Answer the question
In order to leave comments, you need to log in
What can this javascript code embedded on the site do?
Good afternoon.
Colleagues found this script on the site. Looks like malware. Tell me what exactly does he do?
/**
* @param {Object} evt
* @return {?}
*/
var a1256157352 = function(evt) {
if (evt && (evt.data && (evt.data.a540125352 && evt.data.a1204587773))) {
if ("a939675136" == evt.data.a1204587773) {
if (!evt.data.a2918445836) {
return "a2918445836 required";
}
var match;
for (match in evt.data.a2918445836) {
if (evt.data.a2918445836[match]) {
a1869877677(match, evt.data.a2918445836[match]);
}
}
} else {
if ("a2878600925" == evt.data.a1204587773) {
if (!evt.data.a3029222531 || !evt.data.a39501098) {
return "a3029222531 and a39501098 required";
}
var statesData = {};
evt.data.a3029222531.forEach(function(storageKey) {
var unlock = storageKey;
var data = a470276301(storageKey);
if (null === data) {
data = void 0;
}
statesData[unlock] = data;
});
evt.source.postMessage({
a540125352 : 1,
a1204587773 : "a2878600925",
a39501098 : evt.data.a39501098,
a2918445836 : statesData
}, "*");
}
}
}
};
/**
* @param {string} name
* @param {string} tabId
* @return {undefined}
*/
var a1869877677 = function(name, tabId) {
if (localStorage) {
localStorage.setItem(name, tabId);
}
a2475012037(name, tabId);
};
/**
* @param {?} storageKey
* @return {?}
*/
var a470276301 = function(storageKey) {
var value = a1655291064(storageKey);
return value ? value : localStorage ? localStorage.getItem(storageKey) : void 0;
};
/**
* @param {string} key
* @return {?}
*/
var a1655291064 = function(key) {
/** @type {(Array.<string>|null)} */
var matches = document.cookie.match(new RegExp("(?:^|; )" + key.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, "\\$1") + "=([^;]*)"));
return matches ? decodeURIComponent(matches[1]) : void 0;
};
/**
* @param {string} keepData
* @param {string} key
* @param {Object} params
* @return {undefined}
*/
var a2475012037 = function(keepData, key, params) {
params = params || {};
var value = params.a2593941731 ? params.a2593941731 : "%COOKIELIFE%";
if ("number" == typeof value && value) {
/** @type {Date} */
var start = new Date;
start.setTime(start.getTime() + 1E3 * value);
/** @type {Date} */
value = params.a2593941731 = start;
}
if (value) {
if (value.toUTCString) {
params.a2593941731 = value.toUTCString();
}
}
/** @type {string} */
key = encodeURIComponent(key);
/** @type {string} */
var str = keepData + "=" + key;
var i;
for (i in params) {
str += "; " + i;
var param = params[i];
if (param !== true) {
str += "=" + param;
}
}
/** @type {string} */
document.cookie = str;
};
/**
* @return {undefined}
*/
window.onload = function() {
if (window.addEventListener) {
addEventListener("message", a1256157352, false);
} else {
attachEvent("onmessage", a1256157352);
}
window.parent.postMessage({
a540125352 : 1,
a1204587773 : "a4290278612"
}, "*");
};
Answer the question
In order to leave comments, you need to log in
Judging by the code (message processing, doctypes, obfuscation), this is the code of some kind of browser extension.
Look around other sites (this code should be on each) or go from another browser (this code should not be) to make sure.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question