>>162298

I did mention for Jim to see if he can pin down a file called something to the affect of -batch.gif. A highly suspect name, although it could be a legitimate file with a poor name. A batch is a script and it is possible that that .gif file has a script inside the binary file that maybe a real hacker is posting to the site that is causing the PHP code to improperly form the URL. That would have to be from someone who knows the codebase or a pretty astute hacker. We will not know until that file is pinned down and dumped to where we can read it's contents. Possible but not probable.