Very interesting. Also on Kafeine's blog: http://malware.dontneedcoffee.com/2015/05/an-exploit-kit-dedicated-to-csrf.html Code: This call : GET http://ngwblnlfmvjazwf17swal1tn5qqjbx.informationdrommers .xyz:81/track/e_x.js 200 OK (application/javascript) I've got to look into this further.