I just want to show you some script added on legit websites and the log we've found on the criminal web server.
Note that for each site on this blog like goscanfuse.com, scan6lite.com, scan7new.com, every domain is listed in the Google API "Safe Browsing" and each of them reveal a lot of information. eg. the number on domain used (compromised) and other in conjunctions.
We start by a Google Safe Browsing Diagnostic for: scanline6.com