Oh, yep, it definitely has source code.
continue.php has no PHP code in it anyways lmao:
Lots of minified (not obfuscated) JS code too:
This is
main.js:
Referencing random images from another site in index.html:
<meta name="lpl:d" content="c_bg=https://just-watch-it.com/storage/media/videos/tt6806448backdrop_33f2468bd8bf8f8012f0f805880954d0.jpg" />
<meta name="lpl:d" content="c_img1=https://just-watch-it.com/storage/media/videos/tt6806448poster_33f2468bd8bf8f8012f0f805880954d0.jpg" />
Reporting that site is likely a good idea. It’s very clear that they’re re-using the same scam page, so if a critical resource gets broken, many other scams will break along with it.
Google Analytics code: UA-151135141-1
If I paste the full snippet, Cloudflare says I’m performing an XSS attack and gets angry, so here’s a screenshot instead:
There are a lot of references to Imgur pictures in the fake comments section, but once again, Cloudflare says I’m hacking scammer.info when I post it, so here is a screenshot of the code:
Those may need to be reported as well.
And, yeah, continue.php is what index.html sends the victim to:
As said earlier, this is just a redirect, not any PHP code lmao:
<html>
<head>
<title>Sign Up</title>
<meta http-equiv="refresh" content="0;url=https://www.affforce.com/scripts/un981c6l?a_aid=52376d77&a_bid=3abb9298">
<!-- Histats.com (div with counter) --><div id="histats_counter"></div>
I believe that the ad network is very likely to be complicit: https://www.affforce.com/scripts/un981c6l?a_aid=52376d77&a_bid=3abb9298
This URL literally generates scams. I could have a script open the URL over and over and over and get infinite scam websites pretty much.
