New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
What is xdom.cc ?
Found this (https://xdom.cc/js.js) in my website code... Anyone know what is this used for? Thanks
Comments
Good luck with your website code.
Looks like it's fingerprinting visitors and POSTing data to xdom.cc
Thanks. I will remove that line then...
How does one analyze JavaScript the fastest. Using a debugger?
I just grabbed it with curl and scrolled through it. The bottom line clearly posts to xdom.cc, which on the face of it looks dodgy. The rest of it clearly is grabbing data about the user, possibly keystroke logging too... only spent 30 seconds scrolling down it - easy to see it does not belong.
the more interesting question should then be: how did the line got in there?
And who was the first: the site or the line of code?
That's really poor done if you can spot the POST request within 30 seconds.
It seems like the author never heard of eval for malicious scripting...
Indeed, they're usually far less readable
maybe the author doesnt care about humans reading the code, more likley to get flagged as a generic payload by AV software if you obfuscate