I am sharing so that other would be able to learn from it and make a backup of whole code, you definitely gonna need this.
Here we go:
Recently, one of my friends (Sriram Sridharan) gave me a link to decode some content in the source code.
At first, it appeared, he sent me a malicious link as it was redirecting me to some site containing censored video.
Just stop it before redirecting, and see the source code. You will get encrypted JS.
So, what’s the actual aim of this redirection. The guys wants me to install plugin. So i did.
I downloaded the plugin and analyzed it. After review it’s source code, i got another set of obfuscated JS.
After decoding, i got some external links:
one of them is http://grtval.net/
finally, i got this link:
Open this link and you will get onfuscated JS. Decode it.
partly decoded,,only facebook requests made by hijacker.