Somebody hijacked some servers from Movistar Peru / Argentina, and are serving a modified file for Google ads / analytics JS.
Here are some hijacked URLs: http://www.googletagservices.com/tag/js/gpt.js http://www.google-analitycs.com/ga.js http://pagead2.googlesyndication.com/pagead/show_ads.js
The LinkBucks script they serve instead: http://pastebin.com/mYYpYDkR
The script basically hooks mousedown on the whole page, and redirects you to http://dca14d4e.megaline.co/url/ORIGINAL_URL
Somebody hijacked some servers from Movistar Peru / Argentina, and are serving a modified file for Google ads / analytics JS.
Here are some hijacked URLs: http://www.googletagservices.com/tag/js/gpt.js http://www.google-analitycs.com/ga.js http://pagead2.googlesyndication.com/pagead/show_ads.js
The LinkBucks script they serve instead: http://pastebin.com/mYYpYDkR
The script basically hooks mousedown on the whole page, and redirects you to http://dca14d4e.megaline.co/url/ORIGINAL_URL