Whatever did this apparently went through every file in the website and added an iframe that pointed to nsfer.com to the end of the html for every file ending in .html or named index.php so it got …