ad35790"],
 [0]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "host": [
 [0],
 [15, "70cce251eeaa07eafa39aa035f7d94475c6a336209873acc9fb4180f0d5d4fa5"]
 ],
 "query": [
 [8, "d0beddcba48b2cdda553b03c812e27bcfa6d2aaa0d6aa7cb59715b0abd7fae13"],
 [0]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [11, "c509965f343c674675f345d1db0312149080f5d025d2fcf6e1fe13d504723427"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [18, "a8dd9f1252e46a5771e131c437b79659ace18757bd3a8027a2f5b0dc0d5eabff"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [22, "87faaa158280444d037fae86bc1171429c2ea40986a484b2769a0a90a37a5a2a"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 2
}, {
 "direct": false,
 "hash": {
 "host": [
 [3, "db9831b53a8574d33f3d7ce6820598c67224687dbe57cbbc10b6070e5aa57744"],
 [18, "ffc4f10fa9a96a12ed23fe43e7618e984aac46dee8474f3f8443b252fa08f3ae"]
 ],
 "query": [
 [1, "8a5edab282632443219e051e4ade2d1d5bbc671c781051bf1437897cbdfea0f1"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 2
}, {
 "direct": false,
 "hash": {
 "url": [
 [20, "0c9efdccc14c3d6617b9941985a3a498e4577e0343e38bbda7c2fb364dc54b45"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [12, "59ea2297c48ef6c923b4ca8a8f601d0e06baa1b11c7be1cc139945f05a081cca"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [29, "1d5b888f0582e1221111e49b8c0c4ce405235f26be1c73d90ca4a56664069338"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [42, "d91d4822c7a1d78ffd55bbeba1f80c85b317f1628618138c06d09be65c2a1dda"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [20, "bf9d95f31c6dd46a0d8e48c07f04c1a2f8567b34f82c7a500f8b25798c8b9161"]
 ]
 },
 "sc": 2
}, {
 "direct": false,
 "hash": {
 "url": [
 [22, "3a4bb360cf6dc2998f0156bae6af9e3b4316e69f67e5ab9472dfc0d6b7cf0517"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [19, "84210dcb2a72a50dcec85d433904c20f93b7c0f406a7fc2dc0bf18eead6f37e1"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [21, "308318146fb2df522dea622450a9a3d9db6f4071e9d6e8c5f9626591e80dc859"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [23, "70c2ad9405d9a541e96ad8e0fe090388d6fbdced541e5a60d140e840ed0495df"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [42, "800290b8febd876a5720c5eda59879dcab36cf763bc8a925fbcffca69a7ffb63"]
 ]
 },
 "sc": 2
}, {
 "direct": false,
 "hash": {
 "url": [
 [20, "7e2979b6da973a47db083d02d42d13ff4325ea25b7aa73bbe940cd147bcb215b"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": true,
 "hash": {
 "url": [
 [39, "0ed60029e32cfbb08d3701acbeb82d5b6a83aa2f2466ba607ec49b5ed28e5eed"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [34, "4582ac7ade5230bb99743495f238b70a897f7c5aee68f38e63782f9889396425"],
 [0]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [23, "39081ae925fe1e452cdd54ec74b0a5dcd51d1c2458ff1885e0f13c239c18bbe4"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [13, "0666fd6cbd4af11cdf72aa9131a49d8e70456f73a86ab758648703bc1e6ebd59"],
 [0]
 ]
 },
 "sc": 2
}, {
 "direct": false,
 "hash": {
 "url": [
 [43, "ca722ff8edbbc0a13e840d505dd436dac6ec5cd2330073b6b6124258fb0d5f54"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [45, "024587940dc269ca51329c7f19aadf5954bb2ba00754203b9d98d2281a5dd2c1"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [39, "d5782e7c0f0ed1ba7463a853a81edc9bbac32044fad978f8556bcc57ebceac7e"]
 ]
 },
 "sc": 0
}, {
 "direct": true,
 "hash": {
 "url": [
 [29, "ac014017d245a73e9e6d45a6b41e757acf0424fcbb85684d752d927c5d20ef40"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [31, "8ec75af564cf5f49e429d7816c7713fe00b2fc3dc24b1b1455aa75ac0c447b3a"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [27, "eaeed874a4ae30c4bb37596b5cdc3639c9e08be83fedbbc85f353c7945c2ad8e"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [33, "9635f3c8debbf10e593bc947e73c998dfa7f26cde0be5cf59f9f66a95cf67bba"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [24, "9110da1f80be35f588efddea288804be52d347341fcd19ba3da1d4592dd2c40d"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [23, "c9ceeada3d54916a7fe216fad0f9b017c9876098c16301ea3387b47152320ce8"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [7, "74b3efd95853dcf4e793add5abddf5434b172646063535783522c9208928263d"],
 [19, "f5ef8ad912a8f643735a69cf45bf603e51f6af9cc60327ba1b2c808d2088d72f"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "host": [
 [0],
 [11, "97e980a2d03855deff40690b36264e95ef76bba58dcd29737ecdd43081dd2131"]
 ],
 "query": [
 [20, "b3b035817c027ee98f94a59696cee2cddc94bd6e4ed7c95e040531349b3b992f"],
 [0]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [32, "fbc13b4a05282c9f194c1e9ca0dc7e4a6e51de838849fcdf5f35601d9e8ecf38"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [42, "16e5903adff323829bd0635e950f5f4b85d4f1a8070c832c35909f9bf6af3bd9"],
 [0]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [37, "4fc7023f7dd0aab3b2d2892af568a8c3376760efc059c40530aa0032ae7442f7"],
