sehrgut · January 3, 2016 21:56 · corwin-of-amber · Sep 7, 2018
diff --git a/curl-output.txt b/curl-output.txt
 HTTP/1.1 302 Found
 Date: Sun, 03 Jan 2016 19:58:45 GMT
 Server: Apache
 X-Powered-By: PHP/5.4.45-0+deb7u2
 Location: http://ww31.gvisit.com/record.php?sid=592101993e8b9913eb0462e5bd4d7501
 Content-Length: 0
 Connection: close
 Content-Type: text/html; charset=UTF-8

 HTTP/1.1 200 OK
 Date: Sun, 03 Jan 2016 19:58:45 GMT
 Server: Apache
 X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_Gzq771WhJU+b7w0c5Lws6JzVrVwB7ft1+YqfHuwEaoyWmYfzltRbJbJUQTnaj/qbPPUYRI8QQTXRbMWK39GUJA==
 Vary: Accept-Encoding,User-Agent
 Content-Length: 3234
 Content-Type: text/html; charset=UTF-8

 <!--
 	top.location="http://ww31.gvisit.com/?fp=%2BBJL7%2F4axwKg7d7aLlyxF0vECGt%2FlWKiPyysAOEmJJg1kWd%2BU4RyUfIKasvNeyLy5dAeet0P5EcCojXgLdE7Ow%3D%3D&prvtof=T0M6%2BAayVN8Ot5EQzfPF0S1DRTUEhu9j%2B0JTpMQ%2FsB%2FLksJ3g1xdCyhyTI8j%2B%2F0N&poru=AwzWORPE7CPE0lrCMmvjVu3FI0q%2F3OKRR38XeQsupGDnFdPDmOFjaztT45sZx%2FVeS9zvfMBscq%2BI8lLc9qnKThKsqMojZwudCae3anEhItMlQOgsMVzc%2BDWB%2F%2F9I7JQ4&cifr=1&sid=592101993e8b9913eb0462e5bd4d7501";
 	/*
 -->
 <html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_Gzq771WhJU+b7w0c5Lws6JzVrVwB7ft1+YqfHuwEaoyWmYfzltRbJbJUQTnaj/qbPPUYRI8QQTXRbMWK39GUJA=="><head>
 				  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
 				  <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7">
 				  <meta name="viewport" content="width=device-width"><script type="text/javascript">
 	<!--
 	dimensionUpdated = 0;
 	function applyFrameKiller()
 	{
 		if(window.top != self)
 		{
 			cHeight = 0;
 			if( typeof( window.innerHeight ) != 'undefined' ) {
 			//Non-IE
 			cHeight = window.innerHeight;
 			dimensionUpdated = 1;
 			} else if( document.documentElement && ( document.documentElement.clientWidth || document.documentElement.clientHeight )  ) {
 			//IE 6+ in 'standards compliant mode'
 			cHeight = document.documentElement.clientHeight;
 			dimensionUpdated = 1;
 			} else if( document.body && ( document.body.clientWidth || document.body.clientHeight ) ) {
 			//IE 4 compatible
 			cHeight = document.body.clientHeight;
 			dimensionUpdated = 1;
 			}
 			if( cHeight <= 250 && dimensionUpdated == 1)
 			{
 				window.top.location = "http://ww31.gvisit.com/?fp=%2BBJL7%2F4axwKg7d7aLlyxF0vECGt%2FlWKiPyysAOEmJJg1kWd%2BU4RyUfIKasvNeyLy5dAeet0P5EcCojXgLdE7Ow%3D%3D&prvtof=u5NXp3zVWTdYGMkV6iK%2B4MyyRiKQ6AKDxOhUgf5wJTptsVA9ori8WVATqWKXvLt0&poru=QDwxIevt5vHnM50HJeR1FHgomDuSUsv2YcjV%2BtQB25TFAx1unh7hMrc6PRVUA%2B%2BRXbdNuEJ%2B3dFd2IiRpIcEJ5T3wS6dVYDopSaRlsesTgievTVL4dt%2BcIV7%2BLrH%2BM55&cifr=1&sid=592101993e8b9913eb0462e5bd4d7501";
 			}
 		}
 	}

