hxxp://ebaumsworld.on.nimp.org/Shatner/

[Drusepth]

I found this being linked to on 4chan.
If I remember correctly, their official myspace phisher they're using for operation myspays is located somewhere on this domain.  (http://www.news.com.au/heraldsun/story/0,21985,22687438-662,00.html)

This looked to me like it was just trying loads of exploits.  Luckily I didn't have my sound on or the right things installed to view the images when I first went, because in the source code it says:

Code: [Select]

<!-- This object plays the "hey everybody, I'm watching gay porno!" sound -->
  <object classid= "clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" width="1" height="1" id="hey">

Also to note, there's different javascript being generated by the php depending on what User Agent you use.

[JohnC]

That code is used for macromedia flash player. Below it you will see the flash file (.swf) which it uses to play.

I think it was created as an annoyance and used to post on forums, IRC, messengers etc to troll people. But it is detected as Exploit MS05-013, so as it tries to use an exploit it can go in the domain list

It is interesting to note that as long as "on.nimp.org" is left the same, you can use any subdomain and directory that you like. For example mdl.on.nimp.org/Drusepth/ is valid.

This will be added soon, thank you.