 [0]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [13, "f892007e07fe563bc8822ca8af66c5389b9e8f31994adb1f5e42ffd7b9899d92"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [12, "327fac694a6f957b74d2d4bc85a43651f5500fd8e055cf6f03bf83da4bfe5418"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": true,
 "hash": {
 "url": [
 [19, "0beed07dc3da6aead4fce6f8cb232927d1b20eb4f7f06d1e66b856a5ba3187ef"],
 [0]
 ]
 },
 "sc": 1
}, {
 "direct": false,
 "hash": {
 "url": [
 [32, "856830e365ae3fc8ea6577d8b2d5c1e6155d37fc5a6473baa43029a2e2d2eeae"],
 [0]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [16, "027b77b373d4e927f295d33bf50bb238b007bfd91797fcd551e79a2497c5f7c8"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [31, "6366053930ce7512c068a344739e50297fba40ebd91213db61ee9562701888ba"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [38, "be7c7577e6f1fe9567cedee61118301b1eb4c6a1f476e479adce5a5f34e84a2f"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [35, "6f9994a2e46bd6bed3e739d9d449988303040dd087d9218e5a4b8aa01b342138"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [30, "87470ff28761412da08b3a72cd832411cb8fb8c5c0136f8b96d4949af6bb004d"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [17, "bc77a5508813ed54429d9747ff6af75fc28d140c198c1ee7dfa13fa1ebac09e8"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [11, "a6d0d26d88424e5d1e2a08e3507bfb299b308d1785eb2fdb162d97f18589cea8"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 1
}, {
 "direct": false,
 "hash": {
 "url": [
 [18, "c05c356d809c3f2d1cdd1b6ff9d16fc1024f5c3925bf61abf50e8e1d0f6b8069"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [21, "50ade07afbe7ca8e094128839dd2191c0c48018d7ff754e3c8b88da614768f13"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [20, "e3e88c17ba9ab684b2be9fa3c950ad9d526a0d2478ed661b37b79c581f158190"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [21, "6cdfbcd0d976405a599053ca4b5ef7cd203f180a9c7eb923351cb4f591d3d599"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [21, "5a50d849d24dae791f2476110627d51bbaf9360731286b25ec82fb1629aa160e"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": true,
 "hash": {
 "url": [
 [28, "7a1861c931ce0c8bc0fbe4886af66dbca1afca61f8a08b8b34d0b1e7585dadaf"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [22, "2abdb07ed909f1a257a367c0211061ecb3027a9943af06a93a28f12c92aa94ed"],
 [0]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [24, "643af5bb7cf4810537061f5ea81febbde5f4d60cebd7768b41b8c0351a9b6af2"],
 [0]
 ]
 },
 "sc": 1
}, {
 "direct": false,
 "hash": {
 "url": [
 [22, "0136db59a7df0d5528f4d29e6ab201bedc2cf04c2d7a9f10b3d58909f36421df"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [16, "027b77b373d4e927f295d33bf50bb238b007bfd91797fcd551e79a2497c5f7c8"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 1
}, {
 "direct": false,
 "hash": {
 "url": [
 [27, "650e28997cd30194bb5537ade4a74b646b3abb06fee9cb9d4cf4af28288354e1"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [26, "0793f244ecd3c34901023abec5514fbbf5704e6eba76f95461d8d161f4700aa3"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [25, "2c374ab4efaf85e151d9f5fcd845737356047bd9a37ceb55c77ccf4c3b89e480"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [29, "d62fad593a5bdf2d4b0bd3cee4f9589b651b207908d1336d7a69d4b9aa6c53a3"]
 ]
 },
 "sc": 1
}, {
 "direct": false,
 "hash": {
 "url": [
 [20, "93b81a4fc17695411a51e7d230b9ce2d4ef13325f0983cb81c1db2d0ad8b8238"],
 [0]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [55, "4ced13140e0abf5507c97c64a492c5bf6b0200ccd476713e8fc3417598961f69"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [28, "9a5727d91d00f39ddd5e8063c91928713dc0eb02dec2bb743e8e668e2ef5fccc"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [13, "44d9c55341ba05c18ffc28b8551b18a4adb41d16eb920af0b073930d3621ac38"],
 [0]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [41, "b80aee1049701e1b72f36bd8f338e35801141ce06e12e56f30dc634210401163"],
 [0]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [26, "e7332164ede2a16873960d0e75ce5c840fe0c8260f66a0855823422b6d5ac116"],
 [0]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [15, "691d96c4a9d1bfd8e706f06ecc170dc31c10e9d4309da9b9cf4b9b496a965d62"],
 [0]
 ]
 },
 "sc": 2
}, {
 "direct": false,
 "hash": {
 "url": [
 [38, "81fc6084792fb6000dabfe08765fe52d5e33905ae613e7660e0e136052cca206"],
 [0]
 ]
 },
 "sc": 2
}, {
 "direct": false,
 "hash": {
 "url": [
 [16, "c3387b7ffe31907c8886fa12ead40ec5d785f2d8853f7938c23155a1232f80c8"],
 [3, "c084fba7baf6b259d2eaf35dc39bdcc0e37737560a022eb6ced4018424c2a3d8"]
 ]
 },
 "sc": 1
}, {
 "direct": false,
 "hash": {
 "url": [
 [17, "93677c56483c36ee9e8f17e311cdb9161513105fa0cd92ad3df0bf1f43f8aa82"],
 [0]
 ]
 },
 "sc": 0
}, {
 "direct": false,
 "hash": {
 "url": [
 [16, "c3387b7ffe31907c8886fa12ead40ec5d785f2d8853f7938c23155a1232f80c8"]
 ]
 },
 "sc": 1
}, {
 "direct": false,
 "hash": {
 "url": [
 [20, "1380de9cabcaab06d9fa57b0da79b456fa050194e95978b41974b8d33e5c670d"]
 ]
 },
 "sc": 1
}];

function checkPattern(hash, string) {
 if ((hash.length == 1) && (string.length == hash[0][0])) {
 return (CryptoJS.SHA256(string) == hash[0][1])
 } else {
 var left = false;
 if (hash[0][0] > 0) {
 if (CryptoJS.SHA256(string.substring(0, hash[0][0])) == hash[0][1]) {
 left = true;
 }
 } else {
 left = true;
 }
 if (left) {
 var right = false;
 if (hash[1][0] > 0) {
 if (CryptoJS.SHA256(string.substring(string.length - hash[1][0])) == hash[1][1]) {
 right = true;
 }
 } else {
 right = true;
 }
 return (left && right)
 }
 }
 return false
}

function checkHash(hash, url, host) {
 if (hash.url) {
 return checkPattern(hash.url, url.replace(/^https?:\/\//, ''))
 } else if (hash.host && hash.query) {
 var query = '/' + url.replace(/.*?\/\/.*?\//, '')
 return checkPattern(hash.query, query) && checkPattern(hash.host, host)
 }
 return false
}
var proxy = 'PROXY 50.7.182.141:51598; DIRECT';

var have_https = true;

function FindProxyForURL(url, host) {
 if (url == 'https://stoppblock.net/') {
 return proxy;
 }
 var https = url.indexOf('https://') == 0;
 if ((url.indexOf('http://') !== 0) && (!https || !have_https)) {
 return 'DIRECT';
 }

 if (isPlainHostName(host) ||
 shExpMatch(host, "*.local") ||
 isInNet(dnsResolve(host), "0.0.0.0", "255.0.0.0") ||
 isInNet(dnsResolve(host), "10.0.0.0", "255.0.0.0") ||
 isInNet(dnsResolve(host), "172.16.0.0", "255.240.0.0") ||
 isInNet(dnsResolve(host), "192.168.0.0", "255.255.0.0") ||
 isInNet(dnsResolve(host), "169.254.0.0", "255.255.0.0") ||
 isInNet(dnsResolve(host), "192.0.2.0", "255.255.255.0") ||
 isInNet(dnsResolve(host), "224.0.0.0", "240.0.0.0") ||
 isInNet(dnsResolve(host), "240.0.0.0", "240.0.0.0") ||
 isInNet(dnsResolve(host), "127.0.0.0", "255.255.255.0"))
 return "DIRECT";

 for (var i = 0; i < hashes.length; i++) {
 var hash = hashes[i];
 if ((hash.sc == 2) || ((hash.sc == 1) && (https)) || ((hash.sc == 0) && (!https))) {
 if (checkHash(hash.hash, url, host)) {
 if (hash.direct) {
 return 'DIRECT'
 }
 return proxy
 }
 }

 }
 return 'DIRECT'
}
Advertisements
This entry was posted in Uncategorized. Bookmark the permalink.

One Response to stoppblock.net proxy PAC malware and “50.7.182.141”

  1. Pingback: “104.197.191.4” and “107.178.246.193” Google-Analytics DNS Intercept / Malware. | thecomputerperson

Comment on this topic

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w
Cancel

Connecting to %s