Avast WEBforum

Other => Viruses and worms => Topic started by: Helvis2 on November 20, 2019, 04:04:35 PM

Title: What to do with weird links pointing to my site?
Post by: Helvis2 on November 20, 2019, 04:04:35 PM
Hey guys,

I started noticing this already 3 weeks ago - there were days that 10+ links were added to my site and at first, I thought it's a coincidence.

But then this happened again a week ago and then yesterday once again.

At first, someone was adding links to the comments they made - which was pretty clever cause they get those comments indexed.

Here's an example: https://www.google.com/search?q=site%3Apaybis.com%2Fblog%2Fbitcoin-price-prediction%2F&oq=site%3Apaybis.com%2Fblog%2Fbitcoin-price-prediction%2F&aqs=chrome..69i57j69i59l2j69i58.11081j0j1&sourceid=chrome&ie=UTF-8

But now someone is adding weird links to my home-page - just in one day there were 10 new links added and all are pointing the main page - https://paybis.com/ (https://paybis.com/)

Those links are super weird and makes no sense:
- 'lkfoto.ie/index.php/2012/01/26/pantomime-4/
- 'mulroycollege.ie/2018/05/18/senior-prizegiving-in-mulroy-college/
**All the URLs are hidden in the comment section

So, I wanted to ask if anyone have experience with dealing with such links and what can you suggest about getting them removed?
Title: Re: What to do with weird links pointing to my site?
Post by: polonus on November 20, 2019, 05:15:25 PM
I performed a scan with Broken Link Checker,

You have 2000 links of which 112 URLs failed.
Status   URL   Source link text
403 Forbidden   -https://s3.amazonaws.com/media.paybis.com/images/Step-by-step/CC/СС+to+BTC/DE/Step+4.2.PNG   img/src
403 Forbidden   -https://s3.amazonaws.com/media.paybis.com/images/Step-by-step/CC/СС+to+BTC/DE/Step+4.3.PNG   img/src
and loads and loads more from -https://s3.amazonaws.com/media.paybis.com etc. etc.
404 Not Found   -https://vars.hotjar.com/   link/href
404 Not Found   -https://script.hotjar.com/   link/href
400 Bad Request   -https://hexagon-analytics.com/   link/href
400 Bad Request   -https://www.googletagmanager.com/   link/href
503 Service Unavailable   -http://bestexchangers.ru/   <No Text>
404 Not Found   -http://wt-change.com/   <No Text>
-1 Not found: The host name in the certificate is invalid or does not match   -https://discover.ledger.com/hackstimeline/   a total loss of your funds.
999 Non-standard   -https://www.linkedin.com/company/paybis-com/   <No Text>

Then 517 recommendations towards improvement -> https://webhint.io/scanner/b69148c5-05c5-45a1-8f50-23cfb522ab39

See about soundcloud tracker detected and blocked for many browsers:

No root certificate found for this link: https://webcookies.org/cookies/2-vbus-eu.ladesk.com/28662977

Linked site checked by Google Safebrowsing:
Linked Sites
Google Safe Browse checks have been performed on each of the linked sites. Links with poor reputation could be a threat to users of the site. Hosting and location are also included in the results.

Externally Linked Host   Hosting Provider   Country   
    -uk.trustpilot.com   Amazon.com.   United States    
    -www.trustpilot.com   Amazon.com.   United States    
    -shop.trezor.io   Cloudflare.   United States    
    -www.ledgerwallet.com   Cloudflare.   United States    
    -support.paybis.com   Quality Unit, s.r.o.   Germany    
    -www.facebook.com   Facebook.   Ireland    
    -plus.google.com   Google LLC   United States    
    -twitter.com   Twitter Inc.   United States

See detections here, as Sucuri finds nothing: https://www.virustotal.com/gui/ip-address/
which were of May last this year.
PHISHING was detected 6 moths ago: https://www.virustotal.com/gui/url/8bc2dc053c849ff3a991ee7bdb94b4a0fef299ca8181f18b058adda990bf3675/detection
and two still flag website now: https://www.virustotal.com/gui/url/8bc2dc053c849ff3a991ee7bdb94b4a0fef299ca8181f18b058adda990bf3675/detection
Given clean here: https://checkphish.ai/insights/url/1574265915254/dfe92560b9430f792c3f61bdc891201e57b62e52e773249d740416bc7569b50e

Wait for an avast team member to give a final verdict.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)