View Single Post
  #4  
Old 10-20-2017, 05:48 PM
darmok
dust between the wires
 
Join Date: Aug 2017
Posts: 28
Re: underworldlive.com hacked/malware?
Caught it! It's a sneaky bastard, but it shows up if you visit from an IP that hasn't visited the site recently. I ended up tethering to my phone to catch it in the act (and toggling airplane mode to get a fresh IP). You'll see a script block at the bottom of the body that's responsible for the malware popunder. I didn't have any success with this on my Mac, so it might be doing user-agent checking as well.

Here's the source to the page I was served, in case it helps: https://pastebin.com/dgDtPiCD