I had a hacked script affect one of my sites yesterday, thankfully I was able to find the source and kill the script within only a few hours of it going live.
The hack script loaded a bunch of URLs for traffic brokers / ad services. Obviously, the hacker has accounts with all these places and is making income from them, however, NONE of those ads were being displayed (they only cycled thru them, loading the URL & banner in rapid succession)...which got me thinking that these ad services are being manipulated, since obviously all these banners / links are never really get displayed.
Here's the list of sites, with this guy's affiliate code. If ANY of these traffic brokers / ad services visit here, please let me know who this fucker is and please BAN his ass!!!
Code:
http://17467.filter.danarimedia.com/iframe?js=1
http://17467.filter.danarimedia.com/iframe?p=1018&c=17467&sc=
http://17467.filter.danarimedia.com/ncp/checkBrowser?key=vagr%20com&ip=72.66.115.14&n_d=2007113581&ua=Mozilla%2F4.0%20%28compatible%3B%20MSIE%208.0%3B%20Windows%20NT%206.1%3B%20Trident%2F4.0%3B%20SLCC2%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.5.30729%3B%20.NET%20CLR%203.0.30729%3B%20Media%20Center%20PC%206.0%3B%20.NET4.0C%3B%20PTST%202.321%29
http://18305.filter.danarimedia.com/partner.html?aHR0cDovL3NlYXJjaC1mYXN0ZXIuY29tL3NlYXJjaDIucGhw
http://1982.redirclick.com/result/?affiliate=1982&subid=114206_1_code&subsid=0&terms=free%20photography&clickid=YjY3MTlkZjc1OWI5M2JkY2EzMWMwYTcyOTcwY2MwYzQ6c1RPNlI0ZDoxNTMyNi41NjU2NjIxOjE1MzI5LjQ4MzE2MTM=
http://22520.22567.filter.hubnetmedia.com/iframe?js=1
http://22520.22567.filter.hubnetmedia.com/iframe?p=4780&c=22567&sc=181
http://22520.22567.filter.hubnetmedia.com/ncp/aj.xml?1336956511425
http://22520.22567.filter.hubnetmedia.com/ncp/checkBrowser?key=online%20date%20site&ip=72.66.115.14&n_d=2007113728&ua=Mozilla%2F4.0%20%28compatible%3B%20MSIE%208.0%3B%20Windows%20NT%206.1%3B%20Trident%2F4.0%3B%20SLCC2%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.5.30729%3B%20.NET%20CLR%203.0.30729%3B%20Media%20Center%20PC%206.0%3B%20.NET4.0C%3B%20PTST%202.321%29
http://23245.filter.a5search.com/iframe?js=1
http://23245.filter.a5search.com/iframe?p=10057&c=23245&sc=
http://23245.filter.a5search.com/ncp/checkBrowser?key=read%20to%20paid&ip=72.66.115.14&n_d=3004737382&ua=Mozilla%2F4.0%20%28compatible%3B%20MSIE%208.0%3B%20Windows%20NT%206.1%3B%20Trident%2F4.0%3B%20SLCC2%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.5.30729%3B%20.NET%20CLR%203.0.30729%3B%20Media%20Center%20PC%206.0%3B%20.NET4.0C%3B%20PTST%202.321%29
http://24279.553.filter.upperseeker.com/partner.html?aHR0cDovL3VwcGVyYWR2ZXJ0aXNpbmcuY29tL2ZpbmQucGhw
http://31680.30906.filter.inforoar.com/iframe?js=1
http://31680.30906.filter.inforoar.com/iframe?p=10358&c=30906&sc=code
http://31680.30906.filter.inforoar.com/ncp/aj.xml?1336956510335
http://31680.30906.filter.inforoar.com/ncp/checkBrowser?key=bowling%20balls&ip=72.66.115.14&n_d=3004737311&ua=Mozilla%2F4.0%20%28compatible%3B%20MSIE%208.0%3B%20Windows%20NT%206.1%3B%20Trident%2F4.0%3B%20SLCC2%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.5.30729%3B%20.NET%20CLR%203.0.30729%3B%20Media%20Center%20PC%206.0%3B%20.NET4.0C%3B%20PTST%202.321%29
http://32403.18305.filter.inforoar.com/iframe?js=1
http://32403.18305.filter.inforoar.com/iframe?p=1904&c=18305&sc=
http://32403.18305.filter.inforoar.com/ncp/aj.xml?1336956512255
http://32403.18305.filter.inforoar.com/ncp/checkBrowser?key=pasta&ip=72.66.115.14&n_d=3004737356&ua=Mozilla%2F4.0%20%28compatible%3B%20MSIE%208.0%3B%20Windows%20NT%206.1%3B%20Trident%2F4.0%3B%20SLCC2%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.5.30729%3B%20.NET%20CLR%203.0.30729%3B%20Media%20Center%20PC%206.0%3B%20.NET4.0C%3B%20PTST%202.321%29