0

I received a suspicious looking SMS today with a link.

I checked out the page source code and came across this script between the <head> tags:

<script async="" src="/cdn-cgi/challenge-platform/h/b/scripts/invisible.js"></script>

Followed by this Javascript before the closing </body> tag:

<script type="text/javascript">
    (function() {
        window['__CF$cv$params'] = {
            r:'6b649a602f2971b7',
            m:'J73FGS_fZq.IaeC1KCPgjERVLL8gDE2oAjzEbjiY4Ag-1638280837-0-Abpq0oycrBK8Bv0q/J6Pr+UoONCrzxJSv/KPQ04DY9bwLV+8//8EpFKT9X24Ufq1a3N9rKXCCNcOqmGO/YQxH/xhf8WV5+2a+fzyB44hWtVUaRKMMvTdyZY5Ekc/pKY6WQ==',
            s:[0xcd16bba2b7,0xa3485d56a8],
            u:'/cdn-cgi/challenge-platform/h/b'
        }
    })();
</script>

I've tried decoding the string ending with ==, but the decoder I used spat out gibberish.

What other methods can I used to decode this? I'm curious to understand what it's doing.

Improve this question
2
  • All it does is assign a new object to the window object. It doesn't "execute" anything per se. Commented Nov 30, 2021 at 14:21
  • Thanks @MechMK1. After further investigation, it looks like the above code is injected by Cloudflare with "Bot Fight Mode" enabled. Commented Nov 30, 2021 at 17:57

1 Answer 1

Reset to default
1

That script is added to the loading of your site as part of Cloudflare's Bot Fight Mode, found under the Firewall > Bots settings. I've noticed it can add considerable delay to page load time as reported in speed tests such as GT Metrix.

I am not aware of any way around it, except to disable that feature in Cloudflare, and potentially use another method of bot protection. Suitable alternatives will somewhat depend on what kind of bots you were trying to protect your site from.

Cloudflare Bot Fighter enabler

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.