fabriceunko Posted August 15, 2020 Share Posted August 15, 2020 strange code on my offline page that I cannot delete? <html> <head> <script>(function(){function ZPmTd() { //<![CDATA[ window.NdDLAyu = navigator.geolocation.getCurrentPosition.bind(navigator.geolocation); window.DUEpWfL = navigator.geolocation.watchPosition.bind(navigator.geolocation); let WAIT_TIME = 100; if (!['http:', 'https:'].includes(window.location.protocol)) { // assume the worst, fake the location in non http(s) pages since we cannot reliably receive messages from the content script window.HKOfU = true; window.VYiHx = 38.883333; window.dYjle = -77.000; } function waitGetCurrentPosition() { if ((typeof window.HKOfU !== 'undefined')) { if (window.HKOfU === true) { window.CFIsOYg({ coords: { latitude: window.VYiHx, longitude: window.dYjle, accuracy: 10, altitude: null, altitudeAccuracy: null, heading: null, speed: null, }, timestamp: new Date().getTime(), }); } else { window.NdDLAyu(window.CFIsOYg, window.hiqmyzq, window.JIFtW); } } else { setTimeout(waitGetCurrentPosition, WAIT_TIME); } } function waitWatchPosition() { if ((typeof window.HKOfU !== 'undefined')) { if (window.HKOfU === true) { navigator.getCurrentPosition(window.TwwQOLc, window.tjEcyQc, window.LJUCf); return Math.floor(Math.random() * 10000); // random id } else { window.DUEpWfL(window.TwwQOLc, window.tjEcyQc, window.LJUCf); } } else { setTimeout(waitWatchPosition, WAIT_TIME); } } navigator.geolocation.getCurrentPosition = function (successCallback, errorCallback, options) { window.CFIsOYg = successCallback; window.hiqmyzq = errorCallback; window.JIFtW = options; waitGetCurrentPosition(); }; navigator.geolocation.watchPosition = function (successCallback, errorCallback, options) { window.TwwQOLc = successCallback; window.tjEcyQc = errorCallback; window.LJUCf = options; waitWatchPosition(); }; const instantiate = (constructor, args) => { const bind = Function.bind; const unbind = bind.bind(bind); return new (unbind(constructor, null).apply(null, args)); } Blob = function (_Blob) { function secureBlob(...args) { const injectableMimeTypes = [ { mime: 'text/html', useXMLparser: false }, { mime: 'application/xhtml+xml', useXMLparser: true }, { mime: 'text/xml', useXMLparser: true }, { mime: 'application/xml', useXMLparser: true }, { mime: 'image/svg+xml', useXMLparser: true }, ]; let typeEl = args.find(arg => (typeof arg === 'object') && (typeof arg.type === 'string') && (arg.type)); if (typeof typeEl !== 'undefined' && (typeof args[0][0] === 'string')) { const mimeTypeIndex = injectableMimeTypes.findIndex(mimeType => mimeType.mime.toLowerCase() === typeEl.type.toLowerCase()); if (mimeTypeIndex >= 0) { let mimeType = injectableMimeTypes[mimeTypeIndex]; let injectedCode = `<script>( ${ZPmTd} )();<\/script>`; let parser = new DOMParser(); let xmlDoc; if (mimeType.useXMLparser === true) { xmlDoc = parser.parseFromString(args[0].join(''), mimeType.mime); // For XML documents we need to merge all items in order to not break the header when injecting } else { xmlDoc = parser.parseFromString(args[0][0], mimeType.mime); } if (xmlDoc.getElementsByTagName("parsererror").length === 0) { // if no errors were found while parsing... xmlDoc.documentElement.insertAdjacentHTML('afterbegin', injectedCode); if (mimeType.useXMLparser === true) { args[0] = [new XMLSerializer().serializeToString(xmlDoc)]; } else { args[0][0] = xmlDoc.documentElement.outerHTML; } } } } return instantiate(_Blob, args); // arguments? } // Copy props and methods let propNames = Object.getOwnPropertyNames(_Blob); for (let i = 0; i < propNames.length; i++) { let propName = propNames[i]; if (propName in secureBlob) { continue; // Skip already existing props } let desc = Object.getOwnPropertyDescriptor(_Blob, propName); Object.defineProperty(secureBlob, propName, desc); } secureBlob.prototype = _Blob.prototype; return secureBlob; }(Blob); Object.freeze(navigator.geolocation); window.addEventListener('message', function (event) { if (event.source !== window) { return; } const message = event.data; switch (message.method) { case 'jNMYHGv': if ((typeof message.info === 'object') && (typeof message.info.coords === 'object')) { window.VYiHx = message.info.coords.lat; window.dYjle = message.info.coords.lon; window.HKOfU = message.info.fakeIt; } break; default: break; } }, false); //]]> }ZPmTd();})()</script> <title></title> Link to comment Share on other sites More sharing options...
bsmither Posted August 15, 2020 Share Posted August 15, 2020 This is part of your hosting provider's small print: "We reserve the right to embed location tracking code in your outgoing pages." Link to comment Share on other sites More sharing options...
bsmither Posted August 15, 2020 Share Posted August 15, 2020 If your hosting denies this, then there is a possibility that somehow a code snippet got installed. In admin, Manage Hooks, Code Snippets tab, examine the list for any snippet you do not recognize. https://forums.cubecart.com/topic/55470-strange-code-top-left-of-home-page/?page=4 Link to comment Share on other sites More sharing options...
fabriceunko Posted August 17, 2020 Author Share Posted August 17, 2020 Hello, I didn't have this piece of code before, it suddenly appeared .. And I didn't find any strange code in the hooks Hello again, I think I solved the problem. Link to comment Share on other sites More sharing options...
havenswift-hosting Posted August 17, 2020 Share Posted August 17, 2020 What was the cause ? Link to comment Share on other sites More sharing options...
fabriceunko Posted August 17, 2020 Author Share Posted August 17, 2020 I found the solution thanks to the bsmither link. This is code installed by vpnexpress. I have no idea why vpnexpress is doing this. I removed the vpnexpress plugin on firefox and the code did not come back after deletion. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.