Category MALICIOUS IP: 68.178.254.121 (www.bonsaihacker.com) Infected with a spam or malware forwarding link - Botnet (UNITED STATES)

The IP address 68.178.254.121 (listed in the CBL (Composite Blocking List)) corresponds to a web site that is infected with a spam or malware forwarding link. The website's host name is "www.bonsaihacker.com", and this link is an example of the redirect: "http://www.bonsaihacker.com/infantile.htm?vixe". In other words the website "www.bonsaihacker.com" has been hacked. Usually, the redirect takes the user's browser to a spam or malware site. It's usually fake russian pills or pornography.

In several cases, particularly with older compromises, the criminals that hacked this site will have uploaded a wide variety of spamming and other compromise tools. Therefore, the account corresponding to "www.bonsaihacker.com" needs to be examined very carefully for signs of tampering. Further, the criminal will even modify existing web pages (particularly www.bonsaihacker.com itself) to have hidden references to pill/drug/porn sites.

It is believed that the malicious redirects are done by altering web server access control mechanisms (example, ".htaccess" files on Apache web servers), and causing the redirect to occur on all "404 url not found" errors.

REFERENCES:

68.178.254.121

• https://www.virustotal.com/de/url/66dfd5856d9fd790189a5f8242c3eb4828b0e02c4e5a3932610e225e9d30e2be/analysis/

LISTED AT SPAMHAUS (CBL):

• http://www.spamhaus.org/query/bl?ip=68.178.254.121

LISTED AT CBL:

• http://cbl.abuseat.org/lookup.cgi?ip=68.178.254.121

FULL REPORT: