Home > Technical & Creative Skills > Programming, Servers & Scripts

---

Where are the sneaky redirects? (27)

---

When I am cleaning up my ripped landing pages I replace the jquery and javascript, I review all of the code but what am I missing ? Sometimes I see obfuscated code and I do not use it. What other sneaky tricks are people using to get redirect?

---

Hey,

there are many ways to hide it:

• minified JS
• encoded JS
• hexcoded JS

Always replace JS libraries with your own or ideally with the one hosted on Google Hosted Library or CDNJS.
They are mostly hidden in these places.

Also make sure you try to click through CTAs several times, some scripts do not redirect immediately, but redirect only when you click on the CTA, so it's very difficult to spot it, especially if the redirect % is set to as low as 20-30%.

Also replace all images in CSS and other resources to local ones (do not link to someone else's server or CDN)

---

Changed the title for you to get more attention to this thread.

---

just 1 tip: js encoded into data:uris -> image/jpeg

---

Solid advice so far - It can be pretty easy to miss/tedious when your testing out a lot of landers. If i doubt about a bit of code - post snippets here and the community can let you know what's going on.

---

Thanks for this. At first I was confused... Then I found an example

---

OMG, JS can be encoded as data:uri as well? Hoopsie.

---

) well you can encode a web page if needed. the trick is in how you make the LP read it. when you base64 encode stuff, the world is your oyster ))

---

You can also hide JS in CSS files. (somewhat) easier to spot but a lot of people miss that.

---

Hi, I have a question about sneaky redirects. I've found a few in the javascript and I'm trying to change it to my own JS library, but it doesn't seem to work.

When I copy the page source I've found 2 JS libraries I want to replace (see screenshot 1).

The first one looks pretty straight forward. I've found it on the CDNJS as: https://code.jquery.com/jquery-1.12.1.min.js. I've replaced in in the code (see screenshot2). However when I upload this it seems to cause a problem for the script to get the device and brand (see screenshot 3). The only thing that I've changed is the js library. Any thoughts what I am doing wrong here?

The second JS library (http://avprevent.online/avpiwiktracking.js). I have no clue how to replace and I think it's a custom one, because I can't find it in any JS libraries. I know it's causing a redirect. So my question here is how do I replace this? And do I actually need it? And if so how do I know if I need it or not?

I'm completely new to this so it might be a bit of a stupid question, but I really appreciated some help

Thanks,
Bram

---

Replacing jQuery with the copy from the CDN should in no way affect the getURLParameter function, so just make sure that function is defined appropriately in the <head> . If it still doesn't work, you will need to give more details, or just try replacing that function with a different version (there are at least 3-4 I see regularly floating around).

Next, the second library appears to make a call to even a third, and almost for sure you don't need this one. jQuery is like this super popular thing that lots of developers use all over the world (for decent enough reasons), the second thing is likely just some random scripts another aff made.

How do you know if you need it?? Well, the easy way, is just comment it out/delete the line, and play around with the page in your browser. Does the page still load correctly? Do the links go where their supposed to? Etc. etc.

There's never a magic answer to the second question. Sometimes, a smart affiliate will set stuff up in their 'malicious' code that makes things break when you take it out. You should GENERALLY remove almost any "random" scripts from other affs, then remake/replace yourself. But this is easier said than done, and you dont want to have to go and replace every "date" or "timer" script you come across, for example.

You ultimately can have more discretion here if you learn javascript well enough to understand what's actually happening in foreign scripts.

---

Hi Chris,


Thank you for getting back to me.


I'd removed the Jqueries without any problems.


Get getURLparameter is still giving my problems, but I'll try ripping the page again. Removing all the scripts and replace them with my own.


I'll get started soon with learner Javascript (html and css as well for that matter), but for now I first just want to fix a few landers quickly so I can get my campaigns live.


Thanks again!

---

I have another question again. Finally I've been able to remove all sneaky redirects I want and set up the scripts properly, except one. The lander I ripped contains this script:

function tellme()
{
var e = window.event;
var posX = e.clientX;
var posY = e.clientY;
if( posX >10 && posY >10)
{
str = "aHR0cDovL2o2aGVrLnZvbHV1bXRyaw==";
str = atob(str)+'.com/click';
window.location.replace( str );
}
}

I'm not really sure what this script does (I can't find it online either), but after some testing I found it this generate the link at the CTA. So when I click on the CTA I'm redirected to the Voluum link of the person I ripped it from. Again I have no clue how it works, but when I remove it the CTA is not clickable anymore. How can I modify this script so it redirects to my tracking URL?

Thanks!

---

Hey, that's for the mouse events. Basically setting two variables being whatever the window.event.clientX and clientY coordinates are (coordinates relative to the window element).

Then a conditional querying whether they are above 10. I guess it checks whether there's mouse movement in the document (real user? real browser?) ... I don't know why they would use that conditional, never seen it ... but then again there's a lot of stuff I don't know.

Then the str part, you have a base64 encoded string aHR0cDovL2o2aGVrLnZvbHV1bXRyaw==, then you run the atob() method on the string, which decodes the base64 encoding. and append the Voluum click behind it. That part is just because having the tracking domain in clear text is too obvious, while deoding parts of it hides it a bit more. Opposite, you can also base64 encode a string with the btoa() method

So, basically ... you don't need it. Also more likely than not, you won't need jquery either if it's a simple lander. Probably the lander will work fine with no JS in 90% of the time, then you can season in some scripts you know work -- i.e. callout of brand/model/isp variables, backbutton funnels etc. I prefer to have these shortlisted and just clean out all the junk from ripped landers.

---

When you say 'replace JS libraries' does this also include replacing the large chunks of Javascript on the actual .html lander itself?



My guess is not.

I only really delete these big chunks of javascript if it doesn't change or break anything on the lander (just to be safe). But often they're crucial to the page so I just keep them. I hope that's okay.

---

Hello,

The JS libraries are external JS files which have been developped to provide JS with additional functions. They are usually either located in the HEADER section if they need to be loaded for the page to be render. Otherwise, they are at the bottom. Usually inside a <script> markup. The most common ones are JQuery, Angular.JS, Bootstrap, Vue.JS

See a more comprehensive list here:
https://en.wikipedia.org/wiki/List_o...ript_libraries

The large chunks of Javascript on the actual .html lander are usually not libraries, but just the code needed for the page. The code you mentioned does not contain anything suspicious. It is used to display the popup when the page is loaded, as well as an exit popup.

---

Alright great, that makes cleaning landers a whole lot faster

---

Hi all!

I've been ripping and cleaning up some landers from AdPlexity to test in new campaigns. I don't have a coding background but get by with the basics. However, all these sneaky cookies and redirects can easily get by me with my limited experience. Does anyone have suggestions/resources for outsourcing this clean up process?

As a newbie, Im trying to learn the most efficient work flow for ripping and testing all these landers. What does this flow look for others in my same boat with limited coding experience? Learn over time? Focus on strengths and outsource? Thanks in advance

---

Am also a newbie and so far have cleaned all landers by myself. In the beginning it was a lot of pain. But it actually is not that difficult if you know what you need to look for. There are good posts on that on STM.

What really helps is to have a code beautifier (meaning it formats the code that you can read it better). Also when using the developer tools in your browser you get an idea what different sections of the site code are doing.

You might wanna give landerlab a try.They focus on making it a bit easier for beginners. They also do webinars together with adplexity and explain things. Joined it twice and always learned a bit (it is beginner friendly).

---

@mattbucks, I am working on a tool that scans a lander and indicates what to clean. I hope to have it ready in 2/3 months. Will keep you posted.

---

@jeremie whoa, do you mean it looks for malicious code or redirection scripts? that'd be an awesome tool!

can't tell you how many times i've ripped a lander and it was obfuscated to the point that i just scrapped it because i couldn't be sure what i was using. couldn't remove the entire code because the functionality of the page depended on something that was in the obfuscated code.

on another note, do you have any tips on how to deobfuscate and read code? some jsunpackers work better than others.

I don't have a background in javascript but would be willing to bunker down some day to figure it out if i had a direction to go in.

---

Yes, that's the idea. Specs are ready. Beta should be ready end of August. I do have a few others tools to finish before.

---

Awesome!

Will you sell it as a service or just as another tool in your arsenal?

Sent from my SM-G9550 using Tapatalk

---

Awesome! If you will offer a free service, I will be in!

---

You can have a look at this post where I give the basics:
https://stmforum.com/forum/showthrea...l=1#post394994

I will offer it for free on STM while in beta so you guys will have several months to test it. Then it will move to paid, but if I manage to get all features working the way I want, it should be a no-brainer.

---

Freaking awesome . Can't wait.

---

Just spent 1 hour studying this:

In case someone wonders, I can now say that this post from 2016 is no longer true today.
Back then, one could use XBL for Firefox and HTC for IE to run Javascript from CSS. Both methods have been deprecated.

You can still hide a few things in CSS, but not JS. At least not JS that can be executed.

---

Home > Technical & Creative Skills > Programming, Servers & Scripts