Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Shells Virtual Desktop
BMail.ag - Secure Email Service
Server.net
CPLicense.net
VPS Server
Buy VPN
Vultr
VMs for AI
HostDare
HostDare
ReliableSite White-Label Dedicated Hosting for Resellers
25% Recurring Discount on NVMe VPS
InterServer VPS
BMail.ag - Secure Email Service
Best VPN
High-Performance Bare Metal Server Solutions
Karvl.com
Server Mania Cloud Hosting
DataWagon Hosting
AlphaVPS Hosting
Evoxt.com
Clouvider
VPS Hosting with NVMe
Residential IPs in the US & 4G Mobile Proxies in EU & US with Unlimited Bandwidth
ReliableSite White-Label Dedicated Hosting for Resellers
Rabisu - Hosting Solutions
CloudLinux
Shells Virtual Desktop
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

What is xdom.cc ?

Found this (https://xdom.cc/js.js) in my website code... Anyone know what is this used for? Thanks

Comments

  • Good luck with your website code.

    Thanked by 3uptime dahartigan imok
  • Looks like it's fingerprinting visitors and POSTing data to xdom.cc

    Thanked by 3uptime eol FAT32
  • @ricardo said:
    Looks like it's fingerprinting visitors and POSTing data to xdom.cc

    Thanks. I will remove that line then...

  • @ricardo said:
    Looks like it's fingerprinting visitors and POSTing data to xdom.cc

    How does one analyze JavaScript the fastest. Using a debugger?

  • Xei said: How does one analyze JavaScript the fastest. Using a debugger?

    I just grabbed it with curl and scrolled through it. The bottom line clearly posts to xdom.cc, which on the face of it looks dodgy. The rest of it clearly is grabbing data about the user, possibly keystroke logging too... only spent 30 seconds scrolling down it - easy to see it does not belong.

  • the more interesting question should then be: how did the line got in there?

  • @Falzo said:
    the more interesting question should then be: how did the line got in there?

    And who was the first: the site or the line of code?

  • Thanked by 1dahartigan
  • @ricardo said:

    Xei said: How does one analyze JavaScript the fastest. Using a debugger?

    I just grabbed it with curl and scrolled through it. The bottom line clearly posts to xdom.cc, which on the face of it looks dodgy. The rest of it clearly is grabbing data about the user, possibly keystroke logging too... only spent 30 seconds scrolling down it - easy to see it does not belong.

    That's really poor done if you can spot the POST request within 30 seconds.
    It seems like the author never heard of eval for malicious scripting...

  • Indeed, they're usually far less readable

  • Adam1Adam1 Member

    rsyncs said: It seems like the author never heard of eval for malicious scripting...

    maybe the author doesnt care about humans reading the code, more likley to get flagged as a generic payload by AV software if you obfuscate

    Thanked by 2rsyncs uptime
Sign In or Register to comment.