 	applyFrameKiller();
 	// -->
 </script><script type='text/javascript'>try{document.cookie = 'fjccheck=1';}catch(exception){}</script></head><frameset rows="100%,*" frameborder="no" border="0" framespacing="0">
 	<frame src="http://ww31.gvisit.com/?fp=%2BBJL7%2F4axwKg7d7aLlyxF0vECGt%2FlWKiPyysAOEmJJg1kWd%2BU4RyUfIKasvNeyLy5dAeet0P5EcCojXgLdE7Ow%3D%3D&prvtof=tLdsRL2VNtQbqYMv4TV6N%2FKAg3xaT2EfTL%2BG1exkntEXmI2qgvDCPlaqUGT5HqTp&poru=bCVQ8NcV%2BXuYYlP66iEKcJV2GZc3TYXTFkuzqadeHJrqLqehflgEhknX0sd4fKXIIyQfi45WiR4fZz16O8IhfkUS4XrIgX9KzniMaJBGXvDmbQgq1KIceO3pI4tfQHsT&sid=592101993e8b9913eb0462e5bd4d7501">
 </frameset>
 <noframes>
 	<body bgcolor="#ffffff" text="#000000">
 	<a href="http://ww31.gvisit.com/?fp=%2BBJL7%2F4axwKg7d7aLlyxF0vECGt%2FlWKiPyysAOEmJJg1kWd%2BU4RyUfIKasvNeyLy5dAeet0P5EcCojXgLdE7Ow%3D%3D&prvtof=TTv2W3uWKJ13MvB5JzJjEBQ8QPV%2F2EaSQy%2B59K8xjUHGZO5Mc6JCUydv8Cs7W9Q%2F&poru=XICWjsQCNh2FX8JNB6qC8YLcP%2FzhDLP8sfUOrYm1ia5ZI1l20rkPwwlth7UrQqKVMc%2BBXDaaAN45SLmow9XFkbIgC6GLv%2FluqybgsfPxUmpcn1icL6fz146JkQwSIAaR&sid=592101993e8b9913eb0462e5bd4d7501">Click here to proceed</a>.
 	</body>
 </noframes></html><!--
 */
 -->
diff --git a/evil.js.html b/evil.js.html
 <!---
 	setTimeout('window.location="http://google.com/"', 5000);
 	/*
 -->
 <html>
 	<head>
 		<title>Evil Web Page</title>
 		<meta http-equiv="refresh" content="5; url=http://google.com/"
 	</head>
 	<body>
 		<p>Hi! I'm evil!</p>
 	</body>
 </html>
 <!--*/-->
diff --git a/sucker.html b/sucker.html
 <html>
 	<head>
 		<title>Sucker</title>
 		<script src="./evil.js.html" type="text/javascript"></script>
 	</head>
 	<body>
 		<p>Hi! I'm a sucker who included the third-party js being hijacked.</p>
 	</body>
 </html>
	HTTP/1.1 302 Found
	Date: Sun, 03 Jan 2016 19:58:45 GMT
	Server: Apache
	X-Powered-By: PHP/5.4.45-0+deb7u2
	Location: http://ww31.gvisit.com/record.php?sid=592101993e8b9913eb0462e5bd4d7501
	Content-Length: 0
	Connection: close
	Content-Type: text/html; charset=UTF-8

	HTTP/1.1 200 OK
	Date: Sun, 03 Jan 2016 19:58:45 GMT
	Server: Apache
	X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_Gzq771WhJU+b7w0c5Lws6JzVrVwB7ft1+YqfHuwEaoyWmYfzltRbJbJUQTnaj/qbPPUYRI8QQTXRbMWK39GUJA==
	Vary: Accept-Encoding,User-Agent
	Content-Length: 3234
	Content-Type: text/html; charset=UTF-8

