« previous next »
Pages: [1]   Go Down

Author Topic: What is with this redirect?  (Read 1910 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33900
  • malware fighter
What is with this redirect?
« on: April 13, 2014, 03:28:45 PM »
See: http://killmalware.com/vidarrs-home.nl/#   and  https://www.virustotal.com/nl/url/9821906d0292bae0d8f5a8bfafd2860eeca2b13cf0184fdef9d5256ac8590bb7/analysis/
also consider: http://quttera.com/detailed_report/vidarrs-home.nl  (16 malicious files there)
and from the File name: /wpscripts/global_navtree.js  going to see: http://urlquery.net/report.php?id=1397395472700
Is that no longer there? At leastr being blacklisted by Google Safebrowsing,

polonus   
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33900
  • malware fighter
Re: What is with this redirect?
« Reply #1 on: April 13, 2014, 06:52:18 PM »
See: http://killmalware.com/kitchencabinetssouthcarolina.com/

SE visitors redirects
Visitors from search engines are redirected
to: htxp://redoperabwo.ru  -> http://online.drweb.com/result/?lng=en&chromeplugin=1&url=http%3A%2F%2Fredoperabwo.ru
See web rep: https://www.mywot.com/en/scorecard/redoperabwo.ru?utm_source=addon&utm_content=popup
1261 sites infected with redirects to this URL
history of badness: http://app.webinspector.com/public/reports/show_history?id=20981772
Interesting zone file dump: "bio=4d31a43fab984cd8f2e1576765a7fdaff57c9e9a" -> ns1.sedoparking.com. hostmaster.sedo.de. 2014040101 86400 10800 604800 86400 - redoperabwo dot ru,82.98.86.163,ns1 dot sedoparking dot com,Parked/expired,
Chrome blocked access to htxp://kitchencabinetssouthcarolina.com/ Chromebleed states site is vulnerable to heartbleed!
Starting query... [2014-04-13 16:53:55]             Stay on this page for results!

Scanning target kitchencabinetssouthcarolina dot com ...
Found 1 servers with port 443 open
Checking for OpenSSL Heartbleed vulnerability...

69.93.46.55      Vulnerable

pol
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33900
  • malware fighter
Re: What is with this redirect?
« Reply #2 on: April 13, 2014, 11:33:38 PM »
A redirect loop here: http://killmalware.com/nurunsports.com/
SE visitors redirects
Visitors from search engines are redirected
to: htxp://ifchepa.com/images/img.php
101 sites infected with redirects to this URL
Quttera finds: index
Severity:    Suspicious
Reason:   Detected suspicious redirection to external web resources at HTTP level.
Details:    Detected HTTP redirection to htxp://ifchepa.com/images/img.php. (for which I get a 404 not found)
-> http://urlquery.net/report.php?id=1397424696500
File size[byte]:    18446744073709551615
File type:    Unknown
MD5:    00000000000000000000000000000000
Scan duration[sec]:    0.001000

The active malware had to do with PHISHING, see another similar incident: htxp://gemmusic.org/lib.php?stop=2ZQhPkdsVyZbuNLy7mkTAvjzbQF9MHlO8LcWWPKERT0=

pol
« Last Edit: April 13, 2014, 11:43:05 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »