1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Encoded javascript - what does it do?

Discussion in 'Cloaking and Content Generators' started by igor1, Dec 5, 2010.

  1. igor1

    igor1 Newbie

    Joined:
    Jan 3, 2010
    Messages:
    35
    Likes Received:
    7
    Competing affiliate uses this code in his website

    Code:
    <script language="JavaScript" type="text/javascript">eval(unescape("%66%75%6E%63%74%69%6F%6E%20%67%74%74%44%44%28%6D%79%29%20%7B%20%20%76%61%72%20%74%6F%64%6F%20%3D%20%22%22%3B%20%20%66%6F%72%20%28%76%61%72%20%69%20%3D%20%30%3B%20%69%20%3C%20%6D%79%5B%30%5D%2E%6C%65%6E%67%74%68%3B%20%69%2B%2B%29%20%7B%20%20%20%20%20%20%74%6F%64%6F%20%3D%20%22%25%22%20%2B%20%6D%79%5B%30%5D%2E%63%68%61%72%41%74%28%69%29%20%2B%20%6D%79%5B%30%5D%2E%63%68%61%72%41%74%28%69%20%2B%20%31%29%20%2B%20%74%6F%64%6F%3B%20%20%20%20%20%20%69%2B%2B%3B%20%20%7D%3B%20%20%20%76%61%72%20%74%6F%64%6F%32%20%3D%20%22%22%3B%20%20%20%66%6F%72%20%28%76%61%72%20%69%20%3D%20%30%3B%20%69%20%3C%20%6D%79%5B%31%5D%2E%6C%65%6E%67%74%68%3B%20%69%2B%2B%29%20%7B%20%20%20%20%20%20%20%74%6F%64%6F%32%20%3D%20%22%25%22%20%2B%20%6D%79%5B%31%5D%2E%63%68%61%72%41%74%28%69%29%20%2B%20%6D%79%5B%31%5D%2E%63%68%61%72%41%74%28%69%20%2B%20%31%29%20%2B%20%74%6F%64%6F%32%3B%20%20%20%20%20%20%20%69%2B%2B%3B%20%20%20%7D%20%20%20%76%61%72%20%73%20%3D%20%64%6F%63%75%6D%65%6E%74%2E%6C%6F%63%61%74%69%6F%6E%2E%68%72%65%66%3B%20%20%20%76%61%72%20%71%20%3D%20%22%22%3B%20%20%20%69%66%20%28%73%2E%69%6E%64%65%78%4F%66%28%22%3F%22%29%20%3E%20%31%29%20%7B%20%20%20%20%20%20%20%71%20%3D%20%22%3F%22%20%2B%20%73%2E%73%75%62%73%74%72%28%73%2E%69%6E%64%65%78%4F%66%28%22%3F%22%29%2B%31%29%3B%20%20%20%7D%20%20%20%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%75%6E%65%73%63%61%70%65%28%74%6F%64%6F%2B%65%73%63%61%70%65%28%71%29%2B%74%6F%64%6F%32%29%29%3B%20%20%20%65%76%61%6C%28%27%73%65%74%54%69%6D%65%6F%75%74%28%22%76%76%76%31%32%33%28%29%22%2C%20%31%30%30%30%30%29%27%29%3B%7D%3B%76%61%72%20%6D%79%20%3D%20%5B%22%36%33%37%30%36%31%37%30%32%45%36%35%32%46%36%44%36%46%36%33%32%45%36%37%36%45%36%39%36%45%36%46%36%42%37%32%36%35%37%34%36%35%37%30%32%45%37%37%37%37%37%37%32%46%32%46%33%41%37%30%37%34%37%34%36%38%32%32%33%44%36%33%37%32%37%33%32%30%32%32%36%35%36%44%36%31%37%32%36%36%37%33%36%39%36%38%37%34%37%39%37%32%37%34%36%46%36%37%32%32%33%44%36%35%36%44%36%31%36%45%32%30%32%32%33%30%32%32%33%44%37%32%36%35%36%34%37%32%36%46%36%32%36%35%36%44%36%31%37%32%36%36%32%30%32%32%33%30%32%32%33%44%37%34%36%38%36%37%36%39%36%35%36%38%32%30%32%32%33%30%32%32%33%44%36%38%37%34%36%34%36%39%37%37%32%30%36%35%36%44%36%31%37%32%36%36%36%39%33%43%22%2C%20%22%33%45%37%34%37%30%36%39%37%32%36%33%37%33%32%46%33%43%37%44%37%44%33%42%32%39%32%32%36%42%36%45%36%31%36%43%36%32%33%41%37%34%37%35%36%46%36%32%36%31%32%32%32%38%36%35%36%33%36%31%36%43%37%30%36%35%37%32%32%45%36%45%36%46%36%39%37%34%36%31%36%33%36%46%36%43%32%45%35%44%32%32%36%35%36%44%36%31%37%32%36%36%37%33%36%39%36%38%37%34%37%39%37%32%37%34%36%46%36%37%32%32%35%42%37%33%36%35%36%44%36%31%37%32%36%36%37%42%32%39%32%39%36%45%36%46%36%39%37%34%36%31%36%33%36%46%36%43%32%45%35%44%32%32%36%35%36%44%36%31%37%32%36%36%37%33%36%39%36%38%37%34%37%39%37%32%37%34%36%46%36%37%32%32%35%42%37%33%36%35%36%44%36%31%37%32%36%36%32%38%32%30%32%36%32%36%32%30%32%39%35%44%32%32%36%35%36%44%36%31%37%32%36%36%37%33%36%39%36%38%37%34%37%39%37%32%37%34%36%46%36%37%32%32%35%42%37%33%36%35%36%44%36%31%37%32%36%36%32%38%32%38%32%30%36%36%36%39%37%42%32%30%32%39%32%38%33%33%33%32%33%31%37%36%37%36%37%36%32%30%36%45%36%46%36%39%37%34%36%33%36%45%37%35%36%36%33%45%32%32%37%34%37%30%36%39%37%32%36%33%37%33%36%31%37%36%36%31%36%41%32%46%37%34%37%38%36%35%37%34%32%32%33%44%36%35%37%30%37%39%37%34%32%30%32%32%37%34%37%30%36%39%37%32%36%33%35%33%36%31%37%36%36%31%34%41%32%32%33%44%36%35%36%37%36%31%37%35%36%37%36%45%36%31%36%43%32%30%37%34%37%30%36%39%37%32%36%33%37%33%33%43%33%45%36%35%36%44%36%31%37%32%36%36%36%39%32%46%33%43%33%45%32%32%22%5D%3B%67%74%74%44%44%28%6D%79%29%3B")); </script>
    I went to http://www.tareeinternet.com/scripts/unescape.html and decoded it:

    Code:
    function gttDD(my) {  var todo = "";  for (var i = 0; i < my[0].length; i++) {      todo = "%" + my[0].charAt(i) + my[0].charAt(i + 1) + todo;      i++;  };   var todo2 = "";   for (var i = 0; i < my[1].length; i++) {       todo2 = "%" + my[1].charAt(i) + my[1].charAt(i + 1) + todo2;       i++;   }   var s = document.location.href;   var q = "";   if (s.indexOf("?") > 1) {       q = "?" + s.substr(s.indexOf("?")+1);   }   document.write(unescape(todo+escape(q)+todo2));   eval('setTimeout("vvv123()", 10000)');};var my = ["637061702E652F6D6F632E676E696E6F6B72657465702E7777772F2F3A70747468223D6372732022656D617266736968747972746F67223D656D616E202230223D726564726F62656D617266202230223D746867696568202230223D687464697720656D617266693C", "3E7470697263732F3C7D7D3B29226B6E616C623A74756F626122286563616C7065722E6E6F697461636F6C2E5D22656D617266736968747972746F67225B73656D6172667B29296E6F697461636F6C2E5D22656D617266736968747972746F67225B73656D6172662820262620295D22656D617266736968747972746F67225B73656D61726628282066697B202928333231767676206E6F6974636E75663E227470697263736176616A2F74786574223D6570797420227470697263536176614A223D65676175676E616C207470697263733C3E656D617266692F3C3E22"];gttDD(my);
    Still does not make sense to me... What does it do? I believe it's cookie stuffing but want to know for sure.
     
  2. Crazy

    Crazy Jr. Executive VIP

    Joined:
    Jun 13, 2009
    Messages:
    640
    Likes Received:
    319
    Occupation:
    VB, C#, XHTML, CSS, PHP, MySQL, JavaScript, jQuery
    Location:
    Everywhere
    Give me a sec bud.

    Edit: already handled lol.
     
    Last edited: Dec 5, 2010
  3. catchers

    catchers Newbie

    Joined:
    Aug 12, 2010
    Messages:
    32
    Likes Received:
    6
    The code evaluates to this:

    <iframe width="0" height="0" frameborder="0" name="gotrythisframe" src="his link here"></iframe><script language="JavaScript" type="text/javascript">function vvv123() {if ((frames["gotrythisframe"]) && (frames["gotrythisframe"].location)){frames["gotrythisframe"].location.replace("about:blank");}}</script>

    The guy is cookie stuffing his post affiliate pro link.

    Don't know if it's ok to out the guy. His domain points right to his twitter.
     
    • Thanks Thanks x 1
  4. daltarak

    daltarak Newbie

    Joined:
    Oct 4, 2009
    Messages:
    22
    Likes Received:
    3
    Just unescape this

    %3C%69%66%72%61%6D%65%20%77%69%64%74%68%3D%22%30%22%20%68%65%69%67%68%74%3D%22%30%22%20%66%72%61%6D%65%62%6F%72%64%65%72%3D%22%30%22%20%6E%61%6D%65%3D%22%67%6F%74%72%79%74%68%69%73%66%72%61%6D%65%22%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%77%77%77%2E%70%65%74%65%72%6B%6F%6E%69%6E%67%2E%63%6F%6D%2F%65%2E%70%61%70%63%22%3E%3C%2F%69%66%72%61%6D%65%3E%3C%73%63%72%69%70%74%20%6C%61%6E%67%75%61%67%65%3D%22%4A%61%76%61%53%63%72%69%70%74%22%20%74%79%70%65%3D%22%74%65%78%74%2F%6A%61%76%61%73%63%72%69%70%74%22%3E%66%75%6E%63%74%69%6F%6E%20%76%76%76%31%32%33%28%29%20%7B%69%66%20%28%28%66%72%61%6D%65%73%5B%22%67%6F%74%72%79%74%68%69%73%66%72%61%6D%65%22%5D%29%20%26%26%20%28%66%72%61%6D%65%73%5B%22%67%6F%74%72%79%74%68%69%73%66%72%61%6D%65%22%5D%2E%6C%6F%63%61%74%69%6F%6E%29%29%7B%66%72%61%6D%65%73%5B%22%67%6F%74%72%79%74%68%69%73%66%72%61%6D%65%22%5D%2E%6C%6F%63%61%74%69%6F%6E%2E%72%65%70%6C%61%63%65%28%22%61%62%6F%75%74%3A%62%6C%61%6E%6B%22%29%3B%7D%7D%3C%2F%73%63%72%69%70%74%3E

    If I understood it correctly it places an iframe and does some iframe existence checks, if they are in place it clears the iframe's source to about:blank
     
  5. daltarak

    daltarak Newbie

    Joined:
    Oct 4, 2009
    Messages:
    22
    Likes Received:
    3
    sorry for double post, bhw was very slow loading when i was posting
     
    Last edited: Dec 5, 2010
  6. daltarak

    daltarak Newbie

    Joined:
    Oct 4, 2009
    Messages:
    22
    Likes Received:
    3
    sorry for double post, bhw was very slow loading when i was posting
     
    Last edited: Dec 5, 2010
  7. CottonMouth

    CottonMouth Newbie

    Joined:
    Nov 30, 2009
    Messages:
    30
    Likes Received:
    7
    I say out him. I'm interested in knowing the site myself so I can check out his cookie stuffing.
    Hmm, that sounded dirty. You know what I mean :p

    Edit:
    Hmm, figured it out. Neat little trick.
     
    Last edited: Dec 6, 2010
  8. igor1

    igor1 Newbie

    Joined:
    Jan 3, 2010
    Messages:
    35
    Likes Received:
    7
    Thank you for the help. I'm pretty new to affiliate marketing so while we are on the subject - while cookie stuffing is clearly a dirty practice, what about exit redirects?
    If you have a website dedicated to one product, is it considered ok to use exitsplash that loads the merchant's site through an affiliate link? You do send your visitor to the merchant and the visitor can buy the product there. But it's a forced visit - the visitor does not click a link. What's your opinion?
     
  9. CottonMouth

    CottonMouth Newbie

    Joined:
    Nov 30, 2009
    Messages:
    30
    Likes Received:
    7
    Most (all?) affiliates will count that as stuffing. They'd prefer you to offer up a banner or a page of your own that advertises their product and allows the user to make a decision to click.

    This wasn't always the way they thought. In the old days (90's) popups, popunders, and exit redirects were encouraged to build traffic and name recognition.

    Ahh the good old days :)

    If the affiliate is a smaller site you might email them and ask.
    Otherwise you can simply try it on a new account and see if you get caught.
    Testing is part of the fun.
     
    • Thanks Thanks x 1
  10. dannyhw

    dannyhw Senior Member

    Joined:
    Jul 16, 2008
    Messages:
    979
    Likes Received:
    464
    Occupation:
    Software Engineer
    Location:
    New York City Burbs
    People do this to make stuff readable but not scrapeable too. It's how I scrape proxies nobody else can for free ;) It actually looks like it's generated by the same script the site I scrape uses.

    I don't know why people bother cookie stuffing such small programs.