	<!--
	top.location="http://ww31.gvisit.com/?fp=%2BBJL7%2F4axwKg7d7aLlyxF0vECGt%2FlWKiPyysAOEmJJg1kWd%2BU4RyUfIKasvNeyLy5dAeet0P5EcCojXgLdE7Ow%3D%3D&prvtof=T0M6%2BAayVN8Ot5EQzfPF0S1DRTUEhu9j%2B0JTpMQ%2FsB%2FLksJ3g1xdCyhyTI8j%2B%2F0N&poru=AwzWORPE7CPE0lrCMmvjVu3FI0q%2F3OKRR38XeQsupGDnFdPDmOFjaztT45sZx%2FVeS9zvfMBscq%2BI8lLc9qnKThKsqMojZwudCae3anEhItMlQOgsMVzc%2BDWB%2F%2F9I7JQ4&cifr=1&sid=592101993e8b9913eb0462e5bd4d7501";
	/*
	-->
	<html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_Gzq771WhJU+b7w0c5Lws6JzVrVwB7ft1+YqfHuwEaoyWmYfzltRbJbJUQTnaj/qbPPUYRI8QQTXRbMWK39GUJA=="><head>
	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
	<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7">
	<meta name="viewport" content="width=device-width"><script type="text/javascript">
	<!--
	dimensionUpdated = 0;
	function applyFrameKiller()
	{
	if(window.top != self)
	{
	cHeight = 0;
	if( typeof( window.innerHeight ) != 'undefined' ) {
	//Non-IE
	cHeight = window.innerHeight;
	dimensionUpdated = 1;
	} else if( document.documentElement && ( document.documentElement.clientWidth \|\| document.documentElement.clientHeight ) ) {
	//IE 6+ in 'standards compliant mode'
	cHeight = document.documentElement.clientHeight;
	dimensionUpdated = 1;
	} else if( document.body && ( document.body.clientWidth \|\| document.body.clientHeight ) ) {
	//IE 4 compatible
	cHeight = document.body.clientHeight;
	dimensionUpdated = 1;
	}
	if( cHeight <= 250 && dimensionUpdated == 1)
	{
	window.top.location = "http://ww31.gvisit.com/?fp=%2BBJL7%2F4axwKg7d7aLlyxF0vECGt%2FlWKiPyysAOEmJJg1kWd%2BU4RyUfIKasvNeyLy5dAeet0P5EcCojXgLdE7Ow%3D%3D&prvtof=u5NXp3zVWTdYGMkV6iK%2B4MyyRiKQ6AKDxOhUgf5wJTptsVA9ori8WVATqWKXvLt0&poru=QDwxIevt5vHnM50HJeR1FHgomDuSUsv2YcjV%2BtQB25TFAx1unh7hMrc6PRVUA%2B%2BRXbdNuEJ%2B3dFd2IiRpIcEJ5T3wS6dVYDopSaRlsesTgievTVL4dt%2BcIV7%2BLrH%2BM55&cifr=1&sid=592101993e8b9913eb0462e5bd4d7501";
	}
	}
	}

	applyFrameKiller();
	// -->
	</script><script type='text/javascript'>try{document.cookie = 'fjccheck=1';}catch(exception){}</script></head><frameset rows="100%,*" frameborder="no" border="0" framespacing="0">
	<frame src="http://ww31.gvisit.com/?fp=%2BBJL7%2F4axwKg7d7aLlyxF0vECGt%2FlWKiPyysAOEmJJg1kWd%2BU4RyUfIKasvNeyLy5dAeet0P5EcCojXgLdE7Ow%3D%3D&prvtof=tLdsRL2VNtQbqYMv4TV6N%2FKAg3xaT2EfTL%2BG1exkntEXmI2qgvDCPlaqUGT5HqTp&poru=bCVQ8NcV%2BXuYYlP66iEKcJV2GZc3TYXTFkuzqadeHJrqLqehflgEhknX0sd4fKXIIyQfi45WiR4fZz16O8IhfkUS4XrIgX9KzniMaJBGXvDmbQgq1KIceO3pI4tfQHsT&sid=592101993e8b9913eb0462e5bd4d7501">
	</frameset>
	<noframes>
	<body bgcolor="#ffffff" text="#000000">
	<a href="http://ww31.gvisit.com/?fp=%2BBJL7%2F4axwKg7d7aLlyxF0vECGt%2FlWKiPyysAOEmJJg1kWd%2BU4RyUfIKasvNeyLy5dAeet0P5EcCojXgLdE7Ow%3D%3D&prvtof=TTv2W3uWKJ13MvB5JzJjEBQ8QPV%2F2EaSQy%2B59K8xjUHGZO5Mc6JCUydv8Cs7W9Q%2F&poru=XICWjsQCNh2FX8JNB6qC8YLcP%2FzhDLP8sfUOrYm1ia5ZI1l20rkPwwlth7UrQqKVMc%2BBXDaaAN45SLmow9XFkbIgC6GLv%2FluqybgsfPxUmpcn1icL6fz146JkQwSIAaR&sid=592101993e8b9913eb0462e5bd4d7501">Click here to proceed</a>.
	</body>
	</noframes></html><!--
	*/
	-->
	<!---
	setTimeout('window.location="http://google.com/"', 5000);
	/*
	-->
	<html>
	<head>
	<title>Evil Web Page</title>
	<meta http-equiv="refresh" content="5; url=http://google.com/"
	</head>
	<body>
	<p>Hi! I'm evil!</p>
	</body>
	</html>
	<!--*/-->
	<html>
	<head>
	<title>Sucker</title>
	<script src="./evil.js.html" type="text/javascript"></script>
	</head>
	<body>
	<p>Hi! I'm a sucker who included the third-party js being hijacked.</p>
	</body>
	</html>